Jump to content

Search the Community

Showing results for tags 'report'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

  1. Hi, A new version of JRT was released today -- 8.0.2 Changelog: Version 8.0.2 (01.06.2016:1) New heuristic: MintCast Updated: Database Updated: Whitelist -> FireFox -> GreaseMonkey custom scripts Updated: Heuristic -> Content.IE5 folders -> Now includes support for Windows Vista, 7, 8, 8.1, 10 Thanks everyone for being patient. We'd like to hear your feedback! Regards, Filipos
  2. Hi, A new version of JRT was released today -- 8.0.1 Changelog: Version 8.0.1 (11.24.2015:1) Updated: Database Updated: Whitelist -> FireFox -> Blocksite extension Updated: Whitelist -> Processes -> McAfee AV, Norton AV, ESET AV, MBAM, D7 Updated: Heuristic -> Service -> Vitruvian Updated: Heuristic -> Drivers -> Vitruvian Updated: Log -> HKEY_CURRENT_USER replaced to HKCU Updated: Tool should now completely empty %TEMP%\JRT\JRT_NewerVersion contents before checking for an update Bug Fix: Error during Processes scan Bug Fix: Report not opening from Desktop in non-English OS versions Bug Fix: Moved JRT_NewerVersion folder to %TEMP%\JRT\JRT_NewerVersion to accommodate non-English OS versions Thanks everyone for being patient. We'd like to hear your feedback! Regards, Filipos
  3. Requesting Feedback Please create a new topic here if you would like to report anything regarding Junkware Removal Tool (JRT). JRT can be downloaded from here. We are requesting all types of feedback but more specifically we are wanting to find out how you make use of the tool. If you are a regular user, what are your reasons for continuing to use the tool? This type of feedback will help us provide you with an improved version of the tool in the future. Thanks for any feedback provided!
  4. I'm running the latest version of MBAM, and I noticed a small bug in the UI. Do this sequence of events in the Quarentine window: 1. Click the select all box 2. Uncheck one of the files (Doesn't matter which one) The Restore and Delete buttons are now greyed out. This can be solved by unchecking and rechecking any of the other files, hence its minor-ness.
  5. Hello, I scanned according to your instructions with Farbar. Meanwhile, Maleware has found two DNS Changer -threats, which are put in quarantine. - Hanna FRST_21-03-2015_00-28-45.txtAddition_21-03-2015_00-28-43.txt
  6. I decided to give Roguekiller a try today and just finished scanning my machine. I keep very close tabs on system files and processes and have no cause for concern at the moment (no weird system behaviours), but decided to use Roguekiller to be sure there's no silent malware that i might've missed. I don't know enough to discern if the results shown in RK's scan are false positives or actual threats. If you'd care to have a look at the report i'd be very interested in knowing your expert opinion on which of these entries might be beneficial to delete. RogueKiller V8.6.2 [Jul 3 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : José [Admin rights] Mode : Scan -- Date : 07/03/2013 23:27:44 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 22 ¤¤¤ [DNS] HKLM\[...]\CCSet\[...]\{B0BBEACD-1579-4BC0-AD1B-BEE2B0396FAF} : NameServer (88.214.182.2 88.214.178.1) -> FOUND [DNS] HKLM\[...]\CS001\[...]\{B0BBEACD-1579-4BC0-AD1B-BEE2B0396FAF} : NameServer (88.214.182.2 88.214.178.1) -> FOUND [DNS] HKLM\[...]\CS002\[...]\{B0BBEACD-1579-4BC0-AD1B-BEE2B0396FAF} : NameServer (88.214.182.2 88.214.178.1) -> FOUND [HJ POL] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ POL] HKLM\[...]\System : EnableLUA (0) -> FOUND [HJ POL] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ POL] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowVideos (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowHelp (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND [HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND [HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 1 ¤¤¤ [FF][PROXY] 4013noxj.Multivac2 : user_pref("network.proxy.type", 2); -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost 127.0.0.1 3dns.adobe.com 127.0.0.1 3dns-1.adobe.com 127.0.0.1 3dns-2.adobe.com 127.0.0.1 3dns-3.adobe.com 127.0.0.1 3dns-4.adobe.com 127.0.0.1 activate.adobe.com 127.0.0.1 activate-sea.adobe.com 127.0.0.1 activate-sjc0.adobe.com 127.0.0.1 activate.wip.adobe.com 127.0.0.1 activate.wip1.adobe.com 127.0.0.1 activate.wip2.adobe.com 127.0.0.1 activate.wip3.adobe.com 127.0.0.1 activate.wip4.adobe.com 127.0.0.1 adobe-dns.adobe.com 127.0.0.1 adobe-dns-1.adobe.com 127.0.0.1 adobe-dns-2.adobe.com 127.0.0.1 adobe-dns-3.adobe.com 127.0.0.1 adobe-dns-4.adobe.com 127.0.0.1 adobeereg.com [...] ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: SAMSUNG 470 Series SSD +++++ --- User --- [MBR] bcc91b02f70009de1c7c4a28a05cfa1c [bSP] df411fe1a960eaf63f8cc7d9c684d8cd : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 244096 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: SAMSUNG 470 Series SSD +++++ --- User --- [MBR] 9c44c7731e933c1aa07703f6ba30f179 [bSP] 29ea0c61e7ecf77adb55299b621edd92 : Windows 7/8 MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 715402 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[0]_S_07032013_232744.txt >>
  7. Hello, I have just registered on this forum and I need some help with an expert view on a report generated from the HijackThis program. I do not want to involve someone too deeply in the report, but to just have a look and say what they think and whether there is anything suspicious going on. The report in not big and I have attached it to this thread. Thank you Vancata Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:27:27 AM, on 9/19/2012 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\COMODO\COMODO Internet Security\cfp.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\OpenDNS\DNSCrypt\OpenDNSInterface.exe C:\Program Files\LSI SoftModem\agrsmsvc.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\Mozilla Firefox\plugin-container.exe c:\PROGRA~1\mcafee\SITEAD~1\saui.exe C:\Documents and Settings\siqnkata\My Documents\Downloads\HijackThis.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;192.168.*.* R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto O4 - Global Startup: OpenDNSCrypt.lnk = ? O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Search the Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (file missing) O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll/206 (file missing) O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{2F7C0BD9-D2C7-4296-B09D-EA6F39F97DB9}: NameServer = 127.0.0.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{82E552F0-A69A-47E3-8CD5-5F454C40C4B8}: NameServer = 127.0.0.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{893574F5-F678-469A-B4CA-134FA6CABCB6}: NameServer = 127.0.0.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{FEAA67CD-7DDE-4F2C-8290-9478ABC18CC7}: NameServer = 127.0.0.1 O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Program Files\LSI SoftModem\agrsmsvc.exe O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe O23 - Service: Dibbler - a DHCPv6 client (DHCPv6Client) - Unknown owner - C:\dibbler\dibbler-client.exe (file missing) O23 - Service: OpenDNSCrypt (DNSCrypt) - Unknown owner - C:\Program Files\OpenDNS\DNSCrypt\OpenDNSCryptService.exe O23 - Service: gogo6 gogoCLIENT (gogoc) - gogo6, Inc. - C:\Program Files\gogo6\gogoCLIENT\gogoc.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LVSrvLauncher - Labtec Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe -- End of file - 10268 bytes hijackthis.log
  8. Hello, I have just registered on this forum and I need some help with an expert view on a report generated from the HijackThis program. I do not want to involve someone too deeply in the report, but to just have a look and say what they think and whether there is anything suspicious going on. The report in not big and I have attached it to this thread. Thank you Vancata hijackthis.log
  9. I encountered the same problem like what was encountered by Hobbes419, posted in this forum at http://forums.malwar...=0 I have used OTL to generate the report. From the following log, how do i know whether my computer is clean? OTL logfile created on: 2/13/2012 3:39:03 PM - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Downloads 64bit- Enterprise Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 7.92 Gb Total Physical Memory | 1.05 Gb Available Physical Memory | 13.23% Memory free 25.27 Gb Paging File | 1.91 Gb Available in Paging File | 7.57% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 232.49 Gb Total Space | 28.55 Gb Free Space | 12.28% Space Free | Partition Type: NTFS Drive D: | 4.08 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS Drive G: | 931.48 Gb Total Space | 269.91 Gb Free Space | 28.98% Space Free | Partition Type: NTFS Computer Name: W7-EILEENKHO | User Name: eileen.kho | NOT logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/02/13 15:28:14 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Downloads\OTL.exe PRC - [2012/01/05 16:13:48 | 000,059,904 | ---- | M] (Nenad Hrg (SoftwareOK.com)) -- C:\Downloads\DontSleep\DontSleep.exe PRC - [2011/11/16 02:55:34 | 012,065,056 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Lync\communicator.exe PRC - [2011/08/23 21:20:18 | 000,887,976 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe PRC - [2011/08/17 23:52:05 | 008,090,496 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe PRC - [2011/08/17 23:52:05 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe PRC - [2011/08/15 13:23:16 | 003,022,624 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Downloads\ProcessMonitor\Procmon.exe PRC - [2010/10/22 02:24:52 | 000,596,744 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Lync\UcMapi.exe PRC - [2010/07/20 15:21:34 | 000,129,400 | ---- | M] () -- C:\Windows\SysWOW64\SupportAppXL\AutoDect.exe PRC - [2010/04/28 23:28:18 | 003,727,411 | ---- | M] (FreeDownloadManager.ORG) -- C:\Program Files (x86)\Free Download Manager\fdm.exe PRC - [2009/09/18 04:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\CCM\CcmExec.exe PRC - [2009/07/14 09:14:47 | 000,254,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe PRC - [2008/11/13 05:25:48 | 001,273,856 | ---- | M] () -- C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe PRC - [2008/10/07 19:38:58 | 003,348,008 | ---- | M] (Kontiki Inc.) -- C:\Program Files (x86)\Kontiki\KService.exe ========== Modules (No Company Name) ========== MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF MOD - [2010/12/21 01:15:30 | 001,041,248 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll MOD - [2010/07/20 15:21:34 | 000,129,400 | ---- | M] () -- C:\Windows\SysWOW64\SupportAppXL\AutoDect.exe MOD - [2008/12/30 02:03:26 | 000,098,304 | ---- | M] () -- C:\Program Files (x86)\Free Download Manager\iefdm2.dll MOD - [2007/12/06 05:50:44 | 000,401,408 | ---- | M] () -- C:\Program Files (x86)\Free Download Manager\FUM\fumcore.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2010/11/11 14:36:38 | 000,282,616 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv) SRV:64bit: - [2010/11/11 14:36:38 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc) SRV:64bit: - [2010/08/25 09:07:24 | 000,517,488 | ---- | M] (Dell Inc.) [Auto | Running] -- c:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe -- (dcpsysmgrsvc) SRV:64bit: - [2010/07/22 18:19:24 | 000,263,168 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV) SRV:64bit: - [2010/03/30 05:00:58 | 002,363,240 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe -- (TdmService) SRV:64bit: - [2010/03/24 16:07:58 | 001,039,776 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe -- (Credential Vault Host Control Service) SRV:64bit: - [2010/03/24 16:07:58 | 000,031,136 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe -- (Credential Vault Host Storage) SRV:64bit: - [2010/02/04 09:53:54 | 001,558,016 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService) SRV:64bit: - [2009/07/14 09:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2009/07/14 09:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:64bit: - [2009/07/14 09:39:56 | 000,010,752 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\inetsrv\WMSvc.exe -- (WMSVC) SRV:64bit: - [2009/07/14 09:39:13 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\inetsrv\inetinfo.exe -- (IISADMIN) SRV:64bit: - [2009/03/03 18:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters) SRV - [2011/08/17 23:52:05 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6) SRV - [2010/07/29 23:40:30 | 000,018,432 | ---- | M] (Avanade) [Auto | Running] -- C:\Program Files (x86)\Avanade\Mobile Media Reminder\MobileMediaReminderService.exe -- (MobileMediaReminderService) SRV - [2010/04/01 08:45:32 | 000,013,600 | ---- | M] (Avanade) [Auto | Stopped] -- C:\Program Files (x86)\Avanade Inc\Avanade Inventory Tool 2.0\InventoryService.exe -- (Avanade Inventory Service) SRV - [2010/03/19 05:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009/09/18 04:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\CCM\CcmExec.exe -- (CcmExec) SRV - [2009/09/18 04:00:00 | 000,246,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysWOW64\CCM\TSManager.exe -- (smstsmgr) SRV - [2009/07/14 09:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS) SRV - [2009/07/14 09:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC) SRV - [2009/07/14 09:14:53 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc) SRV - [2009/06/11 05:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008/11/13 05:25:48 | 001,273,856 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe) SRV - [2008/10/07 19:38:58 | 003,348,008 | ---- | M] (Kontiki Inc.) [Auto | Running] -- C:\Program Files (x86)\Kontiki\KService.exe -- (KService) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/02/04 16:00:20 | 000,294,248 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\VMM.sys -- (vmm) DRV:64bit: - [2011/08/02 17:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011/08/02 17:38:44 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl) DRV:64bit: - [2011/02/17 17:21:12 | 000,156,080 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp) DRV:64bit: - [2010/10/24 21:25:38 | 000,072,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2010/07/22 18:19:24 | 000,515,584 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:64bit: - [2010/07/20 14:49:32 | 000,123,648 | ---- | M] (D-Link Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HSPADataCardusbser.sys -- (HSPADataCardusbser) DRV:64bit: - [2010/07/20 14:49:28 | 000,123,648 | ---- | M] (D-Link Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HSPADataCardusbnmea.sys -- (HSPADataCardusbnmea) DRV:64bit: - [2010/07/20 14:49:16 | 000,123,648 | ---- | M] (D-Link Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HSPADataCardusbmdm.sys -- (HSPADataCardusbmdm) DRV:64bit: - [2010/07/14 20:42:58 | 007,821,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel® DRV:64bit: - [2010/07/10 22:02:58 | 000,011,776 | ---- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter) DRV:64bit: - [2010/06/22 14:07:24 | 000,304,760 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService) DRV:64bit: - [2010/04/14 01:01:44 | 000,054,824 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt) DRV:64bit: - [2010/04/06 16:37:42 | 000,301,232 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress) Intel® DRV:64bit: - [2010/04/03 10:30:40 | 000,313,696 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\RsFx0150.sys -- (RsFx0150) DRV:64bit: - [2010/04/01 13:47:10 | 010,322,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2010/03/20 08:39:58 | 000,081,920 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdpe64.sys -- (risdpcie) DRV:64bit: - [2010/02/27 14:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2010/02/04 04:38:32 | 000,271,872 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel® DRV:64bit: - [2009/11/04 09:40:44 | 000,038,440 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cvusbdrv.sys -- (cvusbdrv) DRV:64bit: - [2009/10/10 10:41:20 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2009/07/23 06:20:23 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus) DRV:64bit: - [2009/07/23 06:20:23 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb) DRV:64bit: - [2009/07/14 09:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009/07/14 09:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009/07/14 09:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 09:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 09:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009/07/14 09:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/14 08:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:64bit: - [2009/07/14 07:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM) DRV:64bit: - [2009/07/07 00:19:59 | 000,041,232 | ---- | M] (F5 Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\covpnv64.sys -- (urvpndrv) DRV:64bit: - [2009/07/07 00:19:56 | 000,018,448 | ---- | M] (F5 Networks) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\urfltv64.sys -- (f5ipfw) DRV:64bit: - [2009/06/11 04:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel® DRV:64bit: - [2009/06/11 04:35:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress) Intel® DRV:64bit: - [2009/06/11 04:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/11 04:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/11 04:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/11 04:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/06/10 10:09:52 | 000,116,864 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard) DRV:64bit: - [2009/06/10 10:09:52 | 000,116,224 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbfake.sys -- (hwusbfake) DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009/03/02 19:41:47 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone) DRV:64bit: - [2009/02/18 01:11:25 | 000,031,400 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV:64bit: - [2008/09/19 08:03:00 | 000,315,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\OA001Vid.sys -- (OA001Vid) DRV:64bit: - [2008/06/05 06:14:00 | 000,032,240 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PBADRV.SYS -- (PBADRV) DRV:64bit: - [2008/06/04 00:30:38 | 000,168,864 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\OA001Ufd.sys -- (OA001Ufd) DRV:64bit: - [2008/02/05 01:50:42 | 000,079,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMNetSrv.sys -- (VPCNetS2) DRV - [2009/09/18 04:00:00 | 000,026,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\CCM\PrepDrv.sys -- (prepdrvr) DRV - [2009/07/14 09:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-21-1482476501-2139871995-682003330-164716\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/ IE - HKU\S-1-5-21-1482476501-2139871995-682003330-164716\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/ IE - HKU\S-1-5-21-1482476501-2139871995-682003330-164716\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKU\S-1-5-21-1482476501-2139871995-682003330-164716\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BA 36 E5 97 80 35 CA 01 [binary data] IE - HKU\S-1-5-21-1482476501-2139871995-682003330-164716\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1482476501-2139871995-682003330-164716\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-21-4061639142-1263874316-3586741189-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchtronic.net/?i=61 IE - HKU\S-1-5-21-4061639142-1263874316-3586741189-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/ IE - HKU\S-1-5-21-4061639142-1263874316-3586741189-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKU\S-1-5-21-4061639142-1263874316-3586741189-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BA 36 E5 97 80 35 CA 01 [binary data] IE - HKU\S-1-5-21-4061639142-1263874316-3586741189-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Butterscotch Web Search" FF - prefs.js..browser.search.selectedEngine: "Butterscotch Web Search" FF - prefs.js..browser.startup.homepage: "http://www.searchtronic.net/?i=61" FF - prefs.js..keyword.URL: "http://searchtronic....=61&tp=ab=" FF - prefs.js..network.proxy.type: 0 FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.4: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.4: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll () FF - HKLM\Software\MozillaPlugins\@skyhookwireless.com/LokiPlugin: C:\Program Files (x86)\Skyhook Wireless\Loki Browser Plugin\versions\3.4.2.20\nploki.dll (Skyhook Wireless) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\webcomponent@globalenglish.com: C:\Program Files (x86)\GlobalEnglish\Firefox\Version3\webcomponent@globalenglish.com [2011/04/17 19:10:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/03/23 19:40:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/28 22:44:55 | 000,000,000 | ---D | M] [2011/03/23 19:08:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\eileen.kho\AppData\Roaming\mozilla\Extensions [2011/03/23 19:08:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions File not found (No name found) -- C:\PROGRAM FILES (X86)\BUTTERSCOTCHTOOLBAR\FIREFOX\BUTTERSCOTCH@IGEARED [2011/04/17 19:10:35 | 000,000,000 | ---D | M] (GlobalEnglish Learning Technology (f3.5)) -- C:\PROGRAM FILES (X86)\GLOBALENGLISH\FIREFOX\VERSION3\WEBCOMPONENT@GLOBALENGLISH.COM [2011/03/19 01:53:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011/11/16 02:52:22 | 000,032,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2010/01/01 16:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011/11/23 23:19:16 | 000,001,463 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\butterscotch_igeared.xml O1 HOSTS File: ([2012/02/11 11:03:57 | 000,002,149 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 10.229.41.249 devesb1 O1 - Hosts: 10.229.41.246 devdbs8 O1 - Hosts: 10.229.41.248 devcrm1v O1 - Hosts: 10.229.41.172 qascrm3v O1 - Hosts: 10.229.42.74 qasdbs8 O1 - Hosts: 10.229.61.192 REMQAS2DBS O1 - Hosts: 10.229.41.250 qasesb1 O1 - Hosts: 10.229.61.25 remqas2web O1 - Hosts: 10.229.61.25 remqas2web.jtc.gov.sg O1 - Hosts: 10.229.41.198 remqasweb1 O1 - Hosts: 10.229.41.198 remqasweb O1 - Hosts: 10.229.41.198 remqasweb.jtc.gov.sg O1 - Hosts: 10.229.61.24 remqas2csp O1 - Hosts: 10.229.61.24 remqas2csp.jtc.gov.sg O1 - Hosts: 10.229.41.195 qasweb5 O1 - Hosts: 10.229.41.97 jtctfs1 O1 - Hosts: 127.0.0.1 SiteCoreTraining O1 - Hosts: 203.194.87.42 connect.avanade.com #ADDED BY F5 NETWORKS SSL TUNNEL - ORIGINAL RECORD# O1 - Hosts: 127.0.0.1 SiteCoreTraining2 O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 10.178.148.51 EIMPUATWEB01 O1 - Hosts: 10.178.148.52 EIMPUATAPP01 O1 - Hosts: 10.178.148.53 EIMPUATDBS01 O1 - Hosts: 10.178.148.14 EMAESXSVRDR04.ema.gov.sg O1 - Hosts: 10.178.148.13 EMAESXSVRDR03.ema.gov.sg O1 - Hosts: 11 more lines... O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation) O2 - BHO: (LocationFinder Class) - {BC0E8AD7-13AA-4694-8EDD-0246BC47A35F} - C:\Program Files (x86)\Skyhook Wireless\Loki ActiveX Component\versions\3.4.2.20\loki.dll (Skyhook Wireless) O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll () O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (no name) - {AF3D7884-B142-414E-943D-75D8D54E1FFF} - No CLSID value found. O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKU\S-1-5-21-1482476501-2139871995-682003330-164716\..\Toolbar\WebBrowser: (no name) - {AF3D7884-B142-414E-943D-75D8D54E1FFF} - No CLSID value found. O3 - HKU\S-1-5-21-1482476501-2139871995-682003330-164716\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKU\S-1-5-21-4061639142-1263874316-3586741189-1003\..\Toolbar\WebBrowser: (no name) - {AF3D7884-B142-414E-943D-75D8D54E1FFF} - No CLSID value found. O3 - HKU\S-1-5-21-4061639142-1263874316-3586741189-1003\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.) O4:64bit: - HKLM..\Run: [uSCService] C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe (Broadcom Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [Avanade Mobile Media Reminder] C:\Program Files (x86)\Avanade\Mobile Media Reminder\AvanadeMobileMediaReminderClient.exe (Avanade) O4 - HKLM..\Run: [Communicator] C:\Program Files (x86)\Microsoft Lync\communicator.exe (Microsoft Corporation) O4 - HKLM..\Run: [kdx] C:\Program Files (x86)\Kontiki\KHost.exe (Kontiki Inc.) O4 - HKLM..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1482476501-2139871995-682003330-164716..\Run: [DontSleep] C:\Downloads\DontSleep\DontSleep.exe (Nenad Hrg (SoftwareOK.com)) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-4061639142-1263874316-3586741189-1003..\RunOnce: [FlashPlayerUpdate] C:\windows\SysWow64\Macromed\Flash\FlashUtil10b.exe File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Main present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Main present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Main present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Main present O7 - HKU\S-1-5-21-1482476501-2139871995-682003330-164716\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1482476501-2139871995-682003330-164716\Software\Policies\Microsoft\Internet Explorer\Main present O7 - HKU\S-1-5-21-1482476501-2139871995-682003330-164716\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1482476501-2139871995-682003330-164716\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionName = Avanade Enterprise Search O7 - HKU\S-1-5-21-1482476501-2139871995-682003330-164716\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionAction = https://go.avanade.c...Sol,Pws,Lms,Ava O7 - HKU\S-1-5-21-4061639142-1263874316-3586741189-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-4061639142-1263874316-3586741189-1003\Software\Policies\Microsoft\Internet Explorer\Main present O7 - HKU\S-1-5-21-4061639142-1263874316-3586741189-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-4061639142-1263874316-3586741189-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionName = Avanade Enterprise Search O7 - HKU\S-1-5-21-4061639142-1263874316-3586741189-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionAction = https://go.avanade.c...Sol,Pws,Lms,Ava O8:64bit: - Extra context menu item: &Download using SharpBITS - C:\Users\eileen.kho\Downloads\SharpBITS\SharpBITS\iecontext.htm File not found O8:64bit: - Extra context menu item: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm () O8:64bit: - Extra context menu item: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm () O8:64bit: - Extra context menu item: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm () O8:64bit: - Extra context menu item: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm () O8 - Extra context menu item: &Download using SharpBITS - C:\Users\eileen.kho\Downloads\SharpBITS\SharpBITS\iecontext.htm File not found O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm () O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm () O8 - Extra context menu item: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm () O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm () O9 - Extra Button: Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15:64bit: - ..Trusted Domains: avanade.com ([]https in Trusted sites) O15:64bit: - ..Trusted Domains: avanade.com ([*.dcs] http in Local intranet) O15:64bit: - ..Trusted Domains: avanade.com ([*.dcs] https in Local intranet) O15:64bit: - ..Trusted Domains: avanade.com ([*.solutions] http in Local intranet) O15:64bit: - ..Trusted Domains: avanade.com ([*.solutions] https in Local intranet) O15:64bit: - ..Trusted Domains: avanade.com ([at] http in Local intranet) O15:64bit: - ..Trusted Domains: avanade.com ([at] https in Local intranet) O15:64bit: - ..Trusted Domains: avanade.com ([bach.emea] https in Trusted sites) O15:64bit: - ..Trusted Domains: avanade.com ([connect] https in Trusted sites) O15:64bit: - ..Trusted Domains: avanade.com ([go] http in Local intranet) O15:64bit: - ..Trusted Domains: avanade.com ([go] https in Local intranet) O15:64bit: - ..Trusted Domains: avanade.com ([olympic.amer] https in Trusted sites) O15:64bit: - ..Trusted Domains: avanade.com ([people] http in Local intranet) O15:64bit: - ..Trusted Domains: avanade.com ([people] https in Local intranet) O15:64bit: - ..Trusted Domains: avanade.com ([quickload] http in Local intranet) O15:64bit: - ..Trusted Domains: avanade.com ([quickload] https in Local intranet) O15:64bit: - ..Trusted Domains: avanade.com ([rm] https in Local intranet) O15:64bit: - ..Trusted Domains: avanade.com ([search] http in Local intranet) O15:64bit: - ..Trusted Domains: avanade.com ([search] https in Local intranet) O15:64bit: - ..Trusted Domains: avanade.com ([solutions] http in Local intranet) O15:64bit: - ..Trusted Domains: avanade.com ([solutions] https in Local intranet) O15:64bit: - ..Trusted Domains: avanade.com ([srs.corp] https in Trusted sites) O15:64bit: - ..Trusted Domains: avanade.com ([typhoon.apac] https in Trusted sites) O15:64bit: - ..Trusted Domains: avanade.com ([workspace] http in Local intranet) O15:64bit: - ..Trusted Domains: avanade.com ([workspace] https in Local intranet) O15:64bit: - ..Trusted Domains: avanade.org ([]* in Local intranet) O15:64bit: - ..Trusted Domains: avanade.org ([]http in Local intranet) O15:64bit: - ..Trusted Domains: avanade.org ([]https in Local intranet) O15:64bit: - ..Trusted Domains: crmweb1 ([]http in Trusted sites) O15:64bit: - ..Trusted Domains: crmweb1v ([]http in Trusted sites) O15:64bit: - ..Trusted Domains: crmweb2 ([]http in Trusted sites) O15:64bit: - ..Trusted Domains: crmweb2v ([]http in Trusted sites) O15:64bit: - ..Trusted Domains: crmweb3 ([]http in Trusted sites) O15:64bit: - ..Trusted Domains: crmweb3v ([]http in Trusted sites) O15:64bit: - ..Trusted Domains: gov.sg ([*.jtc] * in Local intranet) O15:64bit: - ..Trusted Domains: jtc.gov.sg ([platinum] http in Local intranet) O15 - HKU\.DEFAULT\..Trusted Domains: avanade.com ([projects] http in Local intranet) O15 - HKU\.DEFAULT\..Trusted Domains: avanade.com ([projects] https in Local intranet) O15 - HKU\S-1-5-18\..Trusted Domains: avanade.com ([projects] http in Local intranet) O15 - HKU\S-1-5-18\..Trusted Domains: avanade.com ([projects] https in Local intranet) O15 - HKU\S-1-5-21-1482476501-2139871995-682003330-164716\..Trusted Domains: avanade.com ([]https in Trusted sites) O15 - HKU\S-1-5-21-1482476501-2139871995-682003330-164716\..Trusted Domains: avanade.com ([*.dcs] http in Local intranet) O15 - HKU\S-1-5-21-1482476501-2139871995-682003330-164716\..Trusted Domains: avanade.com ([*.dcs] https in Local intranet) O15 - HKU\S-1-5-21-1482476501-2139871995-682003330-164716\..Trusted Domains: avanade.com ([*.solutions] http in Local intranet) O15 - HKU\S-1-5-21-1482476501-2139871995-682003330-164716\..Trusted Domains: avanade.com ([*.solutions] https in Local intranet) O15 - HKU\S-1-5-21-1482476501-2139871995-682003330-164716\..Trusted Domains: avanade.com ([at] http in Local intranet) O15 - HKU\S-1-5-21-1482476501-2139871995-682003330-164716\..Trusted Domains: avanade.com ([at] https in Local intranet) O15 - HKU\S-1-5-21-1482476501-2139871995-682003330-164716\..Trusted Domains: avanade.com ([bach.emea] https in Trusted sites) O15 - HKU\S-1-5-21-1482476501-2139871995-682003330-164716\..Trusted Domains: avanade.com ([connect] https in Trusted sites) O15 - HKU\S-1-5-21-1482476501-2139871995-682003330-164716\..Trusted Domains: avanade.com ([go] http in Local intranet) O15 - HKU\S-1-5-21-1482476501-2139871995-682003330-164716\..Trusted Domains: avanade.com ([go] https in Local intranet) O15 - HKU\S-1-5-21-1482476501-2139871995-682003330-164716\..Trusted Domains: avanade.com ([olympic.amer] https in Trusted sites) O15 - HKU\S-1-5-21-1482476501-2139871995-682003330-164716\..Trusted Domains: avanade.com ([people] http in Local intranet) O15 - HKU\S-1-5-21-1482476501-2139871995-682003330-164716\..Trusted Domains: avanade.com ([people] https in Local intranet) O15 - HKU\S-1-5-21-1482476501-2139871995-682003330-164716\..Trusted Domains: avanade.com ([projects] http in Local intranet) O15 - HKU\S-1-5-21-1482476501-2139871995-682003330-164716\..Trusted Domains: avanade.com ([projects] https in Local intranet) O15 - HKU\S-1-5-21-1482476501-2139871995-682003330-164716\..Trusted Domains: avanade.com ([quickload] http in Local intranet) O15 - HKU\S-1-5-21-1482476501-2139871995-682003330-164716\..Trusted Domains: avanade.com ([quickload] https in Local intranet) O15 - HKU\S-1-5-21-1482476501-2139871995-682003330-164716\..Trusted Domains: avanade.com ([rm] https in Local intranet) O15 - HKU\S-1-5-21-1482476501-2139871995-682003330-164716\..Trusted Domains: avanade.com ([search] http in Local intranet) O15 - HKU\S-1-5-21-1482476501-2139871995-682003330-164716\..Trusted Domains: avanade.com ([search] https in Local intranet) O15 - HKU\S-1-5-21-1482476501-2139871995-682003330-164716\..Trusted Domains: avanade.com ([solutions] http in Local intranet) O15 - HKU\S-1-5-21-1482476501-2139871995-682003330-164716\..Trusted Domains: avanade.com ([solutions] https in Local intranet) O15 - HKU\S-1-5-21-1482476501-2139871995-682003330-164716\..Trusted Domains: avanade.com ([srs.corp] https in Trusted sites) O15 - HKU\S-1-5-21-1482476501-2139871995-682003330-164716\..Trusted Domains: avanade.com ([typhoon.apac] https in Trusted sites) O15 - HKU\S-1-5-21-1482476501-2139871995-682003330-164716\..Trusted Domains: avanade.com ([workspace] http in Local intranet) O15 - HKU\S-1-5-21-1482476501-2139871995-682003330-164716\..Trusted Domains: avanade.com ([workspace] https in Local intranet) O15 - HKU\S-1-5-21-1482476501-2139871995-682003330-164716\..Trusted Domains: avanade.org ([]* in Local intranet) O15 - HKU\S-1-5-21-1482476501-2139871995-682003330-164716\..Trusted Domains: avanade.org ([]http in Local intranet) O15 - HKU\S-1-5-21-1482476501-2139871995-682003330-164716\..Trusted Domains: avanade.org ([]https in Local intranet) O15 - HKU\S-1-5-21-1482476501-2139871995-682003330-164716\..Trusted Domains: sitecoretraining ([]http in Trusted sites) O15 - HKU\S-1-5-21-4061639142-1263874316-3586741189-1003\..Trusted Domains: avanade.com ([connect.apac] https in Trusted sites) O15 - HKU\S-1-5-21-4061639142-1263874316-3586741189-1003\..Trusted Domains: avanade.com ([go] http in Local intranet) O15 - HKU\S-1-5-21-4061639142-1263874316-3586741189-1003\..Trusted Domains: avanade.com ([go] https in Local intranet) O15 - HKU\S-1-5-21-4061639142-1263874316-3586741189-1003\..Trusted Domains: avanade.com ([quickload] http in Local intranet) O15 - HKU\S-1-5-21-4061639142-1263874316-3586741189-1003\..Trusted Domains: avanade.com ([quickload] https in Local intranet) O16 - DPF: {00627E89-A19D-4A2B-938B-059CB7B1B493} file://C:/Program Files (x86)/F5 VPN/F5_TMP/f5certchk.cab (F5 Networks Certificate Checker) O16 - DPF: {195538FD-1C39-44B1-A7C3-5D7137A8A8F1} C:\Users\admin\AppData\Local\Temp\f5tmp\f5opswati.cab (OPSWAT AntiViruses Class) O16 - DPF: {2A0B9B82-D5C8-4D3D-8338-AD55B23662B1} file://C:/Program Files (x86)/F5 VPN/F5_TMP/cachecleaner.cab (F5 Networks CacheCleaner) O16 - DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} file://C:/Program Files (x86)/F5 VPN/F5_TMP/urxvpn.cab (F5 Networks VPN Manager) O16 - DPF: {30CF9713-6614-4556-B5F5-66F8C7F9DEF1} C:\Users\admin\AppData\Local\Temp\f5tmp\f5opswati.cab (OPSWAT FireWalls Class) O16 - DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} https://connect.apac...0,2009,626,1841 (F5 Networks Dynamic Application Tunnel Control) O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} file://C:/Program Files (x86)/F5 VPN/F5_TMP/InstallerControl.cab (F5 Networks Auto Update) O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.6.0.cab (DLM Control) O16 - DPF: {49EC7987-E331-44E3-B170-748B58A268B9} C:\Users\admin\AppData\Local\Temp\f5tmp\f5opswati.cab (OPSWAT ProcessesScanner Class) O16 - DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} file://C:/Program Files (x86)/F5 VPN/F5_TMP/f5InspectionHost.cab (F5 Networks Policy Agent Host Class) O16 - DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} file://C:/Program Files (x86)/F5 VPN/F5_TMP/urTermProxy.cab (F5 Networks Static Application Tunnel Control) O16 - DPF: {7E73BE8F-FD87-44EC-8E22-023D5FF960FF} file://C:/Program Files (x86)/F5 VPN/F5_TMP/vdeskctrl.cab (F5 Virtual Sandbox Class) O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds...ransferCtrl.cab (DLC Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} file://C:/Program Files (x86)/F5 VPN/F5_TMP/urxshost.cab (F5 Networks SuperHost Class) O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} https://connect.apac...0,2009,622,1843 (F5 Networks Host Control) O16 - DPF: {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} file://C:/Program Files (x86)/F5 VPN/F5_TMP/f5syschk.cab (F5 Networks OS Policy Agent) O16 - DPF: {EBDC91CB-F23F-477D-B152-3F7243760D04} C:\Users\admin\AppData\Local\Temp\f5tmp\f5opswati.cab (F5 Networks OPSWAT Helper Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.178.133.12 10.178.133.11 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = corp.avanade.org O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A2CCEDD0-6671-4DFE-B62D-1A36A2F29B3D}: DhcpNameServer = 203.116.254.150 203.116.1.94 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F7C25879-DCBF-436E-84F5-92655209A865}: DhcpNameServer = 10.178.133.12 10.178.133.11 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O27:64bit: - HKLM IFEO\~1.exe: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\~2.exe: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\AdwarePrj.exe: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\agent.exe: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\AlphaAV: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\AlphaAV.exe: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\AntispywarXP2009.exe: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\Anti-Virus Professional.exe: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\AntiVirus_Pro.exe: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\AntivirusPlus: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\AntivirusPlus.exe: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\AntivirusPro_2010.exe: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\AntivirusXP: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\AntivirusXP.exe: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\antivirusxppro2009.exe: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\av360.exe: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\AVCare.exe: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\brastk.exe: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\Cl.exe: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\csc.exe: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\dop.exe: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\frmwrk32.exe: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\gav.exe: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\gbn976rl.exe: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\homeav2010.exe: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\init32.exe : Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\MalwareRemoval.exe: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\ozn695m5.exe: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\pav.exe: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\pc.exe: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\PC_Antispyware2010.exe: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\pctsAuxs.exe: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\pctsGui.exe: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\pctsSvc.exe: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\pctsTray.exe: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\pdfndr.exe: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\PerAvir.exe: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\personalguard: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\personalguard.exe: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\protector.exe: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\qh.exe: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\Quick Heal.exe: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\QuickHealCleaner.exe: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\rwg: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\rwg.exe: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\SafetyKeeper.exe: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\Save.exe: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\SaveArmor.exe: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\SaveDefense.exe: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\SaveKeep.exe: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\Secure Veteran.exe: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\secureveteran.exe: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\Security Center.exe: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\SecurityFighter.exe: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\securitysoldier.exe: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\smart.exe: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\smartprotector.exe: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\smrtdefp.exe: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\SoftSafeness.exe: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\spywarexpguard.exe: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\tapinstall.exe: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\TrustWarrior.exe: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\tsc.exe: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\W3asbas.exe: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\winav.exe: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\windll32.exe: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\windows Police Pro.exe: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\xp_antispyware.exe: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\xpdeluxe.exe: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\~1.exe: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\~2.exe: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\AdwarePrj.exe: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\agent.exe: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\AlphaAV: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\AlphaAV.exe: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\AntispywarXP2009.exe: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\Anti-Virus Professional.exe: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\AntiVirus_Pro.exe: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\AntivirusPlus: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\AntivirusPlus.exe: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\AntivirusPro_2010.exe: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\AntivirusXP: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\AntivirusXP.exe: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\antivirusxppro2009.exe: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\av360.exe: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\AVCare.exe: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\brastk.exe: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\Cl.exe: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\csc.exe: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\dop.exe: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\frmwrk32.exe: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\gav.exe: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\gbn976rl.exe: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\homeav2010.exe: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\init32.exe : Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\MalwareRemoval.exe: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\ozn695m5.exe: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\pav.exe: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\pc.exe: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\PC_Antispyware2010.exe: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\pctsAuxs.exe: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\pctsGui.exe: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\pctsSvc.exe: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\pctsTray.exe: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\pdfndr.exe: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\PerAvir.exe: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\personalguard: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\personalguard.exe: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\protector.exe: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\qh.exe: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\Quick Heal.exe: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\QuickHealCleaner.exe: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\rwg: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\rwg.exe: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\SafetyKeeper.exe: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\Save.exe: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\SaveArmor.exe: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\SaveDefense.exe: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\SaveKeep.exe: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\Secure Veteran.exe: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\secureveteran.exe: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\Security Center.exe: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\SecurityFighter.exe: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\securitysoldier.exe: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\smart.exe: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\smartprotector.exe: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\smrtdefp.exe: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\SoftSafeness.exe: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\spywarexpguard.exe: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\tapinstall.exe: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\TrustWarrior.exe: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\tsc.exe: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\W3asbas.exe: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\winav.exe: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\windll32.exe: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\windows Police Pro.exe: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\xp_antispyware.exe: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\xpdeluxe.exe: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O30:64bit: - LSA: Authentication Packages - (wvauth) - C:\windows\SysNative\wvauth.dll (Wave Systems Corp.) O30 - LSA: Authentication Packages - (wvauth) - File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010/03/31 17:21:46 | 000,000,045 | R--- | M] () - D:\autorun.inf -- [ CDFS ] O32 - AutoRun File - [2011/08/12 00:03:53 | 000,000,000 | ---D | M] - G:\AutoCAD 2004 -- [ NTFS ] O33 - MountPoints2\{76764489-39f8-11e1-94f7-ac2c2fdd697e}\Shell - "" = AutoRun O33 - MountPoints2\{76764489-39f8-11e1-94f7-ac2c2fdd697e}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true O33 - MountPoints2\{916bd787-f03a-11e0-a48d-1c659d037e57}\Shell - "" = AutoRun O33 - MountPoints2\{916bd787-f03a-11e0-a48d-1c659d037e57}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{a4aa4951-2223-11e1-a7a1-b48e98b4e4d3}\Shell - "" = AutoRun O33 - MountPoints2\{a4aa4951-2223-11e1-a7a1-b48e98b4e4d3}\Shell\AutoRun\command - "" = E:\Windows\AutoRun.exe O33 - MountPoints2\{a5fb7ae8-0fee-11e1-a181-1c659d037e57}\Shell - "" = AutoRun O33 - MountPoints2\{a5fb7ae8-0fee-11e1-a181-1c659d037e57}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{d1967553-4fcc-11e0-b4ab-463500000031}\Shell - "" = AutoRun O33 - MountPoints2\{d1967553-4fcc-11e0-b4ab-463500000031}\Shell\AutoRun\command - "" = F:\SERVER2GO.EXE O33 - MountPoints2\{f04ffe32-4d77-11e0-aba4-1c659d037e57}\Shell - "" = AutoRun O33 - MountPoints2\{f04ffe32-4d77-11e0-aba4-1c659d037e57}\Shell\AutoRun\command - "" = D:\setup.exe -- [2010/04/04 02:56:06 | 000,132,448 | R--- | M] (Microsoft Corporation) O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Windows\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012/02/13 12:16:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2012/02/13 12:16:16 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012/02/11 11:03:58 | 000,000,000 | ---D | C] -- C:\Users\eileen.kho\AppData\Roaming\Smart Anti-Malware Protection [2012/02/11 11:03:56 | 000,000,000 | -HSD | C] -- C:\ProgramData\SAUPMP [2012/02/11 11:03:09 | 000,000,000 | ---D | C] -- C:\ProgramData\d89ac1 [2012/02/10 11:53:35 | 000,000,000 | ---D | C] -- C:\Users\eileen.kho\Desktop\Sample Data File [2012/02/07 18:22:57 | 000,000,000 | ---D | C] -- C:\Users\eileen.kho\Documents\OneNote Notebooks [2012/02/03 14:01:17 | 000,000,000 | --SD | C] -- C:\Users\eileen.kho\Documents\My Shapes [2012/02/03 10:08:12 | 000,000,000 | ---D | C] -- C:\Users\eileen.kho\Documents\My Virtual Machines [2012/02/03 10:06:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Virtual PC [2012/02/02 12:13:01 | 000,000,000 | ---D | C] -- C:\Prod_DB [2012/02/02 11:43:52 | 000,000,000 | ---D | C] -- C:\Users\eileen.kho\AppData\Roaming\VMware [2012/02/02 11:43:52 | 000,000,000 | ---D | C] -- C:\ProgramData\VMware [2012/02/02 11:34:41 | 000,000,000 | ---D | C] -- C:\Users\eileen.kho\AppData\Local\VMware [2012/02/02 11:22:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware [2012/02/02 11:20:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VMware [2012/02/01 12:05:11 | 000,000,000 | ---D | C] -- C:\Users\eileen.kho\Documents\GOMVideoConverter [2012/02/01 12:00:44 | 000,000,000 | ---D | C] -- C:\Users\eileen.kho\Desktop\EMA [2012/02/01 10:41:36 | 000,000,000 | ---D | C] -- C:\Users\eileen.kho\AppData\Local\TechSmith [2012/01/30 14:59:51 | 000,000,000 | ---D | C] -- C:\Users\eileen.kho\Desktop\STB Presentation Slides [2012/01/19 15:15:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CoreAAC [2012/01/19 13:52:28 | 000,000,000 | ---D | C] -- C:\Users\eileen.kho\AppData\Roaming\GRETECH [2012/01/19 13:52:28 | 000,000,000 | ---D | C] -- C:\Users\eileen.kho\Documents\GomPlayer [2012/01/19 13:51:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOM Player [2012/01/19 13:51:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GRETECH [2012/01/19 09:49:40 | 000,000,000 | ---D | C] -- C:\Users\eileen.kho\Lync Recordings [2012/01/16 11:22:28 | 000,000,000 | ---D | C] -- C:\Users\eileen.kho\Desktop\Home [2012/01/15 02:36:32 | 000,000,000 | ---D | C] -- C:\Users\eileen.kho\Desktop\html (workspace for create budget paper) [2012/01/15 02:36:15 | 000,000,000 | ---D | C] -- C:\Users\eileen.kho\Desktop\html(homepage) ========== Files - Modified Within 30 Days ========== [2012/02/13 15:31:36 | 000,271,360 | ---- | M] () -- C:\UpToFeb2012.pst [2012/02/13 15:10:03 | 000,000,906 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2012/02/13 15:04:00 | 000,000,234 | ---- | M] () -- C:\windows\tasks\Avanade MMR.job [2012/02/13 15:03:56 | 000,000,240 | ---- | M] () -- C:\windows\tasks\Install SCCM Agent.job [2012/02/13 12:39:29 | 000,161,898 | ---- | M] () -- C:\Users\eileen.kho\Desktop\CurrentSettings-2011-12-19.vssettings [2012/02/13 11:36:13 | 001,223,358 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2012/02/13 11:36:13 | 000,960,840 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2012/02/13 11:36:13 | 000,253,826 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2012/02/13 11:34:18 | 000,018,208 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/02/13 11:34:18 | 000,018,208 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/02/13 11:30:20 | 000,000,463 | ---- | M] () -- C:\windows\SMSCFG.ini [2012/02/13 11:24:15 | 000,000,902 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2012/02/13 11:24:13 | 010,747,904 | ---- | M] () -- C:\windows\SysNative\Ikeext.etl [2012/02/13 11:23:02 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012/02/13 11:22:26 | 2086,019,071 | -HS- | M] () -- C:\hiberfil.sys [2012/02/11 11:03:57 | 000,002,149 | RHS- | M] () -- C:\windows\SysNative\drivers\etc\hosts [2012/02/07 18:23:03 | 000,001,296 | ---- | M] () -- C:\Users\eileen.kho\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2012/02/07 10:51:44 | 000,058,124 | ---- | M] () -- C:\Users\eileen.kho\Desktop\15Jan2012.pdf [2012/02/07 10:48:39 | 000,058,432 | ---- | M] () -- C:\Users\eileen.kho\Desktop\31Jan2012 (2).pdf [2012/02/06 17:17:18 | 000,058,051 | ---- | M] () -- C:\Users\eileen.kho\Desktop\31Jan2012.pdf [2012/02/02 11:22:58 | 000,001,024 | ---- | M] () -- C:\.rnd [2012/02/02 11:22:23 | 000,002,440 | ---- | M] () -- C:\Users\Public\Desktop\VMware vSphere Client.lnk [2012/02/02 10:03:22 | 116,606,862 | ---- | M] () -- C:\Users\eileen.kho\Desktop\VMware-viclient.exe [2012/01/31 23:38:21 | 000,000,132 | ---- | M] () -- C:\Users\eileen.kho\AppData\Roaming\Adobe PNG Format CS5 Prefs [2012/01/28 22:45:15 | 004,042,111 | ---- | M] () -- C:\Users\eileen.kho\Desktop\Release 1.zip [2012/01/28 22:44:56 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2012/01/19 13:51:50 | 000,001,183 | ---- | M] () -- C:\Users\eileen.kho\Application Data\Microsoft\Internet Explorer\Quick Launch\GOM Player.lnk [2012/01/19 13:51:50 | 000,001,159 | ---- | M] () -- C:\Users\Public\Desktop\GOM Player.lnk [2012/01/16 12:04:42 | 000,023,367 | ---- | M] () -- C:\anisaisya.png [2012/01/16 12:02:53 | 000,025,011 | ---- | M] () -- C:\Arunath.png [2012/01/16 11:57:33 | 000,021,549 | ---- | M] () -- C:\JordanWong.png [2012/01/15 02:51:05 | 000,003,141 | ---- | M] () -- C:\EricJohnson.jpg [2012/01/15 02:49:08 | 000,010,049 | ---- | M] () -- C:\TimHorton.jpg [2012/01/15 02:48:00 | 000,014,804 | ---- | M] () -- C:\TracyHutton.jpg ========== Files Created - No Company Name ========== [2012/02/13 14:30:08 | 000,161,898 | ---- | C] () -- C:\Users\eileen.kho\Desktop\CurrentSettings-2011-12-19.vssettings [2012/02/07 18:23:03 | 000,001,296 | ---- | C] () -- C:\Users\eileen.kho\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2012/02/07 10:51:44 | 000,058,124 | ---- | C] () -- C:\Users\eileen.kho\Desktop\15Jan2012.pdf [2012/02/07 09:31:23 | 000,271,360 | ---- | C] () -- C:\UpToFeb2012.pst [2012/02/06 17:17:18 | 000,058,051 | ---- | C] () -- C:\Users\eileen.kho\Desktop\31Jan2012.pdf [2012/02/03 10:06:08 | 000,001,877 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Virtual PC.lnk [2012/02/02 11:22:56 | 000,001,024 | ---- | C] () -- C:\.rnd [2012/02/02 11:22:23 | 000,002,440 | ---- | C] () -- C:\Users\Public\Desktop\VMware vSphere Client.lnk [2012/02/02 11:03:48 | 116,606,862 | ---- | C] () -- C:\Users\eileen.kho\Desktop\VMware-viclient.exe [2012/01/28 22:44:56 | 000,002,014 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2012/01/28 22:44:55 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk [2012/01/28 22:44:50 | 004,042,111 | ---- | C] () -- C:\Users\eileen.kho\Desktop\Release 1.zip [2012/01/19 13:51:50 | 000,001,183 | ---- | C] () -- C:\Users\eileen.kho\Application Data\Microsoft\Internet Explorer\Quick Launch\GOM Player.lnk [2012/01/19 13:51:50 | 000,001,159 | ---- | C] () -- C:\Users\Public\Desktop\GOM Player.lnk [2012/01/16 12:04:42 | 000,023,367 | ---- | C] () -- C:\anisaisya.png [2012/01/16 12:02:53 | 000,025,011 | ---- | C] () -- C:\Arunath.png [2012/01/16 11:57:33 | 000,021,549 | ---- | C] () -- C:\JordanWong.png [2012/01/15 02:49:55 | 000,003,141 | ---- | C] () -- C:\EricJohnson.jpg [2012/01/15 02:48:39 | 000,010,049 | ---- | C] () -- C:\TimHorton.jpg [2012/01/15 02:46:11 | 000,014,804 | ---- | C] () -- C:\TracyHutton.jpg [2011/12/01 23:03:09 | 000,000,132 | ---- | C] () -- C:\Users\eileen.kho\AppData\Roaming\Adobe PNG Format CS5 Prefs [2011/12/01 22:56:17 | 000,000,132 | ---- | C] () -- C:\Users\eileen.kho\AppData\Roaming\Adobe BMP Format CS5 Prefs [2011/11/25 01:05:30 | 000,004,764 | ---- | C] () -- C:\windows\SysWow64\CcmFramework.ini [2011/11/25 01:04:54 | 000,000,463 | ---- | C] () -- C:\windows\SMSCFG.ini [2011/08/03 08:14:42 | 000,000,031 | ---- | C] () -- C:\windows\mvPCinfo.ini [2011/03/12 17:00:59 | 000,080,368 | ---- | C] () -- C:\windows\SysWow64\pbadrvdll.dll [2010/12/16 13:39:12 | 000,075,893 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2010/12/16 13:10:39 | 001,222,324 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI [2010/12/10 13:37:22 | 000,208,896 | ---- | C] () -- C:\windows\SysWow64\iglhsip32.dll [2010/12/10 13:37:21 | 000,870,560 | ---- | C] () -- C:\windows\SysWow64\igkrng575.bin [2010/12/10 13:37:21 | 000,143,360 | ---- | C] () -- C:\windows\SysWow64\iglhcp32.dll [2010/12/10 13:37:20 | 000,104,636 | ---- | C] () -- C:\windows\SysWow64\igfcg575m.bin [2010/12/10 13:37:19 | 000,127,868 | ---- | C] () -- C:\windows\SysWow64\igcompkrng575.bin [2009/11/11 03:20:04 | 000,839,680 | ---- | C] () -- C:\windows\SysWow64\DemoLicense.dll [2009/11/11 03:07:44 | 000,917,504 | ---- | C] () -- C:\windows\SysWow64\lmgr10.dll [2009/09/15 04:32:35 | 000,000,028 | ---- | C] () -- C:\windows\ODBC.INI [2009/07/14 13:38:36 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat [2009/07/14 10:35:51 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT [2009/07/14 10:34:42 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat [2009/07/14 08:10:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin [2009/07/14 07:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll [2009/07/14 05:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll [2009/06/11 05:26:10 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat [2009/06/04 09:14:52 | 000,982,220 | ---- | C] () -- C:\windows\SysWow64\igkrng500.bin [2009/06/04 09:14:52 | 000,433,024 | ---- | C] () -- C:\windows\SysWow64\igcompkrng500.bin [2009/06/04 09:14:52 | 000,134,592 | ---- | C] () -- C:\windows\SysWow64\igfcg500.bin [2009/06/04 09:14:52 | 000,092,216 | ---- | C] () -- C:\windows\SysWow64\igfcg500m.bin [2000/07/15 15:00:00 | 000,030,720 | ---- | C] () -- C:\windows\regtlib.exe ========== LOP Check ========== [2010/12/20 14:03:15 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Avanade [2011/03/13 04:52:00 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Broadcom [2011/12/15 07:56:18 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\SecondLife [2011/03/13 04:52:01 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Wave Systems Corp [2011/12/15 07:56:18 | 000,000,000 | ---D | M] -- C:\Users\Avanade\AppData\Roaming\SecondLife [2011/03/12 17:12:03 | 000,000,000 | ---D | M] -- C:\Users\Avanade\AppData\Roaming\Wave Systems Corp [2010/12/20 14:03:15 | 000,000,000 | ---D | M] -- C:\Users\Classic .NET AppPool\AppData\Roaming\Avanade [2011/12/15 07:56:18 | 000,000,000 | ---D | M] -- C:\Users\Classic .NET AppPool\AppData\Roaming\SecondLife [2010/12/20 14:03:15 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Avanade [2010/12/20 14:03:15 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Avanade [2010/12/20 14:03:15 | 000,000,000 | ---D | M] -- C:\Users\eileen.kho\AppData\Roaming\Avanade [2011/03/13 22:00:07 | 000,000,000 | ---D | M] -- C:\Users\eileen.kho\AppData\Roaming\Broadcom [2011/12/01 21:02:08 | 000,000,000 | ---D | M] -- C:\Users\eileen.kho\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2012/02/13 15:50:57 | 000,000,000 | ---D | M] -- C:\Users\eileen.kho\AppData\Roaming\Free Download Manager [2011/03/17 14:07:58 | 000,000,000 | ---D | M] -- C:\Users\eileen.kho\AppData\Roaming\InnerWorkings [2012/01/06 11:20:18 | 000,000,000 | ---D | M] -- C:\Users\eileen.kho\AppData\Roaming\Notepad++ [2011/12/14 22:43:36 | 000,000,000 | ---D | M] -- C:\Users\eileen.kho\AppData\Roaming\SecondLife [2011/12/19 12:57:57 | 000,000,000 | ---D | M] -- C:\Users\eileen.kho\AppData\Roaming\Sitecore [2012/02/11 11:04:07 | 000,000,000 | ---D | M] -- C:\Users\eileen.kho\AppData\Roaming\Smart Anti-Malware Protection [2011/12/01 10:50:01 | 000,000,000 | ---D | M] -- C:\Users\eileen.kho\AppData\Roaming\SumatraPDF [2011/03/24 17:15:38 | 000,000,000 | ---D | M] -- C:\Users\eileen.kho\AppData\Roaming\Usenet.nl [2011/03/13 22:00:07 | 000,000,000 | ---D | M] -- C:\Users\eileen.kho\AppData\Roaming\Wave Systems Corp [2010/12/20 14:03:15 | 000,000,000 | ---D | M] -- C:\Users\khosye\AppData\Roaming\Avanade [2011/03/30 15:00:39 | 000,000,000 | ---D | M] -- C:\Users\khosye\AppData\Roaming\Broadcom [2011/04/19 11:58:22 | 000,000,000 | ---D | M] -- C:\Users\khosye\AppData\Roaming\F5 Networks [2011/04/25 07:56:16 | 000,000,000 | ---D | M] -- C:\Users\khosye\AppData\Roaming\InnerWorkings [2011/10/31 13:38:45 | 000,000,000 | ---D | M] -- C:\Users\khosye\AppData\Roaming\SecondLife [2011/11/14 16:43:31 | 000,000,000 | ---D | M] -- C:\Users\khosye\AppData\Roaming\Sitecore [2011/08/24 12:02:51 | 000,000,000 | ---D | M] -- C:\Users\khosye\AppData\Roaming\TeamViewer [2011/03/30 15:00:39 | 000,000,000 | ---D | M] -- C:\Users\khosye\AppData\Roaming\Wave Systems Corp [2010/12/20 14:03:15 | 000,000,000 | ---D | M] -- C:\Users\supernoel\AppData\Roaming\Avanade [2011/12/15 07:56:14 | 000,000,000 | ---D | M] -- C:\Users\supernoel\AppData\Roaming\SecondLife [2012/02/13 15:04:00 | 000,000,234 | ---- | M] () -- C:\windows\Tasks\Avanade MMR.job [2012/02/13 15:03:56 | 000,000,240 | ---- | M] () -- C:\windows\Tasks\Install SCCM Agent.job [2011/11/01 09:36:54 | 000,032,576 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > 'Extras.Txt' is attached as I am not allowed to post this topic if my message is too long. Extras.Txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.