Findgala - uggh

[phower2112]

Hello,

I've used the search function for Findgala and performed the following:

- Ran ATF Cleaner

- Ran TDSSKiller

- Although I have Admin Rights - cannot run GooredFix

- Since this is a work PC - I cannot disable McAfee and have not run ComboFix

Also, for the past 4 days, I've come to my laptop (after several hours of it being plugged in) and the display cannot refresh (black screen) and all fans on full - Have had to hard reset - Not sure if this is a symptom of the above

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.7600.16385

Run by PHower64766 at 10:51:40 on 2011-12-26

Microsoft Windows 7 Enterprise 6.1.7600.0.1252.1.1033.18.2928.533 [GMT -7:00]

.

AV: McAfee VirusScan Enterprise *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

SP: McAfee VirusScan Enterprise Antispyware Module *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Program Files\Fingerprint Sensor\AtService.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\IBM\Lotus\Notes\nslsvice.exe

C:\Program Files\AccessData\Agent\ADService.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Symantec\NetBackup DLO\DLO\DLOChangeLogSvcu.exe

C:\Program Files\Juniper Networks\Common Files\dsNcService.exe

C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe

C:\Program Files\IBM\Lotus\Notes\nsd.exe

C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe

C:\Program Files\McAfee\Common Framework\FrameworkService.exe

C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

C:\Windows\system32\mfevtps.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files\PGP Corporation\PGP Desktop\RDDService.exe

C:\Windows\system32\PGPserv.exe

C:\Program Files\McAfee\Common Framework\naPrdMgr.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe

C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe

C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\UI0Detect.exe

C:\Program Files\Wireless AutoSwitch\WrlsAutoSW.exs

C:\Windows\system32\CCM\CcmExec.exe

C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe

C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe

C:\Windows\system32\conhost.exe

C:\Program Files\TOSHIBA\TECO\TecoService.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\Microsoft Application Virtualization Client\sftdcc.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Microsoft Office Communicator\communicator.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\McAfee\Common Framework\UdaterUI.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files\Toshiba\TECO\Teco.exe

C:\Program Files\Toshiba\TFPU\TFPUPWDBank.exe

C:\Program Files\Toshiba\TFPU\TFPUTaskMonitor.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE

C:\Program Files\McAfee\Common Framework\McTray.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

C:\Program Files\eRoom 7\ERClient7.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\PGP Corporation\PGP Desktop\PGPtray.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

C:\Program Files\Symantec\NetBackup DLO\DLO\DLOClientu.exe

C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

C:\Program Files\PGP Corporation\PGP Desktop\PGPfsd.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosSkypeApl.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe

C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe

C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\McAfee\VirusScan Enterprise\scan32.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\RSA SecurID Software Token\SecurID.exe

C:\Users\phower64766\AppData\Roaming\Juniper Networks\Setup Client\JuniperSetupClient.exe

C:\Program Files\Juniper Networks\Network Connect 6.5.0\dsNetworkConnect.exe

C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Program Files\Wisdom-soft ScreenHunter\ScreenHunter.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Splashtop\Splashtop Remote\Server\SRServer.exe

C:\Program Files\Splashtop\Splashtop Remote\Server\DataProxy.exe

C:\Windows\system32\conhost.exe

C:\Program Files\SAP\FrontEnd\Sapgui\saplogon.exe

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

C:\Program Files\Microsoft Office\Office14\NAMECONTROLSERVER.EXE

C:\PROGRA~1\MICROS~1\Office14\POWERPNT.EXE

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\CCM\SmsClrHost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\conhost.exe

.

============== Pseudo HJT Report ===============

.

uSearch Bar = Preserve

uStart Page = hxxp://InsideApplied

uWindow Title = Windows Internet Explorer provided by Applied Materials

uInternet Settings,ProxyOverride = *.local

mWinlogon: Userinit=c:\windows\system32\userinit.exe,"c:\program files\microsoft application virtualization client\sftdcc.exe",

BHO: TFPUPWDBankBHO Class: {030ac7b6-e7ec-40f1-8fb2-c0fd344de0b9} - c:\program files\toshiba\tfpu\TFPUPWDBankBHO.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~1\office14\GROOVEEX.DLL

BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi3c8a~1\datamngr\toolbar\searchqudtx.dll

BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~1\office14\URLREDIR.DLL

BHO: Microsoft.Medv.UrlRedirectionBHO Class: {c26b6e5c-9d27-43c7-aab4-f8a64c09f4dc} - c:\program files\microsoft enterprise desktop virtualization\bho\x86\UrlRedirectionBHO.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi3c8a~1\datamngr\toolbar\searchqudtx.dll

uRun: [OfficeSyncProcess] "c:\program files\microsoft office\office14\MSOSYNC.EXE"

uRun: [{E5435D00-ABFD-D140-D7DA-E1789A24514D}] c:\users\phower64766\appdata\roaming\odorapc\ofqahea.exe

uRun: [{193021EF-2B5F-BFE0-0EE5-E62E7441B249}] c:\users\phower64766\appdata\roaming\aktiaca\iwexnua.exe

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized

mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices

mRun: [Communicator] "c:\program files\microsoft office communicator\communicator.exe" /fromrunkey

mRun: [softGridTray] "c:\program files\microsoft application virtualization client\SFTTray.exe" /autostart

mRun: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

mRun: [shStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE

mRun: [iMSS] "c:\program files\intel\intel® management engine components\imss\PIconStartup.exe"

mRun: [Cisco IP Communicator 7.0.4] c:\windows\is\logs\cisco.ipcommunicator\7.0.4\LaunchNotice.vbs

mRun: [CfgDownload] c:\program files\ixos\bin\CfgDownload.exe

mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey

mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jaureg.exe" -u auto-update

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [iAStorIcon] c:\program files\intel\intel® rapid storage technology\IAStorIcon.exe

mRun: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r

mRun: [TSleepSrv] %ProgramFiles%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe

mRun: [TosVolRegulator] c:\program files\toshiba\tosvolregulator\TosVolRegulator.exe

mRun: [TFPUPWDBankService] c:\program files\toshiba\tfpu\TFPUPWDBank.exe /start

mRun: [TFPUService] c:\program files\toshiba\tfpu\TFPUTaskMonitor.exe /start

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [iTSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

StartupFolder: c:\users\phower~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\monito~1.lnk - c:\program files\eroom 7\ERClient7.exe

StartupFolder: c:\users\phower~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\monito~1.lnk - c:\program files\eroom 7\ERClient7.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\pgptra~1.lnk - c:\windows\installer\{fd445a5f-2a54-4812-ba75-6b9841451ba0}\Icon6560581611.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\symant~1.lnk - c:\program files\symantec\netbackup dlo\dlo\DLOClientu.exe

uPolicies-explorer: ForceStartMenuLogOff = 1 (0x1)

uPolicies-explorer: DisablePersonalDirChange = 1 (0x1)

uPolicies-explorer: NoActiveDesktop = 1 (0x1)

uPolicies-explorer: NoWelcomeScreen = 1 (0x1)

uPolicies-explorer: HideSCAHealth = 1 (0x1)

mPolicies-explorer: NoWebServices = 1 (0x1)

mPolicies-explorer: NoPublishingWizard = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableInstallerDetection = 0 (0x0)

mPolicies-system: EnableSecureUIAPaths = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 1 (0x1)

dPolicies-explorer: ForceStartMenuLogOff = 1 (0x1)

dPolicies-explorer: DisablePersonalDirChange = 1 (0x1)

dPolicies-explorer: NoActiveDesktop = 1 (0x1)

dPolicies-explorer: NoWelcomeScreen = 1 (0x1)

dPolicies-explorer: HideSCAHealth = 1 (0x1)

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

LSP: c:\windows\system32\PGPlsp.dll

Trusted Zone: adp.com

Trusted Zone: myworkday.com

Trusted Zone: workday.com

DPF: {6E2510E6-BF2D-4C78-9F28-2F5C8760F124} - hxxps://eroom.intel.com/eRoomSetup/client.cab

DPF: {75AA409D-05F9-4F27-BD53-C7339D4B1D0A} - hxxp://emamat09.mis.amat.com/dwa85W.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -

DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://juniper.net/dana-cached/setup/JuniperSetupSP1.cab

DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://us.econnect.amat.com/dana-cached/sc/JuniperSetupClient.cab

TCP: DhcpNameServer = 152.135.191.189 152.135.192.20

TCP: Interfaces\{28D4F158-92F4-4239-9051-7BBBC5FB1E26} : DhcpNameServer = 152.135.114.13 152.135.191.191

TCP: Interfaces\{8DFAD3DE-F443-4D84-A1F1-1BFE8CFB6B3A} : DhcpNameServer = 192.168.0.1 205.171.2.25

TCP: Interfaces\{8DFAD3DE-F443-4D84-A1F1-1BFE8CFB6B3A}\27F6F6D6C696E687 : DhcpNameServer = 50.57.55.154 50.57.55.152 8.8.8.8

TCP: Interfaces\{8DFAD3DE-F443-4D84-A1F1-1BFE8CFB6B3A}\B454252554E41303 : DhcpNameServer = 202.96.69.38 202.96.64.68

TCP: Interfaces\{8DFAD3DE-F443-4D84-A1F1-1BFE8CFB6B3A}\B456272756E60284F64756C602F6E656 : DhcpNameServer = 192.168.0.254

TCP: Interfaces\{8DFAD3DE-F443-4D84-A1F1-1BFE8CFB6B3A}\C696E6B6379737 : DhcpNameServer = 75.75.75.75 75.75.76.76

TCP: Interfaces\{8DFAD3DE-F443-4D84-A1F1-1BFE8CFB6B3A}\E4544574541425 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{AE1E0727-5801-45FF-A6F4-1EB394ED62A1} : DhcpNameServer = 152.135.191.189 152.135.192.20

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sap\frontend\sapgui\SAPHTMLP.DLL

Handler: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sap\frontend\sapgui\SAPHTMLP.DLL

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: igfxcui - igfxdev.dll

AppInit_DLLs: PGPmapih.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~1\office14\GROOVEEX.DLL

SEH: Internet Shortcut: {fbf23b40-e3f0-101b-8488-00aa003e56f8} - c:\windows\system32\ieframe.dll

LSA: Notification Packages = scecli PGPpwflt

mASetup: {4DBB292B-E365-461C-8502-58AC34DDBB85} - msiexec /fu {4DBB292B-E365-461C-8502-58AC34DDBB85} /qn

Hosts: 69.72.252.254 www.google-analytics.com.

Hosts: 69.72.252.254 ad-emea.doubleclick.net.

Hosts: 69.72.252.254 www.statcounter.com.

Hosts: 184.95.41.155 www.google-analytics.com.

Hosts: 184.95.41.155 ad-emea.doubleclick.net.

.

Note: multiple HOSTS entries found. Please refer to Attach.txt

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\phower64766\appdata\roaming\mozilla\firefox\profiles\msaoj7je.default\

FF - prefs.js: browser.startup.homepage - hxxp://insideapplied/

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\progra~1\micros~1\office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\micros~1\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: c:\program files\veetle\player\npvlc.dll

FF - plugin: c:\program files\veetle\plugins\npVeetle.dll

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-5-17 344712]

R0 pgpfs;PGP File Sharing;c:\windows\system32\drivers\PGPfsfd.sys [2011-6-16 136824]

R0 Pgpwdefs;Pgpwdefs;c:\windows\system32\drivers\PGPwdefs.sys [2011-6-16 13944]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]

R2 ADService;ADService;c:\program files\accessdata\agent\ADService.exe [2010-5-11 7824896]

R2 ATService;AuthenTec Fingerprint Service;c:\program files\fingerprint sensor\AtService.exe [2010-6-17 2043712]

R2 CipcCdp;Cisco IP Communicator driver for CDP;c:\windows\system32\drivers\CipcCdp.sys [2010-4-12 24000]

R2 DLOChangeJournalSvc;Symantec NetBackup Desktop Agent Change Journal Reader;c:\program files\symantec\netbackup dlo\dlo\DLOChangeLogSvcu.exe [2011-2-11 968088]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\intel\intel® rapid storage technology\IAStorDataMgrSvc.exe [2011-8-13 13336]

R2 JuniperAccessService;Juniper Unified Network Service;c:\program files\common files\juniper networks\juns\dsAccessService.exe [2010-6-2 132464]

R2 Lotus Notes Diagnostics;Lotus Notes Diagnostics;c:\program files\ibm\lotus\notes\nsd.exe [2010-8-11 3417480]

R2 McAfeeEngineService;McAfee Engine Service;c:\program files\mcafee\virusscan enterprise\EngineServer.exe [2010-8-25 22816]

R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2011-1-12 120128]

R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2010-8-25 147984]

R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2010-8-25 66880]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-5-17 69192]

R2 PGP RDD Service;PGP RDD Service;c:\program files\pgp corporation\pgp desktop\RDDService.exe [2011-6-16 166520]

R2 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [2011-8-13 48128]

R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2009-10-28 483688]

R2 SplashtopRemoteService;Splashtop® Remote Service;c:\program files\splashtop\splashtop remote\server\SRService.exe [2011-10-24 520040]

R2 SSUService;Splashtop Software Updater Service;c:\program files\splashtop\splashtop software updater\SSUService.exe [2011-11-9 370504]

R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\toshiba\teco\TecoService.exe [2010-12-8 189880]

R2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\intel\intel® management engine components\uns\UNS.exe [2011-5-17 2538520]

R2 Wireless_AutoSwitch;Wireless AutoSwitch;c:\program files\wireless autoswitch\WrlsAutoSW.exs [2011-4-10 146535]

R3 ad_driver;AccessData Driver;c:\windows\system32\ad_driver.sys [2011-5-18 13808]

R3 ATSwpWDF;AuthenTec TruePrint USB Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2010-6-17 677320]

R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k6232.sys [2011-5-17 208552]

R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2011-5-17 132480]

R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2010-6-21 246272]

R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-5-17 91896]

R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-5-17 43192]

R3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETwNs32.sys [2011-7-13 7122944]

R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2009-10-28 550760]

R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2009-10-28 195944]

R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2009-10-28 21864]

R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2009-10-28 19304]

R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2009-10-28 209256]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-4-13 45736]

S3 dc21x4vm;dc21x4vm;c:\windows\system32\drivers\dc21x4vm.sys [2009-6-10 52224]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-5-17 66536]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-11 31125880]

S3 netvsc;netvsc;c:\windows\system32\drivers\netvsc60.sys [2009-7-14 126464]

S3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2011-5-17 6764544]

S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2011-5-17 60544]

S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2011-5-17 141568]

S3 OracleOraHome81ClientCache;OracleOraHome81ClientCache;c:\orant\bin\ONRSD.EXE [2011-12-15 411244]

S3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.sys [2011-5-17 816792]

S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 SynthVid;SynthVid;c:\windows\system32\drivers\VMBusVideoM.sys [2009-7-14 19456]

.

=============== Created Last 30 ================

.

2011-12-24 17:28:08 -------- d-----w- c:\users\phower64766\appdata\local\Mozilla

2011-12-24 17:21:08 -------- d-----w- c:\users\phower64766\appdata\local\Apple Computer

2011-12-20 20:07:54 -------- d-----w- c:\users\phower64766\appdata\roaming\Icox

2011-12-20 20:07:54 -------- d-----w- c:\users\phower64766\appdata\roaming\Aktiaca

2011-12-16 19:08:52 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll

2011-12-16 19:08:52 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll

2011-12-16 19:08:52 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll

2011-12-16 19:08:52 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll

2011-12-16 19:08:52 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll

2011-12-16 19:08:52 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll

2011-12-16 19:08:52 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll

2011-12-15 22:19:16 -------- d-----w- C:\orant

2011-12-15 19:29:04 -------- d-----w- c:\users\phower64766\appdata\local\ApplicationHistory

2011-12-15 18:31:31 708608 ----a-w- c:\program files\common files\system\wab32.dll

2011-12-15 18:31:20 1285488 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-12-14 01:33:01 -------- d-----w- c:\users\phower64766\appdata\roaming\smkits

2011-12-09 15:03:13 -------- d-----w- c:\users\phower64766\appdata\local\Apps

2011-11-28 22:29:02 -------- d-----w- c:\users\phower64766\appdata\roaming\Oskayd

2011-11-28 22:29:02 -------- d-----w- c:\users\phower64766\appdata\roaming\Odorapc

.

==================== Find3M ====================

.

2011-12-26 13:33:21 13808 ----a-w- c:\windows\system32\ad_driver.sys

2011-11-08 08:31:01 290742 ----a-w- c:\windows\system32\PGPlspRollback.reg

2011-11-04 22:04:25 0 ----a-w- c:\windows\system32\sho4D3C.tmp

2011-10-24 21:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2011-10-24 21:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts

2011-10-01 02:59:14 1638912 ----a-w- c:\windows\system32\mshtml.tlb

.

============= FINISH: 10:52:29.98 ===============

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 911122602

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

12/26/2011 7:58:19 AM

mbam-log-2011-12-26 (07-58-19).txt

Scan type: Full scan (C:\|U:\|)

Objects scanned: 467535

Time elapsed: 1 hour(s), 22 minute(s), 32 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

[Maurice Naggar]

Hello phower2112,

Does your company have a Help /suuprt desk? Have you checked with them?

Which browser is having the "gala" issue? Just I.E. ?

By the way, do NOT run any tools or fixes by yourself, while you are being helped here. ok?

Certainly never ever run Combofix without expert guidance.

To show all files:

• Go to your Desktop
• Double-Click the Computer icon.
  
• From the menu options, Select Tools, then Folder Options.
  
• Next click the View tab.
  
• Locate and uncheck Hide file extensions for known file types.
  
• Locate and uncheck Hide protected operating system files (Recommended).
  
• Locate and click Show hidden files and folders and drives.
  
• Click Apply > OK.

Download OTL by OldTimer to your desktop: http://oldtimer.geekstogo.com/OTL.exe

• Close all programs that you may have started. Right click the OTL icon and select Run as Administrator to start the program.
  
• In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
  
• Now click Run Scan at Top left and let the program run uninterrupted. It will take about 4 minutes.
  
• It will produce two logs for you, one will pop up called OTL.txt, the other will be saved on your desktop and called Extras.txt.
  
• Exit Notepad. Remember where you've saved these 2 files as we will need both of them shortly!
  
• Exit OTL by clicking the X at top right.

Then copy/paste the following into your post (in order):

• the contents of OTL.txt;
  
• the contents of Extras.txt

Be sure to do a Preview prior to pressing Submit because all reports may not fit into 1 single reply. You may have to do more than 1 reply.

Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

[phower2112]

Hi,

Yes. We have an IT desk that is shutdown for the holidays. This is happening with both IE and Firefox.

OTL logfile created on: 12/26/2011 12:03:24 PM - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\phower64766\Desktop

Enterprise Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.86 Gb Total Physical Memory | 0.38 Gb Available Physical Memory | 13.31% Memory free

5.72 Gb Paging File | 1.65 Gb Available in Paging File | 28.93% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 119.24 Gb Total Space | 15.16 Gb Free Space | 12.71% Space Free | Partition Type: NTFS

Computer Name: 1B092539H | User Name: PHower64766 | NOT logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/26 12:01:54 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\phower64766\Desktop\OTL.exe

PRC - [2011/11/09 23:04:50 | 000,370,504 | ---- | M] (Splashtop Inc.) -- C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe

PRC - [2011/10/24 17:02:04 | 000,520,040 | ---- | M] (Splashtop Inc.) -- C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe

PRC - [2011/10/24 17:02:00 | 002,468,200 | ---- | M] (Splashtop Inc.) -- C:\Program Files\Splashtop\Splashtop Remote\Server\SRServer.exe

PRC - [2011/10/24 17:00:40 | 001,922,920 | ---- | M] () -- C:\Program Files\Splashtop\Splashtop Remote\Server\DataProxy.exe

PRC - [2011/07/15 21:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe

PRC - [2011/06/16 21:04:24 | 003,741,304 | ---- | M] (PGP Corporation) -- C:\Program Files\PGP Corporation\PGP Desktop\PGPtray.exe

PRC - [2011/06/16 21:04:24 | 000,166,520 | ---- | M] (PGP Corporation) -- C:\Program Files\PGP Corporation\PGP Desktop\RDDService.exe

PRC - [2011/06/16 21:04:24 | 000,135,288 | ---- | M] (PGP Corporation) -- C:\Windows\System32\PGPserv.exe

PRC - [2011/06/16 21:04:22 | 000,641,656 | ---- | M] (PGP Corporation) -- C:\Program Files\PGP Corporation\PGP Desktop\PGPfsd.exe

PRC - [2011/04/10 14:25:00 | 000,146,535 | ---- | M] (Sase Sham, Inc.) -- C:\Program Files\Wireless AutoSwitch\WrlsAutoSW.exs

PRC - [2011/03/02 10:07:04 | 002,745,760 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

PRC - [2011/02/11 11:39:56 | 012,854,680 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\NetBackup DLO\DLO\DLOClientu.exe

PRC - [2011/02/11 11:39:48 | 000,968,088 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\NetBackup DLO\DLO\DLOChangeLogSvcu.exe

PRC - [2011/01/28 11:08:16 | 001,349,032 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TECO\Teco.exe

PRC - [2011/01/14 17:19:42 | 002,885,056 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe

PRC - [2011/01/12 15:05:00 | 000,185,664 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe

PRC - [2011/01/12 15:05:00 | 000,161,088 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe

PRC - [2011/01/12 15:05:00 | 000,120,128 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe

PRC - [2011/01/12 15:05:00 | 000,075,072 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\McTray.exe

PRC - [2010/12/08 14:51:14 | 000,189,880 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TECO\TecoService.exe

PRC - [2010/11/14 19:04:58 | 000,231,888 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10h_ActiveX.exe

PRC - [2010/11/05 22:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

PRC - [2010/11/05 22:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

PRC - [2010/11/04 10:03:40 | 000,783,224 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TFPU\TFPUTaskMonitor.exe

PRC - [2010/11/02 09:38:00 | 000,341,392 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe

PRC - [2010/09/16 07:13:50 | 002,538,520 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe

PRC - [2010/09/16 07:13:46 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe

PRC - [2010/09/16 07:13:40 | 001,522,200 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe

PRC - [2010/09/06 15:18:00 | 000,746,384 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe

PRC - [2010/08/25 19:07:00 | 000,147,984 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe

PRC - [2010/08/25 19:07:00 | 000,069,192 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe

PRC - [2010/08/25 19:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

PRC - [2010/08/25 19:07:00 | 000,027,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe

PRC - [2010/08/25 19:07:00 | 000,025,920 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\scan32.exe

PRC - [2010/08/25 19:07:00 | 000,022,816 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe

PRC - [2010/08/23 15:12:00 | 000,677,264 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

PRC - [2010/08/23 15:12:00 | 000,087,440 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

PRC - [2010/08/12 20:47:58 | 015,895,392 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE

PRC - [2010/08/11 09:26:32 | 000,031,624 | ---- | M] (IBM Corp) -- C:\Program Files\IBM\Lotus\Notes\nslsvice.exe

PRC - [2010/08/11 09:26:10 | 003,417,480 | ---- | M] (IBM) -- C:\Program Files\IBM\Lotus\Notes\nsd.exe

PRC - [2010/07/27 16:52:26 | 000,984,432 | ---- | M] (Juniper Networks) -- C:\Program Files\Juniper Networks\Network Connect 6.5.0\dsNetworkConnect.exe

PRC - [2010/07/27 16:52:26 | 000,623,984 | ---- | M] (Juniper Networks) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe

PRC - [2010/06/30 19:21:22 | 005,143,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office Communicator\communicator.exe

PRC - [2010/06/17 17:11:56 | 002,043,712 | ---- | M] (AuthenTec, Inc.) -- C:\Program Files\Fingerprint Sensor\AtService.exe

PRC - [2010/06/02 16:46:12 | 000,497,008 | ---- | M] (Juniper Networks) -- C:\Users\phower64766\AppData\Roaming\Juniper Networks\Setup Client\JuniperSetupClient.exe

PRC - [2010/06/02 16:26:20 | 000,132,464 | ---- | M] (Juniper Networks) -- C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe

PRC - [2010/05/11 16:22:04 | 007,824,896 | ---- | M] (AccessData Corporation) -- C:\Program Files\AccessData\Agent\ADService.exe

PRC - [2010/04/12 09:46:00 | 000,152,944 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

PRC - [2010/04/01 10:35:12 | 001,031,488 | ---- | M] (SAP, Walldorf) -- C:\Program Files\SAP\FrontEnd\SAPgui\saplogon.exe

PRC - [2010/03/29 19:26:00 | 000,227,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE

PRC - [2010/03/16 01:58:36 | 000,718,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE

PRC - [2010/03/02 09:24:26 | 000,888,752 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TFPU\TFPUPWDBank.exe

PRC - [2010/02/25 17:25:00 | 000,288,224 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosSkypeApl.exe

PRC - [2009/11/04 18:14:12 | 001,262,328 | ---- | M] (RSA Security Inc.) -- C:\Program Files\RSA SecurID Software Token\SecurID.exe

PRC - [2009/10/30 22:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2009/10/28 07:49:46 | 000,209,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe

PRC - [2009/10/28 07:49:40 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe

PRC - [2009/10/28 07:48:48 | 000,145,752 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftdcc.exe

PRC - [2009/09/18 02:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CCM\CcmExec.exe

PRC - [2009/07/13 18:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2009/07/13 18:14:15 | 000,301,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe

PRC - [2009/04/03 17:17:00 | 000,447,816 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe

PRC - [2007/01/21 21:33:24 | 000,153,352 | ---- | M] (EMC) -- C:\Program Files\eRoom 7\ERClient7.exe

PRC - [2003/02/22 15:25:26 | 000,409,600 | ---- | M] (Wisdom Software Inc. ) -- C:\Program Files\Wisdom-soft ScreenHunter\ScreenHunter.exe

========== Modules (No Company Name) ==========

MOD - [2011/11/04 20:15:24 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\655ed19f57b30488bf4c407ae1bc8fc6\IAStorUtil.ni.dll

MOD - [2011/11/04 20:15:24 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\9cdcbab4b98eff0399edc83e8728c516\IAStorCommon.ni.dll

MOD - [2011/11/04 15:43:38 | 003,313,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d9f057ed30e6941d47a8754bf0bcadea\WindowsBase.ni.dll

MOD - [2011/11/04 15:43:33 | 012,431,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d76221993c2fdfb991b8c12ae50a30eb\System.Windows.Forms.ni.dll

MOD - [2011/11/04 15:43:23 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\018d2569cf208acbe8ad73908705f607\System.Runtime.Remoting.ni.dll

MOD - [2011/11/04 15:43:11 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\0e245eb9c1067cabd5673fe832d28613\System.Drawing.ni.dll

MOD - [2011/11/04 15:43:08 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\275680f2b9db0501d53c50ea7d7a43f0\System.Xml.ni.dll

MOD - [2011/11/04 15:43:05 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e9ebeb7959f1c916ebf6fca8f7077d6c\System.Configuration.ni.dll

MOD - [2011/11/04 15:42:53 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\95b9866ab6e4437ef5dc5855ebab4e33\System.ni.dll

MOD - [2011/11/04 15:42:44 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll

MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2011/01/08 10:49:22 | 000,295,800 | ---- | M] () -- C:\Program Files\Toshiba\TFPU\TFPUCommon.dll

MOD - [2010/12/15 14:18:08 | 000,107,936 | ---- | M] () -- C:\Program Files\Toshiba\TECO\MUIHelp.dll

MOD - [2010/03/24 20:17:36 | 008,794,464 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll

MOD - [2010/02/28 01:55:42 | 001,040,736 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll

MOD - [2010/01/30 01:41:12 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

MOD - [2009/11/04 18:14:32 | 007,275,256 | ---- | M] () -- C:\Program Files\RSA SecurID Token Common\QtGui4.dll

MOD - [2009/11/04 18:14:32 | 002,028,280 | ---- | M] () -- C:\Program Files\RSA SecurID Token Common\QtCore4.dll

MOD - [2009/07/13 18:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\System32\msjetoledb40.dll

MOD - [2008/05/19 09:32:20 | 001,212,416 | ---- | M] () -- C:\Program Files\BestOn\EZVirtual Cam\EZVirtualCamDLL.dll

MOD - [2007/10/08 08:33:34 | 000,053,248 | ---- | M] () -- C:\Program Files\BestOn\EZVirtual Cam\EZVirtualCam.ax

MOD - [2007/09/21 16:19:16 | 000,176,128 | ---- | M] () -- C:\Program Files\BestOn\EZVirtual Cam\FinalTrial.dll

MOD - [2007/09/21 15:55:40 | 000,327,680 | ---- | M] () -- C:\Program Files\BestOn\EZVirtual Cam\EZVerify.dll

MOD - [2007/09/21 10:47:54 | 000,196,608 | ---- | M] () -- C:\Program Files\BestOn\EZVirtual Cam\Detector.dll

MOD - [2007/05/18 20:22:06 | 000,698,432 | ---- | M] () -- C:\Program Files\BestOn\EZVirtual Cam\libmng.dll

MOD - [2007/04/18 18:30:46 | 000,471,040 | ---- | M] () -- C:\Program Files\McAfee\Common Framework\ccme_base.dll

MOD - [2007/04/18 18:30:46 | 000,393,216 | ---- | M] () -- C:\Program Files\McAfee\Common Framework\cryptocme2.dll

MOD - [2007/01/21 21:33:28 | 000,087,816 | ---- | M] () -- C:\Program Files\eRoom 7\Res\ResAddin7409.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/11/09 23:04:50 | 000,370,504 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe -- (SSUService)

SRV - [2011/10/24 17:02:04 | 000,520,040 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe -- (SplashtopRemoteService)

SRV - [2011/06/16 21:04:24 | 000,166,520 | ---- | M] (PGP Corporation) [Auto | Running] -- C:\Program Files\PGP Corporation\PGP Desktop\RDDService.exe -- (PGP RDD Service)

SRV - [2011/06/16 21:04:24 | 000,135,288 | ---- | M] (PGP Corporation) [Auto | Running] -- C:\Windows\System32\PGPserv.exe -- (PGPserv)

SRV - [2011/06/11 20:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)

SRV - [2011/04/10 14:25:00 | 000,146,535 | ---- | M] (Sase Sham, Inc.) [Auto | Running] -- C:\Program Files\Wireless AutoSwitch\WrlsAutoSW.exs -- (Wireless_AutoSwitch)

SRV - [2011/02/11 11:39:48 | 000,968,088 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\NetBackup DLO\DLO\DLOChangeLogSvcu.exe -- (DLOChangeJournalSvc)

SRV - [2011/01/12 15:05:00 | 000,120,128 | ---- | M] (McAfee, Inc.) [unknown | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)

SRV - [2010/12/08 14:51:14 | 000,189,880 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)

SRV - [2010/11/05 22:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®

SRV - [2010/09/16 07:13:50 | 002,538,520 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®

SRV - [2010/09/16 07:13:46 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®

SRV - [2010/08/25 19:07:00 | 000,147,984 | ---- | M] (McAfee, Inc.) [unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield)

SRV - [2010/08/25 19:07:00 | 000,069,192 | ---- | M] (McAfee, Inc.) [unknown | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)

SRV - [2010/08/25 19:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) [unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)

SRV - [2010/08/25 19:07:00 | 000,022,816 | ---- | M] (McAfee, Inc.) [unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe -- (McAfeeEngineService)

SRV - [2010/08/11 09:27:12 | 000,058,760 | ---- | M] (IBM Corp) [Disabled | Stopped] -- C:\Program Files\IBM\Lotus\Notes\ntmulti.exe -- (Multi-user Cleanup Service)

SRV - [2010/08/11 09:26:32 | 000,031,624 | ---- | M] (IBM Corp) [Auto | Running] -- C:\Program Files\IBM\Lotus\Notes\nslsvice.exe -- (Lotus Notes Single Logon)

SRV - [2010/08/11 09:26:10 | 003,417,480 | ---- | M] (IBM) [Auto | Running] -- C:\Program Files\IBM\Lotus\Notes\nsd.exe -- (Lotus Notes Diagnostics)

SRV - [2010/07/27 16:52:26 | 000,623,984 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)

SRV - [2010/06/17 17:11:56 | 002,043,712 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Program Files\Fingerprint Sensor\AtService.exe -- (ATService)

SRV - [2010/06/02 16:26:20 | 000,132,464 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe -- (JuniperAccessService)

SRV - [2010/05/11 16:22:04 | 007,824,896 | ---- | M] (AccessData Corporation) [Auto | Running] -- C:\Program Files\AccessData\Agent\ADService.exe -- (ADService)

SRV - [2010/04/12 09:46:00 | 000,152,944 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)

SRV - [2009/10/28 07:49:46 | 000,209,256 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)

SRV - [2009/10/28 07:49:40 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)

SRV - [2009/09/18 02:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\CCM\CcmExec.exe -- (CcmExec)

SRV - [2009/09/18 02:00:00 | 000,246,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\CCM\TSManager.exe -- (smstsmgr)

SRV - [2009/07/13 18:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)

SRV - [2009/07/13 18:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009/07/13 18:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)

SRV - [2009/07/13 18:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2000/10/19 11:55:50 | 000,411,244 | ---- | M] () [On_Demand | Stopped] -- C:\orant\bin\ONRSD.EXE -- (OracleOraHome81ClientCache)

========== Driver Services (SafeList) ==========

DRV - [2011/12/26 06:33:21 | 000,013,808 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\ad_driver.sys -- (ad_driver)

DRV - [2011/06/16 21:04:24 | 000,303,224 | ---- | M] (PGP Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\PGPwded.sys -- (PGPwded)

DRV - [2011/06/16 21:04:24 | 000,243,832 | ---- | M] (PGP Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PGPdisk.sys -- (PGPdisk)

DRV - [2011/06/16 21:04:24 | 000,040,568 | ---- | M] (PGP Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PGPsdk.sys -- (PGPsdkDriver)

DRV - [2011/06/16 21:04:22 | 000,136,824 | ---- | M] (PGP Corporation) [File_System | Boot | Running] -- C:\Windows\System32\Drivers\PGPfsfd.sys -- (pgpfs)

DRV - [2011/06/16 21:04:22 | 000,013,944 | ---- | M] (PGP Corporation) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Pgpwdefs.sys -- (Pgpwdefs)

DRV - [2011/05/17 08:44:27 | 000,816,792 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pmxdrv.sys -- (pmxdrv)

DRV - [2011/02/23 10:03:04 | 000,235,824 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd)

DRV - [2011/01/27 14:26:16 | 000,056,888 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb)

DRV - [2010/11/29 10:47:00 | 000,070,448 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom)

DRV - [2010/11/11 09:26:00 | 000,042,672 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp)

DRV - [2010/10/18 03:20:48 | 007,122,944 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETwNs32.sys -- (NETwNs32) ___ Intel®

DRV - [2010/08/30 09:48:00 | 000,080,064 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid)

DRV - [2010/08/25 19:07:00 | 000,344,712 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mfehidk.sys -- (mfehidk)

DRV - [2010/08/25 19:07:00 | 000,091,896 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)

DRV - [2010/08/25 19:07:00 | 000,076,024 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)

DRV - [2010/08/25 19:07:00 | 000,066,536 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)

DRV - [2010/08/25 19:07:00 | 000,064,208 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfetdik.sys -- (mfetdik)

DRV - [2010/08/25 19:07:00 | 000,043,192 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)

DRV - [2010/07/27 16:26:06 | 000,026,624 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dsNcAdpt.sys -- (dsNcAdpt)

DRV - [2010/06/21 14:14:36 | 000,246,272 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) Intel®

DRV - [2010/06/18 15:44:00 | 000,015,160 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)

DRV - [2010/06/17 17:30:04 | 000,677,320 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATSwpWDF.sys -- (ATSwpWDF)

DRV - [2010/04/26 10:48:00 | 000,053,760 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\TosRfSnd.sys -- (TosRfSnd)

DRV - [2010/04/21 09:36:58 | 006,764,544 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32) Intel®

DRV - [2010/04/13 23:01:48 | 000,045,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)

DRV - [2010/04/12 07:26:26 | 000,024,000 | ---- | M] (Cisco Systems) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CipcCdp.sys -- (CipcCdp)

DRV - [2010/03/12 17:22:18 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2pl)

DRV - [2010/02/26 16:31:22 | 000,132,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd)

DRV - [2010/02/24 11:09:38 | 000,141,568 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nusb3xhc.sys -- (nusb3xhc)

DRV - [2010/02/24 11:09:38 | 000,060,544 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nusb3hub.sys -- (nusb3hub)

DRV - [2009/12/31 02:22:09 | 000,295,936 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)

DRV - [2009/11/27 20:48:00 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\risdpe86.sys -- (risdpcie)

DRV - [2009/10/28 07:49:46 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)

DRV - [2009/10/28 07:49:44 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)

DRV - [2009/10/28 07:49:42 | 000,195,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)

DRV - [2009/10/28 07:49:38 | 000,550,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)

DRV - [2009/09/23 18:09:56 | 000,208,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1k6232.sys -- (e1kexpress) Intel®

DRV - [2009/09/22 18:19:31 | 000,055,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr)

DRV - [2009/09/22 18:18:08 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)

DRV - [2009/09/22 18:18:07 | 000,165,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)

DRV - [2009/09/18 02:00:00 | 000,020,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\CCM\PrepDrv.sys -- (prepdrvr)

DRV - [2009/09/17 09:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel®

DRV - [2009/07/24 10:31:00 | 000,021,608 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds)

DRV - [2009/07/14 13:23:16 | 000,023,512 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ.SYS -- (TVALZ)

DRV - [2009/07/13 18:19:10 | 000,445,008 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\drivers\Wdf01000.sys -- (Wdf01000)

DRV - [2009/07/13 18:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)

DRV - [2009/07/13 16:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)

DRV - [2009/07/13 16:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)

DRV - [2009/07/13 16:28:49 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netvsc60.sys -- (netvsc)

DRV - [2009/07/13 16:28:48 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusVideoM.sys -- (SynthVid)

DRV - [2009/07/13 16:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)

DRV - [2009/07/13 16:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)

DRV - [2009/07/13 16:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)

DRV - [2009/07/13 15:02:49 | 000,052,224 | ---- | M] (Microsoft Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dc21x4vm.sys -- (dc21x4vm)

DRV - [2009/06/19 09:58:00 | 000,009,608 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\Toshidpt.sys -- (toshidpt)

DRV - [2009/06/17 11:59:00 | 000,046,984 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://InsideApplied

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 23 21 46 92 AA B3 CC 01 [binary data]

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://insideapplied/"

FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)

FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C1CA7765-44E4-452e-9D00-A04F3D434281}: C:\Program Files\TOSHIBA\TFPU\FirefoxAddin [2011/08/13 08:58:54 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/24 10:27:40 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/12/24 10:28:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\phower64766\AppData\Roaming\mozilla\Extensions

[2011/12/24 10:27:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2011/12/21 00:24:52 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2011/12/20 21:30:41 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2011/12/20 21:30:41 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/12/21 16:08:27 | 000,001,395 | RHS- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O1 - Hosts: 69.72.252.254 www.google-analytics.com.

O1 - Hosts: 69.72.252.254 ad-emea.doubleclick.net.

O1 - Hosts: 69.72.252.254 www.statcounter.com.

O1 - Hosts: 184.95.41.155 www.google-analytics.com.

O1 - Hosts: 184.95.41.155 ad-emea.doubleclick.net.

O1 - Hosts: 184.95.41.155 www.statcounter.com.

O2 - BHO: (TFPUPWDBankBHO Class) - {030AC7B6-E7EC-40F1-8FB2-C0FD344DE0B9} - C:\Program Files\Toshiba\TFPU\TFPUPWDBankBHO.dll (TODO: <Company name>)

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll File not found

O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (Microsoft.Medv.UrlRedirectionBHO Class) - {C26B6E5C-9D27-43C7-AAB4-F8A64C09F4DC} - C:\Program Files\Microsoft Enterprise Desktop Virtualization\BHO\x86\UrlRedirectionBHO.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll File not found

O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [bCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)

O4 - HKLM..\Run: [CfgDownload] C:\Program Files\IXOS\bin\CfgDownload.exe (IXOS SOFTWARE AG)

O4 - HKLM..\Run: [Cisco IP Communicator 7.0.4] C:\Windows\IS\Logs\Cisco.IPCommunicator\7.0.4\LaunchNotice.vbs ()

O4 - HKLM..\Run: [Communicator] C:\Program Files\Microsoft Office Communicator\communicator.exe (Microsoft Corporation)

O4 - HKLM..\Run: [iAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)

O4 - HKLM..\Run: [iMSS] C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)

O4 - HKLM..\Run: [iTSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)

O4 - HKLM..\Run: [shStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)

O4 - HKLM..\Run: [softGridTray] C:\Program Files\Microsoft Application Virtualization Client\SFTTray.exe (Microsoft Corporation)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jaureg.exe ()

O4 - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [TFPUPWDBankService] C:\Program Files\TOSHIBA\TFPU\TFPUPWDBank.exe (TOSHIBA)

O4 - HKLM..\Run: [TFPUService] C:\Program Files\TOSHIBA\TFPU\TFPUTaskMonitor.exe (TOSHIBA)

O4 - HKLM..\Run: [TosVolRegulator] C:\Program Files\Toshiba\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [TSleepSrv] C:\Program Files\Toshiba\TOSHIBA Sleep Utility\TSleepSrv.exe (TOSHIBA)

O4 - HKCU..\Run: [{193021EF-2B5F-BFE0-0EE5-E62E7441B249}] C:\Users\phower64766\AppData\Roaming\Aktiaca\iwexnua.exe File not found

O4 - HKCU..\Run: [{E5435D00-ABFD-D140-D7DA-E1789A24514D}] C:\Users\phower64766\AppData\Roaming\Odorapc\ofqahea.exe File not found

O4 - HKCU..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)

O4 - Startup: C:\Users\phower64766\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor My eRooms (V7).lnk = C:\Program Files\eRoom 7\ERClient7.exe (EMC)

O4 - Startup: C:\Users\phower64766\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWebServices = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPublishingWizard = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\kerberos\parameters: supportedencryptiontypes = 2147483647

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogOff = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisablePersonalDirChange = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\PGPlsp.dll (PGP Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\PGPlsp.dll (PGP Corporation)

O13 - gopher Prefix: missing

O15 - HKCU\..Trusted Domains: adp.com ([]https in Trusted sites)

O15 - HKCU\..Trusted Domains: myworkday.com ([]https in Trusted sites)

O15 - HKCU\..Trusted Domains: workday.com ([]https in Trusted sites)

O16 - DPF: {6E2510E6-BF2D-4C78-9F28-2F5C8760F124} https://eroom.intel.com/eRoomSetup/client.cab (ERPageAddin Class)

O16 - DPF: {75AA409D-05F9-4F27-BD53-C7339D4B1D0A} http://emamat09.mis.amat.com/dwa85W.cab (IBM Lotus iNotes 8.5 Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)

O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://juniper.net/dana-cached/setup/JuniperSetupSP1.cab (JuniperSetupControlXP Class)

O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://us.econnect.amat.com/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 152.135.191.189 152.135.192.20

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = amat.com

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{28D4F158-92F4-4239-9051-7BBBC5FB1E26}: DhcpNameServer = 152.135.114.13 152.135.191.191

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8DFAD3DE-F443-4D84-A1F1-1BFE8CFB6B3A}: DhcpNameServer = 192.168.0.1 205.171.2.25

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AE1E0727-5801-45FF-A6F4-1EB394ED62A1}: DhcpNameServer = 152.135.191.189 152.135.192.20

O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP, Walldorf)

O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP, Walldorf)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20 - AppInit_DLLs: (PGPmapih.dll) -C:\Windows\System32\PGPmapih.dll (PGP Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - ("C:\Program Files\Microsoft Application Virtualization Client\sftdcc.exe") -C:\Program Files\Microsoft Application Virtualization Client\sftdcc.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/26 12:01:53 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\phower64766\Desktop\OTL.exe

[2011/12/26 07:53:51 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\phower64766\Desktop\dds.scr

[2011/12/24 10:28:08 | 000,000,000 | ---D | C] -- C:\Users\phower64766\AppData\Roaming\Mozilla

[2011/12/24 10:28:08 | 000,000,000 | ---D | C] -- C:\Users\phower64766\AppData\Local\Mozilla

[2011/12/24 10:27:36 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

[2011/12/24 10:26:38 | 015,292,208 | ---- | C] (Mozilla) -- C:\Users\phower64766\Desktop\Firefox Setup 9.0.1.exe

[2011/12/24 10:21:08 | 000,000,000 | ---D | C] -- C:\Users\phower64766\AppData\Local\Apple Computer

[2011/12/24 10:19:18 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\phower64766\Desktop\GooredFix.exe

[2011/12/24 10:14:17 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Users\phower64766\Desktop\ATF_Cleaner.exe

[2011/12/23 14:52:26 | 001,578,288 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\phower64766\Desktop\TDSSKiller.exe

[2011/12/20 13:07:54 | 000,000,000 | ---D | C] -- C:\Users\phower64766\AppData\Roaming\Icox

[2011/12/20 13:07:54 | 000,000,000 | ---D | C] -- C:\Users\phower64766\AppData\Roaming\Aktiaca

[2011/12/16 12:08:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime

[2011/12/16 12:07:51 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime

[2011/12/16 12:00:56 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2011/12/15 15:19:16 | 000,000,000 | ---D | C] -- C:\orant

[2011/12/15 12:29:04 | 000,000,000 | ---D | C] -- C:\Users\phower64766\AppData\Local\ApplicationHistory

[2011/12/13 18:33:01 | 000,000,000 | ---D | C] -- C:\Users\phower64766\AppData\Roaming\smkits

[2011/12/13 07:07:48 | 000,000,000 | ---D | C] -- C:\Users\phower64766\Documents\Staff

[2011/12/09 08:03:13 | 000,000,000 | ---D | C] -- C:\Users\phower64766\AppData\Local\Apps

[2011/11/28 15:29:02 | 000,000,000 | ---D | C] -- C:\Users\phower64766\AppData\Roaming\Oskayd

[2011/11/28 15:29:02 | 000,000,000 | ---D | C] -- C:\Users\phower64766\AppData\Roaming\Odorapc

[2010/07/29 00:50:54 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll

[11 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/26 12:01:54 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\phower64766\Desktop\OTL.exe

[2011/12/26 07:53:54 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\phower64766\Desktop\dds.scr

[2011/12/26 06:42:04 | 000,718,670 | ---- | M] () -- C:\Windows\System32\perfh00C.dat

[2011/12/26 06:42:04 | 000,713,720 | ---- | M] () -- C:\Windows\System32\perfh010.dat

[2011/12/26 06:42:04 | 000,668,692 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2011/12/26 06:42:04 | 000,639,608 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2011/12/26 06:42:04 | 000,418,680 | ---- | M] () -- C:\Windows\System32\perfh012.dat

[2011/12/26 06:42:04 | 000,407,372 | ---- | M] () -- C:\Windows\System32\perfh011.dat

[2011/12/26 06:42:04 | 000,395,790 | ---- | M] () -- C:\Windows\System32\prfh0404.dat

[2011/12/26 06:42:04 | 000,379,488 | ---- | M] () -- C:\Windows\System32\prfh0804.dat

[2011/12/26 06:42:04 | 000,375,280 | ---- | M] () -- C:\Windows\System32\perfh00D.dat

[2011/12/26 06:42:04 | 000,137,138 | ---- | M] () -- C:\Windows\System32\perfc00C.dat

[2011/12/26 06:42:04 | 000,136,440 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2011/12/26 06:42:04 | 000,134,328 | ---- | M] () -- C:\Windows\System32\perfc010.dat

[2011/12/26 06:42:04 | 000,112,736 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2011/12/26 06:42:04 | 000,112,550 | ---- | M] () -- C:\Windows\System32\perfc011.dat

[2011/12/26 06:42:04 | 000,110,838 | ---- | M] () -- C:\Windows\System32\perfc012.dat

[2011/12/26 06:42:04 | 000,110,410 | ---- | M] () -- C:\Windows\System32\prfc0804.dat

[2011/12/26 06:42:04 | 000,105,496 | ---- | M] () -- C:\Windows\System32\prfc0404.dat

[2011/12/26 06:42:04 | 000,075,256 | ---- | M] () -- C:\Windows\System32\perfc00D.dat

[2011/12/26 06:41:39 | 000,012,064 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2011/12/26 06:41:39 | 000,012,064 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2011/12/26 06:34:47 | 000,000,470 | ---- | M] () -- C:\Windows\SMSCFG.INI

[2011/12/26 06:33:21 | 000,013,808 | ---- | M] () -- C:\Windows\System32\ad_driver.sys

[2011/12/26 06:33:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011/12/26 06:33:10 | 2303,004,672 | -HS- | M] () -- C:\hiberfil.sys

[2011/12/24 10:31:45 | 000,000,115 | ---- | M] () -- C:\Users\phower64766\Desktop\fixme.reg

[2011/12/24 10:27:41 | 000,001,107 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2011/12/24 10:26:38 | 015,292,208 | ---- | M] (Mozilla) -- C:\Users\phower64766\Desktop\Firefox Setup 9.0.1.exe

[2011/12/24 10:18:31 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\phower64766\Desktop\GooredFix.exe

[2011/12/24 10:14:17 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Users\phower64766\Desktop\ATF_Cleaner.exe

[2011/12/23 14:52:26 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\phower64766\Desktop\TDSSKiller.exe

[2011/12/21 16:08:27 | 000,001,395 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts

[2011/12/21 14:22:22 | 000,073,566 | RHS- | M] () -- C:\Users\phower64766\ntuser.pol

[2011/12/21 10:56:47 | 000,001,273 | ---- | M] () -- C:\Users\phower64766\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk

[2011/12/20 13:52:12 | 000,007,598 | ---- | M] () -- C:\Users\phower64766\AppData\Local\Resmon.ResmonCfg

[2011/12/20 11:02:13 | 000,000,130 | ---- | M] () -- C:\Users\phower64766\Documents\amgi.dsn

[2011/12/20 10:50:21 | 000,344,064 | ---- | M] () -- C:\Users\phower64766\Documents\Database22.accdb

[2011/12/20 10:49:09 | 267,542,528 | ---- | M] () -- C:\Users\phower64766\Desktop\Critical Parts Rev2_Backup.accdb

[2011/12/20 10:49:09 | 267,542,528 | ---- | M] () -- C:\Users\phower64766\Desktop\Critical Parts Rev2.accdb

[2011/12/16 12:08:37 | 000,001,822 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk

[2011/12/15 21:23:53 | 000,075,354 | RHS- | M] () -- C:\ProgramData\ntuser.pol

[2011/12/15 16:01:42 | 267,001,856 | ---- | M] () -- C:\Users\phower64766\Desktop\Critical Parts.accdb

[2011/12/15 10:43:11 | 000,000,406 | ---- | M] () -- C:\Windows\ODBC.INI

[2011/12/14 12:42:17 | 029,884,416 | ---- | M] () -- C:\Users\phower64766\Desktop\VF BOM MANAGEMENT TOOL for NM.accdb

[2011/12/08 13:41:57 | 000,002,024 | ---- | M] () -- C:\Users\phower64766\Documents\Default.rdp

[2011/12/08 07:30:42 | 000,471,040 | ---- | M] () -- C:\Users\phower64766\Documents\Database25.accdb

[2011/12/04 12:14:17 | 000,425,984 | ---- | M] () -- C:\Users\phower64766\Documents\SO Demand - Usage.accdb

[2011/11/26 12:31:47 | 000,027,349 | ---- | M] () -- C:\Users\phower64766\Desktop\USPS report.zip

[11 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/24 10:31:32 | 000,000,115 | ---- | C] () -- C:\Users\phower64766\Desktop\fixme.reg

[2011/12/24 10:27:41 | 000,001,119 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

[2011/12/24 10:27:41 | 000,001,107 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2011/12/20 11:02:13 | 000,000,130 | ---- | C] () -- C:\Users\phower64766\Documents\amgi.dsn

[2011/12/20 10:49:25 | 000,344,064 | ---- | C] () -- C:\Users\phower64766\Documents\Database22.accdb

[2011/12/20 10:49:14 | 267,542,528 | ---- | C] () -- C:\Users\phower64766\Desktop\Critical Parts Rev2_Backup.accdb

[2011/12/19 10:05:42 | 267,542,528 | ---- | C] () -- C:\Users\phower64766\Desktop\Critical Parts Rev2.accdb

[2011/12/16 12:08:37 | 000,001,822 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk

[2011/12/04 07:24:19 | 000,425,984 | ---- | C] () -- C:\Users\phower64766\Documents\SO Demand - Usage.accdb

[2011/11/26 12:31:47 | 000,027,349 | ---- | C] () -- C:\Users\phower64766\Desktop\USPS report.zip

[2011/10/10 06:42:20 | 000,001,473 | ---- | C] () -- C:\Windows\System32\shortcut_ex.dat

[2011/10/06 12:14:27 | 000,004,096 | -H-- | C] () -- C:\Users\phower64766\AppData\Local\keyfile3.drm

[2011/08/29 06:45:15 | 000,000,218 | ---- | C] () -- C:\Windows\oraodbc.ini

[2011/08/25 07:41:18 | 000,000,183 | ---- | C] () -- C:\Windows\hpbafd.ini

[2011/08/12 08:16:45 | 000,004,764 | ---- | C] () -- C:\Windows\System32\CcmFramework.ini

[2011/06/16 21:04:24 | 000,000,280 | ---- | C] () -- C:\Windows\System32\PGPsdk.dll.sig

[2011/05/30 09:36:16 | 000,000,016 | ---- | C] () -- C:\Windows\System32\jgldog11.dll

[2011/05/28 08:53:37 | 000,007,598 | ---- | C] () -- C:\Users\phower64766\AppData\Local\Resmon.ResmonCfg

[2011/05/18 14:53:15 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat

[2011/05/18 12:12:06 | 000,013,808 | ---- | C] () -- C:\Windows\System32\ad_driver.sys

[2011/05/17 09:30:19 | 000,000,406 | ---- | C] () -- C:\Windows\ODBC.INI

[2011/05/17 09:30:18 | 000,054,343 | ---- | C] () -- C:\Windows\bqmeta0.ini

[2011/05/17 09:30:16 | 000,027,955 | ---- | C] () -- C:\Windows\bqformat.ini

[2011/05/17 09:07:40 | 000,049,152 | ---- | C] () -- C:\Windows\adminset.exe

[2011/05/17 08:50:45 | 000,075,354 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2011/05/17 08:43:40 | 000,816,792 | ---- | C] () -- C:\Windows\System32\drivers\pmxdrv.sys

[2011/05/17 08:24:11 | 000,870,560 | ---- | C] () -- C:\Windows\System32\igkrng575.bin

[2011/05/17 08:24:11 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll

[2011/05/17 08:24:11 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll

[2011/05/17 08:24:11 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config

[2010/11/14 22:18:00 | 000,418,680 | ---- | C] () -- C:\Windows\System32\perfh012.dat

[2010/11/14 22:18:00 | 000,157,694 | ---- | C] () -- C:\Windows\System32\perfi012.dat

[2010/11/14 22:18:00 | 000,110,838 | ---- | C] () -- C:\Windows\System32\perfc012.dat

[2010/11/14 22:18:00 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd012.dat

[2010/11/14 22:09:08 | 000,141,988 | ---- | C] () -- C:\Windows\System32\perfi011.dat

[2010/11/14 22:09:07 | 000,407,372 | ---- | C] () -- C:\Windows\System32\perfh011.dat

[2010/11/14 22:09:07 | 000,112,550 | ---- | C] () -- C:\Windows\System32\perfc011.dat

[2010/11/14 22:09:07 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd011.dat

[2010/11/14 22:00:06 | 000,335,478 | ---- | C] () -- C:\Windows\System32\perfi010.dat

[2010/11/14 22:00:05 | 000,713,720 | ---- | C] () -- C:\Windows\System32\perfh010.dat

[2010/11/14 22:00:05 | 000,134,328 | ---- | C] () -- C:\Windows\System32\perfc010.dat

[2010/11/14 22:00:05 | 000,037,534 | ---- | C] () -- C:\Windows\System32\perfd010.dat

[2010/11/14 21:53:10 | 000,375,280 | ---- | C] () -- C:\Windows\System32\perfh00D.dat

[2010/11/14 21:53:10 | 000,229,316 | ---- | C] () -- C:\Windows\System32\perfi00D.dat

[2010/11/14 21:53:10 | 000,075,256 | ---- | C] () -- C:\Windows\System32\perfc00D.dat

[2010/11/14 21:53:10 | 000,032,166 | ---- | C] () -- C:\Windows\System32\perfd00D.dat

[2010/11/14 21:46:41 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat

[2010/11/14 21:46:40 | 000,668,692 | ---- | C] () -- C:\Windows\System32\perfh007.dat

[2010/11/14 21:46:40 | 000,136,440 | ---- | C] () -- C:\Windows\System32\perfc007.dat

[2010/11/14 21:46:40 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat

[2010/11/14 21:39:50 | 000,718,670 | ---- | C] () -- C:\Windows\System32\perfh00C.dat

[2010/11/14 21:39:50 | 000,344,522 | ---- | C] () -- C:\Windows\System32\perfi00C.dat

[2010/11/14 21:39:50 | 000,137,138 | ---- | C] () -- C:\Windows\System32\perfc00C.dat

[2010/11/14 21:39:50 | 000,038,160 | ---- | C] () -- C:\Windows\System32\perfd00C.dat

[2010/11/14 21:33:08 | 000,117,840 | ---- | C] () -- C:\Windows\System32\prfi0404.dat

[2010/11/14 21:33:07 | 000,395,790 | ---- | C] () -- C:\Windows\System32\prfh0404.dat

[2010/11/14 21:33:07 | 000,105,496 | ---- | C] () -- C:\Windows\System32\prfc0404.dat

[2010/11/14 21:33:07 | 000,031,548 | ---- | C] () -- C:\Windows\System32\prfd0404.dat

[2010/11/14 21:26:46 | 000,111,310 | ---- | C] () -- C:\Windows\System32\prfi0804.dat

[2010/11/14 21:26:45 | 000,379,488 | ---- | C] () -- C:\Windows\System32\prfh0804.dat

[2010/11/14 21:26:45 | 000,110,410 | ---- | C] () -- C:\Windows\System32\prfc0804.dat

[2010/11/14 21:26:45 | 000,031,548 | ---- | C] () -- C:\Windows\System32\prfd0804.dat

[2010/11/14 19:11:18 | 000,006,251 | ---- | C] () -- C:\Windows\saplogon.ini

[2010/11/14 19:08:42 | 001,064,960 | ---- | C] () -- C:\Windows\System32\h5krnl32.dll

[2010/11/14 19:08:42 | 000,188,928 | ---- | C] () -- C:\Windows\System32\h5icon32.dll

[2010/11/14 19:08:42 | 000,175,616 | ---- | C] () -- C:\Windows\System32\h5menu32.dll

[2010/11/14 19:08:42 | 000,095,744 | ---- | C] () -- C:\Windows\System32\h5rtf32.dll

[2010/11/14 19:08:42 | 000,051,200 | ---- | C] () -- C:\Windows\System32\h5tool32.dll

[2010/11/14 19:07:16 | 000,000,078 | ---- | C] () -- C:\Windows\init.ini

[2010/11/14 18:34:19 | 000,000,470 | ---- | C] () -- C:\Windows\SMSCFG.INI

[2010/07/29 01:31:12 | 000,127,868 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin

[2010/07/29 01:31:10 | 000,104,796 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin

[2009/07/13 21:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2009/07/13 21:33:53 | 000,411,984 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2009/07/13 19:05:48 | 000,639,608 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2009/07/13 19:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2009/07/13 19:05:48 | 000,112,736 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2009/07/13 19:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2009/07/13 19:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2009/07/13 19:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2009/07/13 17:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

[2009/07/13 16:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2009/07/13 16:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll

[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll

[2009/07/13 16:11:47 | 000,445,008 | ---- | C] () -- C:\Windows\System32\drivers\Wdf01000.sys

[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[2003/07/03 15:43:04 | 000,000,290 | ---- | C] () -- C:\Windows\brioqry6.ini

========== LOP Check ==========

[2011/12/21 17:01:03 | 000,000,000 | ---D | M] -- C:\Users\phower64766\AppData\Roaming\Aktiaca

[2011/07/28 12:29:04 | 000,000,000 | ---D | M] -- C:\Users\phower64766\AppData\Roaming\BestOn

[2011/05/29 11:17:41 | 000,000,000 | ---D | M] -- C:\Users\phower64766\AppData\Roaming\Cisco

[2011/05/17 09:41:57 | 000,000,000 | ---D | M] -- C:\Users\phower64766\AppData\Roaming\ICAClient

[2011/12/21 14:28:38 | 000,000,000 | ---D | M] -- C:\Users\phower64766\AppData\Roaming\Icox

[2011/07/04 06:58:53 | 000,000,000 | ---D | M] -- C:\Users\phower64766\AppData\Roaming\Juniper Networks

[2011/12/07 15:30:01 | 000,000,000 | ---D | M] -- C:\Users\phower64766\AppData\Roaming\Odorapc

[2011/12/07 16:00:43 | 000,000,000 | ---D | M] -- C:\Users\phower64766\AppData\Roaming\Oskayd

[2011/11/08 01:33:15 | 000,000,000 | ---D | M] -- C:\Users\phower64766\AppData\Roaming\PGP Corporation

[2011/12/26 10:34:13 | 000,000,000 | ---D | M] -- C:\Users\phower64766\AppData\Roaming\SAP

[2011/12/13 18:33:01 | 000,000,000 | ---D | M] -- C:\Users\phower64766\AppData\Roaming\smkits

[2011/12/24 10:19:37 | 000,000,000 | ---D | M] -- C:\Users\phower64766\AppData\Roaming\SoftGrid Client

[2011/08/13 09:05:57 | 000,000,000 | ---D | M] -- C:\Users\phower64766\AppData\Roaming\TFPU

[2011/12/16 11:26:22 | 000,000,000 | ---D | M] -- C:\Users\phower64766\AppData\Roaming\webex

[2011/05/20 07:57:31 | 000,000,000 | ---D | M] -- C:\Users\phower64766\AppData\Roaming\WinBatch

[2011/06/02 11:57:54 | 000,000,000 | ---D | M] -- C:\Users\phower64766\AppData\Roaming\Xerox

[2011/11/08 05:42:29 | 000,000,382 | ---- | M] () -- C:\Windows\Tasks\DLOClientu.exe - .job

[2011/11/19 00:38:01 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Files - Unicode (All) ==========

[2011/05/18 13:42:00 | 001,359,590 | ---- | C] ()(C:\Users\phower64766\Desktop\???.JPG) -- C:\Users\phower64766\Desktop\潘好乐.JPG

[2011/01/02 12:36:58 | 001,359,590 | ---- | M] ()(C:\Users\phower64766\Desktop\???.JPG) -- C:\Users\phower64766\Desktop\潘好乐.JPG

< End of report >

OTL Extras logfile created on: 12/26/2011 12:03:24 PM - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\phower64766\Desktop

Enterprise Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.86 Gb Total Physical Memory | 0.38 Gb Available Physical Memory | 13.31% Memory free

5.72 Gb Paging File | 1.65 Gb Available in Paging File | 28.93% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 119.24 Gb Total Space | 15.16 Gb Free Space | 12.71% Space Free | Partition Type: NTFS

Computer Name: 1B092539H | User Name: PHower64766 | NOT logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

"PolicyVersion" = 522

"IPSecExempt" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

"AllowLocalPolicyMerge" = 1

"AllowLocalIPsecPolicyMerge" = 1

"DefaultOutboundAction" = 0

"DefaultInboundAction" = 1

"DisableUnicastResponsesToMulticastBroadcast" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications]

"AllowUserPrefMerge" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts]

"AllowUserPrefMerge" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\IcmpSettings]

"AllowOutboundDestinationUnreachable" = 0

"AllowOutboundSourceQuench" = 0

"AllowRedirect" = 0

"AllowInboundEchoRequest" = 1

"AllowInboundRouterRequest" = 0

"AllowOutboundTimeExceeded" = 0

"AllowOutboundParameterProblem" = 0

"AllowInboundTimestampRequest" = 0

"AllowInboundMaskRequest" = 0

"AllowOutboundPacketTooBig" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging]

"LogDroppedPackets" = 1

"LogSuccessfulConnections" = 1

"LogFilePath" = %systemroot%\system32\LogFiles\Firewall\pfirewall.log -- ()

"LogFileSize" = 4096

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\RemoteAdminSettings]

"Enabled" = 1

"RemoteAddresses" = 10.0.0.0/8,152.135.0.0/16,172.16.0.0/12,192.168.0.0/16

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\FileAndPrint]

"Enabled" = 1

"RemoteAddresses" = 10.0.0.0/8,152.135.0.0/16,172.16.0.0/12,192.168.0.0/16

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\FirewallRules]

"WINRM-HTTP-Compat-In-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=80|App=System|Name=@FirewallAPI.dll,-35001|Desc=@FirewallAPI.dll,-35002|EmbedCtxt=@FirewallAPI.dll,-30252|

"WINRM-HTTP-In-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=5985|App=System|Name=@FirewallAPI.dll,-30253|Desc=@FirewallAPI.dll,-30256|EmbedCtxt=@FirewallAPI.dll,-30252|

"{07C812D6-5465-4D79-B97E-82A8E09360D4}" = v2.10|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=ICMP|

"{8F5749BA-7370-4C95-B0D7-6E468F6F4A5B}" = v2.10|Action=Allow|Active=TRUE|Dir=Out|App=%ProgramFiles%\IBM\Lotus\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.1.20090925-1604\win32\x86\notes2.exe|Name=Lotus Notes 8.5.1|

"{E1D13335-5BBB-421C-9D8D-C6B17CEE76F3}" = v2.10|Action=Allow|Active=TRUE|Dir=Out|App=%ProgramFiles%\ibm\Lotus\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.1.20090925-1604\win32\x86\notes2.exe|Name=Lotus Notes 8.5.1|

"{1C5E3078-9391-4613-9CF3-C1D057131C77}" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|App=%ProgramFiles%\cisco systems\cisco ip communicator\audiotuningwizard.exe|Name=Cisco IP Communicator Audio Tuning Wizard|

"{2F5FE724-7C64-4CD2-A84D-C8E5E85A38B4}" = v2.10|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|App=%ProgramFiles%\Java\jre6\bin\java.exe|Name=Sun Java 1.6 - Team Center|

"{EB23E1D8-6014-41E7-AB77-4A95EEBECF29}" = v2.10|Action=Allow|Active=TRUE|Dir=Out|App=%ProgramFiles%\Microsoft Office\Office12\Outlook.exe|Name=Microsoft Outlook 2007|

"{E358A704-11DC-42D9-8F01-6B5AF3543990}" = v2.10|Action=Allow|Active=TRUE|Dir=Out|App=%ProgramFiles%\McAfee\Common Framwork\FrameworkService.exe|Name=McAfee Framework Service|

"{4D6AD4AF-56B7-4D4A-9CA8-EBC0BDE20C8A}" = v2.10|Action=Allow|Active=TRUE|Dir=Out|App=%windir%\system32\mmc.exe|Name=Microsoft Management Console|

"{CA622DC9-34C3-4335-8B6D-BBDBBCE12F6C}" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|LPort=135|Name=DCOM|

"{2223C386-52EA-4379-BEB2-2552AAABE5A5}" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|LPort=137|LPort=139|Name=NetBIOS Name Service|

"{C8066C14-1EB1-4196-8CD4-516999F6F0DC}" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|LPort2_10=2701-2704|Name=SMS Remote Control|

"{4968F5CE-6819-421A-B17C-69F436C80DA0}" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|LPort=445|Name=SMB|

"{3939F07B-70E5-4B70-96FA-1545724ED4F7}" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|LPort=1270|LPort=5723|Name=MOM|

"{0E54D3CB-2FB2-4A3E-8465-8ADC1FBD77CF}" = v2.10|Action=Allow|Active=TRUE|Dir=Out|App=%ProgramFiles%\microsoft office communicator\communicator.exe|Name=Microsoft Office Communicator 2007 R2|

"{AC3B48F3-BFD1-4105-BE86-775738149703}" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|App=%ProgramFiles%\cisco systems\cisco ip communicator\communicatork9.exe|Name=Cisco IP Communicator|

"{0DEB2347-C415-474F-B765-6266F3259059}" = v2.10|Action=Allow|Active=TRUE|Dir=Out|App=%ProgramFiles%\ibm\lotus\notes\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.2.20100729-1241\win32\x86\notes2.exe|Name=Lotus Notes 8.5.2|

"{63298961-642C-44F1-B0BD-8E1961A0CFF0}" = v2.10|Action=Allow|Active=TRUE|Dir=Out|App=%ProgramFiles%\Reflection\rx.exe|Name=Reflections|

"{BC845D43-C7D8-484F-A478-F879953B4629}" = v2.10|Action=Allow|Active=TRUE|Dir=Out|App=%ProgramFiles%\Microsoft Office\Office14\OUTLOOK.EXE|Name=Microsoft Outlook 2010|

"{C1439174-E0EA-46CD-AA64-C754244E6EA2}" = v2.10|Action=Allow|Active=TRUE|Dir=In|App=%ProgramFiles%\Microsoft Office\Office14\OUTLOOK.EXE|Name=Microsoft Office 2010|

"{86A9F3CD-0376-4479-9CDB-363280F9DE21}" = v2.10|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|App=%ProgramFiles%\internet explorer\iexplore.exe|Name=Internet Explorer|

"{894CEB4D-3C95-4CD7-B45E-FFC0C782C275}" = v2.10|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|App=%ProgramFiles% (x86)\internet Explorer\iexplore.exe|Name=Internet Explorer (x86)|

"{EC3130E3-1991-4C69-BAAB-8F3FA78980C5}" = v2.10|Action=Allow|Active=TRUE|Dir=Out|App=%ProgramFiles%\Microsoft Office\Office14\groove.exe|Name=Microsoft SharePoint Workspace|

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile]

"DisableNotifications" = 0

"DisableUnicastResponsesToMulticastBroadcast" = 0

"EnableFirewall" = 1

"AllowLocalPolicyMerge" = 1

"AllowLocalIPsecPolicyMerge" = 1

"DefaultOutboundAction" = 0

"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile]

"DisableNotifications" = 0

"DisableUnicastResponsesToMulticastBroadcast" = 0

"AllowLocalPolicyMerge" = 1

"AllowLocalIPsecPolicyMerge" = 1

"EnableFirewall" = 1

"DefaultOutboundAction" = 0

"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\Logging]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\AuthorizedApplications]

"AllowUserPrefMerge" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\RemoteAdminSettings]

"Enabled" = 1

"RemoteAddresses" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services\FileAndPrint]

"Enabled" = 1

"RemoteAddresses" =

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}" = RICOH R5U230 Media Driver ver.2.08.03.04

"{07C69B3A-62B3-41BF-82EE-B3A87BD6EA0C}" = Lotus Notes 8.5.2

"{0A18234C-BF38-4394-928C-D7A72935895E}" = Microsoft Application Virtualization Desktop Client

"{0D1CBBB9-F4A8-45B6-95E7-202BA61D7AF4}" = Microsoft Office Communicator 2007 R2

"{147BCE03-C0F1-4C9F-8157-6A89B6D2D973}" = McAfee VirusScan Enterprise

"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{24C4AC5A-67A4-4E1D-B30C-8C7A01712607}" = RSA SecurID Software Token

"{2609EDF1-34C4-4B03-B634-55F3B3BC4931}" = Configuration Manager Client

"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java 6 Update 23

"{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes

"{2AAB21C2-4CDA-4189-A0EC-5ED666113F84}" = McAfee Agent

"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component

"{2EFEAD58-3311-4B2B-9D8A-8D663581D109}" = Splashtop Streamer

"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology

"{447D8B58-880C-4627-BF57-9C408219313E}" = Juniper Installer Service

"{44D66AD9-AE19-4AFD-BE7E-A1B44C856697}" = MSXML4.0 redistributable

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4DBB292B-E365-461C-8502-58AC34DDBB85}" = Cisco IP Communicator 7.0.4

"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3

"{53536479-DFB0-47ED-9D10-43F3708C222D}" = TOSHIBA eco Utility

"{54095FDA-B4CD-4D3F-8EB4-205DD43D790C}" = EZVirtual Cam 2.0

"{5F1DFCC1-595D-4235-A044-E05B706D800A}" = AuthenTec Fingerprint Software

"{61539202-097E-487E-9237-B291AB56D54C}" = Bluetooth Monitor 4

"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components

"{654F7484-88C5-46DC-AB32-C66BCB0E2102}" = TOSHIBA Sleep Utility

"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package

"{6FED6E57-AA25-4597-9ED5-C66C02992066}" = Symantec NetBackup Desktop Agent

"{710BF966-43C8-4216-A8EC-BC4E169FF7C1}" = MobileMe Control Panel

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour

"{7A878F97-05E3-4486-ACE7-42E3622DE04B}" = WebEx Meeting Manager for Internet Explorer

"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8D20B4D7-3422-4099-9332-39F27E617A6F}" = Autodesk Design Review 2011

"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010

"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{19DF5B26-387C-46F6-ADAC-E7C74331E0F0}" =

"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010

"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010

"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010

"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010

"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010

"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010

"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010

"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010

"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010

"{90140000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2010

"{90140000-0057-0000-0000-0000000FF1CE}" = Microsoft Office Visio 2010

"{90140000-0057-0000-0000-0000000FF1CE}_Office14.VISIO_{D6E35A0C-1AEA-4648-A447-8C627F09DB95}" =

"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010

"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010

"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010

"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010

"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{95140000-007C-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Facebook 32-bit

"{96538711-469D-4B19-B2F3-F1E49F4A9E0E}" = Open Text Livelink Imaging Viewer 9.5.2

"{9ECF7817-DB11-4FBA-9DF1-296A578D513A}" = Adobe Shockwave Player 11.5

"{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support

"{A47A9101-6EB5-4314-BDA1-297880FBB908}" = Microsoft redistributable runtime DLLs VS2008 SP1(x86)

"{A7760E07-4C23-4766-A99E-F715F298E99C}" = TFPU

"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.1

"{AC76BA86-7AD7-2447-0000-900000000003}" = Chinese Simplified Fonts Support For Adobe Reader 9

"{AC76BA86-7AD7-2448-0000-900000000003}" = Chinese Traditional Fonts Support For Adobe Reader 9

"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9

"{AC76BA86-7AD7-5670-0000-900000000003}" = Korean Fonts Support For Adobe Reader 9

"{AC76BA86-7AD7-5676-5A64-900000000003}" = Adobe Reader Extended Language Support Font Pack

"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9

"{B43357AA-3A6D-4D94-B56E-43C44D09E548}" = Microsoft .NET Framework (English) v1.0.3705

"{B43604E3-4173-480D-A119-E1DD979A8B66}" = Brio-Explorer-6.6.3.

"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C0}" = WinZip 15.0

"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba

"{CEC7A786-A9C8-4EF7-BB59-6518E3B3C878}" = vcredist_x86

"{D36B4583-E804-406B-9D56-F97931286C5B}" = 32 Bit HP CIO Components Installer

"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver

"{E30E7561-A466-4393-B8BF-FD93E733EF3C}" = Microsoft Office Live Meeting 2007

"{E64AAF44-63FC-46E2-9523-8364E279384A}" = MED-V Host Agent

"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial

"{EE27E8B0-2348-4AE4-B3A2-96918DD764E4}" = AccessData Enterprise Agent

"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver

"{F5D6C337-165E-4B6E-A58E-633FFCA35D2D}" = Wireless AutoSwitch XPV

"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center

"{FD445A5F-2A54-4812-BA75-6B9841451BA0}" = PGP Desktop

"{FDB5E0F3-86EA-4379-8A2F-1BC2436543E9}" = iCloud

"{FFB768E4-E427-4553-BC36-A11F5E62A94D}" = Adobe Flash Player 10 ActiveX

"Autodesk Design Review 2011" = Autodesk Design Review 2011

"eRoom 7" = eRoom 7

"InstallShield_{2EFEAD58-3311-4B2B-9D8A-8D663581D109}" = Splashtop Streamer

"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver

"Juniper Network Connect 6.5.0" = Juniper Networks Network Connect 6.5.0

"Juniper_Setup_Client Activex Control" = Juniper Networks Setup Client Activex Control

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300

"McAfee Anti-Spyware Enterprise Module" = McAfee AntiSpyware Enterprise Module

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework Full v1.0.3705 (1033)" = Microsoft .NET Framework (English) v1.0.3705

"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package

"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)

"Office14.PROPLUS" = Microsoft Office Professional Plus 2010

"Office14.VISIO" = Microsoft Visio Standard 2010

"PROSet" = Intel® Network Connections Drivers

"SAP_ECL" = ECL Viewer

"SAP_JNet" = SAP JNet

"SAPBI" = SAP Business Explorer

"SAPGUI710" = SAP GUI for Windows 7.20

"SetupService" = Juniper Installer Service

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"TFPU{A7760E07-4C23-4766-A99E-F715F298E99C}" = TOSHIBA Fingerprint Utility

"Veetle TV" = Veetle TV

"Wisdom-soft ScreenHunter 4.0 Free" = Wisdom-soft ScreenHunter 4.0 Free

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"ActiveTouchMeetingClient" = WebEx

"Juniper_Setup_Client" = Juniper Networks Setup Client

"Neoteris_Host_Checker" = Juniper Networks Host Checker

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

[Maurice Naggar]

You will want to print out or copy these instructions to Notepad for offline reference!

If you are a casual viewer, do NOT try this on your system!

If you are not phower2112 and have a similar problem, do NOT post here; start your own topic

Do not run or start any other programs while these utilities and tools are in use!

Do NOT run any other tools on your own or do any fixes other than what is listed here.

If you have questions, please ask before you do something on your own.

=

Close any of your open programs while you run these tools.

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

• Please RIGHT-click OTL.exe and choose Run As Administrator to run it.
  
• Copy all the lines in between the **** stars lines **** below {including Blank lines } to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  *****************************************************************
  :OTL
  O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll File not found
  O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll File not found
  O4 - HKCU..\Run: [{193021EF-2B5F-BFE0-0EE5-E62E7441B249}] C:\Users\phower64766\AppData\Roaming\Aktiaca\iwexnua.exe File not found
  O4 - HKCU..\Run: [{E5435D00-ABFD-D140-D7DA-E1789A24514D}] C:\Users\phower64766\AppData\Roaming\Odorapc\ofqahea.exe File not found
  :files
  C:\recycler
  D:\recycler
  e:\recycler
  f:\recycler
  g:\recycler
  h:\recycler
  :Commands
  [purity]
  [emptytemp]
  *****************************************************************
  
• Return to OTL. Right click in the "Custom Scans/Fixes" window (under the aqua-blue bar) and choose Paste.
  
• :!: Close any browser(s) windows that may be open - close Internet Explorer & Firefox. Close any open user program (other than OTL).
  
• Using your mouse, click on the red-lettered button Run Fix.
  
• Once you see a message box "Fix complete! Click OK to open the fix log."
  Click the OK button
  
• The log will open in Notepad (your default text editor).
  
• Save the log. Post a copy of that log in your next reply.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.

If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

[phower2112]

All processes killed

========== OTL ==========

Registry delete failed. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ scheduled to be deleted on reboot.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\{193021EF-2B5F-BFE0-0EE5-E62E7441B249} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{193021EF-2B5F-BFE0-0EE5-E62E7441B249}\ not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\{E5435D00-ABFD-D140-D7DA-E1789A24514D} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E5435D00-ABFD-D140-D7DA-E1789A24514D}\ not found.

========== FILES ==========

File\Folder C:\recycler not found.

File\Folder D:\recycler not found.

File\Folder e:\recycler not found.

File\Folder f:\recycler not found.

File\Folder g:\recycler not found.

File\Folder h:\recycler not found.

========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

->Temp folder emptied: 239519680 bytes

->Temporary Internet Files folder emptied: 12622656 bytes

->Flash cache emptied: 456 bytes

User: All Users

User: AT

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: phower64766

->Temp folder emptied: 3007173692 bytes

->Temporary Internet Files folder emptied: 2869931653 bytes

->Java cache emptied: 14965709 bytes

->FireFox cache emptied: 62838492 bytes

->Flash cache emptied: 87544 bytes

User: Public

User: rvaliantx037575

->Temp folder emptied: 511853 bytes

->Temporary Internet Files folder emptied: 124854 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 6476872 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 4155871 bytes

RecycleBin emptied: 71398 bytes

Total Files Cleaned = 5,930.00 mb

OTL by OldTimer - Version 3.2.31.0 log created on 12262011_135157

Files\Folders moved on Reboot...

C:\Windows\temp\FXSAPIDebugLogFile.txt moved successfully.

C:\Windows\temp\FXSTIFFDebugLogFile.txt moved successfully.

File\Folder C:\Windows\temp\nsd_tmp_2000.tmp not found!

Registry entries deleted on Reboot...

Registry delete failed. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ scheduled to be deleted on reboot.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.

[Maurice Naggar]

Start Notepad. Press and hold Windows-key on keyboard and press R key.

Type Notepad

and press OK

Copy/paste the following text inside the code box into a new notepad document.

@ECHO OFF
regedit /e look1.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes"
regedit /e look2.txt "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes"
Type look*.txt >log.txt
start log.txt
del look1.txt look2.txt
del %0

Go to the File menu at the top of the Notepad and select Save as.

Select save in: DESKTOP

Use File name: look.bat

Save as type: All file types (*.*)

Click save

Close the Notepad.

Locate look.bat on your desktop.

Right-click to run it as administrator.

A notepad windows opens, copy and paste the content (log.txt) to your reply.

[phower2112]

Sorry Maurice. I've tried several times with no luck. A window does briefly show as I click "Run as Admin" but the log.txt notebook window never appears.

[Maurice Naggar]

Can you tell if the batch file ran to completion?

Can you search to find Log.txt ?

If not found, I may have to find an alternate way.

[Maurice Naggar]

Let's have you do the following. and remember, RIGHT-Click to start

Please close any of your open windows/programs and exit; saving any open work you have.

I'd like to have you do a special run of OTL to generate some searches & a new log-report.

• Please double-click OTL.exe to run it. (Note: If you are running on Vista or Windows 7, right-click on the file and choose Run As Administrator).
  
• Copy all the lines in between the **** stars lines **** below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  *****************************************************************
  HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|url /rs
  HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|url /rs
  HKEY_USERS\S-1-5-19\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|url /rs
  HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|url /rs
  HKEY_USERS\S-1-5-20\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|url /rs
  HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|url /rs
  HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|url /rs
  HKEY_CLASSES_ROOT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|url /rs
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options|exe /rs
  *****************************************************************
  
• Return to OTL. Right click in the "Custom Scans/Fixes" window (under the aqua-blue bar) and choose Paste.
  
• Close any browser(s) windows that may be open.
  
• Using your mouse, click on Run Scan.
  
• The scan won't take long.
  When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
  These are saved in the same location as OTL.
  
• Please copy (Edit->Select All, Edit->Copy) the contents of just OTL.txt

[phower2112]

Don't know. But, when I search for Log.txt - it finds it. When I attempt to open, it gives me "The process cannot access the file because it is being used by another user" error.

[phower2112]

OTL logfile created on: 12/26/2011 3:05:22 PM - Run 2

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\phower64766\Desktop

Enterprise Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.86 Gb Total Physical Memory | 1.60 Gb Available Physical Memory | 55.83% Memory free

5.72 Gb Paging File | 4.31 Gb Available in Paging File | 75.43% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 119.24 Gb Total Space | 21.10 Gb Free Space | 17.69% Space Free | Partition Type: NTFS

Computer Name: 1B092539H | User Name: PHower64766 | NOT logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/26 12:01:54 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\phower64766\Desktop\OTL.exe

PRC - [2011/11/09 23:04:50 | 000,370,504 | ---- | M] (Splashtop Inc.) -- C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe

PRC - [2011/10/24 17:02:04 | 000,520,040 | ---- | M] (Splashtop Inc.) -- C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe

PRC - [2011/10/24 17:02:00 | 002,468,200 | ---- | M] (Splashtop Inc.) -- C:\Program Files\Splashtop\Splashtop Remote\Server\SRServer.exe

PRC - [2011/10/24 17:00:40 | 001,922,920 | ---- | M] () -- C:\Program Files\Splashtop\Splashtop Remote\Server\DataProxy.exe

PRC - [2011/07/15 21:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe

PRC - [2011/06/16 21:04:24 | 003,741,304 | ---- | M] (PGP Corporation) -- C:\Program Files\PGP Corporation\PGP Desktop\PGPtray.exe

PRC - [2011/06/16 21:04:24 | 000,166,520 | ---- | M] (PGP Corporation) -- C:\Program Files\PGP Corporation\PGP Desktop\RDDService.exe

PRC - [2011/06/16 21:04:24 | 000,135,288 | ---- | M] (PGP Corporation) -- C:\Windows\System32\PGPserv.exe

PRC - [2011/06/16 21:04:22 | 000,641,656 | ---- | M] (PGP Corporation) -- C:\Program Files\PGP Corporation\PGP Desktop\PGPfsd.exe

PRC - [2011/04/10 14:25:00 | 000,146,535 | ---- | M] (Sase Sham, Inc.) -- C:\Program Files\Wireless AutoSwitch\WrlsAutoSW.exs

PRC - [2011/03/02 10:07:04 | 002,745,760 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

PRC - [2011/02/11 11:39:56 | 012,854,680 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\NetBackup DLO\DLO\DLOClientu.exe

PRC - [2011/02/11 11:39:48 | 000,968,088 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\NetBackup DLO\DLO\DLOChangeLogSvcu.exe

PRC - [2011/01/28 11:08:16 | 001,349,032 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TECO\Teco.exe

PRC - [2011/01/14 17:19:42 | 002,885,056 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe

PRC - [2011/01/12 15:05:00 | 000,185,664 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe

PRC - [2011/01/12 15:05:00 | 000,161,088 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe

PRC - [2011/01/12 15:05:00 | 000,120,128 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe

PRC - [2011/01/12 15:05:00 | 000,075,072 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\McTray.exe

PRC - [2010/12/08 14:51:14 | 000,189,880 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TECO\TecoService.exe

PRC - [2010/11/14 19:04:58 | 000,231,888 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10h_ActiveX.exe

PRC - [2010/11/05 22:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

PRC - [2010/11/05 22:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

PRC - [2010/11/04 10:03:40 | 000,783,224 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TFPU\TFPUTaskMonitor.exe

PRC - [2010/11/02 09:38:00 | 000,341,392 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe

PRC - [2010/09/16 07:13:50 | 002,538,520 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe

PRC - [2010/09/16 07:13:46 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe

PRC - [2010/09/16 07:13:40 | 001,522,200 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe

PRC - [2010/09/06 15:18:00 | 000,746,384 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe

PRC - [2010/08/25 19:07:00 | 000,147,984 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe

PRC - [2010/08/25 19:07:00 | 000,069,192 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe

PRC - [2010/08/25 19:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

PRC - [2010/08/25 19:07:00 | 000,027,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe

PRC - [2010/08/25 19:07:00 | 000,022,816 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe

PRC - [2010/08/23 15:12:00 | 000,677,264 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

PRC - [2010/08/23 15:12:00 | 000,087,440 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

PRC - [2010/08/11 09:26:32 | 000,031,624 | ---- | M] (IBM Corp) -- C:\Program Files\IBM\Lotus\Notes\nslsvice.exe

PRC - [2010/08/11 09:26:10 | 003,417,480 | ---- | M] (IBM) -- C:\Program Files\IBM\Lotus\Notes\nsd.exe

PRC - [2010/07/27 16:52:26 | 000,623,984 | ---- | M] (Juniper Networks) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe

PRC - [2010/06/30 19:21:22 | 005,143,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office Communicator\communicator.exe

PRC - [2010/06/17 17:11:56 | 002,043,712 | ---- | M] (AuthenTec, Inc.) -- C:\Program Files\Fingerprint Sensor\AtService.exe

PRC - [2010/06/02 16:26:20 | 000,132,464 | ---- | M] (Juniper Networks) -- C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe

PRC - [2010/05/11 16:22:04 | 007,824,896 | ---- | M] (AccessData Corporation) -- C:\Program Files\AccessData\Agent\ADService.exe

PRC - [2010/04/12 09:46:00 | 000,152,944 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

PRC - [2010/03/29 19:26:00 | 000,227,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE

PRC - [2010/03/16 01:58:36 | 000,718,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE

PRC - [2010/03/02 09:24:26 | 000,888,752 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TFPU\TFPUPWDBank.exe

PRC - [2010/02/25 17:25:00 | 000,288,224 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosSkypeApl.exe

PRC - [2009/10/30 22:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2009/10/28 07:49:46 | 000,209,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe

PRC - [2009/10/28 07:49:40 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe

PRC - [2009/10/28 07:48:48 | 000,145,752 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftdcc.exe

PRC - [2009/09/18 02:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CCM\CcmExec.exe

PRC - [2009/07/13 18:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2009/04/03 17:17:00 | 000,447,816 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe

PRC - [2007/01/21 21:33:24 | 000,153,352 | ---- | M] (EMC) -- C:\Program Files\eRoom 7\ERClient7.exe

========== Modules (No Company Name) ==========

MOD - [2011/11/04 20:15:24 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\655ed19f57b30488bf4c407ae1bc8fc6\IAStorUtil.ni.dll

MOD - [2011/11/04 20:15:24 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\9cdcbab4b98eff0399edc83e8728c516\IAStorCommon.ni.dll

MOD - [2011/11/04 15:43:38 | 003,313,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d9f057ed30e6941d47a8754bf0bcadea\WindowsBase.ni.dll

MOD - [2011/11/04 15:43:33 | 012,431,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d76221993c2fdfb991b8c12ae50a30eb\System.Windows.Forms.ni.dll

MOD - [2011/11/04 15:43:23 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\018d2569cf208acbe8ad73908705f607\System.Runtime.Remoting.ni.dll

MOD - [2011/11/04 15:43:11 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\0e245eb9c1067cabd5673fe832d28613\System.Drawing.ni.dll

MOD - [2011/11/04 15:43:08 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\275680f2b9db0501d53c50ea7d7a43f0\System.Xml.ni.dll

MOD - [2011/11/04 15:43:05 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e9ebeb7959f1c916ebf6fca8f7077d6c\System.Configuration.ni.dll

MOD - [2011/11/04 15:42:53 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\95b9866ab6e4437ef5dc5855ebab4e33\System.ni.dll

MOD - [2011/11/04 15:42:44 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll

MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2011/01/08 10:49:22 | 000,295,800 | ---- | M] () -- C:\Program Files\Toshiba\TFPU\TFPUCommon.dll

MOD - [2010/12/15 14:18:08 | 000,107,936 | ---- | M] () -- C:\Program Files\Toshiba\TECO\MUIHelp.dll

MOD - [2010/03/24 20:17:36 | 008,794,464 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll

MOD - [2010/01/30 01:41:12 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

MOD - [2008/05/19 09:32:20 | 001,212,416 | ---- | M] () -- C:\Program Files\BestOn\EZVirtual Cam\EZVirtualCamDLL.dll

MOD - [2007/10/08 08:33:34 | 000,053,248 | ---- | M] () -- C:\Program Files\BestOn\EZVirtual Cam\EZVirtualCam.ax

MOD - [2007/09/21 16:19:16 | 000,176,128 | ---- | M] () -- C:\Program Files\BestOn\EZVirtual Cam\FinalTrial.dll

MOD - [2007/09/21 15:55:40 | 000,327,680 | ---- | M] () -- C:\Program Files\BestOn\EZVirtual Cam\EZVerify.dll

MOD - [2007/09/21 10:47:54 | 000,196,608 | ---- | M] () -- C:\Program Files\BestOn\EZVirtual Cam\Detector.dll

MOD - [2007/05/18 20:22:06 | 000,698,432 | ---- | M] () -- C:\Program Files\BestOn\EZVirtual Cam\libmng.dll

MOD - [2007/04/18 18:30:46 | 000,471,040 | ---- | M] () -- C:\Program Files\McAfee\Common Framework\ccme_base.dll

MOD - [2007/04/18 18:30:46 | 000,393,216 | ---- | M] () -- C:\Program Files\McAfee\Common Framework\cryptocme2.dll

MOD - [2007/01/21 21:33:28 | 000,087,816 | ---- | M] () -- C:\Program Files\eRoom 7\Res\ResAddin7409.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/11/09 23:04:50 | 000,370,504 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe -- (SSUService)

SRV - [2011/10/24 17:02:04 | 000,520,040 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe -- (SplashtopRemoteService)

SRV - [2011/06/16 21:04:24 | 000,166,520 | ---- | M] (PGP Corporation) [Auto | Running] -- C:\Program Files\PGP Corporation\PGP Desktop\RDDService.exe -- (PGP RDD Service)

SRV - [2011/06/16 21:04:24 | 000,135,288 | ---- | M] (PGP Corporation) [Auto | Running] -- C:\Windows\System32\PGPserv.exe -- (PGPserv)

SRV - [2011/06/11 20:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)

SRV - [2011/04/10 14:25:00 | 000,146,535 | ---- | M] (Sase Sham, Inc.) [Auto | Running] -- C:\Program Files\Wireless AutoSwitch\WrlsAutoSW.exs -- (Wireless_AutoSwitch)

SRV - [2011/02/11 11:39:48 | 000,968,088 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\NetBackup DLO\DLO\DLOChangeLogSvcu.exe -- (DLOChangeJournalSvc)

SRV - [2011/01/12 15:05:00 | 000,120,128 | ---- | M] (McAfee, Inc.) [unknown | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)

SRV - [2010/12/08 14:51:14 | 000,189,880 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)

SRV - [2010/11/05 22:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®

SRV - [2010/09/16 07:13:50 | 002,538,520 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®

SRV - [2010/09/16 07:13:46 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®

SRV - [2010/08/25 19:07:00 | 000,147,984 | ---- | M] (McAfee, Inc.) [unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield)

SRV - [2010/08/25 19:07:00 | 000,069,192 | ---- | M] (McAfee, Inc.) [unknown | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)

SRV - [2010/08/25 19:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) [unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)

SRV - [2010/08/25 19:07:00 | 000,022,816 | ---- | M] (McAfee, Inc.) [unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe -- (McAfeeEngineService)

SRV - [2010/08/11 09:27:12 | 000,058,760 | ---- | M] (IBM Corp) [Disabled | Stopped] -- C:\Program Files\IBM\Lotus\Notes\ntmulti.exe -- (Multi-user Cleanup Service)

SRV - [2010/08/11 09:26:32 | 000,031,624 | ---- | M] (IBM Corp) [Auto | Running] -- C:\Program Files\IBM\Lotus\Notes\nslsvice.exe -- (Lotus Notes Single Logon)

SRV - [2010/08/11 09:26:10 | 003,417,480 | ---- | M] (IBM) [Auto | Running] -- C:\Program Files\IBM\Lotus\Notes\nsd.exe -- (Lotus Notes Diagnostics)

SRV - [2010/07/27 16:52:26 | 000,623,984 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)

SRV - [2010/06/17 17:11:56 | 002,043,712 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Program Files\Fingerprint Sensor\AtService.exe -- (ATService)

SRV - [2010/06/02 16:26:20 | 000,132,464 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe -- (JuniperAccessService)

SRV - [2010/05/11 16:22:04 | 007,824,896 | ---- | M] (AccessData Corporation) [Auto | Running] -- C:\Program Files\AccessData\Agent\ADService.exe -- (ADService)

SRV - [2010/04/12 09:46:00 | 000,152,944 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)

SRV - [2009/10/28 07:49:46 | 000,209,256 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)

SRV - [2009/10/28 07:49:40 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)

SRV - [2009/09/18 02:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\CCM\CcmExec.exe -- (CcmExec)

SRV - [2009/09/18 02:00:00 | 000,246,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\CCM\TSManager.exe -- (smstsmgr)

SRV - [2009/07/13 18:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)

SRV - [2009/07/13 18:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009/07/13 18:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)

SRV - [2009/07/13 18:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2000/10/19 11:55:50 | 000,411,244 | ---- | M] () [On_Demand | Stopped] -- C:\orant\bin\ONRSD.EXE -- (OracleOraHome81ClientCache)

========== Driver Services (SafeList) ==========

DRV - [2011/12/26 13:55:06 | 000,013,808 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\ad_driver.sys -- (ad_driver)

DRV - [2011/06/16 21:04:24 | 000,303,224 | ---- | M] (PGP Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\PGPwded.sys -- (PGPwded)

DRV - [2011/06/16 21:04:24 | 000,243,832 | ---- | M] (PGP Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PGPdisk.sys -- (PGPdisk)

DRV - [2011/06/16 21:04:24 | 000,040,568 | ---- | M] (PGP Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PGPsdk.sys -- (PGPsdkDriver)

DRV - [2011/06/16 21:04:22 | 000,136,824 | ---- | M] (PGP Corporation) [File_System | Boot | Running] -- C:\Windows\System32\Drivers\PGPfsfd.sys -- (pgpfs)

DRV - [2011/06/16 21:04:22 | 000,013,944 | ---- | M] (PGP Corporation) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Pgpwdefs.sys -- (Pgpwdefs)

DRV - [2011/05/17 08:44:27 | 000,816,792 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pmxdrv.sys -- (pmxdrv)

DRV - [2011/02/23 10:03:04 | 000,235,824 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd)

DRV - [2011/01/27 14:26:16 | 000,056,888 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb)

DRV - [2010/11/29 10:47:00 | 000,070,448 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom)

DRV - [2010/11/11 09:26:00 | 000,042,672 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp)

DRV - [2010/10/18 03:20:48 | 007,122,944 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETwNs32.sys -- (NETwNs32) ___ Intel®

DRV - [2010/08/30 09:48:00 | 000,080,064 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid)

DRV - [2010/08/25 19:07:00 | 000,344,712 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mfehidk.sys -- (mfehidk)

DRV - [2010/08/25 19:07:00 | 000,091,896 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)

DRV - [2010/08/25 19:07:00 | 000,076,024 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)

DRV - [2010/08/25 19:07:00 | 000,066,536 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)

DRV - [2010/08/25 19:07:00 | 000,064,208 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfetdik.sys -- (mfetdik)

DRV - [2010/08/25 19:07:00 | 000,043,192 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)

DRV - [2010/07/27 16:26:06 | 000,026,624 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dsNcAdpt.sys -- (dsNcAdpt)

DRV - [2010/06/21 14:14:36 | 000,246,272 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) Intel®

DRV - [2010/06/18 15:44:00 | 000,015,160 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)

DRV - [2010/06/17 17:30:04 | 000,677,320 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATSwpWDF.sys -- (ATSwpWDF)

DRV - [2010/04/26 10:48:00 | 000,053,760 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\TosRfSnd.sys -- (TosRfSnd)

DRV - [2010/04/21 09:36:58 | 006,764,544 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32) Intel®

DRV - [2010/04/13 23:01:48 | 000,045,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)

DRV - [2010/04/12 07:26:26 | 000,024,000 | ---- | M] (Cisco Systems) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CipcCdp.sys -- (CipcCdp)

DRV - [2010/03/12 17:22:18 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2pl)

DRV - [2010/02/26 16:31:22 | 000,132,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd)

DRV - [2010/02/24 11:09:38 | 000,141,568 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nusb3xhc.sys -- (nusb3xhc)

DRV - [2010/02/24 11:09:38 | 000,060,544 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nusb3hub.sys -- (nusb3hub)

DRV - [2009/12/31 02:22:09 | 000,295,936 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)

DRV - [2009/11/27 20:48:00 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\risdpe86.sys -- (risdpcie)

DRV - [2009/10/28 07:49:46 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)

DRV - [2009/10/28 07:49:44 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)

DRV - [2009/10/28 07:49:42 | 000,195,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)

DRV - [2009/10/28 07:49:38 | 000,550,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)

DRV - [2009/09/23 18:09:56 | 000,208,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1k6232.sys -- (e1kexpress) Intel®

DRV - [2009/09/22 18:19:31 | 000,055,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr)

DRV - [2009/09/22 18:18:08 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)

DRV - [2009/09/22 18:18:07 | 000,165,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)

DRV - [2009/09/18 02:00:00 | 000,020,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\CCM\PrepDrv.sys -- (prepdrvr)

DRV - [2009/09/17 09:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel®

DRV - [2009/07/24 10:31:00 | 000,021,608 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds)

DRV - [2009/07/14 13:23:16 | 000,023,512 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ.SYS -- (TVALZ)

DRV - [2009/07/13 18:19:10 | 000,445,008 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\drivers\Wdf01000.sys -- (Wdf01000)

DRV - [2009/07/13 18:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)

DRV - [2009/07/13 16:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)

DRV - [2009/07/13 16:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)

DRV - [2009/07/13 16:28:49 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netvsc60.sys -- (netvsc)

DRV - [2009/07/13 16:28:48 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusVideoM.sys -- (SynthVid)

DRV - [2009/07/13 16:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)

DRV - [2009/07/13 16:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)

DRV - [2009/07/13 16:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)

DRV - [2009/07/13 15:02:49 | 000,052,224 | ---- | M] (Microsoft Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dc21x4vm.sys -- (dc21x4vm)

DRV - [2009/06/19 09:58:00 | 000,009,608 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\Toshidpt.sys -- (toshidpt)

DRV - [2009/06/17 11:59:00 | 000,046,984 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://InsideApplied

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 23 21 46 92 AA B3 CC 01 [binary data]

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://insideapplied/"

FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)

FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C1CA7765-44E4-452e-9D00-A04F3D434281}: C:\Program Files\TOSHIBA\TFPU\FirefoxAddin [2011/08/13 08:58:54 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/24 10:27:40 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/12/24 10:28:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\phower64766\AppData\Roaming\mozilla\Extensions

[2011/12/24 10:27:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2011/12/21 00:24:52 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2011/12/20 21:30:41 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2011/12/20 21:30:41 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/12/21 16:08:27 | 000,001,395 | RHS- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O1 - Hosts: 69.72.252.254 www.google-analytics.com.

O1 - Hosts: 69.72.252.254 ad-emea.doubleclick.net.

O1 - Hosts: 69.72.252.254 www.statcounter.com.

O1 - Hosts: 184.95.41.155 www.google-analytics.com.

O1 - Hosts: 184.95.41.155 ad-emea.doubleclick.net.

O1 - Hosts: 184.95.41.155 www.statcounter.com.

O2 - BHO: (TFPUPWDBankBHO Class) - {030AC7B6-E7EC-40F1-8FB2-C0FD344DE0B9} - C:\Program Files\Toshiba\TFPU\TFPUPWDBankBHO.dll (TODO: <Company name>)

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O2 - BHO: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.

O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (Microsoft.Medv.UrlRedirectionBHO Class) - {C26B6E5C-9D27-43C7-AAB4-F8A64C09F4DC} - C:\Program Files\Microsoft Enterprise Desktop Virtualization\BHO\x86\UrlRedirectionBHO.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [bCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)

O4 - HKLM..\Run: [CfgDownload] C:\Program Files\IXOS\bin\CfgDownload.exe (IXOS SOFTWARE AG)

O4 - HKLM..\Run: [Cisco IP Communicator 7.0.4] C:\Windows\IS\Logs\Cisco.IPCommunicator\7.0.4\LaunchNotice.vbs ()

O4 - HKLM..\Run: [Communicator] C:\Program Files\Microsoft Office Communicator\communicator.exe (Microsoft Corporation)

O4 - HKLM..\Run: [iAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)

O4 - HKLM..\Run: [iMSS] C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)

O4 - HKLM..\Run: [iTSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)

O4 - HKLM..\Run: [shStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)

O4 - HKLM..\Run: [softGridTray] C:\Program Files\Microsoft Application Virtualization Client\SFTTray.exe (Microsoft Corporation)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jaureg.exe ()

O4 - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [TFPUPWDBankService] C:\Program Files\TOSHIBA\TFPU\TFPUPWDBank.exe (TOSHIBA)

O4 - HKLM..\Run: [TFPUService] C:\Program Files\TOSHIBA\TFPU\TFPUTaskMonitor.exe (TOSHIBA)

O4 - HKLM..\Run: [TosVolRegulator] C:\Program Files\Toshiba\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [TSleepSrv] C:\Program Files\Toshiba\TOSHIBA Sleep Utility\TSleepSrv.exe (TOSHIBA)

O4 - HKCU..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)

O4 - HKLM..\RunOnce: [OTL] C:\Users\phower64766\Desktop\OTL.exe (OldTimer Tools)

O4 - Startup: C:\Users\phower64766\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor My eRooms (V7).lnk = C:\Program Files\eRoom 7\ERClient7.exe (EMC)

O4 - Startup: C:\Users\phower64766\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWebServices = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPublishingWizard = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\kerberos\parameters: supportedencryptiontypes = 2147483647

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogOff = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisablePersonalDirChange = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\PGPlsp.dll (PGP Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\PGPlsp.dll (PGP Corporation)

O13 - gopher Prefix: missing

O15 - HKCU\..Trusted Domains: adp.com ([]https in Trusted sites)

O15 - HKCU\..Trusted Domains: myworkday.com ([]https in Trusted sites)

O15 - HKCU\..Trusted Domains: workday.com ([]https in Trusted sites)

O16 - DPF: {6E2510E6-BF2D-4C78-9F28-2F5C8760F124} https://eroom.intel.com/eRoomSetup/client.cab (ERPageAddin Class)

O16 - DPF: {75AA409D-05F9-4F27-BD53-C7339D4B1D0A} http://emamat09.mis.amat.com/dwa85W.cab (IBM Lotus iNotes 8.5 Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)

O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://juniper.net/dana-cached/setup/JuniperSetupSP1.cab (JuniperSetupControlXP Class)

O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://us.econnect.amat.com/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.2.25

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = amat.com

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{28D4F158-92F4-4239-9051-7BBBC5FB1E26}: DhcpNameServer = 152.135.114.13 152.135.191.191

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8DFAD3DE-F443-4D84-A1F1-1BFE8CFB6B3A}: DhcpNameServer = 192.168.0.1 205.171.2.25

O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP, Walldorf)

O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP, Walldorf)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20 - AppInit_DLLs: (PGPmapih.dll) -C:\Windows\System32\PGPmapih.dll (PGP Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - ("C:\Program Files\Microsoft Application Virtualization Client\sftdcc.exe") -C:\Program Files\Microsoft Application Virtualization Client\sftdcc.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/26 13:51:57 | 000,000,000 | ---D | C] -- C:\_OTL

[2011/12/26 13:50:22 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2011/12/26 13:48:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT

[2011/12/26 13:48:53 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT

[2011/12/26 13:47:49 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\phower64766\Desktop\erunt-setup.exe

[2011/12/26 12:01:53 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\phower64766\Desktop\OTL.exe

[2011/12/26 07:53:51 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\phower64766\Desktop\dds.scr

[2011/12/24 10:28:08 | 000,000,000 | ---D | C] -- C:\Users\phower64766\AppData\Roaming\Mozilla

[2011/12/24 10:28:08 | 000,000,000 | ---D | C] -- C:\Users\phower64766\AppData\Local\Mozilla

[2011/12/24 10:27:36 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

[2011/12/24 10:26:38 | 015,292,208 | ---- | C] (Mozilla) -- C:\Users\phower64766\Desktop\Firefox Setup 9.0.1.exe

[2011/12/24 10:21:08 | 000,000,000 | ---D | C] -- C:\Users\phower64766\AppData\Local\Apple Computer

[2011/12/24 10:19:18 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\phower64766\Desktop\GooredFix.exe

[2011/12/24 10:14:17 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Users\phower64766\Desktop\ATF_Cleaner.exe

[2011/12/23 14:52:26 | 001,578,288 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\phower64766\Desktop\TDSSKiller.exe

[2011/12/20 13:07:54 | 000,000,000 | ---D | C] -- C:\Users\phower64766\AppData\Roaming\Icox

[2011/12/20 13:07:54 | 000,000,000 | ---D | C] -- C:\Users\phower64766\AppData\Roaming\Aktiaca

[2011/12/16 12:08:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime

[2011/12/16 12:07:51 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime

[2011/12/16 12:00:56 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2011/12/15 15:19:16 | 000,000,000 | ---D | C] -- C:\orant

[2011/12/15 12:29:04 | 000,000,000 | ---D | C] -- C:\Users\phower64766\AppData\Local\ApplicationHistory

[2011/12/13 18:33:01 | 000,000,000 | ---D | C] -- C:\Users\phower64766\AppData\Roaming\smkits

[2011/12/13 07:07:48 | 000,000,000 | ---D | C] -- C:\Users\phower64766\Documents\Staff

[2011/12/09 08:03:13 | 000,000,000 | ---D | C] -- C:\Users\phower64766\AppData\Local\Apps

[2011/11/28 15:29:02 | 000,000,000 | ---D | C] -- C:\Users\phower64766\AppData\Roaming\Oskayd

[2011/11/28 15:29:02 | 000,000,000 | ---D | C] -- C:\Users\phower64766\AppData\Roaming\Odorapc

[2010/07/29 00:50:54 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll

========== Files - Modified Within 30 Days ==========

[2011/12/26 14:03:29 | 000,718,670 | ---- | M] () -- C:\Windows\System32\perfh00C.dat

[2011/12/26 14:03:29 | 000,713,720 | ---- | M] () -- C:\Windows\System32\perfh010.dat

[2011/12/26 14:03:29 | 000,668,692 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2011/12/26 14:03:29 | 000,639,608 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2011/12/26 14:03:29 | 000,418,680 | ---- | M] () -- C:\Windows\System32\perfh012.dat

[2011/12/26 14:03:29 | 000,407,372 | ---- | M] () -- C:\Windows\System32\perfh011.dat

[2011/12/26 14:03:29 | 000,395,790 | ---- | M] () -- C:\Windows\System32\prfh0404.dat

[2011/12/26 14:03:29 | 000,379,488 | ---- | M] () -- C:\Windows\System32\prfh0804.dat

[2011/12/26 14:03:29 | 000,375,280 | ---- | M] () -- C:\Windows\System32\perfh00D.dat

[2011/12/26 14:03:29 | 000,137,138 | ---- | M] () -- C:\Windows\System32\perfc00C.dat

[2011/12/26 14:03:29 | 000,136,440 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2011/12/26 14:03:29 | 000,134,328 | ---- | M] () -- C:\Windows\System32\perfc010.dat

[2011/12/26 14:03:29 | 000,112,736 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2011/12/26 14:03:29 | 000,112,550 | ---- | M] () -- C:\Windows\System32\perfc011.dat

[2011/12/26 14:03:29 | 000,110,838 | ---- | M] () -- C:\Windows\System32\perfc012.dat

[2011/12/26 14:03:29 | 000,110,410 | ---- | M] () -- C:\Windows\System32\prfc0804.dat

[2011/12/26 14:03:29 | 000,105,496 | ---- | M] () -- C:\Windows\System32\prfc0404.dat

[2011/12/26 14:03:29 | 000,075,256 | ---- | M] () -- C:\Windows\System32\perfc00D.dat

[2011/12/26 14:02:21 | 000,012,064 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2011/12/26 14:02:21 | 000,012,064 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2011/12/26 13:55:41 | 000,000,470 | ---- | M] () -- C:\Windows\SMSCFG.INI

[2011/12/26 13:55:06 | 000,013,808 | ---- | M] () -- C:\Windows\System32\ad_driver.sys

[2011/12/26 13:55:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011/12/26 13:54:56 | 2303,004,672 | -HS- | M] () -- C:\hiberfil.sys

[2011/12/26 13:51:48 | 000,007,598 | ---- | M] () -- C:\Users\phower64766\AppData\Local\Resmon.ResmonCfg

[2011/12/26 13:48:55 | 000,000,905 | ---- | M] () -- C:\Users\phower64766\Desktop\NTREGOPT.lnk

[2011/12/26 13:48:55 | 000,000,886 | ---- | M] () -- C:\Users\phower64766\Desktop\ERUNT.lnk

[2011/12/26 13:47:51 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\phower64766\Desktop\erunt-setup.exe

[2011/12/26 12:01:54 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\phower64766\Desktop\OTL.exe

[2011/12/26 07:53:54 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\phower64766\Desktop\dds.scr

[2011/12/24 10:31:45 | 000,000,115 | ---- | M] () -- C:\Users\phower64766\Desktop\fixme.reg

[2011/12/24 10:27:41 | 000,001,107 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2011/12/24 10:26:38 | 015,292,208 | ---- | M] (Mozilla) -- C:\Users\phower64766\Desktop\Firefox Setup 9.0.1.exe

[2011/12/24 10:18:31 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\phower64766\Desktop\GooredFix.exe

[2011/12/24 10:14:17 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Users\phower64766\Desktop\ATF_Cleaner.exe

[2011/12/23 14:52:26 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\phower64766\Desktop\TDSSKiller.exe

[2011/12/21 16:08:27 | 000,001,395 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts

[2011/12/21 14:22:22 | 000,073,566 | RHS- | M] () -- C:\Users\phower64766\ntuser.pol

[2011/12/21 10:56:47 | 000,001,273 | ---- | M] () -- C:\Users\phower64766\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk

[2011/12/20 11:02:13 | 000,000,130 | ---- | M] () -- C:\Users\phower64766\Documents\amgi.dsn

[2011/12/20 10:50:21 | 000,344,064 | ---- | M] () -- C:\Users\phower64766\Documents\Database22.accdb

[2011/12/20 10:49:09 | 267,542,528 | ---- | M] () -- C:\Users\phower64766\Desktop\Critical Parts Rev2_Backup.accdb

[2011/12/20 10:49:09 | 267,542,528 | ---- | M] () -- C:\Users\phower64766\Desktop\Critical Parts Rev2.accdb

[2011/12/16 12:08:37 | 000,001,822 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk

[2011/12/15 21:23:53 | 000,075,354 | RHS- | M] () -- C:\ProgramData\ntuser.pol

[2011/12/15 16:01:42 | 267,001,856 | ---- | M] () -- C:\Users\phower64766\Desktop\Critical Parts.accdb

[2011/12/15 10:43:11 | 000,000,406 | ---- | M] () -- C:\Windows\ODBC.INI

[2011/12/14 12:42:17 | 029,884,416 | ---- | M] () -- C:\Users\phower64766\Desktop\VF BOM MANAGEMENT TOOL for NM.accdb

[2011/12/08 13:41:57 | 000,002,024 | ---- | M] () -- C:\Users\phower64766\Documents\Default.rdp

[2011/12/08 07:30:42 | 000,471,040 | ---- | M] () -- C:\Users\phower64766\Documents\Database25.accdb

[2011/12/04 12:14:17 | 000,425,984 | ---- | M] () -- C:\Users\phower64766\Documents\SO Demand - Usage.accdb

========== Files Created - No Company Name ==========

[2011/12/26 13:48:55 | 000,000,905 | ---- | C] () -- C:\Users\phower64766\Desktop\NTREGOPT.lnk

[2011/12/26 13:48:55 | 000,000,886 | ---- | C] () -- C:\Users\phower64766\Desktop\ERUNT.lnk

[2011/12/24 10:31:32 | 000,000,115 | ---- | C] () -- C:\Users\phower64766\Desktop\fixme.reg

[2011/12/24 10:27:41 | 000,001,119 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

[2011/12/24 10:27:41 | 000,001,107 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2011/12/20 11:02:13 | 000,000,130 | ---- | C] () -- C:\Users\phower64766\Documents\amgi.dsn

[2011/12/20 10:49:25 | 000,344,064 | ---- | C] () -- C:\Users\phower64766\Documents\Database22.accdb

[2011/12/20 10:49:14 | 267,542,528 | ---- | C] () -- C:\Users\phower64766\Desktop\Critical Parts Rev2_Backup.accdb

[2011/12/19 10:05:42 | 267,542,528 | ---- | C] () -- C:\Users\phower64766\Desktop\Critical Parts Rev2.accdb

[2011/12/16 12:08:37 | 000,001,822 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk

[2011/12/04 07:24:19 | 000,425,984 | ---- | C] () -- C:\Users\phower64766\Documents\SO Demand - Usage.accdb

[2011/10/10 06:42:20 | 000,001,473 | ---- | C] () -- C:\Windows\System32\shortcut_ex.dat

[2011/10/06 12:14:27 | 000,004,096 | -H-- | C] () -- C:\Users\phower64766\AppData\Local\keyfile3.drm

[2011/08/29 06:45:15 | 000,000,218 | ---- | C] () -- C:\Windows\oraodbc.ini

[2011/08/25 07:41:18 | 000,000,183 | ---- | C] () -- C:\Windows\hpbafd.ini

[2011/08/12 08:16:45 | 000,004,764 | ---- | C] () -- C:\Windows\System32\CcmFramework.ini

[2011/06/16 21:04:24 | 000,000,280 | ---- | C] () -- C:\Windows\System32\PGPsdk.dll.sig

[2011/05/30 09:36:16 | 000,000,016 | ---- | C] () -- C:\Windows\System32\jgldog11.dll

[2011/05/28 08:53:37 | 000,007,598 | ---- | C] () -- C:\Users\phower64766\AppData\Local\Resmon.ResmonCfg

[2011/05/18 14:53:15 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat

[2011/05/18 12:12:06 | 000,013,808 | ---- | C] () -- C:\Windows\System32\ad_driver.sys

[2011/05/17 09:30:19 | 000,000,406 | ---- | C] () -- C:\Windows\ODBC.INI

[2011/05/17 09:30:18 | 000,054,343 | ---- | C] () -- C:\Windows\bqmeta0.ini

[2011/05/17 09:30:16 | 000,027,955 | ---- | C] () -- C:\Windows\bqformat.ini

[2011/05/17 09:07:40 | 000,049,152 | ---- | C] () -- C:\Windows\adminset.exe

[2011/05/17 08:50:45 | 000,075,354 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2011/05/17 08:43:40 | 000,816,792 | ---- | C] () -- C:\Windows\System32\drivers\pmxdrv.sys

[2011/05/17 08:24:11 | 000,870,560 | ---- | C] () -- C:\Windows\System32\igkrng575.bin

[2011/05/17 08:24:11 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll

[2011/05/17 08:24:11 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll

[2011/05/17 08:24:11 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config

[2010/11/14 22:18:00 | 000,418,680 | ---- | C] () -- C:\Windows\System32\perfh012.dat

[2010/11/14 22:18:00 | 000,157,694 | ---- | C] () -- C:\Windows\System32\perfi012.dat

[2010/11/14 22:18:00 | 000,110,838 | ---- | C] () -- C:\Windows\System32\perfc012.dat

[2010/11/14 22:18:00 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd012.dat

[2010/11/14 22:09:08 | 000,141,988 | ---- | C] () -- C:\Windows\System32\perfi011.dat

[2010/11/14 22:09:07 | 000,407,372 | ---- | C] () -- C:\Windows\System32\perfh011.dat

[2010/11/14 22:09:07 | 000,112,550 | ---- | C] () -- C:\Windows\System32\perfc011.dat

[2010/11/14 22:09:07 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd011.dat

[2010/11/14 22:00:06 | 000,335,478 | ---- | C] () -- C:\Windows\System32\perfi010.dat

[2010/11/14 22:00:05 | 000,713,720 | ---- | C] () -- C:\Windows\System32\perfh010.dat

[2010/11/14 22:00:05 | 000,134,328 | ---- | C] () -- C:\Windows\System32\perfc010.dat

[2010/11/14 22:00:05 | 000,037,534 | ---- | C] () -- C:\Windows\System32\perfd010.dat

[2010/11/14 21:53:10 | 000,375,280 | ---- | C] () -- C:\Windows\System32\perfh00D.dat

[2010/11/14 21:53:10 | 000,229,316 | ---- | C] () -- C:\Windows\System32\perfi00D.dat

[2010/11/14 21:53:10 | 000,075,256 | ---- | C] () -- C:\Windows\System32\perfc00D.dat

[2010/11/14 21:53:10 | 000,032,166 | ---- | C] () -- C:\Windows\System32\perfd00D.dat

[2010/11/14 21:46:41 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat

[2010/11/14 21:46:40 | 000,668,692 | ---- | C] () -- C:\Windows\System32\perfh007.dat

[2010/11/14 21:46:40 | 000,136,440 | ---- | C] () -- C:\Windows\System32\perfc007.dat

[2010/11/14 21:46:40 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat

[2010/11/14 21:39:50 | 000,718,670 | ---- | C] () -- C:\Windows\System32\perfh00C.dat

[2010/11/14 21:39:50 | 000,344,522 | ---- | C] () -- C:\Windows\System32\perfi00C.dat

[2010/11/14 21:39:50 | 000,137,138 | ---- | C] () -- C:\Windows\System32\perfc00C.dat

[2010/11/14 21:39:50 | 000,038,160 | ---- | C] () -- C:\Windows\System32\perfd00C.dat

[2010/11/14 21:33:08 | 000,117,840 | ---- | C] () -- C:\Windows\System32\prfi0404.dat

[2010/11/14 21:33:07 | 000,395,790 | ---- | C] () -- C:\Windows\System32\prfh0404.dat

[2010/11/14 21:33:07 | 000,105,496 | ---- | C] () -- C:\Windows\System32\prfc0404.dat

[2010/11/14 21:33:07 | 000,031,548 | ---- | C] () -- C:\Windows\System32\prfd0404.dat

[2010/11/14 21:26:46 | 000,111,310 | ---- | C] () -- C:\Windows\System32\prfi0804.dat

[2010/11/14 21:26:45 | 000,379,488 | ---- | C] () -- C:\Windows\System32\prfh0804.dat

[2010/11/14 21:26:45 | 000,110,410 | ---- | C] () -- C:\Windows\System32\prfc0804.dat

[2010/11/14 21:26:45 | 000,031,548 | ---- | C] () -- C:\Windows\System32\prfd0804.dat

[2010/11/14 19:11:18 | 000,006,251 | ---- | C] () -- C:\Windows\saplogon.ini

[2010/11/14 19:08:42 | 001,064,960 | ---- | C] () -- C:\Windows\System32\h5krnl32.dll

[2010/11/14 19:08:42 | 000,188,928 | ---- | C] () -- C:\Windows\System32\h5icon32.dll

[2010/11/14 19:08:42 | 000,175,616 | ---- | C] () -- C:\Windows\System32\h5menu32.dll

[2010/11/14 19:08:42 | 000,095,744 | ---- | C] () -- C:\Windows\System32\h5rtf32.dll

[2010/11/14 19:08:42 | 000,051,200 | ---- | C] () -- C:\Windows\System32\h5tool32.dll

[2010/11/14 19:07:16 | 000,000,078 | ---- | C] () -- C:\Windows\init.ini

[2010/11/14 18:34:19 | 000,000,470 | ---- | C] () -- C:\Windows\SMSCFG.INI

[2010/07/29 01:31:12 | 000,127,868 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin

[2010/07/29 01:31:10 | 000,104,796 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin

[2009/07/13 21:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2009/07/13 21:33:53 | 000,411,984 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2009/07/13 19:05:48 | 000,639,608 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2009/07/13 19:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2009/07/13 19:05:48 | 000,112,736 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2009/07/13 19:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2009/07/13 19:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2009/07/13 19:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2009/07/13 17:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

[2009/07/13 16:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2009/07/13 16:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll

[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll

[2009/07/13 16:11:47 | 000,445,008 | ---- | C] () -- C:\Windows\System32\drivers\Wdf01000.sys

[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[2003/07/03 15:43:04 | 000,000,290 | ---- | C] () -- C:\Windows\brioqry6.ini

========== Custom Scans ==========

< HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|url /rs >

< HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|url /rs >

< HKEY_USERS\S-1-5-19\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|url /rs >

< HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|url /rs >

< HKEY_USERS\S-1-5-20\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|url /rs >

< HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|url /rs >

< HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|url /rs >

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\SuggestionsURLFallback: http://api.bing.com/qsml.aspx?query={searchTerms}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}&sectionHeight={ie:sectionHeight}&FORM=IE8SSC&market={language}

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\FaviconURLFallback: http://www.bing.com/favicon.ico

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL: http://findgala.com/?&uid=5618&q={searchTerms}

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{870BE6FD-5094-4100-BBF2-15CAB17EE660}\\URL: http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{870BE6FD-5094-4100-BBF2-15CAB17EE660}\\SuggestionsURL: http://clients5.google.com/complete/search?q={searchTerms}&client=ie8&mw={ie:maxWidth}&sh={ie:sectionHeight}&rh={ie:rowHeight}&inputencoding={inputEncoding}&outputencoding={outputEncoding}

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{870BE6FD-5094-4100-BBF2-15CAB17EE660}\\OSDFileURL: http://www.iegallery.com/DownloadHandler.ashx?ResourceId=813

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{870BE6FD-5094-4100-BBF2-15CAB17EE660}\\FaviconURL: http://www.google.com/favicon.ico

< HKEY_CLASSES_ROOT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|url /rs >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options|exe /rs >

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\accicons.exe\\DisableExceptionChainValidation: 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\clview.exe\\DisableExceptionChainValidation: 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cnfnot32.exe\\DisableExceptionChainValidation: 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions\\mscoree.dll: 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions\\mscorwks.dll: 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions\\mso.dll: 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions\\msjava.dll: 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions\\msci_uno.dll: 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions\\jvm.dll: 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions\\jvm_g.dll: 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions\\javai.dll: 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions\\vb40032.dll: 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions\\vbe6.dll: 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions\\ums.dll: 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions\\main123w.dll: 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions\\udtapi.dll: 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions\\mscorsvr.dll: 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions\\eMigrationmmc.dll: 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions\\eProcedureMMC.dll: 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions\\eQueryMMC.dll: 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions\\EncryptPatchVer.dll: 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions\\Cleanup.dll: 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions\\divx.dll: 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions\\divxdec.ax: 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions\\fullsoft.dll: 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions\\NSWSTE.dll: 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions\\ASSTE.dll: 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions\\NPMLIC.dll: 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions\\PMSTE.dll: 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions\\AVSTE.dll: 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions\\NAVOPTRF.dll: 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions\\DRMINST.dll: 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions\\TFDTCTT8.dll: 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions\\DJSMAR00.dll: 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions\\xlmlEN.dll: 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions\\ISSTE.dll: 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions\\symlcnet.dll: 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions\\ppw32hlp.dll: 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions\\Apitrap.dll: 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions\\Vegas60k.dll: 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dw20.exe\\DisableExceptionChainValidation: 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dwtrig20.exe\\DisableExceptionChainValidation: 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\editor.exe\\DisableExceptionChainValidation: 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\excel.exe\\DisableExceptionChainValidation: 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\excelcnv.exe\\DisableExceptionChainValidation: 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\graph.exe\\DisableExceptionChainValidation: 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\groove.exe\\DisableExceptionChainValidation: 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IEInstal.exe\\ExecuteOptions: 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\infopath.exe\\DisableExceptionChainValidation: 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msaccess.exe\\DisableExceptionChainValidation: 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msohtmed.exe\\DisableExceptionChainValidation: 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msosync.exe\\DisableExceptionChainValidation: 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msoxmled.exe\\DisableExceptionChainValidation: 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mspub.exe\\DisableExceptionChainValidation: 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msqry32.exe\\DisableExceptionChainValidation: 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mstordb.exe\\DisableExceptionChainValidation: 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mstore.exe\\DisableExceptionChainValidation: 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ois.exe\\DisableExceptionChainValidation: 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\onelev.exe\\DisableExceptionChainValidation: 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\onenote.exe\\DisableExceptionChainValidation: 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\onenotem.exe\\DisableExceptionChainValidation: 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\orgchart.exe\\DisableExceptionChainValidation: 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\orgwiz.exe\\DisableExceptionChainValidation: 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ose.exe\\DisableExceptionChainValidation: 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outlook.exe\\DisableExceptionChainValidation: 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\powerpnt.exe\\DisableExceptionChainValidation: 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\projimpt.exe\\DisableExceptionChainValidation: 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scanost.exe\\DisableExceptionChainValidation: 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scanpst.exe\\DisableExceptionChainValidation: 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\selfcert.exe\\DisableExceptionChainValidation: 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setlang.exe\\DisableExceptionChainValidation: 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tlimpt.exe\\DisableExceptionChainValidation: 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\visio.exe\\DisableExceptionChainValidation: 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vpreview.exe\\DisableExceptionChainValidation: 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Winword.exe\\DisableExceptionChainValidation: 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wordconv .exe\\DisableExceptionChainValidation: 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wxp.exe\\DisableExceptionChainValidation: 0

< >

========== Files - Unicode (All) ==========

[2011/05/18 13:42:00 | 001,359,590 | ---- | C] ()(C:\Users\phower64766\Desktop\???.JPG) -- C:\Users\phower64766\Desktop\潘好乐.JPG

[2011/01/02 12:36:58 | 001,359,590 | ---- | M] ()(C:\Users\phower64766\Desktop\???.JPG) -- C:\Users\phower64766\Desktop\潘好乐.JPG

< End of report >

[Maurice Naggar]

Close any of your open programs, saving any open files documents.

This next fix is to reset the searchscopes setting (1 of them) for Internet Explorer to Bing.com

• Please double-click OTL.exe to run it. (Note: If you are running on Vista or Windows 7, right-click on the file and choose Run As Administrator).
  
• Copy all the lines in between the **** stars lines **** below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  *****************************************************************
  :reg
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
  "URL"=hex(7):"http://www.bing.com/"
  *****************************************************************
  
• Return to OTL. Right click in the "Custom Scans/Fixes" window (under the aqua-blue bar) and choose Paste.
  
• Close any browser(s) windows that may be open.
  
• Using your mouse, click on the red-lettered button Run Fix.
  
• Once you see a message box "Fix complete! Click OK to open the fix log."
  Click the OK button
  
• The log will open in Notepad (your default text editor).
  
• Save the log. Post a copy of that log in your next reply.
  

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.

If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

There will be more to do after this.

[phower2112]

========== REGISTRY ==========

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\"URL"|hex(7):"http://www.bing.com/" /E : value set successfully!

OTL by OldTimer - Version 3.2.31.0 log created on 12262011_152518

[Maurice Naggar]

That should have I.E. back to normal & using Bing as the search engine selection. Don't go and surf anywhere. We need to do more. Plus will have to check on Firefox later. Have plenty (plenty) of patience and these next steps.

If you have a prior copy of Combofix, delete it now

Download Combofix from any of the links below, and SAVE it to your Desktop.

Link 1

Link 2

**Note: It is important that it is saved directly to your Desktop and not run straight away from download **

Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

Right- click on Combo-Fix.exe on your Desktop and select "Run as Administrator".

• A window may open with prompts. Accept the EULA and follow the prompts to start the fix. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.
  

A caution - Do not run Combofix more than once.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.

If this occurs, please reboot to restore the desktop.

Even when ComboFix appears to be doing nothing, look at your Drive light.

If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt.

Note:

Do not mouseclick combofix's window nor run any program while Combofix is running.

That may cause it to stall.

Reply with a copy of the C:\Combofix.txt log

[phower2112]

It's asking me to disable McAfee VirusScan Enterprise and Enterprise Antispyware Module. Since McAfee was installed by my GIS team - I don't believe I can disable (right click gives no options to disable, etc.). I have not clicked the 'ok' button yet

[Maurice Naggar]

Proceed forward and let's hope the VirusScan won't interfere

Press the OK for Combofix

[phower2112]

It gave me "Windows cannot find 'NIRKMD'. Make sure you typed the name correctly, and then try again" error

[Maurice Naggar]

That should read NIRCMD. UMHH.... Let's set aside the run of Combofix.

Right-Click the icon to MBAM and select Run As Administrator.

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.

Then click the Scanner sub-tab. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

When done, click the Scanner tab.

Do a Quick Scan.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

[phower2112]

No...it was what I referenced...I double checked. I clicked ok and it kept on running the routine. I have to click ok....currently completed stage 50? Should I continue? Any way to stop?

[Maurice Naggar]

Once Combofix is running, let it finish. Have plenty of patience. Let it finish. and if you are using the browser on "the problem system", Close the browser, let CF finish its tasks. After it finsihes, then and only then, get the report and post back to the forum.

Do not use the system while Combofix is running.

[phower2112]

I was actually on my iPad...

ComboFix 11-12-26.03 - PHower64766 12/26/2011 16:07:40.1.4 - x86

Microsoft Windows 7 Enterprise 6.1.7600.0.1252.1.1033.18.2928.1603 [GMT -7:00]

Running from: c:\users\phower64766\Desktop\ComboFix.exe

AV: McAfee VirusScan Enterprise *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

SP: McAfee VirusScan Enterprise Antispyware Module *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

* Resident AV is active

.

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files\TelevisionFanaticEI

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\PGPtray.exe.lnk

c:\windows\system32\spool\prtprocs\w32x86\x5pp.dll

.

.

((((((((((((((((((((((((( Files Created from 2011-11-26 to 2011-12-26 )))))))))))))))))))))))))))))))

.

.

2011-12-26 20:51 . 2011-12-26 20:51 -------- d-----w- C:\_OTL

2011-12-26 20:48 . 2011-12-26 20:48 -------- d-----w- c:\program files\ERUNT

2011-12-24 17:28 . 2011-12-24 17:28 -------- d-----w- c:\users\phower64766\AppData\Local\Mozilla

2011-12-24 17:21 . 2011-12-24 17:21 -------- d-----w- c:\users\phower64766\AppData\Local\Apple Computer

2011-12-20 20:07 . 2011-12-22 00:01 -------- d-----w- c:\users\phower64766\AppData\Roaming\Aktiaca

2011-12-20 20:07 . 2011-12-21 21:28 -------- d-----w- c:\users\phower64766\AppData\Roaming\Icox

2011-12-16 19:08 . 2011-12-16 19:08 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll

2011-12-16 19:08 . 2011-12-16 19:08 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll

2011-12-16 19:08 . 2011-12-16 19:08 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll

2011-12-16 19:08 . 2011-12-16 19:08 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll

2011-12-16 19:08 . 2011-12-16 19:08 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll

2011-12-16 19:08 . 2011-12-16 19:08 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll

2011-12-16 19:08 . 2011-12-16 19:08 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll

2011-12-16 19:07 . 2011-12-16 19:08 -------- d-----w- c:\program files\QuickTime

2011-12-15 22:19 . 2011-12-15 22:24 -------- d-----w- C:\orant

2011-12-15 19:29 . 2011-12-15 19:29 -------- d-----w- c:\users\phower64766\AppData\Local\ApplicationHistory

2011-12-15 18:31 . 2011-10-01 04:43 708608 ----a-w- c:\program files\Common Files\System\wab32.dll

2011-12-15 18:31 . 2011-09-29 15:43 1285488 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-12-14 01:33 . 2011-12-14 01:33 -------- d-----w- c:\users\phower64766\AppData\Roaming\smkits

2011-12-09 15:03 . 2011-12-09 15:03 -------- d-----w- c:\users\phower64766\AppData\Local\Apps

2011-11-28 22:29 . 2011-12-07 23:00 -------- d-----w- c:\users\phower64766\AppData\Roaming\Oskayd

2011-11-28 22:29 . 2011-12-07 22:30 -------- d-----w- c:\users\phower64766\AppData\Roaming\Odorapc

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-12-26 20:55 . 2011-05-18 19:12 13808 ----a-w- c:\windows\system32\ad_driver.sys

2011-11-08 08:31 . 2011-11-08 08:31 290742 ----a-w- c:\windows\system32\PGPlspRollback.reg

2011-10-24 21:29 . 2011-10-24 21:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2011-10-24 21:29 . 2011-10-24 21:29 69632 ----a-w- c:\windows\system32\QuickTime.qts

2011-10-10 13:41 . 2011-08-18 04:57 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll

2011-10-10 13:41 . 2011-08-18 04:56 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll

2011-10-10 13:40 . 2011-08-18 04:45 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll

2011-10-10 13:40 . 2011-08-18 04:45 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2011-10-01 02:59 . 2011-11-10 03:58 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2011-12-21 07:24 . 2011-12-24 17:27 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C26B6E5C-9D27-43C7-AAB4-F8A64C09F4DC}]

2010-11-05 02:12 72952 ----a-w- c:\program files\Microsoft Enterprise Desktop Virtualization\BHO\x86\UrlRedirectionBHO.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ATFPUOverlayIcon]

@="{3239DBC1-B76D-4dc7-8B29-D99CBA3C7336}"

[HKEY_CLASSES_ROOT\CLSID\{3239DBC1-B76D-4dc7-8B29-D99CBA3C7336}]

2010-03-02 16:24 147888 ----a-w- c:\program files\Toshiba\TFPU\TFPUOverlayIcon.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlayHandlerAccessible]

@="{3DBF5F01-3287-46EB-82CF-45AA5C241162}"

[HKEY_CLASSES_ROOT\CLSID\{3DBF5F01-3287-46EB-82CF-45AA5C241162}]

2011-06-17 04:04 1056888 ----a-w- c:\windows\System32\PGPfsshl.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2010-03-16 718208]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-05-27 15147400]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"Communicator"="c:\program files\Microsoft Office Communicator\communicator.exe" [2010-07-01 5143904]

"SoftGridTray"="c:\program files\Microsoft Application Virtualization Client\SFTTray.exe" [2009-10-28 807272]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-03-12 1733928]

"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2010-08-26 124224]

"IMSS"="c:\program files\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2010-09-16 112152]

"Cisco IP Communicator 7.0.4"="c:\windows\Is\Logs\Cisco.IPCommunicator\7.0.4\LaunchNotice.vbs" [2011-01-04 422]

"CfgDownload"="c:\program files\IXOS\bin\CfgDownload.exe" [2010-10-11 172032]

"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2011-01-12 161088]

"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-09-01 1047208]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jaureg.exe" [2010-02-18 237800]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-05-11 136216]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-05-11 171032]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-05-11 170008]

"IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]

"Teco"="c:\program files\TOSHIBA\TECO\Teco.exe" [2011-01-28 1349032]

"TSleepSrv"="c:\program files\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe" [2010-04-01 252728]

"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 22840]

"TFPUPWDBankService"="c:\program files\TOSHIBA\TFPU\TFPUPWDBank.exe" [2010-03-02 888752]

"TFPUService"="c:\program files\TOSHIBA\TFPU\TFPUTaskMonitor.exe" [2010-11-04 783224]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-10 421736]

"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"OTL"="c:\users\phower64766\Desktop\OTL.exe" [2011-12-26 584192]

.

c:\users\phower64766\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Monitor My eRooms (V7).lnk - c:\program files\eRoom 7\ERClient7.exe [2011-5-25 153352]

OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-3-29 227712]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2011-3-2 2745760]

Monitor My eRooms (V7).lnk - c:\program files\eRoom 7\ERClient7.exe [2011-5-25 153352]

Symantec NetBackup Desktop Agent.lnk - c:\program files\Symantec\NetBackup DLO\DLO\DLOClientu.exe [2011-2-11 12854680]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableInstallerDetection"= 0 (0x0)

"EnableSecureUIAPaths"= 0 (0x0)

"EnableUIADesktopToggle"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoWebServices"= 1 (0x1)

"NoPublishingWizard"= 1 (0x1)

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"ForceStartMenuLogOff"= 1 (0x1)

"DisablePersonalDirChange"= 1 (0x1)

"NoWelcomeScreen"= 1 (0x1)

.

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"ForceStartMenuLogOff"= 1 (0x1)

"DisablePersonalDirChange"= 1 (0x1)

"NoWelcomeScreen"= 1 (0x1)

"HideSCAHealth"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\System32\PGPmapih.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ scecli PGPpwflt

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]

@="Service"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-14 45736]

R3 dc21x4vm;dc21x4vm;c:\windows\system32\DRIVERS\dc21x4vm.sys [2009-07-13 52224]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-08-26 66536]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]

R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys [2009-07-13 126464]

R3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2010-04-21 6764544]

R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-02-24 60544]

R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-02-24 141568]

R3 OracleOraHome81ClientCache;OracleOraHome81ClientCache;c:\orant\BIN\ONRSD.EXE [2000-10-19 411244]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]

R3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.sys [2011-05-17 816792]

R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys [2009-07-13 19456]

S0 pgpfs;PGP File Sharing;c:\windows\System32\Drivers\PGPfsfd.sys [2011-06-17 136824]

S0 Pgpwdefs;Pgpwdefs;c:\windows\system32\DRIVERS\Pgpwdefs.sys [2011-06-17 13944]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 ADService;ADService;c:\program files\AccessData\Agent\ADService.exe [2010-05-11 7824896]

S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [2010-06-18 2043712]

S2 CipcCdp;Cisco IP Communicator driver for CDP;c:\windows\system32\DRIVERS\CipcCdp.sys [2010-04-12 24000]

S2 DLOChangeJournalSvc;Symantec NetBackup Desktop Agent Change Journal Reader;c:\program files\Symantec\NetBackup DLO\DLO\DLOChangeLogSvcu.exe [2011-02-11 968088]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]

S2 JuniperAccessService;Juniper Unified Network Service;c:\program files\Common Files\Juniper Networks\JUNS\dsAccessService.exe [2010-06-02 132464]

S2 Lotus Notes Diagnostics;Lotus Notes Diagnostics;c:\program files\IBM\Lotus\Notes\nsd.exe [2010-08-11 3417480]

S2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\EngineServer.exe [2010-08-26 22816]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-08-26 69192]

S2 PGP RDD Service;PGP RDD Service;c:\program files\PGP Corporation\PGP Desktop\RDDService.exe [2011-06-17 166520]

S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe86.sys [2009-11-28 48128]

S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2009-10-28 483688]

S2 SplashtopRemoteService;Splashtop® Remote Service;c:\program files\Splashtop\Splashtop Remote\Server\SRService.exe [2011-10-25 520040]

S2 SSUService;Splashtop Software Updater Service;c:\program files\Splashtop\Splashtop Software Updater\SSUService.exe [2011-11-10 370504]

S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-12-08 189880]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-09-16 2538520]

S2 Wireless_AutoSwitch;Wireless AutoSwitch;c:\program files\Wireless AutoSwitch\WrlsAutoSW.exs [2011-04-10 146535]

S3 ad_driver;AccessData Driver;c:\windows\system32\ad_driver.sys [2011-12-26 13808]

S3 ATSwpWDF;AuthenTec TruePrint USB Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2010-06-18 677320]

S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k6232.sys [2009-09-24 208552]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 132480]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-06-21 246272]

S3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [2010-10-18 7122944]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2009-10-28 550760]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2009-10-28 195944]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2009-10-28 21864]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2009-10-28 19304]

S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2009-10-28 209256]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

Contents of the 'Scheduled Tasks' folder

.

2011-11-08 c:\windows\Tasks\DLOClientu.exe - .job

- c:\program files\Symantec\NetBackup DLO\DLO\DLOClientu.exe [2011-02-11 18:39]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://InsideApplied

uInternet Settings,ProxyOverride = *.local

LSP: c:\windows\system32\PGPlsp.dll

Trusted Zone: adp.com

Trusted Zone: myworkday.com

Trusted Zone: workday.com

TCP: DhcpNameServer = 192.168.0.1 205.171.2.25

FF - ProfilePath - c:\users\phower64766\AppData\Roaming\Mozilla\Firefox\Profiles\msaoj7je.default\

FF - prefs.js: browser.startup.homepage - hxxp://insideapplied/

FF - prefs.js: network.proxy.type - 0

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{99079a25-328f-4bd4-be04-00955acaa0a7} - (no file)

Toolbar-10 - (no file)

HKLM_ActiveSetup-{4DBB292B-E365-461C-8502-58AC34DDBB85} - msiexec

AddRemove-Juniper_Setup_Client Activex Control - c:\windows\Downloaded Program Files\JuniperSetupClientCtrlUninstaller.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wireless_AutoSwitch]

"ImagePath"="\"c:\program files\Wireless AutoSwitch\WrlsAutoSW.exs\""

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-1171896205-2244237894-613202170-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,17,8b,5a,19,75,62,62,4a,85,4e,08,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,17,8b,5a,19,75,62,62,4a,85,4e,08,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(780)

c:\windows\system32\PGPmapih.dll

.

- - - - - - - > 'lsass.exe'(716)

c:\windows\system32\PGPmapih.dll

.

Completion time: 2011-12-26 16:42:08

ComboFix-quarantined-files.txt 2011-12-26 23:42

.

Pre-Run: 22,275,801,088 bytes free

Post-Run: 22,187,417,600 bytes free

.

- - End Of File - - E0663D793E7791300F38C4556C933606

[Maurice Naggar]

Tell me if Internet Explorer is "normal" now.

Right-Click the icon to MBAM and select Run As Administrator.

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.

Then click the Scanner sub-tab. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

When done, click the Scanner tab.

Do a Quick Scan.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

[phower2112]

Internet is not working properly - google and bing are still not accessible but all other sites I frequent are accessible.

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 911122605

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

12/26/2011 5:10:23 PM

mbam-log-2011-12-26 (17-10-23).txt

Scan type: Quick scan

Objects scanned: 219687

Time elapsed: 2 minute(s), 39 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

[Maurice Naggar]

OK. The updated MBAM found nothing. Let's do some other tasks.

This next run of OTL will involve a system Restart. Close your open apps that you may have started.

• Please right-click on OTL.exe and choose Run As Administrator to run it.
  
• Copy all the lines in between the **** stars lines **** below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  *****************************************************************
  :processes
  killallprocesses
  :files
  recycler /alldrives
  :Commands
  [purity]
  [resethosts]
  [emptytemp]
  [CREATERESTOREPOINT]
  [EMPTYFLASH]
  [Reboot]
  *****************************************************************
  
• Return to OTL. Right click in the "Custom Scans/Fixes" window (under the aqua-blue bar) and choose Paste.
  
• Close any browser(s) windows that may be open.
  
• Using your mouse, click on the red-lettered button Run Fix.
  
• Once you see a message box "Fix complete! Click OK to open the fix log."
  Click the OK button
  
• The log will open in Notepad (your default text editor).
  
• Save the log. Post a copy of that log in your next reply.

Next:

A different tool to get us a report for my review.

Download and SAVE HijackThis

Save the HJT to your desktop or the folder of your choice, then navigate to that folder.

RIGHT-click Hijackthis.exe and choose Run As Administrator to run it.

Do a "Scan and Save log".

Reply with copy of the OTL log and the HiJackThis log.

[phower2112]

Hi Maurice,

I really appreciate the amount of time you've put into this today.

Thanks!

Pat

All processes killed

========== PROCESSES ==========

========== FILES ==========

recycler not found in C:\

========== COMMANDS ==========

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: All Users

User: AT

->Temp folder emptied: 0 bytes

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: phower64766

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 20716608 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 0 bytes

->Flash cache emptied: 925 bytes

User: Public

->Temp folder emptied: 0 bytes

User: rvaliantx037575

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 4506 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 20.00 mb

[EMPTYFLASH]

User: Administrator

->Flash cache emptied: 0 bytes

User: All Users

User: AT

User: Default

User: Default User

User: phower64766

->Flash cache emptied: 0 bytes

User: Public

User: rvaliantx037575

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.31.0 log created on 12262011_173634

Files\Folders moved on Reboot...

C:\Windows\temp\FXSAPIDebugLogFile.txt moved successfully.

C:\Windows\temp\FXSTIFFDebugLogFile.txt moved successfully.

File\Folder C:\Windows\temp\nsd_tmp_120.tmp not found!

Registry entries deleted on Reboot...

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 5:40:35 PM, on 12/26/2011

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16869)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Microsoft Office Communicator\communicator.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\McAfee\Common Framework\UdaterUI.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files\Toshiba\TECO\Teco.exe

C:\Program Files\Toshiba\TosVolRegulator\TosVolRegulator.exe

C:\Program Files\Toshiba\TFPU\TFPUPWDBank.exe

C:\Program Files\Toshiba\TFPU\TFPUTaskMonitor.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

C:\Program Files\eRoom 7\ERClient7.exe

C:\Program Files\McAfee\Common Framework\McTray.exe

C:\Program Files\Symantec\NetBackup DLO\DLO\DLOClientu.exe

C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosSkypeApl.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe

C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe

C:\Users\phower64766\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://InsideApplied

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ÿþ127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: BHOHOOK - {030AC7B6-E7EC-40F1-8FB2-C0FD344DE0B9} - C:\Program Files\TOSHIBA\TFPU\TFPUPWDBankBHO.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL

O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - (no file)

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL

O2 - BHO: Microsoft.Medv.UrlRedirectionBHO - {C26B6E5C-9D27-43C7-AAB4-F8A64C09F4DC} - C:\Program Files\Microsoft Enterprise Desktop Virtualization\BHO\x86\UrlRedirectionBHO.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices

O4 - HKLM\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\communicator.exe" /fromrunkey

O4 - HKLM\..\Run: [softGridTray] "C:\Program Files\Microsoft Application Virtualization Client\SFTTray.exe" /autostart

O4 - HKLM\..\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [iMSS] "C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"

O4 - HKLM\..\Run: [Cisco IP Communicator 7.0.4] C:\Windows\Is\Logs\Cisco.IPCommunicator\7.0.4\LaunchNotice.vbs

O4 - HKLM\..\Run: [CfgDownload] C:\Program Files\IXOS\bin\CfgDownload.exe

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jaureg.exe" -u auto-update

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

O4 - HKLM\..\Run: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r

O4 - HKLM\..\Run: [TSleepSrv] %ProgramFiles%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe

O4 - HKLM\..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe

O4 - HKLM\..\Run: [TFPUPWDBankService] C:\Program Files\TOSHIBA\TFPU\TFPUPWDBank.exe /start

O4 - HKLM\..\Run: [TFPUService] C:\Program Files\TOSHIBA\TFPU\TFPUTaskMonitor.exe /start

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [iTSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - Startup: Monitor My eRooms (V7).lnk = C:\Program Files\eRoom 7\ERClient7.exe

O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE

O4 - Global Startup: Bluetooth Manager.lnk = ?

O4 - Global Startup: Monitor My eRooms (V7).lnk = C:\Program Files\eRoom 7\ERClient7.exe

O4 - Global Startup: Symantec NetBackup Desktop Agent.lnk = C:\Program Files\Symantec\NetBackup DLO\DLO\DLOClientu.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O16 - DPF: {6E2510E6-BF2D-4C78-9F28-2F5C8760F124} (ERPageAddin Class) - https://eroom.intel.com/eRoomSetup/client.cab

O16 - DPF: {75AA409D-05F9-4F27-BD53-C7339D4B1D0A} (IBM Lotus iNotes 8.5 Control) - http://emamat09.mis.amat.com/dwa85W.cab

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -

O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupControlXP Class) - https://juniper.net/dana-cached/setup/JuniperSetupSP1.cab

O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://us.econnect.amat.com/dana-cached/sc/JuniperSetupClient.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = amat.com

O17 - HKLM\Software\..\Telephony: DomainName = amat.com

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = amat.com

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = amat.com,mis.amat.com

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = amat.com

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = amat.com,mis.amat.com

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = amat.com,mis.amat.com

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O20 - AppInit_DLLs: C:\Windows\System32\PGPmapih.dll

O23 - Service: ADService - AccessData Corporation - C:\Program Files\AccessData\Agent\ADService.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - C:\Program Files\Fingerprint Sensor\AtService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Symantec NetBackup Desktop Agent Change Journal Reader (DLOChangeJournalSvc) - Symantec Corporation - C:\Program Files\Symantec\NetBackup DLO\DLO\DLOChangeLogSvcu.exe

O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe

O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Juniper Unified Network Service (JuniperAccessService) - Juniper Networks - C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: Lotus Notes Diagnostics - IBM - C:\Program Files\IBM\Lotus\Notes\nsd.exe

O23 - Service: Lotus Notes Single Logon - IBM Corp - C:\Program Files\IBM\Lotus\Notes\nslsvice.exe

O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe

O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe

O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Windows\system32\mfevtps.exe

O23 - Service: OracleOraHome81ClientCache - Unknown owner - C:\orant\BIN\ONRSD.EXE

O23 - Service: PGP RDD Service - PGP Corporation - C:\Program Files\PGP Corporation\PGP Desktop\RDDService.exe

O23 - Service: PGPserv - PGP Corporation - C:\Windows\system32\PGPserv.exe

O23 - Service: Splashtop® Remote Service (SplashtopRemoteService) - Splashtop Inc. - C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe

O23 - Service: Splashtop Software Updater Service (SSUService) - Splashtop Inc. - C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe

O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe

O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe

O23 - Service: Wireless AutoSwitch (Wireless_AutoSwitch) - Unknown owner - C:\Program.exe (file missing)

--

End of file - 12804 bytes