Jump to content

adware.gameplaylab found, returns after reboot


Recommended Posts

Hy

my name is Daniel and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

Download OTL to your Desktop.

  • Double click on the icon to run it.
  • Under the Custom.jpg box paste this in


activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
%windir%\installer\*. /5
%localappdata%\*. /5
/md5start
services.exe
user32.dll
/md5stop
CREATERESTOREPOINT

  • Make sure all other windows are closed to let it run uninterrupted.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

Please post both logfiles in your next reply.

Link to post
Share on other sites

OTL logfile as post:

OTL logfile created on: 7/19/2012 7:28:27 AM - Run 1

OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\jofriedm_us\Desktop

64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.88 Gb Total Physical Memory | 5.76 Gb Available Physical Memory | 73.03% Memory free

15.77 Gb Paging File | 13.54 Gb Available in Paging File | 85.88% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 208.66 Gb Total Space | 144.45 Gb Free Space | 69.23% Space Free | Partition Type: NTFS

Drive D: | 80.31 Gb Total Space | 61.54 Gb Free Space | 76.63% Space Free | Partition Type: NTFS

Computer Name: FRIEDMANN-PC | User Name: jofriedm_us | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/19 07:26:18 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\jofriedm_us\Desktop\OTL.exe

PRC - [2012/07/12 18:36:10 | 001,536,712 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe

PRC - [2012/06/22 12:50:43 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

PRC - [2012/06/21 21:35:00 | 000,359,088 | ---- | M] (Yaletown Software Design Inc.) -- C:\Users\jofriedm_us\Program Files (x86)\Bvckup\bvckup.exe

PRC - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2011/10/28 16:46:24 | 001,038,848 | ---- | M] (Oracle Corporation) -- C:\ProgramData\Oracle\MyDesktop\MyDesktopService.exe

PRC - [2011/06/10 15:54:55 | 000,641,464 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe

PRC - [2011/05/19 16:05:00 | 000,185,664 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe

PRC - [2011/05/19 16:05:00 | 000,161,088 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe

PRC - [2011/05/19 16:05:00 | 000,120,128 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe

PRC - [2011/05/19 16:05:00 | 000,075,072 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\McTray.exe

PRC - [2011/04/15 04:34:45 | 000,180,224 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe

PRC - [2010/12/17 10:24:06 | 000,686,704 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe

PRC - [2010/11/25 06:45:32 | 011,322,880 | ---- | M] (Oracle) -- C:\Program Files (x86)\Oracle\Oracle Open Office 3\program\soffice.exe

PRC - [2010/11/25 06:45:32 | 011,314,688 | ---- | M] (Oracle) -- C:\Program Files (x86)\Oracle\Oracle Open Office 3\program\soffice.bin

PRC - [2010/10/22 13:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe

PRC - [2010/10/15 19:07:52 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe

PRC - [2010/10/12 05:08:09 | 000,172,092 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Endpoint Encryption for PC\SbTokWatch.exe

PRC - [2010/10/12 05:07:07 | 000,380,988 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Endpoint Encryption for PC\SbClientManager.exe

PRC - [2010/06/15 04:50:54 | 000,979,104 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireTray.exe

PRC - [2010/06/15 04:50:48 | 001,498,224 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireSvc.exe

PRC - [2010/03/25 06:20:06 | 000,226,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe

PRC - [2009/10/13 14:18:12 | 000,470,016 | ---- | M] (Oracle) -- C:\ProgramData\Oracle\MyDesktop\MyDesktopQOS.exe

PRC - [2009/08/19 08:20:52 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\SafeBoot Tray Manager\SbTrayManager.exe

PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

========== Modules (No Company Name) ==========

MOD - [2012/07/12 18:36:10 | 009,465,032 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll

MOD - [2012/06/22 12:50:42 | 002,042,848 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2011/04/15 04:24:41 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\Oracle\Oracle Open Office 3\program\libxml2.dll

MOD - [2010/12/17 10:24:06 | 000,686,704 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe

MOD - [2009/08/19 08:20:52 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\SafeBoot Tray Manager\SbTrayManager.exe

MOD - [2007/04/18 20:30:46 | 000,471,040 | ---- | M] () -- C:\Program Files (x86)\McAfee\Common Framework\ccme_base.dll

MOD - [2007/04/18 20:30:46 | 000,393,216 | ---- | M] () -- C:\Program Files (x86)\McAfee\Common Framework\cryptocme2.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/06/12 05:57:44 | 000,301,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Macrium\Reflect\ReflectService.exe -- (ReflectService.exe)

SRV:64bit: - [2011/02/21 14:14:02 | 000,072,296 | ---- | M] (O2Micro International) [Disabled | Stopped] -- C:\Windows\SysNative\drivers\o2flash.exe -- (O2FLASH)

SRV:64bit: - [2011/02/21 14:14:00 | 000,275,968 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)

SRV:64bit: - [2011/02/21 14:13:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)

SRV:64bit: - [2011/01/20 11:33:20 | 000,517,488 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe -- (dcpsysmgrsvc)

SRV:64bit: - [2010/10/22 13:07:00 | 000,077,968 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)

SRV:64bit: - [2010/10/15 19:07:52 | 000,953,632 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)

SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV - [2012/07/12 18:36:10 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/06/22 12:50:42 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2011/10/28 16:46:24 | 001,038,848 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\ProgramData\Oracle\MyDesktop\MyDesktopService.exe -- (MyDesktopWindows)

SRV - [2011/06/10 15:54:55 | 000,641,464 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)

SRV - [2011/05/19 16:05:00 | 000,120,128 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)

SRV - [2011/02/21 14:14:06 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)

SRV - [2010/10/22 13:07:00 | 000,181,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mcshield.exe -- (McShield)

SRV - [2010/10/22 13:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe -- (McTaskManager)

SRV - [2010/10/22 13:07:00 | 000,020,792 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe -- (McAfeeEngineService)

SRV - [2010/10/12 05:07:07 | 000,380,988 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\Endpoint Encryption for PC\SbClientManager.exe -- (SafeBootClientManager)

SRV - [2010/06/15 04:50:48 | 001,498,224 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireSvc.exe -- (enterceptAgent)

SRV - [2010/03/25 06:20:06 | 000,226,624 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe -- (McAfee SiteAdvisor Enterprise Service)

SRV - [2010/03/18 06:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/01/26 10:45:24 | 000,039,840 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\Host Intrusion Prevention\HIPSCore\x64\HIPSvc.exe -- (hips)

SRV - [2009/10/13 14:18:12 | 000,470,016 | ---- | M] (Oracle) [Auto | Running] -- C:\ProgramData\Oracle\MyDesktop\MyDesktopQOS.exe -- (QOSMyDesktop)

SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2011/10/14 05:19:26 | 000,348,712 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL)

DRV:64bit: - [2011/10/14 05:19:26 | 000,138,280 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)

DRV:64bit: - [2011/10/14 05:19:26 | 000,106,536 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)

DRV:64bit: - [2011/10/14 05:19:26 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)

DRV:64bit: - [2011/10/14 05:19:25 | 000,021,416 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)

DRV:64bit: - [2011/09/05 17:42:14 | 000,035,400 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AIM_USBdrv64_10_02_471.sys -- (AIM_USBdriver) AIM USB Driver (v.10.02)

DRV:64bit: - [2011/06/10 15:42:42 | 000,022,264 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva)

DRV:64bit: - [2011/05/20 02:53:44 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011/02/21 14:14:24 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®

DRV:64bit: - [2011/02/21 14:14:20 | 012,262,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2011/02/21 14:14:12 | 008,505,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel®

DRV:64bit: - [2011/02/21 14:14:10 | 000,315,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress) Intel®

DRV:64bit: - [2011/02/21 14:14:08 | 000,343,160 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)

DRV:64bit: - [2011/02/21 14:14:08 | 000,038,440 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cvusbdrv.sys -- (cvusbdrv)

DRV:64bit: - [2011/02/21 14:14:06 | 001,485,824 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)

DRV:64bit: - [2011/02/21 14:14:06 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)

DRV:64bit: - [2011/02/21 14:14:06 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL)

DRV:64bit: - [2011/02/21 14:14:06 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)

DRV:64bit: - [2011/02/21 14:14:06 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)

DRV:64bit: - [2011/02/21 14:14:02 | 000,520,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)

DRV:64bit: - [2011/02/21 14:14:02 | 000,075,240 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2sdjw7x64.sys -- (O2SDJRDR)

DRV:64bit: - [2011/02/21 14:14:02 | 000,072,808 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2mdfw7x64.sys -- (O2MDFRDR)

DRV:64bit: - [2011/02/21 14:14:02 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®

DRV:64bit: - [2011/02/21 14:13:58 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelern.sys -- (Acceler)

DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/11/20 22:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)

DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2010/10/22 13:07:00 | 000,470,808 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)

DRV:64bit: - [2010/10/22 13:07:00 | 000,120,224 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)

DRV:64bit: - [2010/10/22 13:07:00 | 000,098,088 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)

DRV:64bit: - [2010/10/22 13:07:00 | 000,084,424 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfetdik.sys -- (mfetdik)

DRV:64bit: - [2010/10/22 13:07:00 | 000,078,768 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)

DRV:64bit: - [2010/10/12 05:05:50 | 000,015,688 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\windows\SysNative\drivers\sbregflt.sys -- (SbRegFlt)

DRV:64bit: - [2010/10/12 05:05:44 | 000,015,688 | ---- | M] (McAfee, Inc.) [File_System | Boot | Running] -- C:\windows\SysNative\drivers\sbfslock.sys -- (SbFsLock)

DRV:64bit: - [2010/10/12 05:05:39 | 000,058,184 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\windows\SysNative\drivers\rsvlock.sys -- (RsvLock)

DRV:64bit: - [2010/10/12 05:05:29 | 000,023,368 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\windows\SysNative\drivers\sbflop.sys -- (SbFlop)

DRV:64bit: - [2010/10/12 05:05:14 | 000,056,648 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\safeboot.sys -- (SafeBoot)

DRV:64bit: - [2010/08/20 13:05:12 | 000,021,616 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdcfltn.sys -- (stdcfltn)

DRV:64bit: - [2010/06/15 04:49:38 | 000,038,968 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\firelm01.sys -- (firelm01)

DRV:64bit: - [2010/06/15 04:49:32 | 000,254,520 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\FireTDI.sys -- (FireTDI)

DRV:64bit: - [2010/06/15 04:49:28 | 000,186,784 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\FirePM.sys -- (FirePM)

DRV:64bit: - [2010/01/26 10:45:04 | 000,040,152 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HIPQK.sys -- (HIPQK)

DRV:64bit: - [2010/01/26 10:44:48 | 000,045,424 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HIPPSK.sys -- (HIPPSK)

DRV:64bit: - [2010/01/26 10:44:34 | 000,138,904 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HIPK.sys -- (HIPK)

DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2008/10/17 08:26:24 | 000,056,648 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\firehk.sys -- (FirehkMP)

DRV:64bit: - [2008/10/17 08:26:24 | 000,056,648 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\firehk.sys -- (Firehk)

DRV:64bit: - [2008/08/13 15:51:44 | 000,060,128 | ---- | M] (SafeBoot N.V.) [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\sbalg.sys -- (SBAlg)

DRV - [2010/10/12 05:05:50 | 000,015,688 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\windows\SysWow64\drivers\SbRegFlt.sys -- (SbRegFlt)

DRV - [2010/10/12 05:05:44 | 000,015,688 | ---- | M] (McAfee, Inc.) [File_System | Boot | Running] -- C:\windows\SysWow64\drivers\SbFsLock.sys -- (SbFsLock)

DRV - [2010/10/12 05:05:39 | 000,058,184 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\windows\SysWow64\drivers\RsvLock.sys -- (RsvLock)

DRV - [2010/10/12 05:05:29 | 000,023,368 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\windows\SysWow64\drivers\SbFlop.sys -- (SbFlop)

DRV - [2010/10/12 05:05:14 | 000,056,648 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\windows\SysWow64\drivers\SafeBoot.sys -- (SafeBoot)

DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

DRV - [2008/08/13 15:51:44 | 000,060,128 | ---- | M] (SafeBoot N.V.) [Kernel | Boot | Running] -- C:\windows\SysWow64\drivers\SbAlg.sys -- (SBAlg)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://my.oracle.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.oracle.com/site/nasc/Sales/Organizations/NAA/index.htm

IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)

IE - HKCU\..\SearchScopes,DefaultScope = {8F99810B-04E2-4D06-9BF1-50320EDFDFE2}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU\..\SearchScopes\{8F99810B-04E2-4D06-9BF1-50320EDFDFE2}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.oracle.com;*.oracleads.com;*.us.oracle.com;*.uk.oracle.com;*.ca.oracle.com;*.oraclecorp.com;*.oracleportal.com;*.local;<local>

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://wpad/wpad.dat

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.marketwatch.com/"

FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.0.0.561

FF - prefs.js..network.proxy.autoconfig_url: "http://wpad/wpad.dat"

FF - prefs.js..network.proxy.type: 4

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60129.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.3012: C:\Program Files (x86)\Real\RealPlayer Enterprise\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.3070: C:\Program Files (x86)\Real\RealPlayer Enterprise\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1830: C:\Program Files (x86)\Real\RealPlayer Enterprise\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\ [2011/10/14 07:12:31 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/22 12:50:44 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/07/16 14:41:00 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/04/15 04:34:49 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{EC3050F0-CA9E-11E1-8270-B8AC6F996F26}: C:\Users\jofriedm_us\AppData\Local\{EC3050F0-CA9E-11E1-8270-B8AC6F996F26}\ [2012/07/10 09:53:03 | 000,000,000 | ---D | M]

[2011/10/19 18:19:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jofriedm_us\AppData\Roaming\Mozilla\Extensions

[2012/07/05 18:54:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jofriedm_us\AppData\Roaming\Mozilla\Firefox\Profiles\7rqmhx4x.default\extensions

[2012/02/21 18:56:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2012/07/10 09:53:03 | 000,000,000 | ---D | M] (Mozilla Safe Browsing) -- C:\USERS\JOFRIEDM_US\APPDATA\LOCAL\{EC3050F0-CA9E-11E1-8270-B8AC6F996F26}

[2012/06/22 12:50:43 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2010/10/22 13:07:00 | 000,023,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll

[2011/04/15 04:17:18 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

[2012/06/22 12:50:41 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012/06/22 12:50:41 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/07/16 15:04:39 | 000,000,041 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 137.254.4.85 myaccess.oraclevpn.com

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)

O4:64bit: - HKLM..\Run: [edapc] C:\Users\jofriedm_us\AppData\Roaming\edapc.dll (Analog Devices, Inc.)

O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [McAfee Host Intrusion Prevention Tray] C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireTray.exe (McAfee, Inc.)

O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)

O4 - HKLM..\Run: [safeBootTokenWatcher] C:\Program Files (x86)\McAfee\Endpoint Encryption for PC\SbTokWatch.exe (McAfee, Inc.)

O4 - HKLM..\Run: [safeBootTrayManager] C:\Program Files (x86)\SafeBoot Tray Manager\SbTrayManager.exe ()

O4 - HKLM..\Run: [shStatEXE] C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

O4 - HKCU..\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

O4 - Startup: C:\Users\jofriedm_us\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bvckup.lnk = C:\Users\jofriedm_us\Program Files (x86)\Bvckup\bvckup.exe (Yaletown Software Design Inc.)

O4 - Startup: C:\Users\jofriedm_us\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Oracle Open Office 3.3.lnk = C:\Program Files (x86)\Oracle\Oracle Open Office 3\program\quickstart.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 1

O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O1364bit: - gopher Prefix: missing

O15:64bit: - ..Trusted Domains: oracle.com ([login] https in Trusted sites)

O15:64bit: - ..Trusted Domains: oraclecorp.com ([global-ebusiness] https in Trusted sites)

O15:64bit: - ..Trusted Domains: oraclecorp.com ([global-erp] https in Trusted sites)

O15:64bit: - ..Trusted Domains: oraclecorp.com ([global-hrms] https in Trusted sites)

O15:64bit: - ..Trusted Domains: oraclecorp.com ([global-service] https in Trusted sites)

O15:64bit: - ..Trusted Domains: oraclevpn.com ([myaccess] https in Trusted sites)

O15 - HKLM\..Trusted Domains: oracle.com ([login] https in Trusted sites)

O15 - HKLM\..Trusted Domains: oraclecorp.com ([global-ebusiness] https in Trusted sites)

O15 - HKLM\..Trusted Domains: oraclecorp.com ([global-erp] https in Trusted sites)

O15 - HKLM\..Trusted Domains: oraclecorp.com ([global-hrms] https in Trusted sites)

O15 - HKLM\..Trusted Domains: oraclecorp.com ([global-service] https in Trusted sites)

O15 - HKLM\..Trusted Domains: oraclevpn.com ([myaccess] https in Trusted sites)

O15 - HKCU\..Trusted Domains: oracle.com ([login] https in Trusted sites)

O15 - HKCU\..Trusted Domains: oraclecorp.com ([global-ebusiness] https in Trusted sites)

O15 - HKCU\..Trusted Domains: oraclecorp.com ([global-erp] https in Trusted sites)

O15 - HKCU\..Trusted Domains: oraclecorp.com ([global-hrms] https in Trusted sites)

O15 - HKCU\..Trusted Domains: oraclecorp.com ([global-service] https in Trusted sites)

O15 - HKCU\..Trusted Domains: oraclevpn.com ([myaccess] https in Trusted sites)

O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {B837CB5A-815F-4020-B402-83ADDEDAB019} https://global-crm.oraclecorp.com/callcenter_enu/20436/applets/SiebelAx_Smartscript.cab (Siebel SmartScript)

O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {D847E32E-BEE3-4B37-A1E2-D5AF9099A8AC} https://global-crm.oraclecorp.com/callcenter_enu/20436/applets/SiebelAx_HI_Client.cab (Siebel High Interactivity Framework)

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T27L10NSP25-10481/webex/ieatgpc1.cab (GpcContainer Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = us.oracle.com

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0C9E203C-091F-4C21-B594-C65A38A8ECFB}: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{89296FDA-7DCE-4E7C-B874-F86FEA0DCCA8}: DhcpNameServer = 192.168.0.1

O18:64bit: - Protocol\Handler\dssrequest - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\sacore - No CLSID value found

O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)

O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{02815db6-0edc-11e1-a8b4-d0df9ab32f40}\Shell - "" = AutoRun

O33 - MountPoints2\{02815db6-0edc-11e1-a8b4-d0df9ab32f40}\Shell\AutoRun\command - "" = E:\LiteAuto.exe

O33 - MountPoints2\{972fbb45-1096-11e1-aac0-d0df9ab32f40}\Shell - "" = AutoRun

O33 - MountPoints2\{972fbb45-1096-11e1-aac0-d0df9ab32f40}\Shell\AutoRun\command - "" = E:\LiteAuto.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework

ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\windows\system32\unregmp2.exe /HideWMP

ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX:64bit: >{2D54B356-756B-44A1-AED5-790029BF3C59} - RunDLL32 IEDKCS32.DLL,BrandIE4 CUSTOM

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

MsConfig:64bit - State: "startup" - Reg Error: Key error.

MsConfig:64bit - State: "services" - Reg Error: Key error.

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/07/19 07:26:16 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\jofriedm_us\Desktop\OTL.exe

[2012/07/18 19:35:27 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\jofriedm_us\Desktop\dds.com

[2012/07/18 19:14:21 | 000,047,080 | ---- | C] (McAfee, Inc.) -- C:\windows\SysNative\HIPIS0e011b5.dll

[2012/07/18 19:14:21 | 000,040,328 | ---- | C] (McAfee, Inc.) -- C:\windows\SysWow64\HIPIS0e011b5.dll

[2012/07/16 14:40:46 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2012/07/10 15:25:39 | 000,000,000 | ---D | C] -- C:\Users\jofriedm_us\AppData\Local\Macromedia

[2012/07/10 15:05:01 | 000,000,000 | ---D | C] -- C:\Users\jofriedm_us\AppData\Roaming\Malwarebytes

[2012/07/10 15:04:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/07/10 15:04:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/07/10 15:04:49 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys

[2012/07/10 15:04:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012/07/10 14:50:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy

[2012/07/10 14:49:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy

[2012/07/10 14:49:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy

[2012/07/10 09:53:03 | 000,000,000 | ---D | C] -- C:\Users\jofriedm_us\AppData\Local\{EC3050F0-CA9E-11E1-8270-B8AC6F996F26}

[2012/07/10 09:53:01 | 000,391,680 | ---- | C] (Analog Devices, Inc.) -- C:\Users\jofriedm_us\AppData\Roaming\edapc.dll

[2012/06/22 16:16:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth

[2012/06/22 16:16:07 | 000,000,000 | ---D | C] -- C:\Users\jofriedm_us\AppData\Local\Google

[2012/06/22 16:16:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google

[2012/06/21 21:33:37 | 000,000,000 | ---D | C] -- C:\Users\jofriedm_us\AppData\Local\Bvckup

[2012/06/21 21:33:21 | 000,000,000 | ---D | C] -- C:\Users\jofriedm_us\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bvckup

[2012/06/21 21:33:15 | 000,000,000 | ---D | C] -- C:\Users\jofriedm_us\Program Files (x86)

[2012/06/19 21:12:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Macrium

[2012/06/19 21:11:10 | 000,000,000 | ---D | C] -- C:\Users\jofriedm_us\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Macrium

[2012/06/19 21:11:09 | 000,000,000 | ---D | C] -- C:\Program Files\Macrium

[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/19 07:28:00 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/07/19 07:26:18 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\jofriedm_us\Desktop\OTL.exe

[2012/07/19 06:36:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job

[2012/07/18 21:57:25 | 000,019,360 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/07/18 21:57:25 | 000,019,360 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/07/18 21:55:20 | 000,730,448 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI

[2012/07/18 21:55:20 | 000,627,316 | ---- | M] () -- C:\windows\SysNative\perfh009.dat

[2012/07/18 21:55:20 | 000,107,600 | ---- | M] () -- C:\windows\SysNative\perfc009.dat

[2012/07/18 21:50:10 | 000,001,216 | RHS- | M] () -- C:\ProgramData\ntuser.pol

[2012/07/18 21:50:09 | 000,000,904 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/07/18 21:49:57 | 000,127,959 | ---- | M] () -- C:\windows\SysWow64\api_hook_list.dat

[2012/07/18 21:49:57 | 000,002,033 | ---- | M] () -- C:\windows\SysNative\api_hook_list.dat

[2012/07/18 21:49:54 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat

[2012/07/18 21:49:50 | 2053,824,511 | -HS- | M] () -- C:\hiberfil.sys

[2012/07/18 21:36:31 | 000,455,005 | ---- | M] () -- C:\Users\jofriedm_us\Desktop\Kitchen-Day-in-the-Life-of-100.pdf

[2012/07/18 19:35:28 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\jofriedm_us\Desktop\dds.com

[2012/07/18 19:29:24 | 001,552,384 | ---- | M] () -- C:\Users\jofriedm_us\Desktop\RogueKiller.exe

[2012/07/18 17:43:03 | 000,001,119 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/07/18 09:30:02 | 002,117,152 | ---- | M] () -- C:\Users\jofriedm_us\Desktop\tdsskiller.zip

[2012/07/18 09:02:21 | 000,433,376 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT

[2012/07/16 15:04:39 | 000,000,041 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts

[2012/07/12 09:08:02 | 000,147,992 | ---- | M] () -- C:\Users\jofriedm_us\Desktop\high-hamstring-tendinopathy-in-runners.pdf

[2012/07/11 16:07:22 | 000,016,798 | ---- | M] () -- C:\Users\jofriedm_us\Desktop\AR-M550N_20110603_165723.pdf

[2012/07/11 13:12:06 | 000,054,232 | ---- | M] () -- C:\Users\jofriedm_us\Desktop\3x3 Home Protection Plan - Sample.pdf

[2012/07/11 11:43:14 | 013,210,713 | ---- | M] () -- C:\Users\jofriedm_us\Desktop\bastrop.pdf

[2012/07/11 11:18:24 | 002,006,121 | ---- | M] () -- C:\Users\jofriedm_us\Desktop\sanitation_form1.pdf

[2012/07/10 14:59:26 | 000,001,322 | ---- | M] () -- C:\Users\jofriedm_us\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk

[2012/07/10 14:59:26 | 000,001,298 | ---- | M] () -- C:\Users\jofriedm_us\Desktop\Spybot - Search & Destroy.lnk

[2012/07/10 14:45:08 | 000,007,605 | ---- | M] () -- C:\Users\jofriedm_us\AppData\Local\Resmon.ResmonCfg

[2012/07/10 10:57:48 | 013,085,976 | ---- | M] () -- C:\Users\jofriedm_us\Desktop\A041912S1356.pdf

[2012/07/09 17:00:23 | 002,118,651 | ---- | M] () -- C:\Users\jofriedm_us\Desktop\kovar_maps.PDF

[2012/07/09 14:08:25 | 000,394,768 | ---- | M] () -- C:\Users\jofriedm_us\Desktop\SKMBT_C45212070923370.pdf

[2012/07/09 09:04:29 | 000,070,505 | ---- | M] () -- C:\Users\jofriedm_us\Desktop\65015_001.pdf

[2012/07/06 11:50:42 | 000,136,507 | ---- | M] () -- C:\Users\jofriedm_us\Desktop\243 HECTOR_070612.pdf

[2012/07/06 11:50:17 | 000,052,270 | ---- | M] () -- C:\Users\jofriedm_us\Desktop\AMENDMENT A.pdf

[2012/07/06 01:34:30 | 000,143,040 | ---- | M] (McAfee, Inc.) -- C:\windows\SysWow64\KevlarSigs.dll

[2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys

[2012/06/29 12:13:17 | 000,016,115 | ---- | M] () -- C:\Users\jofriedm_us\Desktop\Attachments_2012_06_29.zip

[2012/06/28 12:52:45 | 000,005,536 | ---- | M] () -- C:\Users\jofriedm_us\Desktop\Friedmann+Travelers+Quote+Smithville.pdf

[2012/06/28 12:50:27 | 000,148,266 | ---- | M] () -- C:\Users\jofriedm_us\Desktop\Friedmann+Travelers+Quote+Woodlands.pdf

[2012/06/28 09:32:45 | 001,510,084 | ---- | M] () -- C:\Users\jofriedm_us\Desktop\Plus rib install guide.5.25.04.pdf

[2012/06/28 09:27:47 | 000,032,504 | ---- | M] () -- C:\Users\jofriedm_us\Desktop\Maintenance_&_Repair_of_Metal_Roofing.pdf

[2012/06/28 07:08:14 | 000,173,099 | ---- | M] () -- C:\Users\jofriedm_us\Desktop\Grand-L40-Series-implements-comps.pdf

[2012/06/28 07:06:29 | 000,243,858 | ---- | M] () -- C:\Users\jofriedm_us\Desktop\Grand-L40-Series-comps.pdf

[2012/06/26 21:37:32 | 002,367,977 | ---- | M] () -- C:\Users\jofriedm_us\Desktop\web_may_11_ElectricTrans.pdf

[2012/06/26 21:33:34 | 001,193,645 | ---- | M] () -- C:\Users\jofriedm_us\Desktop\1795.pdf

[2012/06/26 20:25:31 | 023,895,232 | ---- | M] () -- C:\Users\jofriedm_us\Desktop\WKO3.0.zip

[2012/06/26 13:00:21 | 000,049,946 | ---- | M] () -- C:\Users\jofriedm_us\Desktop\Wildlife_HB604_process_chart.pdf

[2012/06/26 12:42:36 | 000,007,370 | ---- | M] () -- C:\Users\jofriedm_us\Desktop\PropertyDataSheet.aspx

[2012/06/26 12:41:19 | 000,007,730 | ---- | M] () -- C:\Users\jofriedm_us\Desktop\45bc7d77-1ac9-4dae-9d9f-306c793a6b7d.pdf

[2012/06/26 12:14:17 | 002,002,949 | ---- | M] () -- C:\Users\jofriedm_us\Desktop\BASTROP COMPS3.pdf

[2012/06/26 10:38:57 | 005,276,456 | ---- | M] () -- C:\Users\jofriedm_us\Desktop\NFPA 70 Ed. 2002.pdf

[2012/06/26 10:37:18 | 000,022,299 | ---- | M] () -- C:\Users\jofriedm_us\Desktop\TIA70-11-1.pdf

[2012/06/25 15:28:08 | 000,339,865 | ---- | M] () -- C:\Users\jofriedm_us\Desktop\trlp_region5.pdf

[2012/06/25 15:28:05 | 000,332,696 | ---- | M] () -- C:\Users\jofriedm_us\Desktop\trlp_region7.pdf

[2012/06/25 15:25:01 | 008,871,506 | ---- | M] () -- C:\Users\jofriedm_us\Desktop\HoustonSLBay.pdf

[2012/06/25 15:24:53 | 009,941,926 | ---- | M] () -- C:\Users\jofriedm_us\Desktop\AustinRRock.pdf

[2012/06/25 11:18:10 | 000,512,998 | ---- | M] () -- C:\Users\jofriedm_us\Desktop\BPO PRICING FAQ 10-13-06.pdf

[2012/06/22 16:50:18 | 000,754,026 | ---- | M] () -- C:\Users\jofriedm_us\Desktop\AQUA.ZoneMap.11X17_3.pdf

[2012/06/22 14:54:20 | 000,540,883 | ---- | M] () -- C:\Users\jofriedm_us\Desktop\pub2917tractorimplements1.pdf

[2012/06/22 09:16:40 | 000,000,948 | ---- | M] () -- C:\Users\jofriedm_us\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bvckup.lnk

[2012/06/22 08:53:11 | 000,331,649 | ---- | M] () -- C:\Users\jofriedm_us\Desktop\Survey.pdf

[2012/06/22 08:52:22 | 000,098,995 | ---- | M] () -- C:\Users\jofriedm_us\Desktop\Realist for 243 Hector.pdf

[2012/06/22 08:51:44 | 000,972,363 | ---- | M] () -- C:\Users\jofriedm_us\Desktop\243 Hector.pdf

[2012/06/22 08:43:42 | 001,145,324 | ---- | M] () -- C:\Users\jofriedm_us\Desktop\VoiceMessage-5127849075.wav

[2012/06/21 21:32:48 | 000,488,784 | ---- | M] () -- C:\Users\jofriedm_us\Desktop\bvckup-setup-1.0.1.401.exe

[2012/06/21 21:27:46 | 000,001,384 | ---- | M] () -- C:\Users\jofriedm_us\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Oracle Open Office 3.3.lnk

[2012/06/21 16:56:12 | 000,675,581 | ---- | M] () -- C:\Users\jofriedm_us\Desktop\upgrade_whitepaper_final_March_2012.pdf

[2012/06/19 21:11:10 | 000,002,917 | ---- | M] () -- C:\Users\jofriedm_us\Desktop\Reflect.lnk

[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/18 21:49:57 | 000,127,959 | ---- | C] () -- C:\windows\SysWow64\api_hook_list.dat

[2012/07/18 21:49:57 | 000,002,033 | ---- | C] () -- C:\windows\SysNative\api_hook_list.dat

[2012/07/18 21:36:30 | 000,455,005 | ---- | C] () -- C:\Users\jofriedm_us\Desktop\Kitchen-Day-in-the-Life-of-100.pdf

[2012/07/18 19:29:21 | 001,552,384 | ---- | C] () -- C:\Users\jofriedm_us\Desktop\RogueKiller.exe

[2012/07/18 09:29:50 | 002,117,152 | ---- | C] () -- C:\Users\jofriedm_us\Desktop\tdsskiller.zip

[2012/07/18 09:01:45 | 000,433,376 | ---- | C] () -- C:\windows\SysNative\FNTCACHE.DAT

[2012/07/12 09:08:01 | 000,147,992 | ---- | C] () -- C:\Users\jofriedm_us\Desktop\high-hamstring-tendinopathy-in-runners.pdf

[2012/07/11 16:07:22 | 000,016,798 | ---- | C] () -- C:\Users\jofriedm_us\Desktop\AR-M550N_20110603_165723.pdf

[2012/07/11 13:12:06 | 000,054,232 | ---- | C] () -- C:\Users\jofriedm_us\Desktop\3x3 Home Protection Plan - Sample.pdf

[2012/07/11 11:42:59 | 013,210,713 | ---- | C] () -- C:\Users\jofriedm_us\Desktop\bastrop.pdf

[2012/07/11 11:18:22 | 002,006,121 | ---- | C] () -- C:\Users\jofriedm_us\Desktop\sanitation_form1.pdf

[2012/07/10 15:18:47 | 000,000,830 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job

[2012/07/10 15:04:57 | 000,001,119 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/07/10 14:50:06 | 000,001,322 | ---- | C] () -- C:\Users\jofriedm_us\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk

[2012/07/10 14:50:06 | 000,001,298 | ---- | C] () -- C:\Users\jofriedm_us\Desktop\Spybot - Search & Destroy.lnk

[2012/07/10 14:45:08 | 000,007,605 | ---- | C] () -- C:\Users\jofriedm_us\AppData\Local\Resmon.ResmonCfg

[2012/07/10 10:57:33 | 013,085,976 | ---- | C] () -- C:\Users\jofriedm_us\Desktop\A041912S1356.pdf

[2012/07/09 17:00:22 | 002,118,651 | ---- | C] () -- C:\Users\jofriedm_us\Desktop\kovar_maps.PDF

[2012/07/09 14:08:24 | 000,394,768 | ---- | C] () -- C:\Users\jofriedm_us\Desktop\SKMBT_C45212070923370.pdf

[2012/07/09 09:04:29 | 000,070,505 | ---- | C] () -- C:\Users\jofriedm_us\Desktop\65015_001.pdf

[2012/07/06 11:50:42 | 000,136,507 | ---- | C] () -- C:\Users\jofriedm_us\Desktop\243 HECTOR_070612.pdf

[2012/07/06 11:50:17 | 000,052,270 | ---- | C] () -- C:\Users\jofriedm_us\Desktop\AMENDMENT A.pdf

[2012/06/29 12:13:12 | 000,016,115 | ---- | C] () -- C:\Users\jofriedm_us\Desktop\Attachments_2012_06_29.zip

[2012/06/28 12:50:36 | 000,005,536 | ---- | C] () -- C:\Users\jofriedm_us\Desktop\Friedmann+Travelers+Quote+Smithville.pdf

[2012/06/28 12:50:22 | 000,148,266 | ---- | C] () -- C:\Users\jofriedm_us\Desktop\Friedmann+Travelers+Quote+Woodlands.pdf

[2012/06/28 09:32:44 | 001,510,084 | ---- | C] () -- C:\Users\jofriedm_us\Desktop\Plus rib install guide.5.25.04.pdf

[2012/06/28 09:27:40 | 000,032,504 | ---- | C] () -- C:\Users\jofriedm_us\Desktop\Maintenance_&_Repair_of_Metal_Roofing.pdf

[2012/06/28 07:08:07 | 000,173,099 | ---- | C] () -- C:\Users\jofriedm_us\Desktop\Grand-L40-Series-implements-comps.pdf

[2012/06/28 07:06:24 | 000,243,858 | ---- | C] () -- C:\Users\jofriedm_us\Desktop\Grand-L40-Series-comps.pdf

[2012/06/26 21:37:31 | 002,367,977 | ---- | C] () -- C:\Users\jofriedm_us\Desktop\web_may_11_ElectricTrans.pdf

[2012/06/26 21:33:34 | 001,193,645 | ---- | C] () -- C:\Users\jofriedm_us\Desktop\1795.pdf

[2012/06/26 20:25:30 | 023,895,232 | ---- | C] () -- C:\Users\jofriedm_us\Desktop\WKO3.0.zip

[2012/06/26 13:00:21 | 000,049,946 | ---- | C] () -- C:\Users\jofriedm_us\Desktop\Wildlife_HB604_process_chart.pdf

[2012/06/26 12:41:19 | 000,007,730 | ---- | C] () -- C:\Users\jofriedm_us\Desktop\45bc7d77-1ac9-4dae-9d9f-306c793a6b7d.pdf

[2012/06/26 12:40:32 | 000,007,370 | ---- | C] () -- C:\Users\jofriedm_us\Desktop\PropertyDataSheet.aspx

[2012/06/26 12:14:15 | 002,002,949 | ---- | C] () -- C:\Users\jofriedm_us\Desktop\BASTROP COMPS3.pdf

[2012/06/26 10:38:50 | 005,276,456 | ---- | C] () -- C:\Users\jofriedm_us\Desktop\NFPA 70 Ed. 2002.pdf

[2012/06/26 10:37:18 | 000,022,299 | ---- | C] () -- C:\Users\jofriedm_us\Desktop\TIA70-11-1.pdf

[2012/06/25 15:28:08 | 000,339,865 | ---- | C] () -- C:\Users\jofriedm_us\Desktop\trlp_region5.pdf

[2012/06/25 15:28:04 | 000,332,696 | ---- | C] () -- C:\Users\jofriedm_us\Desktop\trlp_region7.pdf

[2012/06/25 15:24:56 | 008,871,506 | ---- | C] () -- C:\Users\jofriedm_us\Desktop\HoustonSLBay.pdf

[2012/06/25 15:24:47 | 009,941,926 | ---- | C] () -- C:\Users\jofriedm_us\Desktop\AustinRRock.pdf

[2012/06/25 11:18:10 | 000,512,998 | ---- | C] () -- C:\Users\jofriedm_us\Desktop\BPO PRICING FAQ 10-13-06.pdf

[2012/06/22 16:50:18 | 000,754,026 | ---- | C] () -- C:\Users\jofriedm_us\Desktop\AQUA.ZoneMap.11X17_3.pdf

[2012/06/22 16:16:10 | 000,000,908 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/06/22 16:16:09 | 000,000,904 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/06/22 14:54:14 | 000,540,883 | ---- | C] () -- C:\Users\jofriedm_us\Desktop\pub2917tractorimplements1.pdf

[2012/06/22 09:16:40 | 000,000,948 | ---- | C] () -- C:\Users\jofriedm_us\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bvckup.lnk

[2012/06/22 08:53:05 | 000,331,649 | ---- | C] () -- C:\Users\jofriedm_us\Desktop\Survey.pdf

[2012/06/22 08:52:22 | 000,098,995 | ---- | C] () -- C:\Users\jofriedm_us\Desktop\Realist for 243 Hector.pdf

[2012/06/22 08:43:36 | 001,145,324 | ---- | C] () -- C:\Users\jofriedm_us\Desktop\VoiceMessage-5127849075.wav

[2012/06/21 21:32:43 | 000,488,784 | ---- | C] () -- C:\Users\jofriedm_us\Desktop\bvckup-setup-1.0.1.401.exe

[2012/06/21 21:27:46 | 000,001,384 | ---- | C] () -- C:\Users\jofriedm_us\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Oracle Open Office 3.3.lnk

[2012/06/21 16:56:06 | 000,675,581 | ---- | C] () -- C:\Users\jofriedm_us\Desktop\upgrade_whitepaper_final_March_2012.pdf

[2012/06/19 21:11:10 | 000,002,917 | ---- | C] () -- C:\Users\jofriedm_us\Desktop\Reflect.lnk

[2012/04/06 17:17:51 | 000,000,157 | ---- | C] () -- C:\windows\AIM_scaricocentraline.ini

[2012/04/05 13:57:02 | 000,060,304 | ---- | C] () -- C:\Users\jofriedm_us\g2mdlhlpx.exe

[2012/03/05 11:34:56 | 000,000,434 | ---- | C] () -- C:\windows\AIM_RACE_STUDIO.INI

[2012/03/05 11:33:08 | 000,000,023 | ---- | C] () -- C:\windows\AIM_LANGUAGE.INI

[2012/03/05 11:33:04 | 000,237,568 | ---- | C] () -- C:\windows\SysWow64\glut32.dll

[2011/11/18 19:25:20 | 000,006,787 | ---- | C] () -- C:\Users\jofriedm_us\AppData\Roaming\PrimoPDFSet.xml

[2011/10/14 10:38:07 | 000,743,534 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI

[2011/10/14 10:36:24 | 000,114,240 | ---- | C] () -- C:\windows\tlist.exe

[2011/10/14 08:05:07 | 000,960,940 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin

[2011/10/14 08:05:07 | 000,207,376 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin

[2011/10/14 08:05:07 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin

[2011/04/26 09:12:49 | 000,001,216 | RHS- | C] () -- C:\ProgramData\ntuser.pol

========== LOP Check ==========

[2012/07/18 17:51:01 | 000,000,000 | ---D | M] -- C:\Users\jofriedm_us\AppData\Roaming\.purple

[2012/03/18 19:47:01 | 000,000,000 | ---D | M] -- C:\Users\jofriedm_us\AppData\Roaming\.purple.bak.1

[2012/02/14 21:54:28 | 000,000,000 | ---D | M] -- C:\Users\jofriedm_us\AppData\Roaming\Efciry

[2011/12/19 09:26:36 | 000,000,000 | ---D | M] -- C:\Users\jofriedm_us\AppData\Roaming\Oracle

[2011/10/14 08:45:32 | 000,000,000 | ---D | M] -- C:\Users\jofriedm_us\AppData\Roaming\OracleOpenOffice

[2012/02/15 20:02:29 | 000,000,000 | ---D | M] -- C:\Users\jofriedm_us\AppData\Roaming\Ryhoe

[2011/11/07 08:42:50 | 000,000,000 | ---D | M] -- C:\Users\jofriedm_us\AppData\Roaming\Stellent

[2011/10/14 08:44:58 | 000,000,000 | ---D | M] -- C:\Users\jofriedm_us\AppData\Roaming\Thunderbird

[2011/11/28 09:18:46 | 000,000,000 | ---D | M] -- C:\Users\jofriedm_us\AppData\Roaming\Track Systems

[2012/05/04 10:56:33 | 000,000,000 | ---D | M] -- C:\Users\jofriedm_us\AppData\Roaming\webex

[2011/11/14 14:54:39 | 000,000,000 | ---D | M] -- C:\Users\jofriedm_us\AppData\Roaming\Xerox

[2009/07/14 00:08:49 | 000,031,000 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*. >

[2011/10/14 05:17:41 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin

[2012/04/30 09:47:03 | 000,000,000 | ---D | M] -- C:\.oracleprinters

[2012/03/05 16:37:22 | 000,000,000 | ---D | M] -- C:\AIM_SPORT

[2012/06/19 21:11:09 | 000,000,000 | -HSD | M] -- C:\Boot

[2012/07/16 14:43:44 | 000,000,000 | -HSD | M] -- C:\Config.Msi

[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings

[2011/10/14 08:05:13 | 000,000,000 | ---D | M] -- C:\DRIVERS

[2011/10/14 07:10:02 | 000,000,000 | ---D | M] -- C:\Intel

[2011/04/26 02:10:34 | 000,000,000 | ---D | M] -- C:\Links

[2011/10/14 10:27:08 | 000,000,000 | RH-D | M] -- C:\MSOCache

[2009/07/13 22:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs

[2012/06/19 21:11:09 | 000,000,000 | R--D | M] -- C:\Program Files

[2012/07/11 11:23:11 | 000,000,000 | R--D | M] -- C:\Program Files (x86)

[2012/07/18 21:50:10 | 000,000,000 | -H-D | M] -- C:\ProgramData

[2012/06/28 12:45:46 | 000,000,000 | ---D | M] -- C:\Quarantine

[2011/10/14 05:16:41 | 000,000,000 | -HSD | M] -- C:\Recovery

[2012/07/19 07:30:30 | 000,000,000 | -HSD | M] -- C:\System Volume Information

[2011/05/13 19:28:56 | 000,000,000 | ---D | M] -- C:\temp

[2011/10/14 05:17:23 | 000,000,000 | ---D | M] -- C:\Users

[2012/07/18 21:50:19 | 000,000,000 | ---D | M] -- C:\Windows

< %PROGRAMFILES%\*.exe >

< %LOCALAPPDATA%\*.exe >

< %systemroot%\*. /mp /s >

< %windir%\installer\*. /5 >

[2012/07/16 14:41:00 | 000,000,000 | ---D | M] -- C:\windows\installer\{AC76BA86-7AD7-1033-7B44-AA1000000001}

< %localappdata%\*. /5 >

[2012/07/18 21:51:21 | 000,000,000 | ---D | M] -- C:\Users\jofriedm_us\AppData\Local\Bvckup

[2012/07/19 07:26:46 | 000,000,000 | ---D | M] -- C:\Users\jofriedm_us\AppData\Local\Temp

< MD5 for: SERVICES.EXE >

[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\windows\SysNative\services.exe

[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: USER32.DLL >

[2010/11/20 22:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll

[2010/11/20 22:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll

[2010/11/20 22:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\windows\SysNative\user32.dll

[2010/11/20 22:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========

[C:\windows\OrclOBI] -> C:\ProgramData\Oracle\Baseimage -> Junction

< End of report >

Link to post
Share on other sites

Extras Log file as post:

OTL logfile created on: 7/19/2012 7:28:27 AM - Run 1

OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\jofriedm_us\Desktop

64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.88 Gb Total Physical Memory | 5.76 Gb Available Physical Memory | 73.03% Memory free

15.77 Gb Paging File | 13.54 Gb Available in Paging File | 85.88% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 208.66 Gb Total Space | 144.45 Gb Free Space | 69.23% Space Free | Partition Type: NTFS

Drive D: | 80.31 Gb Total Space | 61.54 Gb Free Space | 76.63% Space Free | Partition Type: NTFS

Computer Name: FRIEDMANN-PC | User Name: jofriedm_us | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/19 07:26:18 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\jofriedm_us\Desktop\OTL.exe

PRC - [2012/07/12 18:36:10 | 001,536,712 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe

PRC - [2012/06/22 12:50:43 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

PRC - [2012/06/21 21:35:00 | 000,359,088 | ---- | M] (Yaletown Software Design Inc.) -- C:\Users\jofriedm_us\Program Files (x86)\Bvckup\bvckup.exe

PRC - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2011/10/28 16:46:24 | 001,038,848 | ---- | M] (Oracle Corporation) -- C:\ProgramData\Oracle\MyDesktop\MyDesktopService.exe

PRC - [2011/06/10 15:54:55 | 000,641,464 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe

PRC - [2011/05/19 16:05:00 | 000,185,664 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe

PRC - [2011/05/19 16:05:00 | 000,161,088 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe

PRC - [2011/05/19 16:05:00 | 000,120,128 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe

PRC - [2011/05/19 16:05:00 | 000,075,072 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\McTray.exe

PRC - [2011/04/15 04:34:45 | 000,180,224 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe

PRC - [2010/12/17 10:24:06 | 000,686,704 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe

PRC - [2010/11/25 06:45:32 | 011,322,880 | ---- | M] (Oracle) -- C:\Program Files (x86)\Oracle\Oracle Open Office 3\program\soffice.exe

PRC - [2010/11/25 06:45:32 | 011,314,688 | ---- | M] (Oracle) -- C:\Program Files (x86)\Oracle\Oracle Open Office 3\program\soffice.bin

PRC - [2010/10/22 13:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe

PRC - [2010/10/15 19:07:52 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe

PRC - [2010/10/12 05:08:09 | 000,172,092 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Endpoint Encryption for PC\SbTokWatch.exe

PRC - [2010/10/12 05:07:07 | 000,380,988 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Endpoint Encryption for PC\SbClientManager.exe

PRC - [2010/06/15 04:50:54 | 000,979,104 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireTray.exe

PRC - [2010/06/15 04:50:48 | 001,498,224 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireSvc.exe

PRC - [2010/03/25 06:20:06 | 000,226,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe

PRC - [2009/10/13 14:18:12 | 000,470,016 | ---- | M] (Oracle) -- C:\ProgramData\Oracle\MyDesktop\MyDesktopQOS.exe

PRC - [2009/08/19 08:20:52 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\SafeBoot Tray Manager\SbTrayManager.exe

PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

========== Modules (No Company Name) ==========

MOD - [2012/07/12 18:36:10 | 009,465,032 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll

MOD - [2012/06/22 12:50:42 | 002,042,848 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2011/04/15 04:24:41 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\Oracle\Oracle Open Office 3\program\libxml2.dll

MOD - [2010/12/17 10:24:06 | 000,686,704 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe

MOD - [2009/08/19 08:20:52 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\SafeBoot Tray Manager\SbTrayManager.exe

MOD - [2007/04/18 20:30:46 | 000,471,040 | ---- | M] () -- C:\Program Files (x86)\McAfee\Common Framework\ccme_base.dll

MOD - [2007/04/18 20:30:46 | 000,393,216 | ---- | M] () -- C:\Program Files (x86)\McAfee\Common Framework\cryptocme2.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/06/12 05:57:44 | 000,301,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Macrium\Reflect\ReflectService.exe -- (ReflectService.exe)

SRV:64bit: - [2011/02/21 14:14:02 | 000,072,296 | ---- | M] (O2Micro International) [Disabled | Stopped] -- C:\Windows\SysNative\drivers\o2flash.exe -- (O2FLASH)

SRV:64bit: - [2011/02/21 14:14:00 | 000,275,968 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)

SRV:64bit: - [2011/02/21 14:13:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)

SRV:64bit: - [2011/01/20 11:33:20 | 000,517,488 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe -- (dcpsysmgrsvc)

SRV:64bit: - [2010/10/22 13:07:00 | 000,077,968 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)

SRV:64bit: - [2010/10/15 19:07:52 | 000,953,632 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)

SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV - [2012/07/12 18:36:10 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/06/22 12:50:42 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2011/10/28 16:46:24 | 001,038,848 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\ProgramData\Oracle\MyDesktop\MyDesktopService.exe -- (MyDesktopWindows)

SRV - [2011/06/10 15:54:55 | 000,641,464 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)

SRV - [2011/05/19 16:05:00 | 000,120,128 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)

SRV - [2011/02/21 14:14:06 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)

SRV - [2010/10/22 13:07:00 | 000,181,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mcshield.exe -- (McShield)

SRV - [2010/10/22 13:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe -- (McTaskManager)

SRV - [2010/10/22 13:07:00 | 000,020,792 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe -- (McAfeeEngineService)

SRV - [2010/10/12 05:07:07 | 000,380,988 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\Endpoint Encryption for PC\SbClientManager.exe -- (SafeBootClientManager)

SRV - [2010/06/15 04:50:48 | 001,498,224 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireSvc.exe -- (enterceptAgent)

SRV - [2010/03/25 06:20:06 | 000,226,624 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe -- (McAfee SiteAdvisor Enterprise Service)

SRV - [2010/03/18 06:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/01/26 10:45:24 | 000,039,840 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\Host Intrusion Prevention\HIPSCore\x64\HIPSvc.exe -- (hips)

SRV - [2009/10/13 14:18:12 | 000,470,016 | ---- | M] (Oracle) [Auto | Running] -- C:\ProgramData\Oracle\MyDesktop\MyDesktopQOS.exe -- (QOSMyDesktop)

SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2011/10/14 05:19:26 | 000,348,712 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL)

DRV:64bit: - [2011/10/14 05:19:26 | 000,138,280 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)

DRV:64bit: - [2011/10/14 05:19:26 | 000,106,536 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)

DRV:64bit: - [2011/10/14 05:19:26 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)

DRV:64bit: - [2011/10/14 05:19:25 | 000,021,416 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)

DRV:64bit: - [2011/09/05 17:42:14 | 000,035,400 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AIM_USBdrv64_10_02_471.sys -- (AIM_USBdriver) AIM USB Driver (v.10.02)

DRV:64bit: - [2011/06/10 15:42:42 | 000,022,264 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva)

DRV:64bit: - [2011/05/20 02:53:44 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011/02/21 14:14:24 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®

DRV:64bit: - [2011/02/21 14:14:20 | 012,262,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2011/02/21 14:14:12 | 008,505,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel®

DRV:64bit: - [2011/02/21 14:14:10 | 000,315,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress) Intel®

DRV:64bit: - [2011/02/21 14:14:08 | 000,343,160 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)

DRV:64bit: - [2011/02/21 14:14:08 | 000,038,440 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cvusbdrv.sys -- (cvusbdrv)

DRV:64bit: - [2011/02/21 14:14:06 | 001,485,824 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)

DRV:64bit: - [2011/02/21 14:14:06 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)

DRV:64bit: - [2011/02/21 14:14:06 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL)

DRV:64bit: - [2011/02/21 14:14:06 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)

DRV:64bit: - [2011/02/21 14:14:06 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)

DRV:64bit: - [2011/02/21 14:14:02 | 000,520,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)

DRV:64bit: - [2011/02/21 14:14:02 | 000,075,240 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2sdjw7x64.sys -- (O2SDJRDR)

DRV:64bit: - [2011/02/21 14:14:02 | 000,072,808 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2mdfw7x64.sys -- (O2MDFRDR)

DRV:64bit: - [2011/02/21 14:14:02 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®

DRV:64bit: - [2011/02/21 14:13:58 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelern.sys -- (Acceler)

DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/11/20 22:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)

DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2010/10/22 13:07:00 | 000,470,808 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)

DRV:64bit: - [2010/10/22 13:07:00 | 000,120,224 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)

DRV:64bit: - [2010/10/22 13:07:00 | 000,098,088 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)

DRV:64bit: - [2010/10/22 13:07:00 | 000,084,424 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfetdik.sys -- (mfetdik)

DRV:64bit: - [2010/10/22 13:07:00 | 000,078,768 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)

DRV:64bit: - [2010/10/12 05:05:50 | 000,015,688 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\windows\SysNative\drivers\sbregflt.sys -- (SbRegFlt)

DRV:64bit: - [2010/10/12 05:05:44 | 000,015,688 | ---- | M] (McAfee, Inc.) [File_System | Boot | Running] -- C:\windows\SysNative\drivers\sbfslock.sys -- (SbFsLock)

DRV:64bit: - [2010/10/12 05:05:39 | 000,058,184 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\windows\SysNative\drivers\rsvlock.sys -- (RsvLock)

DRV:64bit: - [2010/10/12 05:05:29 | 000,023,368 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\windows\SysNative\drivers\sbflop.sys -- (SbFlop)

DRV:64bit: - [2010/10/12 05:05:14 | 000,056,648 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\safeboot.sys -- (SafeBoot)

DRV:64bit: - [2010/08/20 13:05:12 | 000,021,616 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdcfltn.sys -- (stdcfltn)

DRV:64bit: - [2010/06/15 04:49:38 | 000,038,968 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\firelm01.sys -- (firelm01)

DRV:64bit: - [2010/06/15 04:49:32 | 000,254,520 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\FireTDI.sys -- (FireTDI)

DRV:64bit: - [2010/06/15 04:49:28 | 000,186,784 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\FirePM.sys -- (FirePM)

DRV:64bit: - [2010/01/26 10:45:04 | 000,040,152 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HIPQK.sys -- (HIPQK)

DRV:64bit: - [2010/01/26 10:44:48 | 000,045,424 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HIPPSK.sys -- (HIPPSK)

DRV:64bit: - [2010/01/26 10:44:34 | 000,138,904 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HIPK.sys -- (HIPK)

DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2008/10/17 08:26:24 | 000,056,648 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\firehk.sys -- (FirehkMP)

DRV:64bit: - [2008/10/17 08:26:24 | 000,056,648 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\firehk.sys -- (Firehk)

DRV:64bit: - [2008/08/13 15:51:44 | 000,060,128 | ---- | M] (SafeBoot N.V.) [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\sbalg.sys -- (SBAlg)

DRV - [2010/10/12 05:05:50 | 000,015,688 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\windows\SysWow64\drivers\SbRegFlt.sys -- (SbRegFlt)

DRV - [2010/10/12 05:05:44 | 000,015,688 | ---- | M] (McAfee, Inc.) [File_System | Boot | Running] -- C:\windows\SysWow64\drivers\SbFsLock.sys -- (SbFsLock)

DRV - [2010/10/12 05:05:39 | 000,058,184 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\windows\SysWow64\drivers\RsvLock.sys -- (RsvLock)

DRV - [2010/10/12 05:05:29 | 000,023,368 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\windows\SysWow64\drivers\SbFlop.sys -- (SbFlop)

DRV - [2010/10/12 05:05:14 | 000,056,648 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\windows\SysWow64\drivers\SafeBoot.sys -- (SafeBoot)

DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

DRV - [2008/08/13 15:51:44 | 000,060,128 | ---- | M] (SafeBoot N.V.) [Kernel | Boot | Running] -- C:\windows\SysWow64\drivers\SbAlg.sys -- (SBAlg)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://my.oracle.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.oracle.com/site/nasc/Sales/Organizations/NAA/index.htm

IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)

IE - HKCU\..\SearchScopes,DefaultScope = {8F99810B-04E2-4D06-9BF1-50320EDFDFE2}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU\..\SearchScopes\{8F99810B-04E2-4D06-9BF1-50320EDFDFE2}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.oracle.com;*.oracleads.com;*.us.oracle.com;*.uk.oracle.com;*.ca.oracle.com;*.oraclecorp.com;*.oracleportal.com;*.local;<local>

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://wpad/wpad.dat

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.marketwatch.com/"

FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.0.0.561

FF - prefs.js..network.proxy.autoconfig_url: "http://wpad/wpad.dat"

FF - prefs.js..network.proxy.type: 4

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60129.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.3012: C:\Program Files (x86)\Real\RealPlayer Enterprise\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.3070: C:\Program Files (x86)\Real\RealPlayer Enterprise\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1830: C:\Program Files (x86)\Real\RealPlayer Enterprise\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\ [2011/10/14 07:12:31 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/22 12:50:44 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/07/16 14:41:00 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/04/15 04:34:49 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{EC3050F0-CA9E-11E1-8270-B8AC6F996F26}: C:\Users\jofriedm_us\AppData\Local\{EC3050F0-CA9E-11E1-8270-B8AC6F996F26}\ [2012/07/10 09:53:03 | 000,000,000 | ---D | M]

[2011/10/19 18:19:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jofriedm_us\AppData\Roaming\Mozilla\Extensions

[2012/07/05 18:54:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jofriedm_us\AppData\Roaming\Mozilla\Firefox\Profiles\7rqmhx4x.default\extensions

[2012/02/21 18:56:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2012/07/10 09:53:03 | 000,000,000 | ---D | M] (Mozilla Safe Browsing) -- C:\USERS\JOFRIEDM_US\APPDATA\LOCAL\{EC3050F0-CA9E-11E1-8270-B8AC6F996F26}

[2012/06/22 12:50:43 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2010/10/22 13:07:00 | 000,023,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll

[2011/04/15 04:17:18 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

[2012/06/22 12:50:41 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012/06/22 12:50:41 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/07/16 15:04:39 | 000,000,041 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 137.254.4.85 myaccess.oraclevpn.com

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)

O4:64bit: - HKLM..\Run: [edapc] C:\Users\jofriedm_us\AppData\Roaming\edapc.dll (Analog Devices, Inc.)

O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [McAfee Host Intrusion Prevention Tray] C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireTray.exe (McAfee, Inc.)

O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)

O4 - HKLM..\Run: [safeBootTokenWatcher] C:\Program Files (x86)\McAfee\Endpoint Encryption for PC\SbTokWatch.exe (McAfee, Inc.)

O4 - HKLM..\Run: [safeBootTrayManager] C:\Program Files (x86)\SafeBoot Tray Manager\SbTrayManager.exe ()

O4 - HKLM..\Run: [shStatEXE] C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

O4 - HKCU..\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

O4 - Startup: C:\Users\jofriedm_us\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bvckup.lnk = C:\Users\jofriedm_us\Program Files (x86)\Bvckup\bvckup.exe (Yaletown Software Design Inc.)

O4 - Startup: C:\Users\jofriedm_us\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Oracle Open Office 3.3.lnk = C:\Program Files (x86)\Oracle\Oracle Open Office 3\program\quickstart.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 1

O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O1364bit: - gopher Prefix: missing

O15:64bit: - ..Trusted Domains: oracle.com ([login] https in Trusted sites)

O15:64bit: - ..Trusted Domains: oraclecorp.com ([global-ebusiness] https in Trusted sites)

O15:64bit: - ..Trusted Domains: oraclecorp.com ([global-erp] https in Trusted sites)

O15:64bit: - ..Trusted Domains: oraclecorp.com ([global-hrms] https in Trusted sites)

O15:64bit: - ..Trusted Domains: oraclecorp.com ([global-service] https in Trusted sites)

O15:64bit: - ..Trusted Domains: oraclevpn.com ([myaccess] https in Trusted sites)

O15 - HKLM\..Trusted Domains: oracle.com ([login] https in Trusted sites)

O15 - HKLM\..Trusted Domains: oraclecorp.com ([global-ebusiness] https in Trusted sites)

O15 - HKLM\..Trusted Domains: oraclecorp.com ([global-erp] https in Trusted sites)

O15 - HKLM\..Trusted Domains: oraclecorp.com ([global-hrms] https in Trusted sites)

O15 - HKLM\..Trusted Domains: oraclecorp.com ([global-service] https in Trusted sites)

O15 - HKLM\..Trusted Domains: oraclevpn.com ([myaccess] https in Trusted sites)

O15 - HKCU\..Trusted Domains: oracle.com ([login] https in Trusted sites)

O15 - HKCU\..Trusted Domains: oraclecorp.com ([global-ebusiness] https in Trusted sites)

O15 - HKCU\..Trusted Domains: oraclecorp.com ([global-erp] https in Trusted sites)

O15 - HKCU\..Trusted Domains: oraclecorp.com ([global-hrms] https in Trusted sites)

O15 - HKCU\..Trusted Domains: oraclecorp.com ([global-service] https in Trusted sites)

O15 - HKCU\..Trusted Domains: oraclevpn.com ([myaccess] https in Trusted sites)

O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {B837CB5A-815F-4020-B402-83ADDEDAB019} https://global-crm.oraclecorp.com/callcenter_enu/20436/applets/SiebelAx_Smartscript.cab (Siebel SmartScript)

O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {D847E32E-BEE3-4B37-A1E2-D5AF9099A8AC} https://global-crm.oraclecorp.com/callcenter_enu/20436/applets/SiebelAx_HI_Client.cab (Siebel High Interactivity Framework)

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T27L10NSP25-10481/webex/ieatgpc1.cab (GpcContainer Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = us.oracle.com

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0C9E203C-091F-4C21-B594-C65A38A8ECFB}: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{89296FDA-7DCE-4E7C-B874-F86FEA0DCCA8}: DhcpNameServer = 192.168.0.1

O18:64bit: - Protocol\Handler\dssrequest - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\sacore - No CLSID value found

O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)

O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{02815db6-0edc-11e1-a8b4-d0df9ab32f40}\Shell - "" = AutoRun

O33 - MountPoints2\{02815db6-0edc-11e1-a8b4-d0df9ab32f40}\Shell\AutoRun\command - "" = E:\LiteAuto.exe

O33 - MountPoints2\{972fbb45-1096-11e1-aac0-d0df9ab32f40}\Shell - "" = AutoRun

O33 - MountPoints2\{972fbb45-1096-11e1-aac0-d0df9ab32f40}\Shell\AutoRun\command - "" = E:\LiteAuto.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework

ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\windows\system32\unregmp2.exe /HideWMP

ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX:64bit: >{2D54B356-756B-44A1-AED5-790029BF3C59} - RunDLL32 IEDKCS32.DLL,BrandIE4 CUSTOM

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

MsConfig:64bit - State: "startup" - Reg Error: Key error.

MsConfig:64bit - State: "services" - Reg Error: Key error.

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/07/19 07:26:16 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\jofriedm_us\Desktop\OTL.exe

[2012/07/18 19:35:27 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\jofriedm_us\Desktop\dds.com

[2012/07/18 19:14:21 | 000,047,080 | ---- | C] (McAfee, Inc.) -- C:\windows\SysNative\HIPIS0e011b5.dll

[2012/07/18 19:14:21 | 000,040,328 | ---- | C] (McAfee, Inc.) -- C:\windows\SysWow64\HIPIS0e011b5.dll

[2012/07/16 14:40:46 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2012/07/10 15:25:39 | 000,000,000 | ---D | C] -- C:\Users\jofriedm_us\AppData\Local\Macromedia

[2012/07/10 15:05:01 | 000,000,000 | ---D | C] -- C:\Users\jofriedm_us\AppData\Roaming\Malwarebytes

[2012/07/10 15:04:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/07/10 15:04:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/07/10 15:04:49 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys

[2012/07/10 15:04:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012/07/10 14:50:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy

[2012/07/10 14:49:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy

[2012/07/10 14:49:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy

[2012/07/10 09:53:03 | 000,000,000 | ---D | C] -- C:\Users\jofriedm_us\AppData\Local\{EC3050F0-CA9E-11E1-8270-B8AC6F996F26}

[2012/07/10 09:53:01 | 000,391,680 | ---- | C] (Analog Devices, Inc.) -- C:\Users\jofriedm_us\AppData\Roaming\edapc.dll

[2012/06/22 16:16:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth

[2012/06/22 16:16:07 | 000,000,000 | ---D | C] -- C:\Users\jofriedm_us\AppData\Local\Google

[2012/06/22 16:16:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google

[2012/06/21 21:33:37 | 000,000,000 | ---D | C] -- C:\Users\jofriedm_us\AppData\Local\Bvckup

[2012/06/21 21:33:21 | 000,000,000 | ---D | C] -- C:\Users\jofriedm_us\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bvckup

[2012/06/21 21:33:15 | 000,000,000 | ---D | C] -- C:\Users\jofriedm_us\Program Files (x86)

[2012/06/19 21:12:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Macrium

[2012/06/19 21:11:10 | 000,000,000 | ---D | C] -- C:\Users\jofriedm_us\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Macrium

[2012/06/19 21:11:09 | 000,000,000 | ---D | C] -- C:\Program Files\Macrium

[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/19 07:28:00 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/07/19 07:26:18 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\jofriedm_us\Desktop\OTL.exe

[2012/07/19 06:36:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job

[2012/07/18 21:57:25 | 000,019,360 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/07/18 21:57:25 | 000,019,360 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/07/18 21:55:20 | 000,730,448 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI

[2012/07/18 21:55:20 | 000,627,316 | ---- | M] () -- C:\windows\SysNative\perfh009.dat

[2012/07/18 21:55:20 | 000,107,600 | ---- | M] () -- C:\windows\SysNative\perfc009.dat

[2012/07/18 21:50:10 | 000,001,216 | RHS- | M] () -- C:\ProgramData\ntuser.pol

[2012/07/18 21:50:09 | 000,000,904 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/07/18 21:49:57 | 000,127,959 | ---- | M] () -- C:\windows\SysWow64\api_hook_list.dat

[2012/07/18 21:49:57 | 000,002,033 | ---- | M] () -- C:\windows\SysNative\api_hook_list.dat

[2012/07/18 21:49:54 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat

[2012/07/18 21:49:50 | 2053,824,511 | -HS- | M] () -- C:\hiberfil.sys

[2012/07/18 21:36:31 | 000,455,005 | ---- | M] () -- C:\Users\jofriedm_us\Desktop\Kitchen-Day-in-the-Life-of-100.pdf

[2012/07/18 19:35:28 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\jofriedm_us\Desktop\dds.com

[2012/07/18 19:29:24 | 001,552,384 | ---- | M] () -- C:\Users\jofriedm_us\Desktop\RogueKiller.exe

[2012/07/18 17:43:03 | 000,001,119 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/07/18 09:30:02 | 002,117,152 | ---- | M] () -- C:\Users\jofriedm_us\Desktop\tdsskiller.zip

[2012/07/18 09:02:21 | 000,433,376 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT

[2012/07/16 15:04:39 | 000,000,041 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts

[2012/07/12 09:08:02 | 000,147,992 | ---- | M] () -- C:\Users\jofriedm_us\Desktop\high-hamstring-tendinopathy-in-runners.pdf

[2012/07/11 16:07:22 | 000,016,798 | ---- | M] () -- C:\Users\jofriedm_us\Desktop\AR-M550N_20110603_165723.pdf

[2012/07/11 13:12:06 | 000,054,232 | ---- | M] () -- C:\Users\jofriedm_us\Desktop\3x3 Home Protection Plan - Sample.pdf

[2012/07/11 11:43:14 | 013,210,713 | ---- | M] () -- C:\Users\jofriedm_us\Desktop\bastrop.pdf

[2012/07/11 11:18:24 | 002,006,121 | ---- | M] () -- C:\Users\jofriedm_us\Desktop\sanitation_form1.pdf

[2012/07/10 14:59:26 | 000,001,322 | ---- | M] () -- C:\Users\jofriedm_us\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk

[2012/07/10 14:59:26 | 000,001,298 | ---- | M] () -- C:\Users\jofriedm_us\Desktop\Spybot - Search & Destroy.lnk

[2012/07/10 14:45:08 | 000,007,605 | ---- | M] () -- C:\Users\jofriedm_us\AppData\Local\Resmon.ResmonCfg

[2012/07/10 10:57:48 | 013,085,976 | ---- | M] () -- C:\Users\jofriedm_us\Desktop\A041912S1356.pdf

[2012/07/09 17:00:23 | 002,118,651 | ---- | M] () -- C:\Users\jofriedm_us\Desktop\kovar_maps.PDF

[2012/07/09 14:08:25 | 000,394,768 | ---- | M] () -- C:\Users\jofriedm_us\Desktop\SKMBT_C45212070923370.pdf

[2012/07/09 09:04:29 | 000,070,505 | ---- | M] () -- C:\Users\jofriedm_us\Desktop\65015_001.pdf

[2012/07/06 11:50:42 | 000,136,507 | ---- | M] () -- C:\Users\jofriedm_us\Desktop\243 HECTOR_070612.pdf

[2012/07/06 11:50:17 | 000,052,270 | ---- | M] () -- C:\Users\jofriedm_us\Desktop\AMENDMENT A.pdf

[2012/07/06 01:34:30 | 000,143,040 | ---- | M] (McAfee, Inc.) -- C:\windows\SysWow64\KevlarSigs.dll

[2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys

[2012/06/29 12:13:17 | 000,016,115 | ---- | M] () -- C:\Users\jofriedm_us\Desktop\Attachments_2012_06_29.zip

[2012/06/28 12:52:45 | 000,005,536 | ---- | M] () -- C:\Users\jofriedm_us\Desktop\Friedmann+Travelers+Quote+Smithville.pdf

[2012/06/28 12:50:27 | 000,148,266 | ---- | M] () -- C:\Users\jofriedm_us\Desktop\Friedmann+Travelers+Quote+Woodlands.pdf

[2012/06/28 09:32:45 | 001,510,084 | ---- | M] () -- C:\Users\jofriedm_us\Desktop\Plus rib install guide.5.25.04.pdf

[2012/06/28 09:27:47 | 000,032,504 | ---- | M] () -- C:\Users\jofriedm_us\Desktop\Maintenance_&_Repair_of_Metal_Roofing.pdf

[2012/06/28 07:08:14 | 000,173,099 | ---- | M] () -- C:\Users\jofriedm_us\Desktop\Grand-L40-Series-implements-comps.pdf

[2012/06/28 07:06:29 | 000,243,858 | ---- | M] () -- C:\Users\jofriedm_us\Desktop\Grand-L40-Series-comps.pdf

[2012/06/26 21:37:32 | 002,367,977 | ---- | M] () -- C:\Users\jofriedm_us\Desktop\web_may_11_ElectricTrans.pdf

[2012/06/26 21:33:34 | 001,193,645 | ---- | M] () -- C:\Users\jofriedm_us\Desktop\1795.pdf

[2012/06/26 20:25:31 | 023,895,232 | ---- | M] () -- C:\Users\jofriedm_us\Desktop\WKO3.0.zip

[2012/06/26 13:00:21 | 000,049,946 | ---- | M] () -- C:\Users\jofriedm_us\Desktop\Wildlife_HB604_process_chart.pdf

[2012/06/26 12:42:36 | 000,007,370 | ---- | M] () -- C:\Users\jofriedm_us\Desktop\PropertyDataSheet.aspx

[2012/06/26 12:41:19 | 000,007,730 | ---- | M] () -- C:\Users\jofriedm_us\Desktop\45bc7d77-1ac9-4dae-9d9f-306c793a6b7d.pdf

[2012/06/26 12:14:17 | 002,002,949 | ---- | M] () -- C:\Users\jofriedm_us\Desktop\BASTROP COMPS3.pdf

[2012/06/26 10:38:57 | 005,276,456 | ---- | M] () -- C:\Users\jofriedm_us\Desktop\NFPA 70 Ed. 2002.pdf

[2012/06/26 10:37:18 | 000,022,299 | ---- | M] () -- C:\Users\jofriedm_us\Desktop\TIA70-11-1.pdf

[2012/06/25 15:28:08 | 000,339,865 | ---- | M] () -- C:\Users\jofriedm_us\Desktop\trlp_region5.pdf

[2012/06/25 15:28:05 | 000,332,696 | ---- | M] () -- C:\Users\jofriedm_us\Desktop\trlp_region7.pdf

[2012/06/25 15:25:01 | 008,871,506 | ---- | M] () -- C:\Users\jofriedm_us\Desktop\HoustonSLBay.pdf

[2012/06/25 15:24:53 | 009,941,926 | ---- | M] () -- C:\Users\jofriedm_us\Desktop\AustinRRock.pdf

[2012/06/25 11:18:10 | 000,512,998 | ---- | M] () -- C:\Users\jofriedm_us\Desktop\BPO PRICING FAQ 10-13-06.pdf

[2012/06/22 16:50:18 | 000,754,026 | ---- | M] () -- C:\Users\jofriedm_us\Desktop\AQUA.ZoneMap.11X17_3.pdf

[2012/06/22 14:54:20 | 000,540,883 | ---- | M] () -- C:\Users\jofriedm_us\Desktop\pub2917tractorimplements1.pdf

[2012/06/22 09:16:40 | 000,000,948 | ---- | M] () -- C:\Users\jofriedm_us\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bvckup.lnk

[2012/06/22 08:53:11 | 000,331,649 | ---- | M] () -- C:\Users\jofriedm_us\Desktop\Survey.pdf

[2012/06/22 08:52:22 | 000,098,995 | ---- | M] () -- C:\Users\jofriedm_us\Desktop\Realist for 243 Hector.pdf

[2012/06/22 08:51:44 | 000,972,363 | ---- | M] () -- C:\Users\jofriedm_us\Desktop\243 Hector.pdf

[2012/06/22 08:43:42 | 001,145,324 | ---- | M] () -- C:\Users\jofriedm_us\Desktop\VoiceMessage-5127849075.wav

[2012/06/21 21:32:48 | 000,488,784 | ---- | M] () -- C:\Users\jofriedm_us\Desktop\bvckup-setup-1.0.1.401.exe

[2012/06/21 21:27:46 | 000,001,384 | ---- | M] () -- C:\Users\jofriedm_us\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Oracle Open Office 3.3.lnk

[2012/06/21 16:56:12 | 000,675,581 | ---- | M] () -- C:\Users\jofriedm_us\Desktop\upgrade_whitepaper_final_March_2012.pdf

[2012/06/19 21:11:10 | 000,002,917 | ---- | M] () -- C:\Users\jofriedm_us\Desktop\Reflect.lnk

[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/18 21:49:57 | 000,127,959 | ---- | C] () -- C:\windows\SysWow64\api_hook_list.dat

[2012/07/18 21:49:57 | 000,002,033 | ---- | C] () -- C:\windows\SysNative\api_hook_list.dat

[2012/07/18 21:36:30 | 000,455,005 | ---- | C] () -- C:\Users\jofriedm_us\Desktop\Kitchen-Day-in-the-Life-of-100.pdf

[2012/07/18 19:29:21 | 001,552,384 | ---- | C] () -- C:\Users\jofriedm_us\Desktop\RogueKiller.exe

[2012/07/18 09:29:50 | 002,117,152 | ---- | C] () -- C:\Users\jofriedm_us\Desktop\tdsskiller.zip

[2012/07/18 09:01:45 | 000,433,376 | ---- | C] () -- C:\windows\SysNative\FNTCACHE.DAT

[2012/07/12 09:08:01 | 000,147,992 | ---- | C] () -- C:\Users\jofriedm_us\Desktop\high-hamstring-tendinopathy-in-runners.pdf

[2012/07/11 16:07:22 | 000,016,798 | ---- | C] () -- C:\Users\jofriedm_us\Desktop\AR-M550N_20110603_165723.pdf

[2012/07/11 13:12:06 | 000,054,232 | ---- | C] () -- C:\Users\jofriedm_us\Desktop\3x3 Home Protection Plan - Sample.pdf

[2012/07/11 11:42:59 | 013,210,713 | ---- | C] () -- C:\Users\jofriedm_us\Desktop\bastrop.pdf

[2012/07/11 11:18:22 | 002,006,121 | ---- | C] () -- C:\Users\jofriedm_us\Desktop\sanitation_form1.pdf

[2012/07/10 15:18:47 | 000,000,830 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job

[2012/07/10 15:04:57 | 000,001,119 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/07/10 14:50:06 | 000,001,322 | ---- | C] () -- C:\Users\jofriedm_us\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk

[2012/07/10 14:50:06 | 000,001,298 | ---- | C] () -- C:\Users\jofriedm_us\Desktop\Spybot - Search & Destroy.lnk

[2012/07/10 14:45:08 | 000,007,605 | ---- | C] () -- C:\Users\jofriedm_us\AppData\Local\Resmon.ResmonCfg

[2012/07/10 10:57:33 | 013,085,976 | ---- | C] () -- C:\Users\jofriedm_us\Desktop\A041912S1356.pdf

[2012/07/09 17:00:22 | 002,118,651 | ---- | C] () -- C:\Users\jofriedm_us\Desktop\kovar_maps.PDF

[2012/07/09 14:08:24 | 000,394,768 | ---- | C] () -- C:\Users\jofriedm_us\Desktop\SKMBT_C45212070923370.pdf

[2012/07/09 09:04:29 | 000,070,505 | ---- | C] () -- C:\Users\jofriedm_us\Desktop\65015_001.pdf

[2012/07/06 11:50:42 | 000,136,507 | ---- | C] () -- C:\Users\jofriedm_us\Desktop\243 HECTOR_070612.pdf

[2012/07/06 11:50:17 | 000,052,270 | ---- | C] () -- C:\Users\jofriedm_us\Desktop\AMENDMENT A.pdf

[2012/06/29 12:13:12 | 000,016,115 | ---- | C] () -- C:\Users\jofriedm_us\Desktop\Attachments_2012_06_29.zip

[2012/06/28 12:50:36 | 000,005,536 | ---- | C] () -- C:\Users\jofriedm_us\Desktop\Friedmann+Travelers+Quote+Smithville.pdf

[2012/06/28 12:50:22 | 000,148,266 | ---- | C] () -- C:\Users\jofriedm_us\Desktop\Friedmann+Travelers+Quote+Woodlands.pdf

[2012/06/28 09:32:44 | 001,510,084 | ---- | C] () -- C:\Users\jofriedm_us\Desktop\Plus rib install guide.5.25.04.pdf

[2012/06/28 09:27:40 | 000,032,504 | ---- | C] () -- C:\Users\jofriedm_us\Desktop\Maintenance_&_Repair_of_Metal_Roofing.pdf

[2012/06/28 07:08:07 | 000,173,099 | ---- | C] () -- C:\Users\jofriedm_us\Desktop\Grand-L40-Series-implements-comps.pdf

[2012/06/28 07:06:24 | 000,243,858 | ---- | C] () -- C:\Users\jofriedm_us\Desktop\Grand-L40-Series-comps.pdf

[2012/06/26 21:37:31 | 002,367,977 | ---- | C] () -- C:\Users\jofriedm_us\Desktop\web_may_11_ElectricTrans.pdf

[2012/06/26 21:33:34 | 001,193,645 | ---- | C] () -- C:\Users\jofriedm_us\Desktop\1795.pdf

[2012/06/26 20:25:30 | 023,895,232 | ---- | C] () -- C:\Users\jofriedm_us\Desktop\WKO3.0.zip

[2012/06/26 13:00:21 | 000,049,946 | ---- | C] () -- C:\Users\jofriedm_us\Desktop\Wildlife_HB604_process_chart.pdf

[2012/06/26 12:41:19 | 000,007,730 | ---- | C] () -- C:\Users\jofriedm_us\Desktop\45bc7d77-1ac9-4dae-9d9f-306c793a6b7d.pdf

[2012/06/26 12:40:32 | 000,007,370 | ---- | C] () -- C:\Users\jofriedm_us\Desktop\PropertyDataSheet.aspx

[2012/06/26 12:14:15 | 002,002,949 | ---- | C] () -- C:\Users\jofriedm_us\Desktop\BASTROP COMPS3.pdf

[2012/06/26 10:38:50 | 005,276,456 | ---- | C] () -- C:\Users\jofriedm_us\Desktop\NFPA 70 Ed. 2002.pdf

[2012/06/26 10:37:18 | 000,022,299 | ---- | C] () -- C:\Users\jofriedm_us\Desktop\TIA70-11-1.pdf

[2012/06/25 15:28:08 | 000,339,865 | ---- | C] () -- C:\Users\jofriedm_us\Desktop\trlp_region5.pdf

[2012/06/25 15:28:04 | 000,332,696 | ---- | C] () -- C:\Users\jofriedm_us\Desktop\trlp_region7.pdf

[2012/06/25 15:24:56 | 008,871,506 | ---- | C] () -- C:\Users\jofriedm_us\Desktop\HoustonSLBay.pdf

[2012/06/25 15:24:47 | 009,941,926 | ---- | C] () -- C:\Users\jofriedm_us\Desktop\AustinRRock.pdf

[2012/06/25 11:18:10 | 000,512,998 | ---- | C] () -- C:\Users\jofriedm_us\Desktop\BPO PRICING FAQ 10-13-06.pdf

[2012/06/22 16:50:18 | 000,754,026 | ---- | C] () -- C:\Users\jofriedm_us\Desktop\AQUA.ZoneMap.11X17_3.pdf

[2012/06/22 16:16:10 | 000,000,908 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/06/22 16:16:09 | 000,000,904 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/06/22 14:54:14 | 000,540,883 | ---- | C] () -- C:\Users\jofriedm_us\Desktop\pub2917tractorimplements1.pdf

[2012/06/22 09:16:40 | 000,000,948 | ---- | C] () -- C:\Users\jofriedm_us\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bvckup.lnk

[2012/06/22 08:53:05 | 000,331,649 | ---- | C] () -- C:\Users\jofriedm_us\Desktop\Survey.pdf

[2012/06/22 08:52:22 | 000,098,995 | ---- | C] () -- C:\Users\jofriedm_us\Desktop\Realist for 243 Hector.pdf

[2012/06/22 08:43:36 | 001,145,324 | ---- | C] () -- C:\Users\jofriedm_us\Desktop\VoiceMessage-5127849075.wav

[2012/06/21 21:32:43 | 000,488,784 | ---- | C] () -- C:\Users\jofriedm_us\Desktop\bvckup-setup-1.0.1.401.exe

[2012/06/21 21:27:46 | 000,001,384 | ---- | C] () -- C:\Users\jofriedm_us\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Oracle Open Office 3.3.lnk

[2012/06/21 16:56:06 | 000,675,581 | ---- | C] () -- C:\Users\jofriedm_us\Desktop\upgrade_whitepaper_final_March_2012.pdf

[2012/06/19 21:11:10 | 000,002,917 | ---- | C] () -- C:\Users\jofriedm_us\Desktop\Reflect.lnk

[2012/04/06 17:17:51 | 000,000,157 | ---- | C] () -- C:\windows\AIM_scaricocentraline.ini

[2012/04/05 13:57:02 | 000,060,304 | ---- | C] () -- C:\Users\jofriedm_us\g2mdlhlpx.exe

[2012/03/05 11:34:56 | 000,000,434 | ---- | C] () -- C:\windows\AIM_RACE_STUDIO.INI

[2012/03/05 11:33:08 | 000,000,023 | ---- | C] () -- C:\windows\AIM_LANGUAGE.INI

[2012/03/05 11:33:04 | 000,237,568 | ---- | C] () -- C:\windows\SysWow64\glut32.dll

[2011/11/18 19:25:20 | 000,006,787 | ---- | C] () -- C:\Users\jofriedm_us\AppData\Roaming\PrimoPDFSet.xml

[2011/10/14 10:38:07 | 000,743,534 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI

[2011/10/14 10:36:24 | 000,114,240 | ---- | C] () -- C:\windows\tlist.exe

[2011/10/14 08:05:07 | 000,960,940 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin

[2011/10/14 08:05:07 | 000,207,376 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin

[2011/10/14 08:05:07 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin

[2011/04/26 09:12:49 | 000,001,216 | RHS- | C] () -- C:\ProgramData\ntuser.pol

========== LOP Check ==========

[2012/07/18 17:51:01 | 000,000,000 | ---D | M] -- C:\Users\jofriedm_us\AppData\Roaming\.purple

[2012/03/18 19:47:01 | 000,000,000 | ---D | M] -- C:\Users\jofriedm_us\AppData\Roaming\.purple.bak.1

[2012/02/14 21:54:28 | 000,000,000 | ---D | M] -- C:\Users\jofriedm_us\AppData\Roaming\Efciry

[2011/12/19 09:26:36 | 000,000,000 | ---D | M] -- C:\Users\jofriedm_us\AppData\Roaming\Oracle

[2011/10/14 08:45:32 | 000,000,000 | ---D | M] -- C:\Users\jofriedm_us\AppData\Roaming\OracleOpenOffice

[2012/02/15 20:02:29 | 000,000,000 | ---D | M] -- C:\Users\jofriedm_us\AppData\Roaming\Ryhoe

[2011/11/07 08:42:50 | 000,000,000 | ---D | M] -- C:\Users\jofriedm_us\AppData\Roaming\Stellent

[2011/10/14 08:44:58 | 000,000,000 | ---D | M] -- C:\Users\jofriedm_us\AppData\Roaming\Thunderbird

[2011/11/28 09:18:46 | 000,000,000 | ---D | M] -- C:\Users\jofriedm_us\AppData\Roaming\Track Systems

[2012/05/04 10:56:33 | 000,000,000 | ---D | M] -- C:\Users\jofriedm_us\AppData\Roaming\webex

[2011/11/14 14:54:39 | 000,000,000 | ---D | M] -- C:\Users\jofriedm_us\AppData\Roaming\Xerox

[2009/07/14 00:08:49 | 000,031,000 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*. >

[2011/10/14 05:17:41 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin

[2012/04/30 09:47:03 | 000,000,000 | ---D | M] -- C:\.oracleprinters

[2012/03/05 16:37:22 | 000,000,000 | ---D | M] -- C:\AIM_SPORT

[2012/06/19 21:11:09 | 000,000,000 | -HSD | M] -- C:\Boot

[2012/07/16 14:43:44 | 000,000,000 | -HSD | M] -- C:\Config.Msi

[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings

[2011/10/14 08:05:13 | 000,000,000 | ---D | M] -- C:\DRIVERS

[2011/10/14 07:10:02 | 000,000,000 | ---D | M] -- C:\Intel

[2011/04/26 02:10:34 | 000,000,000 | ---D | M] -- C:\Links

[2011/10/14 10:27:08 | 000,000,000 | RH-D | M] -- C:\MSOCache

[2009/07/13 22:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs

[2012/06/19 21:11:09 | 000,000,000 | R--D | M] -- C:\Program Files

[2012/07/11 11:23:11 | 000,000,000 | R--D | M] -- C:\Program Files (x86)

[2012/07/18 21:50:10 | 000,000,000 | -H-D | M] -- C:\ProgramData

[2012/06/28 12:45:46 | 000,000,000 | ---D | M] -- C:\Quarantine

[2011/10/14 05:16:41 | 000,000,000 | -HSD | M] -- C:\Recovery

[2012/07/19 07:30:30 | 000,000,000 | -HSD | M] -- C:\System Volume Information

[2011/05/13 19:28:56 | 000,000,000 | ---D | M] -- C:\temp

[2011/10/14 05:17:23 | 000,000,000 | ---D | M] -- C:\Users

[2012/07/18 21:50:19 | 000,000,000 | ---D | M] -- C:\Windows

< %PROGRAMFILES%\*.exe >

< %LOCALAPPDATA%\*.exe >

< %systemroot%\*. /mp /s >

< %windir%\installer\*. /5 >

[2012/07/16 14:41:00 | 000,000,000 | ---D | M] -- C:\windows\installer\{AC76BA86-7AD7-1033-7B44-AA1000000001}

< %localappdata%\*. /5 >

[2012/07/18 21:51:21 | 000,000,000 | ---D | M] -- C:\Users\jofriedm_us\AppData\Local\Bvckup

[2012/07/19 07:26:46 | 000,000,000 | ---D | M] -- C:\Users\jofriedm_us\AppData\Local\Temp

< MD5 for: SERVICES.EXE >

[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\windows\SysNative\services.exe

[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: USER32.DLL >

[2010/11/20 22:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll

[2010/11/20 22:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll

[2010/11/20 22:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\windows\SysNative\user32.dll

[2010/11/20 22:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========

[C:\windows\OrclOBI] -> C:\ProgramData\Oracle\Baseimage -> Junction

< End of report >

Link to post
Share on other sites

Hm, looks like my last answer is lost in www. Sorry :(

Please download SystemLook to your Desktop.

  • Double-click SystemLook_x64.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :folderfind
    I want this


  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found at on your Desktop entitled SystemLook.txt

Link to post
Share on other sites

I don't see any evidence of this adware in your logfiles.

Go here to run an online scanner from ESET.

  • Note: You will need to use Internet explorer for this scan
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked, and the option Scan unwanted applications is checked
  • Click Start
  • Wait for the scan to finish
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop using a unique name.
  • Push the Back button.
  • Push Finish

Please post this logfile in your next reply

Link to post
Share on other sites

Eset Log:

C:\$Recycle.Bin\S-1-5-21-2719970594-1893141819-1563870317-1000\$RCVH0ES\edapc.dll.vir a variant of Win32/Medfos.AJ trojan

C:\Users\jofriedm_us\AppData\Local\{EC3050F0-CA9E-11E1-8270-B8AC6F996F26}\chrome\content\browser.xul JS/Redirector.NIQ trojan

C:\Users\jofriedm_us\AppData\Roaming\edapc.dll a variant of Win32/Medfos.AJ trojan

Operating memory a variant of Win32/Medfos.AJ trojan

Link to post
Share on other sites

Download ComboFix from this location:

Link 1

* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================

Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to this topic How to disable your security applications

====================================================

Double click on combofix.exe & follow the prompts.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.

*Note - if after running ComboFix you see a message similar to 'registry key marked for deletion..' rebooting the machine will resolve that.

Link to post
Share on other sites

I received the following Combofix error:

NirkMD: "Windows cannot find NIRKMD. Make sure you typed the name correctly and try again.. I kept hitting OK to the message.

Here is the log:

ComboFix 12-07-21.01 - jofriedm_us 07/22/2012 14:40:03.1.4 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8073.5921 [GMT -5:00]

Running from: c:\users\jofriedm_us\Desktop\ComboFix.exe

AV: McAfee VirusScan Enterprise *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

FW: McAfee Host Intrusion Prevention Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

SP: McAfee VirusScan Enterprise Antispyware Module *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\jofriedm_us\AppData\Roaming\edapc.dll

c:\users\jofriedm_us\AppData\Roaming\Microsoft\Windows\Ntuser.dat

c:\users\jofriedm_us\g2mdlhlpx.exe

c:\windows\SafeBoot.scr

.

.

((((((((((((((((((((((((( Files Created from 2012-06-22 to 2012-07-22 )))))))))))))))))))))))))))))))

.

.

2012-07-22 19:47 . 2012-07-22 19:47 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-07-22 16:05 . 2010-01-26 15:56 40328 ----a-w- c:\windows\SysWow64\HIPIS0e011b5.dll

2012-07-22 16:05 . 2010-01-26 15:44 47080 ----a-w- c:\windows\system32\HIPIS0e011b5.dll

2012-07-21 15:13 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys

2012-07-21 15:06 . 2012-07-21 15:06 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%

2012-07-21 15:02 . 2012-07-21 15:02 -------- d-sh--w- c:\windows\system32\%APPDATA%

2012-07-20 16:52 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll

2012-07-20 16:52 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll

2012-07-20 16:47 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll

2012-07-20 16:47 . 2012-06-06 05:05 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll

2012-07-20 16:47 . 2012-06-06 06:06 1881600 ----a-w- c:\windows\system32\msxml3.dll

2012-07-20 16:47 . 2012-06-06 05:05 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll

2012-07-20 16:47 . 2010-06-26 03:55 2048 ----a-w- c:\windows\system32\msxml3r.dll

2012-07-20 16:47 . 2010-06-26 03:24 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll

2012-07-20 16:42 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl

2012-07-20 16:42 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl

2012-07-20 16:41 . 2012-06-09 05:43 14172672 ----a-w- c:\windows\system32\shell32.dll

2012-07-20 16:41 . 2012-06-02 05:50 458704 ----a-w- c:\windows\system32\drivers\cng.sys

2012-07-20 16:41 . 2012-06-02 05:48 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2012-07-20 16:41 . 2012-06-02 05:45 340992 ----a-w- c:\windows\system32\schannel.dll

2012-07-20 16:41 . 2012-06-02 05:44 307200 ----a-w- c:\windows\system32\ncrypt.dll

2012-07-20 16:41 . 2012-06-02 05:48 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-07-20 16:41 . 2012-06-02 04:40 225280 ----a-w- c:\windows\SysWow64\schannel.dll

2012-07-20 16:41 . 2012-06-02 04:39 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll

2012-07-20 16:41 . 2012-06-02 04:40 22016 ----a-w- c:\windows\SysWow64\secur32.dll

2012-07-20 16:41 . 2012-06-02 04:34 96768 ----a-w- c:\windows\SysWow64\sspicli.dll

2012-07-20 16:38 . 2011-04-22 22:15 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys

2012-07-20 16:33 . 2011-10-14 05:31 918528 ----a-w- c:\windows\system32\jscript.dll

2012-07-20 16:33 . 2011-08-13 05:27 6144 ----a-w- c:\program files\Internet Explorer\iecompat.dll

2012-07-20 16:33 . 2011-08-13 04:18 6144 ----a-w- c:\program files (x86)\Internet Explorer\iecompat.dll

2012-07-20 16:33 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll

2012-07-20 16:33 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll

2012-07-20 16:33 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll

2012-07-20 16:33 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll

2012-07-20 16:33 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll

2012-07-20 16:33 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll

2012-07-20 16:32 . 2011-03-25 03:29 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys

2012-07-20 16:32 . 2011-03-25 03:29 325120 ----a-w- c:\windows\system32\drivers\usbport.sys

2012-07-20 16:32 . 2011-03-25 03:29 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys

2012-07-20 16:32 . 2011-03-25 03:29 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys

2012-07-20 16:32 . 2011-03-25 03:29 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys

2012-07-20 16:32 . 2011-03-25 03:28 7936 ----a-w- c:\windows\system32\drivers\usbd.sys

2012-07-20 16:32 . 2011-03-25 03:29 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2012-07-20 16:27 . 2011-02-18 10:51 31232 ----a-w- c:\windows\system32\prevhost.exe

2012-07-20 16:27 . 2011-02-18 05:39 31232 ----a-w- c:\windows\SysWow64\prevhost.exe

2012-07-10 20:25 . 2012-07-10 20:25 -------- d-----w- c:\users\jofriedm_us\AppData\Local\Macromedia

2012-07-10 20:05 . 2012-07-10 20:05 -------- d-----w- c:\users\jofriedm_us\AppData\Roaming\Malwarebytes

2012-07-10 20:04 . 2012-07-10 20:04 -------- d-----w- c:\programdata\Malwarebytes

2012-07-10 20:04 . 2012-07-19 00:08 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-07-10 20:04 . 2012-07-03 18:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-10 19:49 . 2012-07-18 22:57 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2012-07-10 19:49 . 2012-07-10 20:33 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy

2012-07-10 14:53 . 2012-07-10 14:53 -------- d-----w- c:\users\jofriedm_us\AppData\Local\{EC3050F0-CA9E-11E1-8270-B8AC6F996F26}

2012-06-22 21:16 . 2012-06-22 21:16 -------- d-----w- c:\program files (x86)\Google

2012-06-22 21:16 . 2012-06-22 21:16 -------- d-----w- c:\users\jofriedm_us\AppData\Local\Google

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-12 23:36 . 2012-04-16 13:03 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-07-12 23:36 . 2012-03-01 20:14 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-06 06:34 . 2011-04-15 09:45 143040 ----a-w- c:\windows\SysWow64\KevlarSigs.dll

2012-07-03 08:19 . 2011-04-15 08:44 59701280 ----a-w- c:\windows\system32\MRT.exe

2012-06-19 19:13 . 2012-06-19 19:13 10720 ----a-w- c:\windows\SysWow64\vpncategories.dll

2012-06-19 19:13 . 2012-06-19 19:13 30688 ----a-w- c:\windows\SysWow64\vpnevents.dll

2012-06-12 10:58 . 2012-06-12 11:17 13504 ----a-w- c:\windows\system32\drivers\PSVolAcc.sys

2012-06-12 10:57 . 2012-06-12 11:17 57536 ----a-w- c:\windows\system32\drivers\psmounter.sys

2012-06-02 22:19 . 2012-06-13 22:40 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-06-13 22:40 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:19 . 2012-06-13 22:40 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-06-13 22:40 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-06-13 22:40 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:15 . 2012-06-13 22:40 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:15 . 2012-06-13 22:40 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 20:19 . 2012-06-13 22:40 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 20:15 . 2012-06-13 22:40 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-05-15 04:01 . 2012-06-15 17:24 1188864 ----a-w- c:\windows\system32\wininet.dll

2012-05-15 03:59 . 2012-06-15 17:24 64512 ----a-w- c:\windows\system32\jsproxy.dll

2012-05-15 03:03 . 2012-06-15 17:24 981504 ----a-w- c:\windows\SysWow64\wininet.dll

2012-05-04 11:06 . 2012-06-15 17:14 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-04 10:03 . 2012-06-15 17:14 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-05-04 10:03 . 2012-06-15 17:14 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-04-28 03:55 . 2012-06-15 17:14 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-04-26 05:41 . 2012-06-15 17:20 77312 ----a-w- c:\windows\system32\rdpwsx.dll

2012-04-26 05:41 . 2012-06-15 17:20 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-04-26 05:34 . 2012-06-15 17:20 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"TkBellExe"="c:\program files (x86)\Common Files\Real\Update_OB\realsched.exe" [2011-04-15 180224]

"ShStatEXE"="c:\program files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2010-10-22 124224]

"SafeBootTrayManager"="c:\program files (x86)\SafeBoot Tray Manager\SbTrayManager.exe" [2009-08-19 69632]

"SafeBootTokenWatcher"="c:\program files (x86)\McAfee\Endpoint Encryption for PC\SbTokWatch.exe" [2010-10-12 172092]

"McAfeeUpdaterUI"="c:\program files (x86)\McAfee\Common Framework\udaterui.exe" [2011-05-19 161088]

"McAfee Host Intrusion Prevention Tray"="c:\program files (x86)\McAfee\Host Intrusion Prevention\FireTray.exe" [2010-06-15 979104]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"ClickToCallConfig"="c:\programdata\Oracle\BaseImage\config\realplayerent_config.exe" [2011-01-24 192066]

.

c:\users\jofriedm_us\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Bvckup.lnk - c:\users\jofriedm_us\Program Files (x86)\Bvckup\bvckup.exe [2012-6-21 359088]

Oracle Open Office 3.3.lnk - c:\program files (x86)\Oracle\Oracle Open Office 3\program\quickstart.exe [2010-11-18 1198592]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-10-15 1133856]

Dell System Manager.lnk - c:\program files\Dell\Dell System Manager\DCPSysMgr.exe [2011-1-20 1552240]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

startControlconfig.lnk - c:\programdata\Oracle\Baseimage\utils\startControlConfig.hta [2011-4-19 1371]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

"HideFastUserSwitching"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-22 116648]

R2 MyDesktopWindows;MyDesktopService;c:\programdata\Oracle\MyDesktop\MyDesktopService.exe [2011-10-28 1038848]

R2 QOSMyDesktop;QOS MyDesktop;c:\programdata\Oracle\MyDesktop\MyDesktopQOS.exe [2009-10-13 470016]

R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056]

R3 AIM_USBdriver;AIM USB Driver (v.10.02) VID=471;c:\windows\system32\Drivers\AIM_USBdrv64_10_02_471.sys [2011-09-05 35400]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]

R3 Firehk;McAfee NDIS Intermediate Filter;c:\windows\system32\DRIVERS\firehk.sys [2008-10-17 56648]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-22 116648]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-10-22 78768]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-19 113120]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-04-15 1255736]

S0 SafeBoot;SafeBoot; [x]

S0 SBAlg;SBAlg; [x]

S0 SbFsLock;SbFsLock; [x]

S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2010-08-20 21616]

S1 RsvLock;RsvLock; [x]

S1 SbFlop;SbFlop; [x]

S1 SbRegFlt;SbRegFlt; [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2011-02-21 89600]

S2 dcpsysmgrsvc;Dell System Manager Service;c:\program files\Dell\Dell System Manager\DCPSysMgrSvc.exe [2011-01-20 517488]

S2 enterceptAgent;McAfee Host Intrusion Prevention Service;c:\program files (x86)\McAfee\Host Intrusion Prevention\FireSvc.exe [2010-06-15 1498224]

S2 hips;McAfee HIPSCore Service;c:\program files (x86)\McAfee\Host Intrusion Prevention\HIPSCore\x64\HIPSvc.exe [2010-01-26 39840]

S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]

S2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;c:\program files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe [2010-03-25 226624]

S2 McAfeeEngineService;McAfee Engine Service;c:\program files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe [2010-10-22 20792]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-10-22 77968]

S2 ReflectService.exe;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe [2012-06-12 301760]

S2 SafeBootClientManager;SafeBoot Client Manager;c:\program files (x86)\McAfee\Endpoint Encryption for PC\SbClientManager.exe [2010-10-12 380988]

S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2012-06-19 645088]

S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2011-02-21 27760]

S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2011-10-14 348712]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-10-14 39464]

S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [2011-02-21 292864]

S3 cvusbdrv;Dell ControlVault;c:\windows\system32\Drivers\cvusbdrv.sys [2011-02-21 38440]

S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [2011-02-21 315568]

S3 FirehkMP;FirehkMP;c:\windows\system32\DRIVERS\firehk.sys [2008-10-17 56648]

S3 HIPK;McAfee Inc. HIPK;c:\windows\system32\drivers\HIPK.sys [2010-01-26 138904]

S3 HIPPSK;McAfee Inc. HIPPSK;c:\windows\system32\drivers\HIPPSK.sys [2010-01-26 45424]

S3 HIPQK;McAfee Inc. HIPQK;c:\windows\system32\drivers\HIPQK.sys [2010-01-26 40152]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-02-21 317440]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2011-02-21 56344]

S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-02-21 8505856]

S3 O2MDFRDR;O2MDFRDR;c:\windows\system32\DRIVERS\O2MDFw7x64.sys [2011-02-21 72808]

S3 O2SDJRDR;O2SDJRDR;c:\windows\system32\DRIVERS\o2sdjw7x64.sys [2011-02-21 75240]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-07-22 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-16 23:36]

.

2012-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-22 21:16]

.

2012-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-22 21:16]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-02-21 525312]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-21 418328]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-21 167960]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-21 391704]

"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-12-17 686704]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-02-21 592240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://my.oracle.com/site/nasc/Sales/Organizations/NAA/index.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.oracle.com;*.oracleads.com;*.us.oracle.com;*.uk.oracle.com;*.ca.oracle.com;*.oraclecorp.com;*.oracleportal.com;*.local;<local>

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000

IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

Trusted Zone: oracle.com\login

Trusted Zone: oraclecorp.com\global-ebusiness

Trusted Zone: oraclecorp.com\global-erp

Trusted Zone: oraclecorp.com\global-hrms

Trusted Zone: oraclecorp.com\global-service

Trusted Zone: oraclevpn.com\myaccess

Trusted Zone: oracle.com\login

Trusted Zone: oraclecorp.com\global-ebusiness

Trusted Zone: oraclecorp.com\global-erp

Trusted Zone: oraclecorp.com\global-hrms

Trusted Zone: oraclecorp.com\global-service

Trusted Zone: oraclevpn.com\myaccess

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{6BFF392C-A60D-4605-9A2F-D89810743C5F}: NameServer = 144.20.190.70,192.135.82.132

DPF: {B837CB5A-815F-4020-B402-83ADDEDAB019} - hxxps://global-crm.oraclecorp.com/callcenter_enu/20436/applets/SiebelAx_Smartscript.cab

DPF: {D847E32E-BEE3-4B37-A1E2-D5AF9099A8AC} - hxxps://global-crm.oraclecorp.com/callcenter_enu/20436/applets/SiebelAx_HI_Client.cab

FF - ProfilePath - c:\users\jofriedm_us\AppData\Roaming\Mozilla\Firefox\Profiles\7rqmhx4x.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.marketwatch.com/

FF - prefs.js: network.proxy.type - 4

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Notify-igfxcui - (no file)

Toolbar-Locked - (no file)

HKLM-Run-edapc - c:\users\jofriedm_us\AppData\Roaming\edapc.dll

AddRemove-HijackThis - e:\virus tools\HijackThis.exe

AddRemove-SLABCOMM&10C4&80ED - c:\windows\system32\Silabs\DriverUninstaller.exe VCP CP210x Cardinal\SLABCOMM&10C4&80ED

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Environment*]

"v5Licence0"="15-F3XZ-GCB9-ZHW8-J1QW-J65G-M52FTR9"

"Activated"="Y"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-07-22 14:49:23

ComboFix-quarantined-files.txt 2012-07-22 19:49

.

Pre-Run: 154,928,017,408 bytes free

Post-Run: 154,535,673,856 bytes free

.

- - End Of File - - CC18AB23E93A638EAC0B462BF231DFCD

Link to post
Share on other sites

Open notepad and copy/paste the text in the Code-box below into it:


File::
C:\Users\jofriedm_us\AppData\Local\{EC3050F0-CA9E-11E1-8270-B8AC6F996F26}\chrome\content\browser.xul
Reboot::

  • Save this as CFScript.txt, in the same location as ComboFix.exe.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe.

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Link to post
Share on other sites

On the reboot, my anti-virus automatically turns itself on, so I received the same error after the reboot.

Here is the log:

ComboFix 12-07-21.01 - jofriedm_us 07/23/2012 9:15.2.4 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8073.5769 [GMT -5:00]

Running from: c:\users\jofriedm_us\Desktop\ComboFix.exe

Command switches used :: c:\users\jofriedm_us\Desktop\CFScript.txt

AV: McAfee VirusScan Enterprise *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

FW: McAfee Host Intrusion Prevention Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

SP: McAfee VirusScan Enterprise Antispyware Module *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:\users\jofriedm_us\AppData\Local\{EC3050F0-CA9E-11E1-8270-B8AC6F996F26}\chrome\content\browser.xul"

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\jofriedm_us\AppData\Local\{EC3050F0-CA9E-11E1-8270-B8AC6F996F26}\chrome\content\browser.xul

c:\windows\SafeBoot.scr

.

.

((((((((((((((((((((((((( Files Created from 2012-06-23 to 2012-07-23 )))))))))))))))))))))))))))))))

.

.

2012-07-23 14:18 . 2012-07-23 14:18 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-07-23 14:18 . 2012-07-23 14:18 -------- d-----w- c:\users\Administrator\AppData\Local\temp

2012-07-22 19:59 . 2010-01-26 15:56 40328 ----a-w- c:\windows\SysWow64\HIPIS0e011b5.dll

2012-07-22 19:59 . 2010-01-26 15:44 47080 ----a-w- c:\windows\system32\HIPIS0e011b5.dll

2012-07-21 15:13 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys

2012-07-21 15:06 . 2012-07-21 15:06 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%

2012-07-21 15:02 . 2012-07-21 15:02 -------- d-sh--w- c:\windows\system32\%APPDATA%

2012-07-20 16:52 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll

2012-07-20 16:52 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll

2012-07-20 16:47 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll

2012-07-20 16:47 . 2012-06-06 05:05 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll

2012-07-20 16:47 . 2012-06-06 06:06 1881600 ----a-w- c:\windows\system32\msxml3.dll

2012-07-20 16:47 . 2012-06-06 05:05 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll

2012-07-20 16:47 . 2010-06-26 03:55 2048 ----a-w- c:\windows\system32\msxml3r.dll

2012-07-20 16:47 . 2010-06-26 03:24 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll

2012-07-20 16:42 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl

2012-07-20 16:42 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl

2012-07-20 16:41 . 2012-06-09 05:43 14172672 ----a-w- c:\windows\system32\shell32.dll

2012-07-20 16:41 . 2012-06-02 05:50 458704 ----a-w- c:\windows\system32\drivers\cng.sys

2012-07-20 16:41 . 2012-06-02 05:48 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2012-07-20 16:41 . 2012-06-02 05:45 340992 ----a-w- c:\windows\system32\schannel.dll

2012-07-20 16:41 . 2012-06-02 05:44 307200 ----a-w- c:\windows\system32\ncrypt.dll

2012-07-20 16:41 . 2012-06-02 05:48 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-07-20 16:41 . 2012-06-02 04:40 225280 ----a-w- c:\windows\SysWow64\schannel.dll

2012-07-20 16:41 . 2012-06-02 04:39 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll

2012-07-20 16:41 . 2012-06-02 04:40 22016 ----a-w- c:\windows\SysWow64\secur32.dll

2012-07-20 16:41 . 2012-06-02 04:34 96768 ----a-w- c:\windows\SysWow64\sspicli.dll

2012-07-20 16:38 . 2011-04-22 22:15 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys

2012-07-20 16:33 . 2011-10-14 05:31 918528 ----a-w- c:\windows\system32\jscript.dll

2012-07-20 16:33 . 2011-08-13 05:27 6144 ----a-w- c:\program files\Internet Explorer\iecompat.dll

2012-07-20 16:33 . 2011-08-13 04:18 6144 ----a-w- c:\program files (x86)\Internet Explorer\iecompat.dll

2012-07-20 16:33 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll

2012-07-20 16:33 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll

2012-07-20 16:33 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll

2012-07-20 16:33 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll

2012-07-20 16:33 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll

2012-07-20 16:33 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll

2012-07-20 16:32 . 2011-03-25 03:29 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys

2012-07-20 16:32 . 2011-03-25 03:29 325120 ----a-w- c:\windows\system32\drivers\usbport.sys

2012-07-20 16:32 . 2011-03-25 03:29 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys

2012-07-20 16:32 . 2011-03-25 03:29 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys

2012-07-20 16:32 . 2011-03-25 03:29 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys

2012-07-20 16:32 . 2011-03-25 03:28 7936 ----a-w- c:\windows\system32\drivers\usbd.sys

2012-07-20 16:32 . 2011-03-25 03:29 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2012-07-20 16:27 . 2011-02-18 10:51 31232 ----a-w- c:\windows\system32\prevhost.exe

2012-07-20 16:27 . 2011-02-18 05:39 31232 ----a-w- c:\windows\SysWow64\prevhost.exe

2012-07-10 20:25 . 2012-07-10 20:25 -------- d-----w- c:\users\jofriedm_us\AppData\Local\Macromedia

2012-07-10 20:05 . 2012-07-10 20:05 -------- d-----w- c:\users\jofriedm_us\AppData\Roaming\Malwarebytes

2012-07-10 20:04 . 2012-07-10 20:04 -------- d-----w- c:\programdata\Malwarebytes

2012-07-10 20:04 . 2012-07-19 00:08 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-07-10 20:04 . 2012-07-03 18:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-10 19:49 . 2012-07-18 22:57 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2012-07-10 19:49 . 2012-07-10 20:33 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy

2012-07-10 14:53 . 2012-07-10 14:53 -------- d-----w- c:\users\jofriedm_us\AppData\Local\{EC3050F0-CA9E-11E1-8270-B8AC6F996F26}

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-12 23:36 . 2012-04-16 13:03 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-07-12 23:36 . 2012-03-01 20:14 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-06 06:34 . 2011-04-15 09:45 143040 ----a-w- c:\windows\SysWow64\KevlarSigs.dll

2012-07-03 08:19 . 2011-04-15 08:44 59701280 ----a-w- c:\windows\system32\MRT.exe

2012-06-19 19:13 . 2012-06-19 19:13 10720 ----a-w- c:\windows\SysWow64\vpncategories.dll

2012-06-19 19:13 . 2012-06-19 19:13 30688 ----a-w- c:\windows\SysWow64\vpnevents.dll

2012-06-12 10:58 . 2012-06-12 11:17 13504 ----a-w- c:\windows\system32\drivers\PSVolAcc.sys

2012-06-12 10:57 . 2012-06-12 11:17 57536 ----a-w- c:\windows\system32\drivers\psmounter.sys

2012-06-02 22:19 . 2012-06-13 22:40 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-06-13 22:40 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:19 . 2012-06-13 22:40 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-06-13 22:40 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-06-13 22:40 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:15 . 2012-06-13 22:40 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:15 . 2012-06-13 22:40 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 20:19 . 2012-06-13 22:40 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 20:15 . 2012-06-13 22:40 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-05-15 04:01 . 2012-06-15 17:24 1188864 ----a-w- c:\windows\system32\wininet.dll

2012-05-15 03:59 . 2012-06-15 17:24 64512 ----a-w- c:\windows\system32\jsproxy.dll

2012-05-15 03:03 . 2012-06-15 17:24 981504 ----a-w- c:\windows\SysWow64\wininet.dll

2012-05-04 11:06 . 2012-06-15 17:14 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-04 10:03 . 2012-06-15 17:14 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-05-04 10:03 . 2012-06-15 17:14 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-04-28 03:55 . 2012-06-15 17:14 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-04-26 05:41 . 2012-06-15 17:20 77312 ----a-w- c:\windows\system32\rdpwsx.dll

2012-04-26 05:41 . 2012-06-15 17:20 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-04-26 05:34 . 2012-06-15 17:20 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

.

.

((((((((((((((((((((((((((((( SnapShot@2012-07-22_19.47.38 )))))))))))))))))))))))))))))))))))))))))

.

- 2009-07-14 04:54 . 2012-07-22 18:49 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:54 . 2012-07-23 14:21 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-07-14 04:54 . 2012-07-22 18:49 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2012-07-23 14:21 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-07-22 18:49 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2012-07-23 14:21 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 05:10 . 2012-07-22 20:02 53960 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

- 2011-12-24 06:35 . 2012-07-22 18:51 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat

+ 2011-12-24 06:35 . 2012-07-22 20:02 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat

- 2011-10-14 12:15 . 2012-07-22 19:38 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-10-14 12:15 . 2012-07-23 14:21 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2011-12-24 06:35 . 2012-07-22 18:51 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat

+ 2011-12-24 06:35 . 2012-07-22 20:02 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat

+ 2011-10-14 12:15 . 2012-07-23 14:21 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2011-10-14 12:15 . 2012-07-22 19:38 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2011-12-24 06:35 . 2012-07-22 20:02 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat

- 2011-12-24 06:35 . 2012-07-22 18:51 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat

- 2009-07-14 04:54 . 2012-07-22 19:38 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2012-07-23 14:21 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-10-14 15:04 . 2012-07-23 14:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2011-10-14 15:04 . 2012-07-22 19:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-04-19 15:02 . 2012-07-23 14:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2011-04-19 15:02 . 2012-07-22 19:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-10-14 13:34 . 2012-07-22 20:02 7660 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2719970594-1893141819-1563870317-1000_UserData.bin

- 2012-07-22 16:05 . 2012-07-22 16:05 2033 c:\windows\system32\api_hook_list.dat

+ 2012-07-23 14:19 . 2012-07-23 14:19 2033 c:\windows\system32\api_hook_list.dat

- 2012-07-22 16:05 . 2012-07-22 16:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-07-23 14:19 . 2012-07-23 14:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-07-22 16:05 . 2012-07-22 16:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2012-07-23 14:19 . 2012-07-23 14:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2011-04-15 09:16 . 2012-07-22 16:30 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

+ 2011-04-15 09:16 . 2012-07-23 14:21 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

+ 2012-07-23 14:19 . 2012-07-23 14:19 127959 c:\windows\SysWOW64\api_hook_list.dat

- 2012-07-22 16:05 . 2012-07-22 16:05 127959 c:\windows\SysWOW64\api_hook_list.dat

+ 2011-10-14 17:08 . 2012-07-23 13:56 304522 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin

+ 2009-07-14 02:36 . 2012-07-23 13:15 627316 c:\windows\system32\perfh009.dat

- 2009-07-14 02:36 . 2012-07-22 16:12 627316 c:\windows\system32\perfh009.dat

- 2009-07-14 02:36 . 2012-07-22 16:12 107600 c:\windows\system32\perfc009.dat

+ 2009-07-14 02:36 . 2012-07-23 13:15 107600 c:\windows\system32\perfc009.dat

- 2009-07-14 05:12 . 2012-07-22 16:05 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

+ 2009-07-14 05:12 . 2012-07-23 14:20 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

+ 2009-07-14 04:46 . 2012-07-22 20:06 105808 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat

- 2009-07-14 05:01 . 2012-07-22 15:55 364068 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 05:01 . 2012-07-23 14:18 364068 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2012-02-22 14:27 . 2012-07-23 14:18 38262792 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2719970594-1893141819-1563870317-1000-12288.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"TkBellExe"="c:\program files (x86)\Common Files\Real\Update_OB\realsched.exe" [2011-04-15 180224]

"ShStatEXE"="c:\program files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2010-10-22 124224]

"SafeBootTrayManager"="c:\program files (x86)\SafeBoot Tray Manager\SbTrayManager.exe" [2009-08-19 69632]

"SafeBootTokenWatcher"="c:\program files (x86)\McAfee\Endpoint Encryption for PC\SbTokWatch.exe" [2010-10-12 172092]

"McAfeeUpdaterUI"="c:\program files (x86)\McAfee\Common Framework\udaterui.exe" [2011-05-19 161088]

"McAfee Host Intrusion Prevention Tray"="c:\program files (x86)\McAfee\Host Intrusion Prevention\FireTray.exe" [2010-06-15 979104]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"ClickToCallConfig"="c:\programdata\Oracle\BaseImage\config\realplayerent_config.exe" [2011-01-24 192066]

.

c:\users\jofriedm_us\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Bvckup.lnk - c:\users\jofriedm_us\Program Files (x86)\Bvckup\bvckup.exe [2012-6-21 359088]

Oracle Open Office 3.3.lnk - c:\program files (x86)\Oracle\Oracle Open Office 3\program\quickstart.exe [2010-11-18 1198592]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-10-15 1133856]

Dell System Manager.lnk - c:\program files\Dell\Dell System Manager\DCPSysMgr.exe [2011-1-20 1552240]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

startControlconfig.lnk - c:\programdata\Oracle\Baseimage\utils\startControlConfig.hta [2011-4-19 1371]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

"HideFastUserSwitching"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\igfxcui]

[bU]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-22 116648]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056]

R3 AIM_USBdriver;AIM USB Driver (v.10.02) VID=471;c:\windows\system32\Drivers\AIM_USBdrv64_10_02_471.sys [2011-09-05 35400]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]

R3 Firehk;McAfee NDIS Intermediate Filter;c:\windows\system32\DRIVERS\firehk.sys [2008-10-17 56648]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-22 116648]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-10-22 78768]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-19 113120]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-04-15 1255736]

S0 SafeBoot;SafeBoot; [x]

S0 SBAlg;SBAlg; [x]

S0 SbFsLock;SbFsLock; [x]

S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2010-08-20 21616]

S1 RsvLock;RsvLock; [x]

S1 SbFlop;SbFlop; [x]

S1 SbRegFlt;SbRegFlt; [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2011-02-21 89600]

S2 dcpsysmgrsvc;Dell System Manager Service;c:\program files\Dell\Dell System Manager\DCPSysMgrSvc.exe [2011-01-20 517488]

S2 enterceptAgent;McAfee Host Intrusion Prevention Service;c:\program files (x86)\McAfee\Host Intrusion Prevention\FireSvc.exe [2010-06-15 1498224]

S2 hips;McAfee HIPSCore Service;c:\program files (x86)\McAfee\Host Intrusion Prevention\HIPSCore\x64\HIPSvc.exe [2010-01-26 39840]

S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]

S2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;c:\program files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe [2010-03-25 226624]

S2 McAfeeEngineService;McAfee Engine Service;c:\program files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe [2010-10-22 20792]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-10-22 77968]

S2 MyDesktopWindows;MyDesktopService;c:\programdata\Oracle\MyDesktop\MyDesktopService.exe [2011-10-28 1038848]

S2 QOSMyDesktop;QOS MyDesktop;c:\programdata\Oracle\MyDesktop\MyDesktopQOS.exe [2009-10-13 470016]

S2 ReflectService.exe;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe [2012-06-12 301760]

S2 SafeBootClientManager;SafeBoot Client Manager;c:\program files (x86)\McAfee\Endpoint Encryption for PC\SbClientManager.exe [2010-10-12 380988]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2012-06-19 645088]

S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2011-02-21 27760]

S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2011-10-14 348712]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-10-14 39464]

S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [2011-02-21 292864]

S3 cvusbdrv;Dell ControlVault;c:\windows\system32\Drivers\cvusbdrv.sys [2011-02-21 38440]

S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [2011-02-21 315568]

S3 FirehkMP;FirehkMP;c:\windows\system32\DRIVERS\firehk.sys [2008-10-17 56648]

S3 HIPK;McAfee Inc. HIPK;c:\windows\system32\drivers\HIPK.sys [2010-01-26 138904]

S3 HIPPSK;McAfee Inc. HIPPSK;c:\windows\system32\drivers\HIPPSK.sys [2010-01-26 45424]

S3 HIPQK;McAfee Inc. HIPQK;c:\windows\system32\drivers\HIPQK.sys [2010-01-26 40152]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-02-21 317440]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2011-02-21 56344]

S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-02-21 8505856]

S3 O2MDFRDR;O2MDFRDR;c:\windows\system32\DRIVERS\O2MDFw7x64.sys [2011-02-21 72808]

S3 O2SDJRDR;O2SDJRDR;c:\windows\system32\DRIVERS\o2sdjw7x64.sys [2011-02-21 75240]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-07-23 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-16 23:36]

.

2012-07-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-22 21:16]

.

2012-07-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-22 21:16]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-02-21 525312]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-21 418328]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-21 167960]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-21 391704]

"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-12-17 686704]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-02-21 592240]

"edapc"="c:\users\jofriedm_us\AppData\Roaming\edapc.dll" [bU]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = about:blank

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.oracle.com;*.oracleads.com;*.us.oracle.com;*.uk.oracle.com;*.ca.oracle.com;*.oraclecorp.com;*.oracleportal.com;*.local;<local>

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000

IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

Trusted Zone: oracle.com\login

Trusted Zone: oraclecorp.com\global-ebusiness

Trusted Zone: oraclecorp.com\global-erp

Trusted Zone: oraclecorp.com\global-hrms

Trusted Zone: oraclecorp.com\global-service

Trusted Zone: oraclevpn.com\myaccess

Trusted Zone: oracle.com\login

Trusted Zone: oraclecorp.com\global-ebusiness

Trusted Zone: oraclecorp.com\global-erp

Trusted Zone: oraclecorp.com\global-hrms

Trusted Zone: oraclecorp.com\global-service

Trusted Zone: oraclevpn.com\myaccess

TCP: DhcpNameServer = 141.146.40.227 148.87.1.22

TCP: Interfaces\{6BFF392C-A60D-4605-9A2F-D89810743C5F}: NameServer = 144.20.190.70,192.135.82.132

DPF: {B837CB5A-815F-4020-B402-83ADDEDAB019} - hxxps://global-crm.oraclecorp.com/callcenter_enu/20436/applets/SiebelAx_Smartscript.cab

DPF: {D847E32E-BEE3-4B37-A1E2-D5AF9099A8AC} - hxxps://global-crm.oraclecorp.com/callcenter_enu/20436/applets/SiebelAx_HI_Client.cab

FF - ProfilePath - c:\users\jofriedm_us\AppData\Roaming\Mozilla\Firefox\Profiles\7rqmhx4x.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.marketwatch.com/

FF - prefs.js: network.proxy.type - 4

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Environment*]

"v5Licence0"="15-F3XZ-GCB9-ZHW8-J1QW-J65G-M52FTR9"

"Activated"="Y"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\McAfee\Common Framework\FrameworkService.exe

c:\program files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe

c:\program files (x86)\McAfee\Common Framework\naPrdMgr.exe

c:\windows\SysWOW64\RunDll32.exe

c:\program files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe

c:\program files (x86)\Oracle\Oracle Open Office 3\program\soffice.exe

c:\program files (x86)\McAfee\Common Framework\McTray.exe

c:\program files (x86)\Oracle\Oracle Open Office 3\program\soffice.bin

.

**************************************************************************

.

Completion time: 2012-07-23 09:29:05 - machine was rebooted

ComboFix-quarantined-files.txt 2012-07-23 14:29

ComboFix2.txt 2012-07-22 19:49

.

Pre-Run: 154,401,837,056 bytes free

Post-Run: 154,051,121,152 bytes free

.

- - End Of File - - ADA88506FE99D4D4F2C596352EF83A48

Link to post
Share on other sites

Glad to hear.I notice you have Malwarebytes' Anti-Malware installed on your machine. Please launch the program and select the update tab, then click on the check for updates button.

  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Save it to your desktop.

Note: Malwarebytes' Anti-Malware may require a reboot to complete removals. After a reboot, if required, post that saved log in your next reply.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

  • Download the latest version of Java Runtime Enviroment 7 Update 5 and save it to your desktop.
  • Scroll down to where it says Java SE 7 Update 5
  • Click the red Download JRE button on the right.
  • Read the License Agreement then select Accept License Agreement
  • Click on the link to download Windows x86 Offline and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u5-windows-i586 to install the newest version.

After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)

  • On the General tab, under Temporary Internet Files, click the Settings button.
  • Next, click on the Delete Files button
  • There are three options in the window to clear the cache - Make sure all are checked
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.

Please launch DDS

  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt

    [*]Save both reports to your desktop and post both in your next reply

Link to post
Share on other sites

Please run OTL.exe.

  • Under the Custom.jpg box paste this in


c:\program files\*.
c:\program files (x86)\*.
C:\windows\SysWow64\*.

  • Make sure all other windows are closed to let it run uninterrupted.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will create a logfile ( OTL.txt ). This is saved in the same location as OTL.

Please post this in your next reply.

Link to post
Share on other sites

Latest OTL Log:

OTL logfile created on: 7/24/2012 7:08:55 AM - Run 2

OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\jofriedm_us\Desktop

64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.88 Gb Total Physical Memory | 6.03 Gb Available Physical Memory | 76.46% Memory free

15.77 Gb Paging File | 13.79 Gb Available in Paging File | 87.49% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 208.66 Gb Total Space | 144.65 Gb Free Space | 69.32% Space Free | Partition Type: NTFS

Drive D: | 80.31 Gb Total Space | 61.54 Gb Free Space | 76.63% Space Free | Partition Type: NTFS

Computer Name: FRIEDMANN-PC | User Name: jofriedm_us | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/19 07:26:18 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\jofriedm_us\Desktop\OTL.exe

PRC - [2012/06/21 21:35:00 | 000,359,088 | ---- | M] (Yaletown Software Design Inc.) -- C:\Users\jofriedm_us\Program Files (x86)\Bvckup\bvckup.exe

PRC - [2012/06/19 14:12:28 | 000,645,088 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe

PRC - [2012/02/15 10:32:12 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe

PRC - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2011/10/28 16:46:24 | 001,038,848 | ---- | M] (Oracle Corporation) -- C:\ProgramData\Oracle\MyDesktop\MyDesktopService.exe

PRC - [2011/05/19 16:05:00 | 000,992,576 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\McScript_InUse.exe

PRC - [2011/05/19 16:05:00 | 000,185,664 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe

PRC - [2011/05/19 16:05:00 | 000,161,088 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe

PRC - [2011/05/19 16:05:00 | 000,120,128 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe

PRC - [2011/05/19 16:05:00 | 000,075,072 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\McTray.exe

PRC - [2011/04/15 04:34:45 | 000,180,224 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe

PRC - [2010/12/17 10:24:06 | 000,686,704 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe

PRC - [2010/11/25 06:45:32 | 011,322,880 | ---- | M] (Oracle) -- C:\Program Files (x86)\Oracle\Oracle Open Office 3\program\soffice.exe

PRC - [2010/11/25 06:45:32 | 011,314,688 | ---- | M] (Oracle) -- C:\Program Files (x86)\Oracle\Oracle Open Office 3\program\soffice.bin

PRC - [2010/10/22 13:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe

PRC - [2010/10/15 19:07:52 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe

PRC - [2010/10/12 05:08:09 | 000,172,092 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Endpoint Encryption for PC\SbTokWatch.exe

PRC - [2010/10/12 05:07:07 | 000,380,988 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Endpoint Encryption for PC\SbClientManager.exe

PRC - [2010/06/15 04:50:54 | 000,979,104 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireTray.exe

PRC - [2010/06/15 04:50:48 | 001,498,224 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireSvc.exe

PRC - [2010/03/25 06:20:06 | 000,226,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe

PRC - [2009/10/13 14:18:12 | 000,470,016 | ---- | M] (Oracle) -- C:\ProgramData\Oracle\MyDesktop\MyDesktopQOS.exe

PRC - [2009/08/19 08:20:52 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\SafeBoot Tray Manager\SbTrayManager.exe

PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

========== Modules (No Company Name) ==========

MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2011/04/15 04:24:41 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\Oracle\Oracle Open Office 3\program\libxml2.dll

MOD - [2010/12/17 10:24:06 | 000,686,704 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe

MOD - [2009/08/19 08:20:52 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\SafeBoot Tray Manager\SbTrayManager.exe

MOD - [2007/04/18 20:30:46 | 000,471,040 | ---- | M] () -- C:\Program Files (x86)\McAfee\Common Framework\ccme_base.dll

MOD - [2007/04/18 20:30:46 | 000,393,216 | ---- | M] () -- C:\Program Files (x86)\McAfee\Common Framework\cryptocme2.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/06/12 05:57:44 | 000,301,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Macrium\Reflect\ReflectService.exe -- (ReflectService.exe)

SRV:64bit: - [2011/02/21 14:14:02 | 000,072,296 | ---- | M] (O2Micro International) [Disabled | Stopped] -- C:\Windows\SysNative\drivers\o2flash.exe -- (O2FLASH)

SRV:64bit: - [2011/02/21 14:14:00 | 000,275,968 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)

SRV:64bit: - [2011/02/21 14:13:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)

SRV:64bit: - [2011/01/20 11:33:20 | 000,517,488 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe -- (dcpsysmgrsvc)

SRV:64bit: - [2010/10/22 13:07:00 | 000,077,968 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)

SRV:64bit: - [2010/10/15 19:07:52 | 000,953,632 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)

SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV - [2012/07/19 12:08:20 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012/07/12 18:36:10 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/06/19 14:12:28 | 000,645,088 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)

SRV - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2011/10/28 16:46:24 | 001,038,848 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\ProgramData\Oracle\MyDesktop\MyDesktopService.exe -- (MyDesktopWindows)

SRV - [2011/05/19 16:05:00 | 000,120,128 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)

SRV - [2011/02/21 14:14:06 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)

SRV - [2010/10/22 13:07:00 | 000,181,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mcshield.exe -- (McShield)

SRV - [2010/10/22 13:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe -- (McTaskManager)

SRV - [2010/10/22 13:07:00 | 000,020,792 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe -- (McAfeeEngineService)

SRV - [2010/10/12 05:07:07 | 000,380,988 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\Endpoint Encryption for PC\SbClientManager.exe -- (SafeBootClientManager)

SRV - [2010/06/15 04:50:48 | 001,498,224 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireSvc.exe -- (enterceptAgent)

SRV - [2010/03/25 06:20:06 | 000,226,624 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe -- (McAfee SiteAdvisor Enterprise Service)

SRV - [2010/03/18 06:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/01/26 10:45:24 | 000,039,840 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\Host Intrusion Prevention\HIPSCore\x64\HIPSvc.exe -- (hips)

SRV - [2009/10/13 14:18:12 | 000,470,016 | ---- | M] (Oracle) [Auto | Running] -- C:\ProgramData\Oracle\MyDesktop\MyDesktopQOS.exe -- (QOSMyDesktop)

SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2011/10/14 05:19:26 | 000,348,712 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL)

DRV:64bit: - [2011/10/14 05:19:26 | 000,138,280 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)

DRV:64bit: - [2011/10/14 05:19:26 | 000,106,536 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)

DRV:64bit: - [2011/10/14 05:19:26 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)

DRV:64bit: - [2011/10/14 05:19:25 | 000,021,416 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)

DRV:64bit: - [2011/09/05 17:42:14 | 000,035,400 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AIM_USBdrv64_10_02_471.sys -- (AIM_USBdriver) AIM USB Driver (v.10.02)

DRV:64bit: - [2011/06/10 15:42:42 | 000,022,264 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva)

DRV:64bit: - [2011/05/20 02:53:44 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011/02/21 14:14:24 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®

DRV:64bit: - [2011/02/21 14:14:20 | 012,262,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2011/02/21 14:14:12 | 008,505,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel®

DRV:64bit: - [2011/02/21 14:14:10 | 000,315,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress) Intel®

DRV:64bit: - [2011/02/21 14:14:08 | 000,343,160 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)

DRV:64bit: - [2011/02/21 14:14:08 | 000,038,440 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cvusbdrv.sys -- (cvusbdrv)

DRV:64bit: - [2011/02/21 14:14:06 | 001,485,824 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)

DRV:64bit: - [2011/02/21 14:14:06 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)

DRV:64bit: - [2011/02/21 14:14:06 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL)

DRV:64bit: - [2011/02/21 14:14:06 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)

DRV:64bit: - [2011/02/21 14:14:06 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)

DRV:64bit: - [2011/02/21 14:14:02 | 000,520,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)

DRV:64bit: - [2011/02/21 14:14:02 | 000,075,240 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2sdjw7x64.sys -- (O2SDJRDR)

DRV:64bit: - [2011/02/21 14:14:02 | 000,072,808 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2mdfw7x64.sys -- (O2MDFRDR)

DRV:64bit: - [2011/02/21 14:14:02 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®

DRV:64bit: - [2011/02/21 14:13:58 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelern.sys -- (Acceler)

DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/11/20 22:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)

DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2010/10/22 13:07:00 | 000,470,808 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)

DRV:64bit: - [2010/10/22 13:07:00 | 000,120,224 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)

DRV:64bit: - [2010/10/22 13:07:00 | 000,098,088 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)

DRV:64bit: - [2010/10/22 13:07:00 | 000,084,424 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfetdik.sys -- (mfetdik)

DRV:64bit: - [2010/10/22 13:07:00 | 000,078,768 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)

DRV:64bit: - [2010/10/12 05:05:50 | 000,015,688 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\windows\SysNative\drivers\sbregflt.sys -- (SbRegFlt)

DRV:64bit: - [2010/10/12 05:05:44 | 000,015,688 | ---- | M] (McAfee, Inc.) [File_System | Boot | Running] -- C:\windows\SysNative\drivers\sbfslock.sys -- (SbFsLock)

DRV:64bit: - [2010/10/12 05:05:39 | 000,058,184 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\windows\SysNative\drivers\rsvlock.sys -- (RsvLock)

DRV:64bit: - [2010/10/12 05:05:29 | 000,023,368 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\windows\SysNative\drivers\sbflop.sys -- (SbFlop)

DRV:64bit: - [2010/10/12 05:05:14 | 000,056,648 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\safeboot.sys -- (SafeBoot)

DRV:64bit: - [2010/08/20 13:05:12 | 000,021,616 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdcfltn.sys -- (stdcfltn)

DRV:64bit: - [2010/06/15 04:49:38 | 000,038,968 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\firelm01.sys -- (firelm01)

DRV:64bit: - [2010/06/15 04:49:32 | 000,254,520 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\FireTDI.sys -- (FireTDI)

DRV:64bit: - [2010/06/15 04:49:28 | 000,186,784 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\FirePM.sys -- (FirePM)

DRV:64bit: - [2010/01/26 10:45:04 | 000,040,152 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HIPQK.sys -- (HIPQK)

DRV:64bit: - [2010/01/26 10:44:48 | 000,045,424 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HIPPSK.sys -- (HIPPSK)

DRV:64bit: - [2010/01/26 10:44:34 | 000,138,904 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HIPK.sys -- (HIPK)

DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2008/10/17 08:26:24 | 000,056,648 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\firehk.sys -- (FirehkMP)

DRV:64bit: - [2008/10/17 08:26:24 | 000,056,648 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\firehk.sys -- (Firehk)

DRV:64bit: - [2008/08/13 15:51:44 | 000,060,128 | ---- | M] (SafeBoot N.V.) [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\sbalg.sys -- (SBAlg)

DRV - [2010/10/12 05:05:50 | 000,015,688 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\windows\SysWow64\drivers\SbRegFlt.sys -- (SbRegFlt)

DRV - [2010/10/12 05:05:44 | 000,015,688 | ---- | M] (McAfee, Inc.) [File_System | Boot | Running] -- C:\windows\SysWow64\drivers\SbFsLock.sys -- (SbFsLock)

DRV - [2010/10/12 05:05:39 | 000,058,184 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\windows\SysWow64\drivers\RsvLock.sys -- (RsvLock)

DRV - [2010/10/12 05:05:29 | 000,023,368 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\windows\SysWow64\drivers\SbFlop.sys -- (SbFlop)

DRV - [2010/10/12 05:05:14 | 000,056,648 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\windows\SysWow64\drivers\SafeBoot.sys -- (SafeBoot)

DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

DRV - [2008/08/13 15:51:44 | 000,060,128 | ---- | M] (SafeBoot N.V.) [Kernel | Boot | Running] -- C:\windows\SysWow64\drivers\SbAlg.sys -- (SBAlg)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.oracle.com/site/nasc/Sales/Organizations/NAA/index.htm

IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)

IE - HKCU\..\SearchScopes,DefaultScope = {8F99810B-04E2-4D06-9BF1-50320EDFDFE2}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU\..\SearchScopes\{8F99810B-04E2-4D06-9BF1-50320EDFDFE2}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.oracle.com;*.oracleads.com;*.us.oracle.com;*.uk.oracle.com;*.ca.oracle.com;*.oraclecorp.com;*.oracleportal.com;*.local;<local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.marketwatch.com/"

FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.0.0.561

FF - prefs.js..network.proxy.autoconfig_url: "http://wpad/wpad.dat"

FF - prefs.js..network.proxy.type: 4

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60129.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.3012: C:\Program Files (x86)\Real\RealPlayer Enterprise\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.3070: C:\Program Files (x86)\Real\RealPlayer Enterprise\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1830: C:\Program Files (x86)\Real\RealPlayer Enterprise\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\ [2011/10/14 07:12:31 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/19 12:08:21 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/07/23 14:55:23 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/04/15 04:34:49 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{EC3050F0-CA9E-11E1-8270-B8AC6F996F26}: C:\Users\jofriedm_us\AppData\Local\{EC3050F0-CA9E-11E1-8270-B8AC6F996F26}\ [2012/07/10 09:53:03 | 000,000,000 | ---D | M]

[2011/10/19 18:19:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jofriedm_us\AppData\Roaming\Mozilla\Extensions

[2012/07/05 18:54:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jofriedm_us\AppData\Roaming\Mozilla\Firefox\Profiles\7rqmhx4x.default\extensions

[2012/02/21 18:56:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2012/07/10 09:53:03 | 000,000,000 | ---D | M] (Mozilla Safe Browsing) -- C:\USERS\JOFRIEDM_US\APPDATA\LOCAL\{EC3050F0-CA9E-11E1-8270-B8AC6F996F26}

[2012/07/19 12:08:21 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2010/10/22 13:07:00 | 000,023,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll

[2012/06/22 12:50:41 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012/06/22 12:50:41 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/07/23 09:21:37 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)

O4:64bit: - HKLM..\Run: [edapc] "C:\Windows\System32\rundll32.exe" "C:\Users\jofriedm_us\AppData\Roaming\edapc.dll",MatrixPerspectiveRH File not found

O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [McAfee Host Intrusion Prevention Tray] C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireTray.exe (McAfee, Inc.)

O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)

O4 - HKLM..\Run: [safeBootTokenWatcher] C:\Program Files (x86)\McAfee\Endpoint Encryption for PC\SbTokWatch.exe (McAfee, Inc.)

O4 - HKLM..\Run: [safeBootTrayManager] C:\Program Files (x86)\SafeBoot Tray Manager\SbTrayManager.exe ()

O4 - HKLM..\Run: [shStatEXE] C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

O4 - HKCU..\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

O4 - Startup: C:\Users\jofriedm_us\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bvckup.lnk = C:\Users\jofriedm_us\Program Files (x86)\Bvckup\bvckup.exe (Yaletown Software Design Inc.)

O4 - Startup: C:\Users\jofriedm_us\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Oracle Open Office 3.3.lnk = C:\Program Files (x86)\Oracle\Oracle Open Office 3\program\quickstart.exe ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 1

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O15:64bit: - ..Trusted Domains: oracle.com ([login] https in Trusted sites)

O15:64bit: - ..Trusted Domains: oraclecorp.com ([global-ebusiness] https in Trusted sites)

O15:64bit: - ..Trusted Domains: oraclecorp.com ([global-erp] https in Trusted sites)

O15:64bit: - ..Trusted Domains: oraclecorp.com ([global-hrms] https in Trusted sites)

O15:64bit: - ..Trusted Domains: oraclecorp.com ([global-service] https in Trusted sites)

O15:64bit: - ..Trusted Domains: oraclevpn.com ([myaccess] https in Trusted sites)

O15 - HKLM\..Trusted Domains: oracle.com ([login] https in Trusted sites)

O15 - HKLM\..Trusted Domains: oraclecorp.com ([global-ebusiness] https in Trusted sites)

O15 - HKLM\..Trusted Domains: oraclecorp.com ([global-erp] https in Trusted sites)

O15 - HKLM\..Trusted Domains: oraclecorp.com ([global-hrms] https in Trusted sites)

O15 - HKLM\..Trusted Domains: oraclecorp.com ([global-service] https in Trusted sites)

O15 - HKLM\..Trusted Domains: oraclevpn.com ([myaccess] https in Trusted sites)

O15 - HKCU\..Trusted Domains: oracle.com ([login] https in Trusted sites)

O15 - HKCU\..Trusted Domains: oraclecorp.com ([global-ebusiness] https in Trusted sites)

O15 - HKCU\..Trusted Domains: oraclecorp.com ([global-erp] https in Trusted sites)

O15 - HKCU\..Trusted Domains: oraclecorp.com ([global-hrms] https in Trusted sites)

O15 - HKCU\..Trusted Domains: oraclecorp.com ([global-service] https in Trusted sites)

O15 - HKCU\..Trusted Domains: oraclevpn.com ([myaccess] https in Trusted sites)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} Reg Error: Value error. (Java Plug-in 10.5.0)

O16 - DPF: {B837CB5A-815F-4020-B402-83ADDEDAB019} https://global-crm.oraclecorp.com/callcenter_enu/20436/applets/SiebelAx_Smartscript.cab (Siebel SmartScript)

O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 10.5.0)

O16 - DPF: {D847E32E-BEE3-4B37-A1E2-D5AF9099A8AC} https://global-crm.oraclecorp.com/callcenter_enu/20436/applets/SiebelAx_HI_Client.cab (Siebel High Interactivity Framework)

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T27L10NSP25-10481/webex/ieatgpc1.cab (GpcContainer Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = us.oracle.com

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0C9E203C-091F-4C21-B594-C65A38A8ECFB}: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{89296FDA-7DCE-4E7C-B874-F86FEA0DCCA8}: DhcpNameServer = 192.168.0.1

O18:64bit: - Protocol\Handler\dssrequest - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\sacore - No CLSID value found

O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)

O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - Winlogon\Notify\igfxcui: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/23 14:55:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java

[2012/07/23 14:55:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java

[2012/07/23 13:32:04 | 000,200,704 | ---- | C] (McAfee, Inc.) -- C:\windows\SafeBoot.scr

[2012/07/23 09:29:07 | 000,000,000 | ---D | C] -- C:\windows\temp

[2012/07/23 09:21:41 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN

[2012/07/22 14:59:26 | 000,047,080 | ---- | C] (McAfee, Inc.) -- C:\windows\SysNative\HIPIS0e011b5.dll

[2012/07/22 14:59:26 | 000,040,328 | ---- | C] (McAfee, Inc.) -- C:\windows\SysWow64\HIPIS0e011b5.dll

[2012/07/22 14:39:08 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe

[2012/07/22 14:39:08 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe

[2012/07/22 14:39:08 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe

[2012/07/22 14:36:26 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012/07/22 14:36:13 | 000,000,000 | ---D | C] -- C:\windows\erdnt

[2012/07/22 14:33:47 | 004,582,474 | R--- | C] (Swearware) -- C:\Users\jofriedm_us\Desktop\ComboFix.exe

[2012/07/22 13:49:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco

[2012/07/21 10:06:02 | 000,000,000 | -HSD | C] -- C:\windows\SysWow64\%APPDATA%

[2012/07/21 10:02:55 | 000,000,000 | -HSD | C] -- C:\windows\SysNative\%APPDATA%

[2012/07/19 07:26:16 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\jofriedm_us\Desktop\OTL.exe

[2012/07/18 19:35:27 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\jofriedm_us\Desktop\dds.com

[2012/07/10 15:25:39 | 000,000,000 | ---D | C] -- C:\Users\jofriedm_us\AppData\Local\Macromedia

[2012/07/10 15:05:01 | 000,000,000 | ---D | C] -- C:\Users\jofriedm_us\AppData\Roaming\Malwarebytes

[2012/07/10 15:04:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/07/10 15:04:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/07/10 15:04:49 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys

[2012/07/10 15:04:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012/07/10 14:50:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy

[2012/07/10 14:49:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy

[2012/07/10 14:49:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy

[2012/07/10 09:53:03 | 000,000,000 | ---D | C] -- C:\Users\jofriedm_us\AppData\Local\{EC3050F0-CA9E-11E1-8270-B8AC6F996F26}

[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/24 06:36:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job

[2012/07/24 06:28:00 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/07/23 19:25:42 | 000,019,360 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/07/23 19:25:42 | 000,019,360 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/07/23 19:25:07 | 000,730,448 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI

[2012/07/23 19:25:07 | 000,627,316 | ---- | M] () -- C:\windows\SysNative\perfh009.dat

[2012/07/23 19:25:07 | 000,107,600 | ---- | M] () -- C:\windows\SysNative\perfc009.dat

[2012/07/23 19:18:05 | 000,000,904 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/07/23 19:17:56 | 000,127,959 | ---- | M] () -- C:\windows\SysWow64\api_hook_list.dat

[2012/07/23 19:17:56 | 000,002,033 | ---- | M] () -- C:\windows\SysNative\api_hook_list.dat

[2012/07/23 19:17:49 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat

[2012/07/23 19:17:45 | 2053,824,511 | -HS- | M] () -- C:\hiberfil.sys

[2012/07/23 14:36:10 | 000,225,965 | ---- | M] () -- C:\Users\jofriedm_us\Desktop\BS-R-200509371.pdf

[2012/07/23 14:35:42 | 000,477,832 | ---- | M] () -- C:\Users\jofriedm_us\Desktop\BS-R-200502287.pdf

[2012/07/23 14:35:26 | 002,089,658 | ---- | M] () -- C:\Users\jofriedm_us\Desktop\219_Sandy_Creek_Ranch_Drive_-_Survey_and_Affidavit.pdf

[2012/07/23 13:58:42 | 000,778,840 | ---- | M] () -- C:\Users\jofriedm_us\Desktop\BS-R-200409547.pdf

[2012/07/23 13:32:04 | 000,200,704 | ---- | M] (McAfee, Inc.) -- C:\windows\SafeBoot.scr

[2012/07/23 09:21:37 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts

[2012/07/22 14:33:48 | 004,582,474 | R--- | M] (Swearware) -- C:\Users\jofriedm_us\Desktop\ComboFix.exe

[2012/07/22 11:06:21 | 000,001,216 | RHS- | M] () -- C:\ProgramData\ntuser.pol

[2012/07/22 11:05:45 | 000,433,376 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT

[2012/07/22 08:33:32 | 000,001,143 | ---- | M] () -- C:\Users\jofriedm_us\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk

[2012/07/21 11:45:25 | 000,165,376 | ---- | M] () -- C:\Users\jofriedm_us\Desktop\SystemLook_x64.exe

[2012/07/20 10:02:32 | 000,007,757 | ---- | M] () -- C:\Users\jofriedm_us\Desktop\9a027a05-1b58-4e00-a2e3-618679192f9b.pdf

[2012/07/20 08:32:08 | 000,081,857 | ---- | M] () -- C:\Users\jofriedm_us\Desktop\price_list.pdf

[2012/07/19 11:29:32 | 007,195,600 | ---- | M] () -- C:\Users\jofriedm_us\Desktop\Cardtronics_AR2011_final_web_single.pdf

[2012/07/19 07:26:18 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\jofriedm_us\Desktop\OTL.exe

[2012/07/18 21:36:31 | 000,455,005 | ---- | M] () -- C:\Users\jofriedm_us\Desktop\Kitchen-Day-in-the-Life-of-100.pdf

[2012/07/18 19:35:28 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\jofriedm_us\Desktop\dds.com

[2012/07/18 19:29:24 | 001,552,384 | ---- | M] () -- C:\Users\jofriedm_us\Desktop\RogueKiller.exe

[2012/07/18 17:43:03 | 000,001,119 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/07/18 09:30:02 | 002,117,152 | ---- | M] () -- C:\Users\jofriedm_us\Desktop\tdsskiller.zip

[2012/07/12 09:08:02 | 000,147,992 | ---- | M] () -- C:\Users\jofriedm_us\Desktop\high-hamstring-tendinopathy-in-runners.pdf

[2012/07/11 16:07:22 | 000,016,798 | ---- | M] () -- C:\Users\jofriedm_us\Desktop\AR-M550N_20110603_165723.pdf

[2012/07/11 13:12:06 | 000,054,232 | ---- | M] () -- C:\Users\jofriedm_us\Desktop\3x3 Home Protection Plan - Sample.pdf

[2012/07/11 11:43:14 | 013,210,713 | ---- | M] () -- C:\Users\jofriedm_us\Desktop\bastrop.pdf

[2012/07/11 11:18:24 | 002,006,121 | ---- | M] () -- C:\Users\jofriedm_us\Desktop\sanitation_form1.pdf

[2012/07/10 14:59:26 | 000,001,322 | ---- | M] () -- C:\Users\jofriedm_us\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk

[2012/07/10 14:59:26 | 000,001,298 | ---- | M] () -- C:\Users\jofriedm_us\Desktop\Spybot - Search & Destroy.lnk

[2012/07/10 14:45:08 | 000,007,605 | ---- | M] () -- C:\Users\jofriedm_us\AppData\Local\Resmon.ResmonCfg

[2012/07/10 10:57:48 | 013,085,976 | ---- | M] () -- C:\Users\jofriedm_us\Desktop\A041912S1356.pdf

[2012/07/09 17:00:23 | 002,118,651 | ---- | M] () -- C:\Users\jofriedm_us\Desktop\kovar_maps.PDF

[2012/07/09 14:08:25 | 000,394,768 | ---- | M] () -- C:\Users\jofriedm_us\Desktop\SKMBT_C45212070923370.pdf

[2012/07/09 09:04:29 | 000,070,505 | ---- | M] () -- C:\Users\jofriedm_us\Desktop\65015_001.pdf

[2012/07/06 11:50:42 | 000,136,507 | ---- | M] () -- C:\Users\jofriedm_us\Desktop\243 HECTOR_070612.pdf

[2012/07/06 01:34:30 | 000,143,040 | ---- | M] (McAfee, Inc.) -- C:\windows\SysWow64\KevlarSigs.dll

[2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys

[2012/06/28 12:52:45 | 000,005,536 | ---- | M] () -- C:\Users\jofriedm_us\Desktop\Friedmann+Travelers+Quote+Smithville.pdf

[2012/06/28 12:50:27 | 000,148,266 | ---- | M] () -- C:\Users\jofriedm_us\Desktop\Friedmann+Travelers+Quote+Woodlands.pdf

[2012/06/28 09:32:45 | 001,510,084 | ---- | M] () -- C:\Users\jofriedm_us\Desktop\Plus rib install guide.5.25.04.pdf

[2012/06/28 09:27:47 | 000,032,504 | ---- | M] () -- C:\Users\jofriedm_us\Desktop\Maintenance_&_Repair_of_Metal_Roofing.pdf

[2012/06/28 07:08:14 | 000,173,099 | ---- | M] () -- C:\Users\jofriedm_us\Desktop\Grand-L40-Series-implements-comps.pdf

[2012/06/28 07:06:29 | 000,243,858 | ---- | M] () -- C:\Users\jofriedm_us\Desktop\Grand-L40-Series-comps.pdf

[2012/06/26 20:25:31 | 023,895,232 | ---- | M] () -- C:\Users\jofriedm_us\Desktop\WKO3.0.zip

[2012/06/26 13:00:21 | 000,049,946 | ---- | M] () -- C:\Users\jofriedm_us\Desktop\Wildlife_HB604_process_chart.pdf

[2012/06/26 12:42:36 | 000,007,370 | ---- | M] () -- C:\Users\jofriedm_us\Desktop\PropertyDataSheet.aspx

[2012/06/26 12:41:19 | 000,007,730 | ---- | M] () -- C:\Users\jofriedm_us\Desktop\45bc7d77-1ac9-4dae-9d9f-306c793a6b7d.pdf

[2012/06/26 12:14:17 | 002,002,949 | ---- | M] () -- C:\Users\jofriedm_us\Desktop\BASTROP COMPS3.pdf

[2012/06/26 10:38:57 | 005,276,456 | ---- | M] () -- C:\Users\jofriedm_us\Desktop\NFPA 70 Ed. 2002.pdf

[2012/06/26 10:37:18 | 000,022,299 | ---- | M] () -- C:\Users\jofriedm_us\Desktop\TIA70-11-1.pdf

[2012/06/25 15:28:08 | 000,339,865 | ---- | M] () -- C:\Users\jofriedm_us\Desktop\trlp_region5.pdf

[2012/06/25 15:28:05 | 000,332,696 | ---- | M] () -- C:\Users\jofriedm_us\Desktop\trlp_region7.pdf

[2012/06/25 15:25:01 | 008,871,506 | ---- | M] () -- C:\Users\jofriedm_us\Desktop\HoustonSLBay.pdf

[2012/06/25 15:24:53 | 009,941,926 | ---- | M] () -- C:\Users\jofriedm_us\Desktop\AustinRRock.pdf

[2012/06/25 11:18:10 | 000,512,998 | ---- | M] () -- C:\Users\jofriedm_us\Desktop\BPO PRICING FAQ 10-13-06.pdf

[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/23 19:17:56 | 000,127,959 | ---- | C] () -- C:\windows\SysWow64\api_hook_list.dat

[2012/07/23 19:17:56 | 000,002,033 | ---- | C] () -- C:\windows\SysNative\api_hook_list.dat

[2012/07/23 14:36:10 | 000,225,965 | ---- | C] () -- C:\Users\jofriedm_us\Desktop\BS-R-200509371.pdf

[2012/07/23 14:35:17 | 002,089,658 | ---- | C] () -- C:\Users\jofriedm_us\Desktop\219_Sandy_Creek_Ranch_Drive_-_Survey_and_Affidavit.pdf

[2012/07/23 13:58:40 | 000,778,840 | ---- | C] () -- C:\Users\jofriedm_us\Desktop\BS-R-200409547.pdf

[2012/07/22 14:39:08 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe

[2012/07/22 14:39:08 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe

[2012/07/22 14:39:08 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe

[2012/07/22 14:39:08 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe

[2012/07/22 14:39:08 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe

[2012/07/21 11:45:23 | 000,165,376 | ---- | C] () -- C:\Users\jofriedm_us\Desktop\SystemLook_x64.exe

[2012/07/20 10:02:32 | 000,007,757 | ---- | C] () -- C:\Users\jofriedm_us\Desktop\9a027a05-1b58-4e00-a2e3-618679192f9b.pdf

[2012/07/20 08:32:06 | 000,081,857 | ---- | C] () -- C:\Users\jofriedm_us\Desktop\price_list.pdf

[2012/07/19 13:47:25 | 000,477,832 | ---- | C] () -- C:\Users\jofriedm_us\Desktop\BS-R-200502287.pdf

[2012/07/19 11:29:20 | 007,195,600 | ---- | C] () -- C:\Users\jofriedm_us\Desktop\Cardtronics_AR2011_final_web_single.pdf

[2012/07/18 21:36:30 | 000,455,005 | ---- | C] () -- C:\Users\jofriedm_us\Desktop\Kitchen-Day-in-the-Life-of-100.pdf

[2012/07/18 19:29:21 | 001,552,384 | ---- | C] () -- C:\Users\jofriedm_us\Desktop\RogueKiller.exe

[2012/07/18 09:29:50 | 002,117,152 | ---- | C] () -- C:\Users\jofriedm_us\Desktop\tdsskiller.zip

[2012/07/18 09:01:45 | 000,433,376 | ---- | C] () -- C:\windows\SysNative\FNTCACHE.DAT

[2012/07/12 09:08:01 | 000,147,992 | ---- | C] () -- C:\Users\jofriedm_us\Desktop\high-hamstring-tendinopathy-in-runners.pdf

[2012/07/11 16:07:22 | 000,016,798 | ---- | C] () -- C:\Users\jofriedm_us\Desktop\AR-M550N_20110603_165723.pdf

[2012/07/11 13:12:06 | 000,054,232 | ---- | C] () -- C:\Users\jofriedm_us\Desktop\3x3 Home Protection Plan - Sample.pdf

[2012/07/11 11:42:59 | 013,210,713 | ---- | C] () -- C:\Users\jofriedm_us\Desktop\bastrop.pdf

[2012/07/11 11:18:22 | 002,006,121 | ---- | C] () -- C:\Users\jofriedm_us\Desktop\sanitation_form1.pdf

[2012/07/10 15:18:47 | 000,000,830 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job

[2012/07/10 15:04:57 | 000,001,119 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/07/10 14:50:06 | 000,001,322 | ---- | C] () -- C:\Users\jofriedm_us\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk

[2012/07/10 14:50:06 | 000,001,298 | ---- | C] () -- C:\Users\jofriedm_us\Desktop\Spybot - Search & Destroy.lnk

[2012/07/10 14:45:08 | 000,007,605 | ---- | C] () -- C:\Users\jofriedm_us\AppData\Local\Resmon.ResmonCfg

[2012/07/10 10:57:33 | 013,085,976 | ---- | C] () -- C:\Users\jofriedm_us\Desktop\A041912S1356.pdf

[2012/07/09 17:00:22 | 002,118,651 | ---- | C] () -- C:\Users\jofriedm_us\Desktop\kovar_maps.PDF

[2012/07/09 14:08:24 | 000,394,768 | ---- | C] () -- C:\Users\jofriedm_us\Desktop\SKMBT_C45212070923370.pdf

[2012/07/09 09:04:29 | 000,070,505 | ---- | C] () -- C:\Users\jofriedm_us\Desktop\65015_001.pdf

[2012/07/06 11:50:42 | 000,136,507 | ---- | C] () -- C:\Users\jofriedm_us\Desktop\243 HECTOR_070612.pdf

[2012/06/28 12:50:36 | 000,005,536 | ---- | C] () -- C:\Users\jofriedm_us\Desktop\Friedmann+Travelers+Quote+Smithville.pdf

[2012/06/28 12:50:22 | 000,148,266 | ---- | C] () -- C:\Users\jofriedm_us\Desktop\Friedmann+Travelers+Quote+Woodlands.pdf

[2012/06/28 09:32:44 | 001,510,084 | ---- | C] () -- C:\Users\jofriedm_us\Desktop\Plus rib install guide.5.25.04.pdf

[2012/06/28 09:27:40 | 000,032,504 | ---- | C] () -- C:\Users\jofriedm_us\Desktop\Maintenance_&_Repair_of_Metal_Roofing.pdf

[2012/06/28 07:08:07 | 000,173,099 | ---- | C] () -- C:\Users\jofriedm_us\Desktop\Grand-L40-Series-implements-comps.pdf

[2012/06/28 07:06:24 | 000,243,858 | ---- | C] () -- C:\Users\jofriedm_us\Desktop\Grand-L40-Series-comps.pdf

[2012/06/26 20:25:30 | 023,895,232 | ---- | C] () -- C:\Users\jofriedm_us\Desktop\WKO3.0.zip

[2012/06/26 13:00:21 | 000,049,946 | ---- | C] () -- C:\Users\jofriedm_us\Desktop\Wildlife_HB604_process_chart.pdf

[2012/06/26 12:41:19 | 000,007,730 | ---- | C] () -- C:\Users\jofriedm_us\Desktop\45bc7d77-1ac9-4dae-9d9f-306c793a6b7d.pdf

[2012/06/26 12:40:32 | 000,007,370 | ---- | C] () -- C:\Users\jofriedm_us\Desktop\PropertyDataSheet.aspx

[2012/06/26 12:14:15 | 002,002,949 | ---- | C] () -- C:\Users\jofriedm_us\Desktop\BASTROP COMPS3.pdf

[2012/06/26 10:38:50 | 005,276,456 | ---- | C] () -- C:\Users\jofriedm_us\Desktop\NFPA 70 Ed. 2002.pdf

[2012/06/26 10:37:18 | 000,022,299 | ---- | C] () -- C:\Users\jofriedm_us\Desktop\TIA70-11-1.pdf

[2012/06/25 15:28:08 | 000,339,865 | ---- | C] () -- C:\Users\jofriedm_us\Desktop\trlp_region5.pdf

[2012/06/25 15:28:04 | 000,332,696 | ---- | C] () -- C:\Users\jofriedm_us\Desktop\trlp_region7.pdf

[2012/06/25 15:24:56 | 008,871,506 | ---- | C] () -- C:\Users\jofriedm_us\Desktop\HoustonSLBay.pdf

[2012/06/25 15:24:47 | 009,941,926 | ---- | C] () -- C:\Users\jofriedm_us\Desktop\AustinRRock.pdf

[2012/06/25 11:18:10 | 000,512,998 | ---- | C] () -- C:\Users\jofriedm_us\Desktop\BPO PRICING FAQ 10-13-06.pdf

[2012/04/06 17:17:51 | 000,000,157 | ---- | C] () -- C:\windows\AIM_scaricocentraline.ini

[2012/03/05 11:34:56 | 000,000,434 | ---- | C] () -- C:\windows\AIM_RACE_STUDIO.INI

[2012/03/05 11:33:08 | 000,000,023 | ---- | C] () -- C:\windows\AIM_LANGUAGE.INI

[2012/03/05 11:33:04 | 000,237,568 | ---- | C] () -- C:\windows\SysWow64\glut32.dll

[2011/11/18 19:25:20 | 000,006,787 | ---- | C] () -- C:\Users\jofriedm_us\AppData\Roaming\PrimoPDFSet.xml

[2011/10/14 10:38:07 | 000,743,534 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI

[2011/10/14 10:36:24 | 000,114,240 | ---- | C] () -- C:\windows\tlist.exe

[2011/10/14 08:05:07 | 000,960,940 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin

[2011/10/14 08:05:07 | 000,207,376 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin

[2011/10/14 08:05:07 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin

[2011/04/26 09:12:49 | 000,001,216 | RHS- | C] () -- C:\ProgramData\ntuser.pol

========== LOP Check ==========

[2012/07/23 19:11:57 | 000,000,000 | ---D | M] -- C:\Users\jofriedm_us\AppData\Roaming\.purple

[2012/03/18 19:47:01 | 000,000,000 | ---D | M] -- C:\Users\jofriedm_us\AppData\Roaming\.purple.bak.1

[2012/02/14 21:54:28 | 000,000,000 | ---D | M] -- C:\Users\jofriedm_us\AppData\Roaming\Efciry

[2011/12/19 09:26:36 | 000,000,000 | ---D | M] -- C:\Users\jofriedm_us\AppData\Roaming\Oracle

[2011/10/14 08:45:32 | 000,000,000 | ---D | M] -- C:\Users\jofriedm_us\AppData\Roaming\OracleOpenOffice

[2012/02/15 20:02:29 | 000,000,000 | ---D | M] -- C:\Users\jofriedm_us\AppData\Roaming\Ryhoe

[2011/11/07 08:42:50 | 000,000,000 | ---D | M] -- C:\Users\jofriedm_us\AppData\Roaming\Stellent

[2011/10/14 08:44:58 | 000,000,000 | ---D | M] -- C:\Users\jofriedm_us\AppData\Roaming\Thunderbird

[2011/11/28 09:18:46 | 000,000,000 | ---D | M] -- C:\Users\jofriedm_us\AppData\Roaming\Track Systems

[2012/05/04 10:56:33 | 000,000,000 | ---D | M] -- C:\Users\jofriedm_us\AppData\Roaming\webex

[2011/11/14 14:54:39 | 000,000,000 | ---D | M] -- C:\Users\jofriedm_us\AppData\Roaming\Xerox

[2009/07/14 00:08:49 | 000,032,506 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< c:\program files\*. >

[2011/04/15 04:25:51 | 000,000,000 | ---D | M] -- c:\program files\7-Zip

[2011/04/15 04:32:40 | 000,000,000 | ---D | M] -- c:\program files\activePDF

[2011/11/07 12:17:03 | 000,000,000 | ---D | M] -- c:\program files\Bonjour

[2011/11/17 11:45:13 | 000,000,000 | ---D | M] -- c:\program files\CCleaner

[2011/04/15 04:25:36 | 000,000,000 | ---D | M] -- c:\program files\CDBurnerXP

[2011/11/07 12:11:12 | 000,000,000 | ---D | M] -- c:\program files\Common Files

[2011/10/14 07:12:46 | 000,000,000 | ---D | M] -- c:\program files\CONEXANT

[2011/10/14 05:19:11 | 000,000,000 | ---D | M] -- c:\program files\Dell

[2011/10/14 07:10:07 | 000,000,000 | ---D | M] -- c:\program files\DellTPad

[2011/03/15 15:46:22 | 000,000,000 | ---D | M] -- c:\program files\DVD Maker

[2011/10/14 07:10:19 | 000,000,000 | ---D | M] -- c:\program files\IDT

[2012/07/22 10:55:02 | 000,000,000 | ---D | M] -- c:\program files\Internet Explorer

[2012/06/14 15:35:37 | 000,000,000 | ---D | M] -- c:\program files\iPod

[2012/06/14 15:36:20 | 000,000,000 | ---D | M] -- c:\program files\iTunes

[2011/04/15 04:17:36 | 000,000,000 | ---D | M] -- c:\program files\Java

[2012/06/19 21:11:09 | 000,000,000 | ---D | M] -- c:\program files\Macrium

[2011/10/14 10:27:53 | 000,000,000 | ---D | M] -- c:\program files\Microsoft Office

[2009/07/14 00:32:38 | 000,000,000 | ---D | M] -- c:\program files\MSBuild

[2011/04/15 04:29:32 | 000,000,000 | ---D | M] -- c:\program files\Oracle

[2009/07/14 00:32:38 | 000,000,000 | ---D | M] -- c:\program files\Reference Assemblies

[2011/10/14 07:09:12 | 000,000,000 | ---D | M] -- c:\program files\STMicroelectronics

[2009/07/14 00:09:26 | 000,000,000 | -H-D | M] -- c:\program files\Uninstall Information

[2011/10/14 05:19:39 | 000,000,000 | ---D | M] -- c:\program files\WIDCOMM

[2011/10/14 10:04:32 | 000,000,000 | ---D | M] -- c:\program files\Windows Defender

[2012/05/11 08:26:17 | 000,000,000 | ---D | M] -- c:\program files\Windows Journal

[2011/10/14 10:04:34 | 000,000,000 | ---D | M] -- c:\program files\Windows Mail

[2011/10/14 10:04:34 | 000,000,000 | ---D | M] -- c:\program files\Windows Media Player

[2009/07/14 00:32:38 | 000,000,000 | ---D | M] -- c:\program files\Windows NT

[2011/10/14 10:04:32 | 000,000,000 | ---D | M] -- c:\program files\Windows Photo Viewer

[2010/11/20 22:31:34 | 000,000,000 | ---D | M] -- c:\program files\Windows Portable Devices

[2011/10/14 10:04:34 | 000,000,000 | ---D | M] -- c:\program files\Windows Sidebar

< c:\program files (x86)\*. >

[2012/02/27 16:05:54 | 000,000,000 | ---D | M] -- c:\program files (x86)\Adobe

[2011/11/07 12:17:36 | 000,000,000 | ---D | M] -- c:\program files (x86)\Apple Software Update

[2011/11/07 12:17:03 | 000,000,000 | ---D | M] -- c:\program files (x86)\Bonjour

[2011/10/14 08:35:13 | 000,000,000 | ---D | M] -- c:\program files (x86)\Cisco

[2012/04/05 13:57:14 | 000,000,000 | ---D | M] -- c:\program files (x86)\Citrix

[2012/07/23 14:55:36 | 000,000,000 | ---D | M] -- c:\program files (x86)\Common Files

[2011/04/15 05:08:27 | 000,000,000 | ---D | M] -- c:\program files (x86)\Desktop Tools

[2012/06/22 16:16:28 | 000,000,000 | ---D | M] -- c:\program files (x86)\Google

[2012/03/05 16:37:19 | 000,000,000 | -H-D | M] -- c:\program files (x86)\InstallShield Installation Information

[2012/07/22 10:55:02 | 000,000,000 | ---D | M] -- c:\program files (x86)\Internet Explorer

[2012/06/14 15:36:19 | 000,000,000 | ---D | M] -- c:\program files (x86)\iTunes

[2012/07/23 14:55:02 | 000,000,000 | ---D | M] -- c:\program files (x86)\Java

[2012/07/18 19:08:56 | 000,000,000 | ---D | M] -- c:\program files (x86)\Malwarebytes' Anti-Malware

[2011/12/01 22:16:50 | 000,000,000 | ---D | M] -- c:\program files (x86)\McAfee

[2012/06/12 10:01:20 | 000,000,000 | ---D | M] -- c:\program files (x86)\Microsoft Office

[2011/04/15 03:43:44 | 000,000,000 | ---D | M] -- c:\program files (x86)\Microsoft Silverlight

[2011/10/14 10:28:59 | 000,000,000 | ---D | M] -- c:\program files (x86)\Microsoft Visual Studio

[2011/10/14 10:30:09 | 000,000,000 | ---D | M] -- c:\program files (x86)\Microsoft Works

[2011/10/14 10:28:41 | 000,000,000 | ---D | M] -- c:\program files (x86)\Microsoft.NET

[2012/07/21 11:45:53 | 000,000,000 | ---D | M] -- c:\program files (x86)\Mozilla Firefox

[2012/07/22 11:04:36 | 000,000,000 | ---D | M] -- c:\program files (x86)\Mozilla Maintenance Service

[2011/04/15 04:16:54 | 000,000,000 | ---D | M] -- c:\program files (x86)\Mozilla Thunderbird

[2009/07/14 00:32:38 | 000,000,000 | ---D | M] -- c:\program files (x86)\MSBuild

[2011/04/19 12:44:39 | 000,000,000 | ---D | M] -- c:\program files (x86)\odp

[2011/10/14 10:37:54 | 000,000,000 | ---D | M] -- c:\program files (x86)\Oracle

[2012/03/18 19:46:54 | 000,000,000 | ---D | M] -- c:\program files (x86)\Pidgin

[2011/04/15 04:34:45 | 000,000,000 | ---D | M] -- c:\program files (x86)\Real

[2009/07/14 00:32:38 | 000,000,000 | ---D | M] -- c:\program files (x86)\Reference Assemblies

[2011/10/14 08:25:05 | 000,000,000 | ---D | M] -- c:\program files (x86)\SafeBoot Tray Manager

[2012/07/10 15:33:49 | 000,000,000 | ---D | M] -- c:\program files (x86)\Spybot - Search & Destroy

[2011/10/14 05:22:02 | 000,000,000 | ---D | M] -- c:\program files (x86)\STMicroelectronics

[2011/11/28 09:16:12 | 000,000,000 | ---D | M] -- c:\program files (x86)\Track Systems

[2009/07/13 23:57:06 | 000,000,000 | -H-D | M] -- c:\program files (x86)\Uninstall Information

[2011/04/15 04:26:47 | 000,000,000 | ---D | M] -- c:\program files (x86)\vviewer

[2011/10/14 10:04:34 | 000,000,000 | ---D | M] -- c:\program files (x86)\Windows Defender

[2011/10/14 10:04:34 | 000,000,000 | ---D | M] -- c:\program files (x86)\Windows Mail

[2011/10/14 10:04:34 | 000,000,000 | ---D | M] -- c:\program files (x86)\Windows Media Player

[2009/07/14 00:32:38 | 000,000,000 | ---D | M] -- c:\program files (x86)\Windows NT

[2011/10/14 10:04:34 | 000,000,000 | ---D | M] -- c:\program files (x86)\Windows Photo Viewer

[2010/11/20 22:31:38 | 000,000,000 | ---D | M] -- c:\program files (x86)\Windows Portable Devices

[2011/10/14 10:04:34 | 000,000,000 | ---D | M] -- c:\program files (x86)\Windows Sidebar

< C:\windows\SysWow64\*. >

[2012/07/21 10:06:02 | 000,000,000 | -HSD | M] -- C:\windows\SysWow64\%APPDATA%

[2010/11/21 01:14:17 | 000,000,000 | ---D | M] -- C:\windows\SysWow64\0409

[2011/04/15 04:34:13 | 000,000,000 | ---D | M] -- C:\windows\SysWow64\Adobe

[2010/11/20 22:31:14 | 000,000,000 | ---D | M] -- C:\windows\SysWow64\AdvancedInstallers

[2009/07/13 22:20:16 | 000,000,000 | ---D | M] -- C:\windows\SysWow64\ar-SA

[2009/07/13 22:20:16 | 000,000,000 | ---D | M] -- C:\windows\SysWow64\bg-BG

[2009/07/13 21:35:36 | 000,000,000 | ---D | M] -- C:\windows\SysWow64\catroot

[2009/07/13 21:35:36 | 000,000,000 | ---D | M] -- C:\windows\SysWow64\catroot2

[2011/10/14 10:04:28 | 000,000,000 | ---D | M] -- C:\windows\SysWow64\com

[2009/07/13 22:20:14 | 000,000,000 | ---D | M] -- C:\windows\SysWow64\config

[2010/11/20 22:31:14 | 000,000,000 | ---D | M] -- C:\windows\SysWow64\cs-CZ

[2010/11/20 22:31:19 | 000,000,000 | ---D | M] -- C:\windows\SysWow64\da-DK

[2009/07/13 22:20:16 | 000,000,000 | ---D | M] -- C:\windows\SysWow64\de-DE

[2011/10/14 10:04:29 | 000,000,000 | ---D | M] -- C:\windows\SysWow64\Dism

[2012/07/23 09:17:06 | 000,000,000 | ---D | M] -- C:\windows\SysWow64\drivers

[2011/10/14 10:04:29 | 000,000,000 | ---D | M] -- C:\windows\SysWow64\DriverStore

[2009/07/13 22:20:17 | 000,000,000 | ---D | M] -- C:\windows\SysWow64\el-GR

[2010/11/21 01:14:17 | 000,000,000 | ---D | M] -- C:\windows\SysWow64\en

[2012/07/22 10:55:01 | 000,000,000 | ---D | M] -- C:\windows\SysWow64\en-US

[2010/11/20 22:31:13 | 000,000,000 | ---D | M] -- C:\windows\SysWow64\es-ES

[2009/07/13 22:20:17 | 000,000,000 | ---D | M] -- C:\windows\SysWow64\et-EE

[2009/07/13 22:20:17 | 000,000,000 | ---D | M] -- C:\windows\SysWow64\fi-FI

[2011/10/14 10:04:14 | 000,000,000 | ---D | M] -- C:\windows\SysWow64\fr-FR

[2009/07/14 00:32:38 | 000,000,000 | ---D | M] -- C:\windows\SysWow64\FxsTmp

[2011/04/26 09:12:48 | 000,000,000 | ---D | M] -- C:\windows\SysWow64\GroupPolicy

[2009/07/13 21:34:27 | 000,000,000 | ---D | M] -- C:\windows\SysWow64\GroupPolicyUsers

[2009/07/13 22:20:17 | 000,000,000 | ---D | M] -- C:\windows\SysWow64\he-IL

[2009/07/13 22:20:17 | 000,000,000 | ---D | M] -- C:\windows\SysWow64\hr-HR

[2009/07/13 22:20:17 | 000,000,000 | ---D | M] -- C:\windows\SysWow64\hu-HU

[2009/07/13 22:20:17 | 000,000,000 | ---D | M] -- C:\windows\SysWow64\icsxml

[2009/07/13 22:20:14 | 000,000,000 | ---D | M] -- C:\windows\SysWow64\IME

[2009/07/13 21:36:55 | 000,000,000 | ---D | M] -- C:\windows\SysWow64\inetsrv

[2009/07/13 22:20:17 | 000,000,000 | ---D | M] -- C:\windows\SysWow64\InstallShield

[2009/07/13 22:20:17 | 000,000,000 | ---D | M] -- C:\windows\SysWow64\it-IT

[2011/10/14 10:04:31 | 000,000,000 | ---D | M] -- C:\windows\SysWow64\ja-JP

[2011/10/14 10:04:49 | 000,000,000 | ---D | M] -- C:\windows\SysWow64\ko-KR

[2009/07/14 00:32:38 | 000,000,000 | ---D | M] -- C:\windows\SysWow64\LogFiles

[2009/07/13 22:20:17 | 000,000,000 | ---D | M] -- C:\windows\SysWow64\lt-LT

[2009/07/13 22:20:19 | 000,000,000 | ---D | M] -- C:\windows\SysWow64\lv-LV

[2011/04/15 04:26:55 | 000,000,000 | ---D | M] -- C:\windows\SysWow64\Macromed

[2010/11/20 22:31:14 | 000,000,000 | ---D | M] -- C:\windows\SysWow64\manifeststore

[2012/06/18 09:33:43 | 000,000,000 | ---D | M] -- C:\windows\SysWow64\migration

[2011/10/14 10:04:31 | 000,000,000 | ---D | M] -- C:\windows\SysWow64\migwiz

[2009/07/13 22:20:14 | 000,000,000 | ---D | M] -- C:\windows\SysWow64\Msdtc

[2011/10/14 10:04:29 | 000,000,000 | ---D | M] -- C:\windows\SysWow64\MUI

[2009/07/13 22:20:19 | 000,000,000 | ---D | M] -- C:\windows\SysWow64\nb-NO

[2009/07/13 21:34:31 | 000,000,000 | ---D | M] -- C:\windows\SysWow64\NDF

[2009/07/13 22:20:14 | 000,000,000 | ---D | M] -- C:\windows\SysWow64\NetworkList

[2009/07/13 22:20:19 | 000,000,000 | ---D | M] -- C:\windows\SysWow64\nl-NL

[2011/10/14 10:04:31 | 000,000,000 | ---D | M] -- C:\windows\SysWow64\oobe

[2009/07/13 22:20:19 | 000,000,000 | ---D | M] -- C:\windows\SysWow64\pl-PL

[2011/10/14 10:04:29 | 000,000,000 | ---D | M] -- C:\windows\SysWow64\Printing_Admin_Scripts

[2009/07/13 22:20:19 | 000,000,000 | ---D | M] -- C:\windows\SysWow64\pt-BR

[2009/07/13 22:20:19 | 000,000,000 | ---D | M] -- C:\windows\SysWow64\pt-PT

[2009/07/13 22:20:19 | 000,000,000 | ---D | M] -- C:\windows\SysWow64\ras

[2009/07/13 22:20:19 | 000,000,000 | ---D | M] -- C:\windows\SysWow64\Recovery

[2009/07/14 00:32:38 | 000,000,000 | ---D | M] -- C:\windows\SysWow64\restore

[2009/07/13 22:20:19 | 000,000,000 | ---D | M] -- C:\windows\SysWow64\ro-RO

[2009/07/13 22:20:19 | 000,000,000 | ---D | M] -- C:\windows\SysWow64\ru-RU

[2011/10/14 10:04:29 | 000,000,000 | ---D | M] -- C:\windows\SysWow64\Setup

[2011/11/28 09:16:12 | 000,000,000 | ---D | M] -- C:\windows\SysWow64\Silabs

[2009/07/13 22:20:19 | 000,000,000 | ---D | M] -- C:\windows\SysWow64\sk-SK

[2009/07/13 22:20:19 | 000,000,000 | ---D | M] -- C:\windows\SysWow64\sl-SI

[2011/10/14 10:04:29 | 000,000,000 | ---D | M] -- C:\windows\SysWow64\slmgr

[2009/07/14 00:32:38 | 000,000,000 | ---D | M] -- C:\windows\SysWow64\Speech

[2009/07/13 22:20:14 | 000,000,000 | ---D | M] -- C:\windows\SysWow64\spp

[2010/11/20 22:31:13 | 000,000,000 | ---D | M] -- C:\windows\SysWow64\sppui

[2009/07/13 22:20:19 | 000,000,000 | ---D | M] -- C:\windows\SysWow64\sr-Latn-CS

[2009/07/13 22:20:19 | 000,000,000 | ---D | M] -- C:\windows\SysWow64\sv-SE

[2011/10/14 10:04:29 | 000,000,000 | ---D | M] -- C:\windows\SysWow64\sysprep

[2009/07/13 22:20:14 | 000,000,000 | ---D | M] -- C:\windows\SysWow64\Tasks

[2009/07/13 22:20:19 | 000,000,000 | ---D | M] -- C:\windows\SysWow64\th-TH

[2009/07/13 22:20:19 | 000,000,000 | ---D | M] -- C:\windows\SysWow64\tr-TR

[2009/07/13 22:20:19 | 000,000,000 | ---D | M] -- C:\windows\SysWow64\uk-UA

[2011/04/15 03:48:03 | 000,000,000 | ---D | M] -- C:\windows\SysWow64\Wat

[2011/10/14 10:04:28 | 000,000,000 | ---D | M] -- C:\windows\SysWow64\wbem

[2011/10/14 10:04:29 | 000,000,000 | ---D | M] -- C:\windows\SysWow64\WCN

[2009/07/13 22:20:14 | 000,000,000 | ---D | M] -- C:\windows\SysWow64\wdi

[2009/07/14 00:32:38 | 000,000,000 | ---D | M] -- C:\windows\SysWow64\WindowsPowerShell

[2011/10/14 10:04:49 | 000,000,000 | ---D | M] -- C:\windows\SysWow64\winrm

[2011/10/14 09:16:06 | 000,000,000 | ---D | M] -- C:\windows\SysWow64\zh-CN

[2009/07/13 22:20:20 | 000,000,000 | ---D | M] -- C:\windows\SysWow64\zh-HK

[2011/10/14 10:03:55 | 000,000,000 | ---D | M] -- C:\windows\SysWow64\zh-TW

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========

[C:\windows\OrclOBI] -> C:\ProgramData\Oracle\Baseimage -> Junction

< End of report >

Link to post
Share on other sites

I have no clue, why it always comes back. Maybe bundled with a Freeware Software.

If not done yet, please reboot your OS and run a new Quick Scan with MBAM

Nosey if it comes back again.

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.