phower2112
Honorary Members-
Posts
32 -
Joined
-
Last visited
Reputation
0 Neutral-
Maurice, I deleted it and the other two folders weren't present. I really appreciate the time you took to help me. Take care, Pat
-
Hi Maurice, Well..this is frustrating. My McAfee Virus Scan SW thinks this is a Trojan virus and will not allow me to download. Again, from the beginning of our conversation, I cannot disable my Corporate Virus SW...
-
Hi...Still didn't work
-
Hi.. Sorry for the late reply. Still named uninstall.exe - on the desktop
-
OTL ran and deleted itself. But, combofix is still there. Can I just delete?
-
I renamed combofix as you requested and ran as Admin - and it extracts the files and tries to run?
-
Hi Maurice, Since we'be been working together on this, I haven't performed any operation outside of your requests. Other than the wireless issue, both IE and Firefox seem to be functioning as expected. All processes killed ========== PROCESSES ========== ========== FILES ========== recycler not found in C:\ File\Folder c:\progra~1\wi3c8a~1\datamngr\toolbar\searchqudtx.dll not found. ========== REGISTRY ========== Registry delete failed. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ scheduled to be deleted on reboot. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found. ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: All Users User: AT ->Temp folder emptied: 0 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: phower64766 ->Temp folder emptied: 5817090 bytes ->Temporary Internet Files folder emptied: 69464037 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 55661637 bytes ->Flash cache emptied: 16055 bytes User: Public ->Temp folder emptied: 0 bytes User: rvaliantx037575 ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 312990 bytes RecycleBin emptied: 14885188 bytes Total Files Cleaned = 139.00 mb [EMPTYFLASH] User: Administrator ->Flash cache emptied: 0 bytes User: All Users User: AT User: Default User: Default User User: phower64766 ->Flash cache emptied: 0 bytes User: Public User: rvaliantx037575 Total Flash Files Cleaned = 0.00 mb OTL by OldTimer - Version 3.2.31.0 log created on 12292011_062924 Files\Folders moved on Reboot... C:\Windows\temp\FXSAPIDebugLogFile.txt moved successfully. C:\Windows\temp\FXSTIFFDebugLogFile.txt moved successfully. File\Folder C:\Windows\temp\nsd_tmp_2028.tmp not found! Registry entries deleted on Reboot... Registry delete failed. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ scheduled to be deleted on reboot. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
-
Malwarebytes Anti-Malware 1.60.0.1800 www.malwarebytes.org Database version: v2011.12.28.02 Windows 7 x86 NTFS Internet Explorer 8.0.7600.16385 PHower64766 :: 1B092539H [administrator] 12/28/2011 5:39:15 AM mbam-log-2011-12-28 (05-39-15).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 471827 Time elapsed: 1 hour(s), 48 minute(s), 54 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) OTL logfile created on: 12/28/2011 7:35:04 AM - Run 4 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\phower64766\Desktop Enterprise Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.86 Gb Total Physical Memory | 0.20 Gb Available Physical Memory | 6.83% Memory free 5.72 Gb Paging File | 2.20 Gb Available in Paging File | 38.54% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 119.24 Gb Total Space | 19.54 Gb Free Space | 16.38% Space Free | Partition Type: NTFS Computer Name: 1B092539H | User Name: PHower64766 | NOT logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011/12/26 12:01:54 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\phower64766\Desktop\OTL.exe PRC - [2011/12/24 17:50:16 | 000,981,680 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe PRC - [2011/12/21 00:24:51 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2011/11/09 23:04:50 | 000,370,504 | ---- | M] (Splashtop Inc.) -- C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe PRC - [2011/10/24 17:02:04 | 000,520,040 | ---- | M] (Splashtop Inc.) -- C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe PRC - [2011/10/24 17:02:00 | 002,468,200 | ---- | M] (Splashtop Inc.) -- C:\Program Files\Splashtop\Splashtop Remote\Server\SRServer.exe PRC - [2011/10/24 17:00:40 | 001,922,920 | ---- | M] () -- C:\Program Files\Splashtop\Splashtop Remote\Server\DataProxy.exe PRC - [2011/07/15 21:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2011/06/16 21:04:24 | 000,166,520 | ---- | M] (PGP Corporation) -- C:\Program Files\PGP Corporation\PGP Desktop\RDDService.exe PRC - [2011/06/16 21:04:24 | 000,135,288 | ---- | M] (PGP Corporation) -- C:\Windows\System32\PGPserv.exe PRC - [2011/04/10 14:25:00 | 000,146,535 | ---- | M] (Sase Sham, Inc.) -- C:\Program Files\Wireless AutoSwitch\WrlsAutoSW.exs PRC - [2011/03/02 10:07:04 | 002,745,760 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe PRC - [2011/02/11 11:39:56 | 012,854,680 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\NetBackup DLO\DLO\DLOClientu.exe PRC - [2011/02/11 11:39:48 | 000,968,088 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\NetBackup DLO\DLO\DLOChangeLogSvcu.exe PRC - [2011/01/28 11:08:16 | 001,349,032 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TECO\Teco.exe PRC - [2011/01/14 17:19:42 | 002,885,056 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe PRC - [2011/01/12 15:05:00 | 000,185,664 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe PRC - [2011/01/12 15:05:00 | 000,161,088 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe PRC - [2011/01/12 15:05:00 | 000,120,128 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe PRC - [2011/01/12 15:05:00 | 000,075,072 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\McTray.exe PRC - [2010/12/08 14:51:14 | 000,189,880 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TECO\TecoService.exe PRC - [2010/11/14 19:04:58 | 000,231,888 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10h_ActiveX.exe PRC - [2010/11/05 22:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010/11/05 22:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe PRC - [2010/11/04 10:03:40 | 000,783,224 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TFPU\TFPUTaskMonitor.exe PRC - [2010/11/02 09:38:00 | 000,341,392 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe PRC - [2010/09/16 07:13:50 | 002,538,520 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe PRC - [2010/09/16 07:13:46 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe PRC - [2010/09/16 07:13:40 | 001,522,200 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe PRC - [2010/09/06 15:18:00 | 000,746,384 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe PRC - [2010/08/25 19:07:00 | 000,147,984 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe PRC - [2010/08/25 19:07:00 | 000,069,192 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe PRC - [2010/08/25 19:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe PRC - [2010/08/25 19:07:00 | 000,027,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe PRC - [2010/08/25 19:07:00 | 000,022,816 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe PRC - [2010/08/23 15:12:00 | 000,677,264 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe PRC - [2010/08/23 15:12:00 | 000,087,440 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe PRC - [2010/08/12 20:47:58 | 015,895,392 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE PRC - [2010/08/11 09:26:32 | 000,031,624 | ---- | M] (IBM Corp) -- C:\Program Files\IBM\Lotus\Notes\nslsvice.exe PRC - [2010/08/11 09:26:10 | 003,417,480 | ---- | M] (IBM) -- C:\Program Files\IBM\Lotus\Notes\nsd.exe PRC - [2010/07/27 16:52:26 | 000,984,432 | ---- | M] (Juniper Networks) -- C:\Program Files\Juniper Networks\Network Connect 6.5.0\dsNetworkConnect.exe PRC - [2010/07/27 16:52:26 | 000,623,984 | ---- | M] (Juniper Networks) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe PRC - [2010/06/30 19:21:22 | 005,143,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office Communicator\communicator.exe PRC - [2010/06/17 17:11:56 | 002,043,712 | ---- | M] (AuthenTec, Inc.) -- C:\Program Files\Fingerprint Sensor\AtService.exe PRC - [2010/06/02 16:46:12 | 000,497,008 | ---- | M] (Juniper Networks) -- C:\Users\phower64766\AppData\Roaming\Juniper Networks\Setup Client\JuniperSetupClient.exe PRC - [2010/06/02 16:26:20 | 000,132,464 | ---- | M] (Juniper Networks) -- C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe PRC - [2010/05/11 16:22:04 | 007,824,896 | ---- | M] (AccessData Corporation) -- C:\Program Files\AccessData\Agent\ADService.exe PRC - [2010/04/12 09:46:00 | 000,152,944 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe PRC - [2010/03/29 19:26:00 | 000,227,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE PRC - [2010/03/16 01:58:36 | 000,718,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE PRC - [2010/03/02 09:24:26 | 000,888,752 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TFPU\TFPUPWDBank.exe PRC - [2010/02/25 17:25:00 | 000,288,224 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosSkypeApl.exe PRC - [2009/10/30 22:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009/10/28 07:49:46 | 000,209,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2009/10/28 07:49:40 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe PRC - [2009/09/18 02:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CCM\CcmExec.exe PRC - [2009/07/13 18:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009/07/13 18:14:15 | 000,301,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe PRC - [2009/04/03 17:17:00 | 000,447,816 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe PRC - [2007/01/21 21:33:24 | 000,153,352 | ---- | M] (EMC) -- C:\Program Files\eRoom 7\ERClient7.exe ========== Modules (No Company Name) ========== MOD - [2011/12/21 00:24:51 | 002,124,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll MOD - [2011/11/04 20:15:24 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\655ed19f57b30488bf4c407ae1bc8fc6\IAStorUtil.ni.dll MOD - [2011/11/04 20:15:24 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\9cdcbab4b98eff0399edc83e8728c516\IAStorCommon.ni.dll MOD - [2011/11/04 15:43:38 | 003,313,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d9f057ed30e6941d47a8754bf0bcadea\WindowsBase.ni.dll MOD - [2011/11/04 15:43:33 | 012,431,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d76221993c2fdfb991b8c12ae50a30eb\System.Windows.Forms.ni.dll MOD - [2011/11/04 15:43:23 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\018d2569cf208acbe8ad73908705f607\System.Runtime.Remoting.ni.dll MOD - [2011/11/04 15:43:17 | 011,807,744 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5a95ba97100404e2ab26b5a9ab9ef965\System.Web.ni.dll MOD - [2011/11/04 15:43:11 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\0e245eb9c1067cabd5673fe832d28613\System.Drawing.ni.dll MOD - [2011/11/04 15:43:08 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\275680f2b9db0501d53c50ea7d7a43f0\System.Xml.ni.dll MOD - [2011/11/04 15:43:05 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e9ebeb7959f1c916ebf6fca8f7077d6c\System.Configuration.ni.dll MOD - [2011/11/04 15:42:53 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\95b9866ab6e4437ef5dc5855ebab4e33\System.ni.dll MOD - [2011/11/04 15:42:44 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011/01/08 10:49:22 | 000,295,800 | ---- | M] () -- C:\Program Files\Toshiba\TFPU\TFPUCommon.dll MOD - [2010/12/15 14:18:08 | 000,107,936 | ---- | M] () -- C:\Program Files\Toshiba\TECO\MUIHelp.dll MOD - [2010/03/24 20:17:36 | 008,794,464 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll MOD - [2010/02/28 01:55:42 | 001,040,736 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll MOD - [2010/01/30 01:41:12 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF MOD - [2008/05/19 09:32:20 | 001,212,416 | ---- | M] () -- C:\Program Files\BestOn\EZVirtual Cam\EZVirtualCamDLL.dll MOD - [2007/10/08 08:33:34 | 000,053,248 | ---- | M] () -- C:\Program Files\BestOn\EZVirtual Cam\EZVirtualCam.ax MOD - [2007/09/21 16:19:16 | 000,176,128 | ---- | M] () -- C:\Program Files\BestOn\EZVirtual Cam\FinalTrial.dll MOD - [2007/09/21 15:55:40 | 000,327,680 | ---- | M] () -- C:\Program Files\BestOn\EZVirtual Cam\EZVerify.dll MOD - [2007/09/21 10:47:54 | 000,196,608 | ---- | M] () -- C:\Program Files\BestOn\EZVirtual Cam\Detector.dll MOD - [2007/05/18 20:22:06 | 000,698,432 | ---- | M] () -- C:\Program Files\BestOn\EZVirtual Cam\libmng.dll MOD - [2007/04/18 18:30:46 | 000,471,040 | ---- | M] () -- C:\Program Files\McAfee\Common Framework\ccme_base.dll MOD - [2007/04/18 18:30:46 | 000,393,216 | ---- | M] () -- C:\Program Files\McAfee\Common Framework\cryptocme2.dll MOD - [2007/01/21 21:33:28 | 000,087,816 | ---- | M] () -- C:\Program Files\eRoom 7\Res\ResAddin7409.dll ========== Win32 Services (SafeList) ========== SRV - [2011/11/09 23:04:50 | 000,370,504 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe -- (SSUService) SRV - [2011/10/24 17:02:04 | 000,520,040 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe -- (SplashtopRemoteService) SRV - [2011/06/16 21:04:24 | 000,166,520 | ---- | M] (PGP Corporation) [Auto | Running] -- C:\Program Files\PGP Corporation\PGP Desktop\RDDService.exe -- (PGP RDD Service) SRV - [2011/06/16 21:04:24 | 000,135,288 | ---- | M] (PGP Corporation) [Auto | Running] -- C:\Windows\System32\PGPserv.exe -- (PGPserv) SRV - [2011/06/11 20:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2011/04/10 14:25:00 | 000,146,535 | ---- | M] (Sase Sham, Inc.) [Auto | Running] -- C:\Program Files\Wireless AutoSwitch\WrlsAutoSW.exs -- (Wireless_AutoSwitch) SRV - [2011/02/11 11:39:48 | 000,968,088 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\NetBackup DLO\DLO\DLOChangeLogSvcu.exe -- (DLOChangeJournalSvc) SRV - [2011/01/12 15:05:00 | 000,120,128 | ---- | M] (McAfee, Inc.) [unknown | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework) SRV - [2010/12/08 14:51:14 | 000,189,880 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service) SRV - [2010/11/05 22:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel® SRV - [2010/09/16 07:13:50 | 002,538,520 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel® SRV - [2010/09/16 07:13:46 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel® SRV - [2010/08/25 19:07:00 | 000,147,984 | ---- | M] (McAfee, Inc.) [unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield) SRV - [2010/08/25 19:07:00 | 000,069,192 | ---- | M] (McAfee, Inc.) [unknown | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp) SRV - [2010/08/25 19:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) [unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager) SRV - [2010/08/25 19:07:00 | 000,022,816 | ---- | M] (McAfee, Inc.) [unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe -- (McAfeeEngineService) SRV - [2010/08/11 09:27:12 | 000,058,760 | ---- | M] (IBM Corp) [Disabled | Stopped] -- C:\Program Files\IBM\Lotus\Notes\ntmulti.exe -- (Multi-user Cleanup Service) SRV - [2010/08/11 09:26:32 | 000,031,624 | ---- | M] (IBM Corp) [Auto | Running] -- C:\Program Files\IBM\Lotus\Notes\nslsvice.exe -- (Lotus Notes Single Logon) SRV - [2010/08/11 09:26:10 | 003,417,480 | ---- | M] (IBM) [Auto | Running] -- C:\Program Files\IBM\Lotus\Notes\nsd.exe -- (Lotus Notes Diagnostics) SRV - [2010/07/27 16:52:26 | 000,623,984 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService) SRV - [2010/06/17 17:11:56 | 002,043,712 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Program Files\Fingerprint Sensor\AtService.exe -- (ATService) SRV - [2010/06/02 16:26:20 | 000,132,464 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe -- (JuniperAccessService) SRV - [2010/05/11 16:22:04 | 007,824,896 | ---- | M] (AccessData Corporation) [Auto | Running] -- C:\Program Files\AccessData\Agent\ADService.exe -- (ADService) SRV - [2010/04/12 09:46:00 | 000,152,944 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service) SRV - [2009/10/28 07:49:46 | 000,209,256 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2009/10/28 07:49:40 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2009/09/18 02:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\CCM\CcmExec.exe -- (CcmExec) SRV - [2009/09/18 02:00:00 | 000,246,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\CCM\TSManager.exe -- (smstsmgr) SRV - [2009/07/13 18:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009/07/13 18:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/07/13 18:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009/07/13 18:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2000/10/19 11:55:50 | 000,411,244 | ---- | M] () [On_Demand | Stopped] -- C:\orant\bin\ONRSD.EXE -- (OracleOraHome81ClientCache) ========== Driver Services (SafeList) ========== DRV - [2011/12/28 05:38:59 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2011/12/27 10:59:32 | 000,013,808 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\ad_driver.sys -- (ad_driver) DRV - [2011/06/16 21:04:24 | 000,303,224 | ---- | M] (PGP Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\PGPwded.sys -- (PGPwded) DRV - [2011/06/16 21:04:24 | 000,243,832 | ---- | M] (PGP Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PGPdisk.sys -- (PGPdisk) DRV - [2011/06/16 21:04:24 | 000,040,568 | ---- | M] (PGP Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PGPsdk.sys -- (PGPsdkDriver) DRV - [2011/06/16 21:04:22 | 000,136,824 | ---- | M] (PGP Corporation) [File_System | Boot | Running] -- C:\Windows\System32\Drivers\PGPfsfd.sys -- (pgpfs) DRV - [2011/06/16 21:04:22 | 000,013,944 | ---- | M] (PGP Corporation) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Pgpwdefs.sys -- (Pgpwdefs) DRV - [2011/05/17 08:44:27 | 000,816,792 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pmxdrv.sys -- (pmxdrv) DRV - [2011/02/23 10:03:04 | 000,235,824 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd) DRV - [2011/01/27 14:26:16 | 000,056,888 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb) DRV - [2010/11/29 10:47:00 | 000,070,448 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom) DRV - [2010/11/11 09:26:00 | 000,042,672 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp) DRV - [2010/10/18 03:20:48 | 007,122,944 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETwNs32.sys -- (NETwNs32) ___ Intel® DRV - [2010/08/30 09:48:00 | 000,080,064 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid) DRV - [2010/08/25 19:07:00 | 000,344,712 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mfehidk.sys -- (mfehidk) DRV - [2010/08/25 19:07:00 | 000,091,896 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk) DRV - [2010/08/25 19:07:00 | 000,076,024 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk) DRV - [2010/08/25 19:07:00 | 000,066,536 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet) DRV - [2010/08/25 19:07:00 | 000,064,208 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfetdik.sys -- (mfetdik) DRV - [2010/08/25 19:07:00 | 000,043,192 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk) DRV - [2010/07/27 16:26:06 | 000,026,624 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dsNcAdpt.sys -- (dsNcAdpt) DRV - [2010/06/21 14:14:36 | 000,246,272 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) Intel® DRV - [2010/06/18 15:44:00 | 000,015,160 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec) DRV - [2010/06/17 17:30:04 | 000,677,320 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATSwpWDF.sys -- (ATSwpWDF) DRV - [2010/04/26 10:48:00 | 000,053,760 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\TosRfSnd.sys -- (TosRfSnd) DRV - [2010/04/21 09:36:58 | 006,764,544 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32) Intel® DRV - [2010/04/13 23:01:48 | 000,045,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt) DRV - [2010/04/12 07:26:26 | 000,024,000 | ---- | M] (Cisco Systems) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CipcCdp.sys -- (CipcCdp) DRV - [2010/03/12 17:22:18 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2pl) DRV - [2010/02/26 16:31:22 | 000,132,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd) DRV - [2010/02/24 11:09:38 | 000,141,568 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nusb3xhc.sys -- (nusb3xhc) DRV - [2010/02/24 11:09:38 | 000,060,544 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nusb3hub.sys -- (nusb3hub) DRV - [2009/12/31 02:22:09 | 000,295,936 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm) DRV - [2009/11/27 20:48:00 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\risdpe86.sys -- (risdpcie) DRV - [2009/10/28 07:49:46 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol) DRV - [2009/10/28 07:49:44 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir) DRV - [2009/10/28 07:49:42 | 000,195,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay) DRV - [2009/10/28 07:49:38 | 000,550,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs) DRV - [2009/09/23 18:09:56 | 000,208,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1k6232.sys -- (e1kexpress) Intel® DRV - [2009/09/22 18:19:31 | 000,055,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr) DRV - [2009/09/22 18:18:08 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb) DRV - [2009/09/22 18:18:07 | 000,165,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus) DRV - [2009/09/18 02:00:00 | 000,020,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\CCM\PrepDrv.sys -- (prepdrvr) DRV - [2009/09/17 09:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel® DRV - [2009/07/24 10:31:00 | 000,021,608 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds) DRV - [2009/07/14 13:23:16 | 000,023,512 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ.SYS -- (TVALZ) DRV - [2009/07/13 18:19:10 | 000,445,008 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\drivers\Wdf01000.sys -- (Wdf01000) DRV - [2009/07/13 18:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc) DRV - [2009/07/13 16:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009/07/13 16:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2009/07/13 16:28:49 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netvsc60.sys -- (netvsc) DRV - [2009/07/13 16:28:48 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusVideoM.sys -- (SynthVid) DRV - [2009/07/13 16:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap) DRV - [2009/07/13 16:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID) DRV - [2009/07/13 16:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM) DRV - [2009/07/13 15:02:49 | 000,052,224 | ---- | M] (Microsoft Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dc21x4vm.sys -- (dc21x4vm) DRV - [2009/06/19 09:58:00 | 000,009,608 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\Toshidpt.sys -- (toshidpt) DRV - [2009/06/17 11:59:00 | 000,046,984 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://InsideApplied IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 84 77 96 36 F4 C4 CC 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://insideapplied/" FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C1CA7765-44E4-452e-9D00-A04F3D434281}: C:\Program Files\TOSHIBA\TFPU\FirefoxAddin [2011/08/13 08:58:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/27 05:29:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/27 05:29:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\phower64766\AppData\Roaming\mozilla\Extensions [2011/12/27 05:29:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011/12/21 00:24:52 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011/12/20 21:30:41 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011/12/20 21:30:41 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml O1 HOSTS File: ([2011/12/28 05:34:26 | 000,000,219 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts O1 - Hosts: 152.135.176.36 us.econnect.amat.com O1 - Hosts: ÿþ1 O2 - BHO: (TFPUPWDBankBHO Class) - {030AC7B6-E7EC-40F1-8FB2-C0FD344DE0B9} - C:\Program Files\Toshiba\TFPU\TFPUPWDBankBHO.dll (TODO: <Company name>) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found. O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Microsoft.Medv.UrlRedirectionBHO Class) - {C26B6E5C-9D27-43C7-AAB4-F8A64C09F4DC} - C:\Program Files\Microsoft Enterprise Desktop Virtualization\BHO\x86\UrlRedirectionBHO.dll (Microsoft Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [bCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [CfgDownload] C:\Program Files\IXOS\bin\CfgDownload.exe (IXOS SOFTWARE AG) O4 - HKLM..\Run: [Cisco IP Communicator 7.0.4] C:\Windows\IS\Logs\Cisco.IPCommunicator\7.0.4\LaunchNotice.vbs () O4 - HKLM..\Run: [Communicator] C:\Program Files\Microsoft Office Communicator\communicator.exe (Microsoft Corporation) O4 - HKLM..\Run: [iAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [iMSS] C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation) O4 - HKLM..\Run: [iTSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.) O4 - HKLM..\Run: [shStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.) O4 - HKLM..\Run: [softGridTray] C:\Program Files\Microsoft Application Virtualization Client\SFTTray.exe (Microsoft Corporation) O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jaureg.exe () O4 - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [TFPUPWDBankService] C:\Program Files\TOSHIBA\TFPU\TFPUPWDBank.exe (TOSHIBA) O4 - HKLM..\Run: [TFPUService] C:\Program Files\TOSHIBA\TFPU\TFPUTaskMonitor.exe (TOSHIBA) O4 - HKLM..\Run: [TosVolRegulator] C:\Program Files\Toshiba\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [TSleepSrv] C:\Program Files\Toshiba\TOSHIBA Sleep Utility\TSleepSrv.exe (TOSHIBA) O4 - HKCU..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation) O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\phower64766\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor My eRooms (V7).lnk = C:\Program Files\eRoom 7\ERClient7.exe (EMC) O4 - Startup: C:\Users\phower64766\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWebServices = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPublishingWizard = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\kerberos\parameters: supportedencryptiontypes = 2147483647 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogOff = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisablePersonalDirChange = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\PGPlsp.dll (PGP Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\PGPlsp.dll (PGP Corporation) O15 - HKCU\..Trusted Domains: adp.com ([]https in Trusted sites) O15 - HKCU\..Trusted Domains: myworkday.com ([]https in Trusted sites) O15 - HKCU\..Trusted Domains: workday.com ([]https in Trusted sites) O16 - DPF: {6E2510E6-BF2D-4C78-9F28-2F5C8760F124} https://eroom.intel.com/eRoomSetup/client.cab (ERPageAddin Class) O16 - DPF: {75AA409D-05F9-4F27-BD53-C7339D4B1D0A} http://emamat09.mis.amat.com/dwa85W.cab (IBM Lotus iNotes 8.5 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.) O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://juniper.net/dana-cached/setup/JuniperSetupSP1.cab (JuniperSetupControlXP Class) O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://us.econnect.amat.com/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 152.135.191.189 152.135.192.20 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = amat.com O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{28D4F158-92F4-4239-9051-7BBBC5FB1E26}: DhcpNameServer = 152.135.114.13 152.135.191.191 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8DFAD3DE-F443-4D84-A1F1-1BFE8CFB6B3A}: DhcpNameServer = 192.168.0.1 205.171.2.25 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AE1E0727-5801-45FF-A6F4-1EB394ED62A1}: DhcpNameServer = 152.135.191.189 152.135.192.20 O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP, Walldorf) O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP, Walldorf) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - AppInit_DLLs: (C:\Windows\System32\PGPmapih.dll) -C:\Windows\System32\PGPmapih.dll (PGP Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011/12/28 05:38:40 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011/12/28 05:36:31 | 010,847,608 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\phower64766\Desktop\mbam-setup-1.60.0.1800.exe [2011/12/27 17:32:36 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\phower64766\Desktop\mbam-setup-1.51.2.1300.exe [2011/12/27 09:31:25 | 000,000,000 | ---D | C] -- C:\Users\phower64766\AppData\Local\Adobe [2011/12/27 05:29:09 | 000,000,000 | ---D | C] -- C:\Users\phower64766\AppData\Roaming\Mozilla [2011/12/26 18:53:00 | 000,000,000 | ---D | C] -- C:\Users\phower64766\Desktop\backups [2011/12/26 17:36:02 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\phower64766\Desktop\HijackThis.exe [2011/12/26 16:42:21 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2011/12/26 16:42:16 | 000,000,000 | ---D | C] -- C:\Users\phower64766\AppData\Local\temp [2011/12/26 15:54:55 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2011/12/26 15:54:53 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2011/12/26 15:54:53 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2011/12/26 15:54:33 | 000,000,000 | ---D | C] -- C:\ComboFix [2011/12/26 15:45:01 | 000,000,000 | ---D | C] -- C:\Qoobox [2011/12/26 15:42:24 | 004,352,855 | R--- | C] (Swearware) -- C:\Users\phower64766\Desktop\ComboFix.exe [2011/12/26 13:51:57 | 000,000,000 | ---D | C] -- C:\_OTL [2011/12/26 13:50:22 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2011/12/26 13:48:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT [2011/12/26 13:48:53 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT [2011/12/26 13:47:49 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\phower64766\Desktop\erunt-setup.exe [2011/12/26 12:01:53 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\phower64766\Desktop\OTL.exe [2011/12/26 07:53:51 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\phower64766\Desktop\dds.scr [2011/12/24 10:28:08 | 000,000,000 | ---D | C] -- C:\Users\phower64766\AppData\Local\Mozilla [2011/12/24 10:27:36 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2011/12/24 10:21:08 | 000,000,000 | ---D | C] -- C:\Users\phower64766\AppData\Local\Apple Computer [2011/12/24 10:19:18 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\phower64766\Desktop\GooredFix.exe [2011/12/23 14:52:26 | 001,578,288 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\phower64766\Desktop\TDSSKiller.exe [2011/12/20 13:07:54 | 000,000,000 | ---D | C] -- C:\Users\phower64766\AppData\Roaming\Icox [2011/12/20 13:07:54 | 000,000,000 | ---D | C] -- C:\Users\phower64766\AppData\Roaming\Aktiaca [2011/12/16 12:08:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2011/12/16 12:07:51 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [2011/12/16 12:00:56 | 000,000,000 | ---D | C] -- C:\Config.Msi [2011/12/15 15:19:16 | 000,000,000 | ---D | C] -- C:\orant [2011/12/15 12:29:04 | 000,000,000 | ---D | C] -- C:\Users\phower64766\AppData\Local\ApplicationHistory [2011/12/13 18:33:01 | 000,000,000 | ---D | C] -- C:\Users\phower64766\AppData\Roaming\smkits [2011/12/13 07:07:48 | 000,000,000 | ---D | C] -- C:\Users\phower64766\Documents\Staff [2011/12/09 08:03:13 | 000,000,000 | ---D | C] -- C:\Users\phower64766\AppData\Local\Apps [2011/11/28 15:29:02 | 000,000,000 | ---D | C] -- C:\Users\phower64766\AppData\Roaming\Oskayd [2011/11/28 15:29:02 | 000,000,000 | ---D | C] -- C:\Users\phower64766\AppData\Roaming\Odorapc [2010/07/29 00:50:54 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll ========== Files - Modified Within 30 Days ========== [2011/12/28 05:38:59 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011/12/28 05:38:37 | 000,001,078 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2011/12/28 05:36:45 | 010,847,608 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\phower64766\Desktop\mbam-setup-1.60.0.1800.exe [2011/12/28 05:34:26 | 000,000,219 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts [2011/12/27 17:32:36 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\phower64766\Desktop\mbam-setup-1.51.2.1300.exe [2011/12/27 16:28:21 | 000,012,064 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011/12/27 16:28:21 | 000,012,064 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011/12/27 11:07:53 | 000,718,670 | ---- | M] () -- C:\Windows\System32\perfh00C.dat [2011/12/27 11:07:53 | 000,713,720 | ---- | M] () -- C:\Windows\System32\perfh010.dat [2011/12/27 11:07:53 | 000,668,692 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011/12/27 11:07:53 | 000,639,608 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011/12/27 11:07:53 | 000,418,680 | ---- | M] () -- C:\Windows\System32\perfh012.dat [2011/12/27 11:07:53 | 000,407,372 | ---- | M] () -- C:\Windows\System32\perfh011.dat [2011/12/27 11:07:53 | 000,395,790 | ---- | M] () -- C:\Windows\System32\prfh0404.dat [2011/12/27 11:07:53 | 000,379,488 | ---- | M] () -- C:\Windows\System32\prfh0804.dat [2011/12/27 11:07:53 | 000,375,280 | ---- | M] () -- C:\Windows\System32\perfh00D.dat [2011/12/27 11:07:53 | 000,137,138 | ---- | M] () -- C:\Windows\System32\perfc00C.dat [2011/12/27 11:07:53 | 000,136,440 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011/12/27 11:07:53 | 000,134,328 | ---- | M] () -- C:\Windows\System32\perfc010.dat [2011/12/27 11:07:53 | 000,112,736 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011/12/27 11:07:53 | 000,112,550 | ---- | M] () -- C:\Windows\System32\perfc011.dat [2011/12/27 11:07:53 | 000,110,838 | ---- | M] () -- C:\Windows\System32\perfc012.dat [2011/12/27 11:07:53 | 000,110,410 | ---- | M] () -- C:\Windows\System32\prfc0804.dat [2011/12/27 11:07:53 | 000,105,496 | ---- | M] () -- C:\Windows\System32\prfc0404.dat [2011/12/27 11:07:53 | 000,075,256 | ---- | M] () -- C:\Windows\System32\perfc00D.dat [2011/12/27 11:00:12 | 000,000,470 | ---- | M] () -- C:\Windows\SMSCFG.INI [2011/12/27 10:59:32 | 000,013,808 | ---- | M] () -- C:\Windows\System32\ad_driver.sys [2011/12/27 10:59:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011/12/27 10:59:25 | 2303,004,672 | -HS- | M] () -- C:\hiberfil.sys [2011/12/27 05:31:17 | 000,012,797 | ---- | M] () -- C:\Users\phower64766\Desktop\hijackthis1 [2011/12/27 05:29:06 | 000,001,107 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011/12/26 17:36:02 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\phower64766\Desktop\HijackThis.exe [2011/12/26 15:42:39 | 004,352,855 | R--- | M] (Swearware) -- C:\Users\phower64766\Desktop\ComboFix.exe [2011/12/26 13:51:48 | 000,007,598 | ---- | M] () -- C:\Users\phower64766\AppData\Local\Resmon.ResmonCfg [2011/12/26 13:48:55 | 000,000,905 | ---- | M] () -- C:\Users\phower64766\Desktop\NTREGOPT.lnk [2011/12/26 13:48:55 | 000,000,886 | ---- | M] () -- C:\Users\phower64766\Desktop\ERUNT.lnk [2011/12/26 13:47:51 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\phower64766\Desktop\erunt-setup.exe [2011/12/26 12:01:54 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\phower64766\Desktop\OTL.exe [2011/12/26 07:53:54 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\phower64766\Desktop\dds.scr [2011/12/24 10:31:45 | 000,000,115 | ---- | M] () -- C:\Users\phower64766\Desktop\fixme.reg [2011/12/24 10:18:31 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\phower64766\Desktop\GooredFix.exe [2011/12/23 14:52:26 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\phower64766\Desktop\TDSSKiller.exe [2011/12/21 14:22:22 | 000,073,566 | RHS- | M] () -- C:\Users\phower64766\ntuser.pol [2011/12/21 10:56:47 | 000,001,273 | ---- | M] () -- C:\Users\phower64766\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2011/12/20 11:02:13 | 000,000,130 | ---- | M] () -- C:\Users\phower64766\Documents\amgi.dsn [2011/12/20 10:50:21 | 000,344,064 | ---- | M] () -- C:\Users\phower64766\Documents\Database22.accdb [2011/12/20 10:49:09 | 267,542,528 | ---- | M] () -- C:\Users\phower64766\Desktop\Critical Parts Rev2_Backup.accdb [2011/12/20 10:49:09 | 267,542,528 | ---- | M] () -- C:\Users\phower64766\Desktop\Critical Parts Rev2.accdb [2011/12/16 12:08:37 | 000,001,822 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2011/12/15 21:23:53 | 000,075,354 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2011/12/15 16:01:42 | 267,001,856 | ---- | M] () -- C:\Users\phower64766\Desktop\Critical Parts.accdb [2011/12/15 10:43:11 | 000,000,406 | ---- | M] () -- C:\Windows\ODBC.INI [2011/12/14 12:42:17 | 029,884,416 | ---- | M] () -- C:\Users\phower64766\Desktop\VF BOM MANAGEMENT TOOL for NM.accdb [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011/12/08 13:41:57 | 000,002,024 | ---- | M] () -- C:\Users\phower64766\Documents\Default.rdp [2011/12/08 07:30:42 | 000,471,040 | ---- | M] () -- C:\Users\phower64766\Documents\Database25.accdb [2011/12/04 12:14:17 | 000,425,984 | ---- | M] () -- C:\Users\phower64766\Documents\SO Demand - Usage.accdb ========== Files Created - No Company Name ========== [2011/12/28 05:37:39 | 000,001,078 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2011/12/27 05:31:17 | 000,012,797 | ---- | C] () -- C:\Users\phower64766\Desktop\hijackthis1 [2011/12/27 05:29:06 | 000,001,119 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2011/12/27 05:29:06 | 000,001,107 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011/12/26 15:54:55 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2011/12/26 15:54:53 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2011/12/26 15:54:53 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2011/12/26 15:54:53 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2011/12/26 15:54:53 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2011/12/26 13:48:55 | 000,000,905 | ---- | C] () -- C:\Users\phower64766\Desktop\NTREGOPT.lnk [2011/12/26 13:48:55 | 000,000,886 | ---- | C] () -- C:\Users\phower64766\Desktop\ERUNT.lnk [2011/12/24 10:31:32 | 000,000,115 | ---- | C] () -- C:\Users\phower64766\Desktop\fixme.reg [2011/12/20 11:02:13 | 000,000,130 | ---- | C] () -- C:\Users\phower64766\Documents\amgi.dsn [2011/12/20 10:49:25 | 000,344,064 | ---- | C] () -- C:\Users\phower64766\Documents\Database22.accdb [2011/12/20 10:49:14 | 267,542,528 | ---- | C] () -- C:\Users\phower64766\Desktop\Critical Parts Rev2_Backup.accdb [2011/12/19 10:05:42 | 267,542,528 | ---- | C] () -- C:\Users\phower64766\Desktop\Critical Parts Rev2.accdb [2011/12/16 12:08:37 | 000,001,822 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2011/12/04 07:24:19 | 000,425,984 | ---- | C] () -- C:\Users\phower64766\Documents\SO Demand - Usage.accdb [2011/10/10 06:42:20 | 000,001,473 | ---- | C] () -- C:\Windows\System32\shortcut_ex.dat [2011/10/06 12:14:27 | 000,004,096 | -H-- | C] () -- C:\Users\phower64766\AppData\Local\keyfile3.drm [2011/08/29 06:45:15 | 000,000,218 | ---- | C] () -- C:\Windows\oraodbc.ini [2011/08/25 07:41:18 | 000,000,183 | ---- | C] () -- C:\Windows\hpbafd.ini [2011/08/12 08:16:45 | 000,004,764 | ---- | C] () -- C:\Windows\System32\CcmFramework.ini [2011/06/16 21:04:24 | 000,000,280 | ---- | C] () -- C:\Windows\System32\PGPsdk.dll.sig [2011/05/30 09:36:16 | 000,000,016 | ---- | C] () -- C:\Windows\System32\jgldog11.dll [2011/05/28 08:53:37 | 000,007,598 | ---- | C] () -- C:\Users\phower64766\AppData\Local\Resmon.ResmonCfg [2011/05/18 14:53:15 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat [2011/05/18 12:12:06 | 000,013,808 | ---- | C] () -- C:\Windows\System32\ad_driver.sys [2011/05/17 09:30:19 | 000,000,406 | ---- | C] () -- C:\Windows\ODBC.INI [2011/05/17 09:30:18 | 000,054,343 | ---- | C] () -- C:\Windows\bqmeta0.ini [2011/05/17 09:30:16 | 000,027,955 | ---- | C] () -- C:\Windows\bqformat.ini [2011/05/17 09:07:40 | 000,049,152 | ---- | C] () -- C:\Windows\adminset.exe [2011/05/17 08:50:45 | 000,075,354 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2011/05/17 08:43:40 | 000,816,792 | ---- | C] () -- C:\Windows\System32\drivers\pmxdrv.sys [2011/05/17 08:24:11 | 000,870,560 | ---- | C] () -- C:\Windows\System32\igkrng575.bin [2011/05/17 08:24:11 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll [2011/05/17 08:24:11 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll [2011/05/17 08:24:11 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config [2010/11/14 22:18:00 | 000,418,680 | ---- | C] () -- C:\Windows\System32\perfh012.dat [2010/11/14 22:18:00 | 000,157,694 | ---- | C] () -- C:\Windows\System32\perfi012.dat [2010/11/14 22:18:00 | 000,110,838 | ---- | C] () -- C:\Windows\System32\perfc012.dat [2010/11/14 22:18:00 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd012.dat [2010/11/14 22:09:08 | 000,141,988 | ---- | C] () -- C:\Windows\System32\perfi011.dat [2010/11/14 22:09:07 | 000,407,372 | ---- | C] () -- C:\Windows\System32\perfh011.dat [2010/11/14 22:09:07 | 000,112,550 | ---- | C] () -- C:\Windows\System32\perfc011.dat [2010/11/14 22:09:07 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd011.dat [2010/11/14 22:00:06 | 000,335,478 | ---- | C] () -- C:\Windows\System32\perfi010.dat [2010/11/14 22:00:05 | 000,713,720 | ---- | C] () -- C:\Windows\System32\perfh010.dat [2010/11/14 22:00:05 | 000,134,328 | ---- | C] () -- C:\Windows\System32\perfc010.dat [2010/11/14 22:00:05 | 000,037,534 | ---- | C] () -- C:\Windows\System32\perfd010.dat [2010/11/14 21:53:10 | 000,375,280 | ---- | C] () -- C:\Windows\System32\perfh00D.dat [2010/11/14 21:53:10 | 000,229,316 | ---- | C] () -- C:\Windows\System32\perfi00D.dat [2010/11/14 21:53:10 | 000,075,256 | ---- | C] () -- C:\Windows\System32\perfc00D.dat [2010/11/14 21:53:10 | 000,032,166 | ---- | C] () -- C:\Windows\System32\perfd00D.dat [2010/11/14 21:46:41 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2010/11/14 21:46:40 | 000,668,692 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2010/11/14 21:46:40 | 000,136,440 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2010/11/14 21:46:40 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2010/11/14 21:39:50 | 000,718,670 | ---- | C] () -- C:\Windows\System32\perfh00C.dat [2010/11/14 21:39:50 | 000,344,522 | ---- | C] () -- C:\Windows\System32\perfi00C.dat [2010/11/14 21:39:50 | 000,137,138 | ---- | C] () -- C:\Windows\System32\perfc00C.dat [2010/11/14 21:39:50 | 000,038,160 | ---- | C] () -- C:\Windows\System32\perfd00C.dat [2010/11/14 21:33:08 | 000,117,840 | ---- | C] () -- C:\Windows\System32\prfi0404.dat [2010/11/14 21:33:07 | 000,395,790 | ---- | C] () -- C:\Windows\System32\prfh0404.dat [2010/11/14 21:33:07 | 000,105,496 | ---- | C] () -- C:\Windows\System32\prfc0404.dat [2010/11/14 21:33:07 | 000,031,548 | ---- | C] () -- C:\Windows\System32\prfd0404.dat [2010/11/14 21:26:46 | 000,111,310 | ---- | C] () -- C:\Windows\System32\prfi0804.dat [2010/11/14 21:26:45 | 000,379,488 | ---- | C] () -- C:\Windows\System32\prfh0804.dat [2010/11/14 21:26:45 | 000,110,410 | ---- | C] () -- C:\Windows\System32\prfc0804.dat [2010/11/14 21:26:45 | 000,031,548 | ---- | C] () -- C:\Windows\System32\prfd0804.dat [2010/11/14 19:11:18 | 000,006,251 | ---- | C] () -- C:\Windows\saplogon.ini [2010/11/14 19:08:42 | 001,064,960 | ---- | C] () -- C:\Windows\System32\h5krnl32.dll [2010/11/14 19:08:42 | 000,188,928 | ---- | C] () -- C:\Windows\System32\h5icon32.dll [2010/11/14 19:08:42 | 000,175,616 | ---- | C] () -- C:\Windows\System32\h5menu32.dll [2010/11/14 19:08:42 | 000,095,744 | ---- | C] () -- C:\Windows\System32\h5rtf32.dll [2010/11/14 19:08:42 | 000,051,200 | ---- | C] () -- C:\Windows\System32\h5tool32.dll [2010/11/14 19:07:16 | 000,000,078 | ---- | C] () -- C:\Windows\init.ini [2010/11/14 18:34:19 | 000,000,470 | ---- | C] () -- C:\Windows\SMSCFG.INI [2010/07/29 01:31:12 | 000,127,868 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin [2010/07/29 01:31:10 | 000,104,796 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin [2009/07/13 21:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009/07/13 21:33:53 | 000,411,984 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009/07/13 19:05:48 | 000,639,608 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009/07/13 19:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009/07/13 19:05:48 | 000,112,736 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009/07/13 19:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009/07/13 19:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009/07/13 19:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009/07/13 17:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2009/07/13 16:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009/07/13 16:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009/07/13 16:11:47 | 000,445,008 | ---- | C] () -- C:\Windows\System32\drivers\Wdf01000.sys [2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2003/07/03 15:43:04 | 000,000,290 | ---- | C] () -- C:\Windows\brioqry6.ini ========== LOP Check ========== [2011/12/21 17:01:03 | 000,000,000 | ---D | M] -- C:\Users\phower64766\AppData\Roaming\Aktiaca [2011/07/28 12:29:04 | 000,000,000 | ---D | M] -- C:\Users\phower64766\AppData\Roaming\BestOn [2011/05/29 11:17:41 | 000,000,000 | ---D | M] -- C:\Users\phower64766\AppData\Roaming\Cisco [2011/05/17 09:41:57 | 000,000,000 | ---D | M] -- C:\Users\phower64766\AppData\Roaming\ICAClient [2011/12/21 14:28:38 | 000,000,000 | ---D | M] -- C:\Users\phower64766\AppData\Roaming\Icox [2011/07/04 06:58:53 | 000,000,000 | ---D | M] -- C:\Users\phower64766\AppData\Roaming\Juniper Networks [2011/12/07 15:30:01 | 000,000,000 | ---D | M] -- C:\Users\phower64766\AppData\Roaming\Odorapc [2011/12/07 16:00:43 | 000,000,000 | ---D | M] -- C:\Users\phower64766\AppData\Roaming\Oskayd [2011/11/08 01:33:15 | 000,000,000 | ---D | M] -- C:\Users\phower64766\AppData\Roaming\PGP Corporation [2011/12/26 10:34:13 | 000,000,000 | ---D | M] -- C:\Users\phower64766\AppData\Roaming\SAP [2011/12/13 18:33:01 | 000,000,000 | ---D | M] -- C:\Users\phower64766\AppData\Roaming\smkits [2011/12/27 11:00:22 | 000,000,000 | ---D | M] -- C:\Users\phower64766\AppData\Roaming\SoftGrid Client [2011/08/13 09:05:57 | 000,000,000 | ---D | M] -- C:\Users\phower64766\AppData\Roaming\TFPU [2011/12/16 11:26:22 | 000,000,000 | ---D | M] -- C:\Users\phower64766\AppData\Roaming\webex [2011/05/20 07:57:31 | 000,000,000 | ---D | M] -- C:\Users\phower64766\AppData\Roaming\WinBatch [2011/06/02 11:57:54 | 000,000,000 | ---D | M] -- C:\Users\phower64766\AppData\Roaming\Xerox [2011/11/08 05:42:29 | 000,000,382 | ---- | M] () -- C:\Windows\Tasks\DLOClientu.exe - .job [2011/11/19 00:38:01 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Files - Unicode (All) ========== [2011/05/18 13:42:00 | 001,359,590 | ---- | C] ()(C:\Users\phower64766\Desktop\???.JPG) -- C:\Users\phower64766\Desktop\潘好乐.JPG [2011/01/02 12:36:58 | 001,359,590 | ---- | M] ()(C:\Users\phower64766\Desktop\???.JPG) -- C:\Users\phower64766\Desktop\潘好乐.JPG < End of report >
-
Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Database version: 911122705 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 12/27/2011 9:10:57 PM mbam-log-2011-12-27 (21-10-57).txt Scan type: Full scan (C:\|U:\|) Objects scanned: 470346 Time elapsed: 1 hour(s), 4 minute(s), 30 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
-
My company is on holiday shutdown so GIS support is limited.
-
Maurice, Just stumbled upon something. When I am on my wireless network - I cannot access google or bing. But, when I log onto my work intranet via a network connection (internal website that is RSA encrypted) - I can access both google and bing.
-
De and reinstalled Firefox...no change. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 5:31:17 AM, on 12/27/2011 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16869) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Microsoft Office Communicator\communicator.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\McAfee\Common Framework\UdaterUI.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files\Toshiba\TECO\Teco.exe C:\Program Files\Toshiba\TFPU\TFPUPWDBank.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Toshiba\TFPU\TFPUTaskMonitor.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files\eRoom 7\ERClient7.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Symantec\NetBackup DLO\DLO\DLOClientu.exe C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE C:\Program Files\McAfee\Common Framework\McTray.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosSkypeApl.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Users\phower64766\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://InsideApplied R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ÿþ127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: BHOHOOK - {030AC7B6-E7EC-40F1-8FB2-C0FD344DE0B9} - C:\Program Files\TOSHIBA\TFPU\TFPUPWDBankBHO.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - (no file) O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL O2 - BHO: Microsoft.Medv.UrlRedirectionBHO - {C26B6E5C-9D27-43C7-AAB4-F8A64C09F4DC} - C:\Program Files\Microsoft Enterprise Desktop Virtualization\BHO\x86\UrlRedirectionBHO.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\communicator.exe" /fromrunkey O4 - HKLM\..\Run: [softGridTray] "C:\Program Files\Microsoft Application Virtualization Client\SFTTray.exe" /autostart O4 - HKLM\..\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [iMSS] "C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" O4 - HKLM\..\Run: [Cisco IP Communicator 7.0.4] C:\Windows\Is\Logs\Cisco.IPCommunicator\7.0.4\LaunchNotice.vbs O4 - HKLM\..\Run: [CfgDownload] C:\Program Files\IXOS\bin\CfgDownload.exe O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jaureg.exe" -u auto-update O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe O4 - HKLM\..\Run: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r O4 - HKLM\..\Run: [TSleepSrv] %ProgramFiles%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe O4 - HKLM\..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe O4 - HKLM\..\Run: [TFPUPWDBankService] C:\Program Files\TOSHIBA\TFPU\TFPUPWDBank.exe /start O4 - HKLM\..\Run: [TFPUService] C:\Program Files\TOSHIBA\TFPU\TFPUTaskMonitor.exe /start O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [iTSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE" O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - Startup: Monitor My eRooms (V7).lnk = C:\Program Files\eRoom 7\ERClient7.exe O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE O4 - Global Startup: Bluetooth Manager.lnk = ? O4 - Global Startup: Monitor My eRooms (V7).lnk = C:\Program Files\eRoom 7\ERClient7.exe O4 - Global Startup: Symantec NetBackup Desktop Agent.lnk = C:\Program Files\Symantec\NetBackup DLO\DLO\DLOClientu.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O16 - DPF: {6E2510E6-BF2D-4C78-9F28-2F5C8760F124} (ERPageAddin Class) - https://eroom.intel.com/eRoomSetup/client.cab O16 - DPF: {75AA409D-05F9-4F27-BD53-C7339D4B1D0A} (IBM Lotus iNotes 8.5 Control) - http://emamat09.mis.amat.com/dwa85W.cab O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupControlXP Class) - https://juniper.net/dana-cached/setup/JuniperSetupSP1.cab O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://us.econnect.amat.com/dana-cached/sc/JuniperSetupClient.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = amat.com O17 - HKLM\Software\..\Telephony: DomainName = amat.com O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = amat.com O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = amat.com,mis.amat.com O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = amat.com O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = amat.com,mis.amat.com O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = amat.com,mis.amat.com O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O20 - AppInit_DLLs: C:\Windows\System32\PGPmapih.dll O23 - Service: ADService - AccessData Corporation - C:\Program Files\AccessData\Agent\ADService.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - C:\Program Files\Fingerprint Sensor\AtService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec NetBackup Desktop Agent Change Journal Reader (DLOChangeJournalSvc) - Symantec Corporation - C:\Program Files\Symantec\NetBackup DLO\DLO\DLOChangeLogSvcu.exe O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Juniper Unified Network Service (JuniperAccessService) - Juniper Networks - C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe O23 - Service: Lotus Notes Diagnostics - IBM - C:\Program Files\IBM\Lotus\Notes\nsd.exe O23 - Service: Lotus Notes Single Logon - IBM Corp - C:\Program Files\IBM\Lotus\Notes\nslsvice.exe O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Windows\system32\mfevtps.exe O23 - Service: OracleOraHome81ClientCache - Unknown owner - C:\orant\BIN\ONRSD.EXE O23 - Service: PGP RDD Service - PGP Corporation - C:\Program Files\PGP Corporation\PGP Desktop\RDDService.exe O23 - Service: PGPserv - PGP Corporation - C:\Windows\system32\PGPserv.exe O23 - Service: Splashtop® Remote Service (SplashtopRemoteService) - Splashtop Inc. - C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe O23 - Service: Splashtop Software Updater Service (SSUService) - Splashtop Inc. - C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe O23 - Service: Wireless AutoSwitch (Wireless_AutoSwitch) - Unknown owner - C:\Program.exe (file missing) -- End of file - 12795 bytes
-
Hi Maurice, Glutten for punishment.... Here you go. I'm here for as long as you are. Obviously no issues with you hangin' it up for the evening. Thanks Pat ========== OTL ========== Registry delete failed. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ scheduled to be deleted on reboot. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found. OTL by OldTimer - Version 3.2.31.0 log created on 12262011_195857 Files\Folders moved on Reboot... Registry entries deleted on Reboot... Registry delete failed. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ scheduled to be deleted on reboot. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
-
Maurice, Totally understand. Thanks again...I'll be here tomorrow - whenever you can. So, followed directions below. Nothing needed to be changed. Firefox still cannot find google.com
-
OTL logfile created on: 12/26/2011 6:54:24 PM - Run 3 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\phower64766\Desktop Enterprise Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.86 Gb Total Physical Memory | 1.58 Gb Available Physical Memory | 55.13% Memory free 5.72 Gb Paging File | 4.31 Gb Available in Paging File | 75.46% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 119.24 Gb Total Space | 20.69 Gb Free Space | 17.35% Space Free | Partition Type: NTFS Computer Name: 1B092539H | User Name: PHower64766 | NOT logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011/12/26 12:01:54 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\phower64766\Desktop\OTL.exe PRC - [2011/11/09 23:04:50 | 000,370,504 | ---- | M] (Splashtop Inc.) -- C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe PRC - [2011/10/24 17:02:04 | 000,520,040 | ---- | M] (Splashtop Inc.) -- C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe PRC - [2011/10/24 17:02:00 | 002,468,200 | ---- | M] (Splashtop Inc.) -- C:\Program Files\Splashtop\Splashtop Remote\Server\SRServer.exe PRC - [2011/10/24 17:00:40 | 001,922,920 | ---- | M] () -- C:\Program Files\Splashtop\Splashtop Remote\Server\DataProxy.exe PRC - [2011/07/15 21:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2011/06/16 21:04:24 | 000,166,520 | ---- | M] (PGP Corporation) -- C:\Program Files\PGP Corporation\PGP Desktop\RDDService.exe PRC - [2011/06/16 21:04:24 | 000,135,288 | ---- | M] (PGP Corporation) -- C:\Windows\System32\PGPserv.exe PRC - [2011/04/10 14:25:00 | 000,146,535 | ---- | M] (Sase Sham, Inc.) -- C:\Program Files\Wireless AutoSwitch\WrlsAutoSW.exs PRC - [2011/03/02 10:07:04 | 002,745,760 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe PRC - [2011/02/11 11:39:56 | 012,854,680 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\NetBackup DLO\DLO\DLOClientu.exe PRC - [2011/02/11 11:39:48 | 000,968,088 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\NetBackup DLO\DLO\DLOChangeLogSvcu.exe PRC - [2011/01/28 11:08:16 | 001,349,032 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TECO\Teco.exe PRC - [2011/01/14 17:19:42 | 002,885,056 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe PRC - [2011/01/12 15:05:00 | 000,185,664 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe PRC - [2011/01/12 15:05:00 | 000,161,088 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe PRC - [2011/01/12 15:05:00 | 000,120,128 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe PRC - [2011/01/12 15:05:00 | 000,075,072 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\McTray.exe PRC - [2010/12/08 14:51:14 | 000,189,880 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TECO\TecoService.exe PRC - [2010/11/14 19:04:58 | 000,231,888 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10h_ActiveX.exe PRC - [2010/11/05 22:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010/11/05 22:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe PRC - [2010/11/04 10:03:40 | 000,783,224 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TFPU\TFPUTaskMonitor.exe PRC - [2010/11/02 09:38:00 | 000,341,392 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe PRC - [2010/09/16 07:13:50 | 002,538,520 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe PRC - [2010/09/16 07:13:46 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe PRC - [2010/09/16 07:13:40 | 001,522,200 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe PRC - [2010/09/06 15:18:00 | 000,746,384 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe PRC - [2010/08/25 19:07:00 | 000,147,984 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe PRC - [2010/08/25 19:07:00 | 000,069,192 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe PRC - [2010/08/25 19:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe PRC - [2010/08/25 19:07:00 | 000,027,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe PRC - [2010/08/25 19:07:00 | 000,022,816 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe PRC - [2010/08/23 15:12:00 | 000,677,264 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe PRC - [2010/08/23 15:12:00 | 000,087,440 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe PRC - [2010/08/11 09:26:32 | 000,031,624 | ---- | M] (IBM Corp) -- C:\Program Files\IBM\Lotus\Notes\nslsvice.exe PRC - [2010/08/11 09:26:10 | 003,417,480 | ---- | M] (IBM) -- C:\Program Files\IBM\Lotus\Notes\nsd.exe PRC - [2010/07/27 16:52:26 | 000,623,984 | ---- | M] (Juniper Networks) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe PRC - [2010/06/30 19:21:22 | 005,143,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office Communicator\communicator.exe PRC - [2010/06/17 17:11:56 | 002,043,712 | ---- | M] (AuthenTec, Inc.) -- C:\Program Files\Fingerprint Sensor\AtService.exe PRC - [2010/06/02 16:26:20 | 000,132,464 | ---- | M] (Juniper Networks) -- C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe PRC - [2010/05/11 16:22:04 | 007,824,896 | ---- | M] (AccessData Corporation) -- C:\Program Files\AccessData\Agent\ADService.exe PRC - [2010/04/12 09:46:00 | 000,152,944 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe PRC - [2010/03/29 19:26:00 | 000,227,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE PRC - [2010/03/16 01:58:36 | 000,718,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE PRC - [2010/03/02 09:24:26 | 000,888,752 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TFPU\TFPUPWDBank.exe PRC - [2010/02/25 17:25:00 | 000,288,224 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosSkypeApl.exe PRC - [2009/10/30 22:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009/10/28 07:49:46 | 000,209,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2009/10/28 07:49:40 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe PRC - [2009/09/18 02:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CCM\CcmExec.exe PRC - [2009/07/13 18:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009/04/03 17:17:00 | 000,447,816 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe PRC - [2007/01/21 21:33:24 | 000,153,352 | ---- | M] (EMC) -- C:\Program Files\eRoom 7\ERClient7.exe ========== Modules (No Company Name) ========== MOD - [2011/11/04 20:15:24 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\655ed19f57b30488bf4c407ae1bc8fc6\IAStorUtil.ni.dll MOD - [2011/11/04 20:15:24 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\9cdcbab4b98eff0399edc83e8728c516\IAStorCommon.ni.dll MOD - [2011/11/04 15:43:38 | 003,313,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d9f057ed30e6941d47a8754bf0bcadea\WindowsBase.ni.dll MOD - [2011/11/04 15:43:33 | 012,431,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d76221993c2fdfb991b8c12ae50a30eb\System.Windows.Forms.ni.dll MOD - [2011/11/04 15:43:23 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\018d2569cf208acbe8ad73908705f607\System.Runtime.Remoting.ni.dll MOD - [2011/11/04 15:43:11 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\0e245eb9c1067cabd5673fe832d28613\System.Drawing.ni.dll MOD - [2011/11/04 15:43:08 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\275680f2b9db0501d53c50ea7d7a43f0\System.Xml.ni.dll MOD - [2011/11/04 15:43:05 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e9ebeb7959f1c916ebf6fca8f7077d6c\System.Configuration.ni.dll MOD - [2011/11/04 15:42:53 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\95b9866ab6e4437ef5dc5855ebab4e33\System.ni.dll MOD - [2011/11/04 15:42:44 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011/01/08 10:49:22 | 000,295,800 | ---- | M] () -- C:\Program Files\Toshiba\TFPU\TFPUCommon.dll MOD - [2010/12/15 14:18:08 | 000,107,936 | ---- | M] () -- C:\Program Files\Toshiba\TECO\MUIHelp.dll MOD - [2010/03/24 20:17:36 | 008,794,464 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll MOD - [2010/01/30 01:41:12 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF MOD - [2008/05/19 09:32:20 | 001,212,416 | ---- | M] () -- C:\Program Files\BestOn\EZVirtual Cam\EZVirtualCamDLL.dll MOD - [2007/10/08 08:33:34 | 000,053,248 | ---- | M] () -- C:\Program Files\BestOn\EZVirtual Cam\EZVirtualCam.ax MOD - [2007/09/21 16:19:16 | 000,176,128 | ---- | M] () -- C:\Program Files\BestOn\EZVirtual Cam\FinalTrial.dll MOD - [2007/09/21 15:55:40 | 000,327,680 | ---- | M] () -- C:\Program Files\BestOn\EZVirtual Cam\EZVerify.dll MOD - [2007/09/21 10:47:54 | 000,196,608 | ---- | M] () -- C:\Program Files\BestOn\EZVirtual Cam\Detector.dll MOD - [2007/05/18 20:22:06 | 000,698,432 | ---- | M] () -- C:\Program Files\BestOn\EZVirtual Cam\libmng.dll MOD - [2007/04/18 18:30:46 | 000,471,040 | ---- | M] () -- C:\Program Files\McAfee\Common Framework\ccme_base.dll MOD - [2007/04/18 18:30:46 | 000,393,216 | ---- | M] () -- C:\Program Files\McAfee\Common Framework\cryptocme2.dll MOD - [2007/01/21 21:33:28 | 000,087,816 | ---- | M] () -- C:\Program Files\eRoom 7\Res\ResAddin7409.dll ========== Win32 Services (SafeList) ========== SRV - [2011/11/09 23:04:50 | 000,370,504 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe -- (SSUService) SRV - [2011/10/24 17:02:04 | 000,520,040 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe -- (SplashtopRemoteService) SRV - [2011/06/16 21:04:24 | 000,166,520 | ---- | M] (PGP Corporation) [Auto | Running] -- C:\Program Files\PGP Corporation\PGP Desktop\RDDService.exe -- (PGP RDD Service) SRV - [2011/06/16 21:04:24 | 000,135,288 | ---- | M] (PGP Corporation) [Auto | Running] -- C:\Windows\System32\PGPserv.exe -- (PGPserv) SRV - [2011/06/11 20:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2011/04/10 14:25:00 | 000,146,535 | ---- | M] (Sase Sham, Inc.) [Auto | Running] -- C:\Program Files\Wireless AutoSwitch\WrlsAutoSW.exs -- (Wireless_AutoSwitch) SRV - [2011/02/11 11:39:48 | 000,968,088 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\NetBackup DLO\DLO\DLOChangeLogSvcu.exe -- (DLOChangeJournalSvc) SRV - [2011/01/12 15:05:00 | 000,120,128 | ---- | M] (McAfee, Inc.) [unknown | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework) SRV - [2010/12/08 14:51:14 | 000,189,880 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service) SRV - [2010/11/05 22:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel® SRV - [2010/09/16 07:13:50 | 002,538,520 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel® SRV - [2010/09/16 07:13:46 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel® SRV - [2010/08/25 19:07:00 | 000,147,984 | ---- | M] (McAfee, Inc.) [unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield) SRV - [2010/08/25 19:07:00 | 000,069,192 | ---- | M] (McAfee, Inc.) [unknown | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp) SRV - [2010/08/25 19:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) [unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager) SRV - [2010/08/25 19:07:00 | 000,022,816 | ---- | M] (McAfee, Inc.) [unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe -- (McAfeeEngineService) SRV - [2010/08/11 09:27:12 | 000,058,760 | ---- | M] (IBM Corp) [Disabled | Stopped] -- C:\Program Files\IBM\Lotus\Notes\ntmulti.exe -- (Multi-user Cleanup Service) SRV - [2010/08/11 09:26:32 | 000,031,624 | ---- | M] (IBM Corp) [Auto | Running] -- C:\Program Files\IBM\Lotus\Notes\nslsvice.exe -- (Lotus Notes Single Logon) SRV - [2010/08/11 09:26:10 | 003,417,480 | ---- | M] (IBM) [Auto | Running] -- C:\Program Files\IBM\Lotus\Notes\nsd.exe -- (Lotus Notes Diagnostics) SRV - [2010/07/27 16:52:26 | 000,623,984 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService) SRV - [2010/06/17 17:11:56 | 002,043,712 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Program Files\Fingerprint Sensor\AtService.exe -- (ATService) SRV - [2010/06/02 16:26:20 | 000,132,464 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe -- (JuniperAccessService) SRV - [2010/05/11 16:22:04 | 007,824,896 | ---- | M] (AccessData Corporation) [Auto | Running] -- C:\Program Files\AccessData\Agent\ADService.exe -- (ADService) SRV - [2010/04/12 09:46:00 | 000,152,944 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service) SRV - [2009/10/28 07:49:46 | 000,209,256 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2009/10/28 07:49:40 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2009/09/18 02:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\CCM\CcmExec.exe -- (CcmExec) SRV - [2009/09/18 02:00:00 | 000,246,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\CCM\TSManager.exe -- (smstsmgr) SRV - [2009/07/13 18:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009/07/13 18:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/07/13 18:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009/07/13 18:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2000/10/19 11:55:50 | 000,411,244 | ---- | M] () [On_Demand | Stopped] -- C:\orant\bin\ONRSD.EXE -- (OracleOraHome81ClientCache) ========== Driver Services (SafeList) ========== DRV - [2011/12/26 17:37:54 | 000,013,808 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\ad_driver.sys -- (ad_driver) DRV - [2011/06/16 21:04:24 | 000,303,224 | ---- | M] (PGP Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\PGPwded.sys -- (PGPwded) DRV - [2011/06/16 21:04:24 | 000,243,832 | ---- | M] (PGP Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PGPdisk.sys -- (PGPdisk) DRV - [2011/06/16 21:04:24 | 000,040,568 | ---- | M] (PGP Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PGPsdk.sys -- (PGPsdkDriver) DRV - [2011/06/16 21:04:22 | 000,136,824 | ---- | M] (PGP Corporation) [File_System | Boot | Running] -- C:\Windows\System32\Drivers\PGPfsfd.sys -- (pgpfs) DRV - [2011/06/16 21:04:22 | 000,013,944 | ---- | M] (PGP Corporation) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Pgpwdefs.sys -- (Pgpwdefs) DRV - [2011/05/17 08:44:27 | 000,816,792 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pmxdrv.sys -- (pmxdrv) DRV - [2011/02/23 10:03:04 | 000,235,824 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd) DRV - [2011/01/27 14:26:16 | 000,056,888 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb) DRV - [2010/11/29 10:47:00 | 000,070,448 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom) DRV - [2010/11/11 09:26:00 | 000,042,672 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp) DRV - [2010/10/18 03:20:48 | 007,122,944 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETwNs32.sys -- (NETwNs32) ___ Intel® DRV - [2010/08/30 09:48:00 | 000,080,064 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid) DRV - [2010/08/25 19:07:00 | 000,344,712 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mfehidk.sys -- (mfehidk) DRV - [2010/08/25 19:07:00 | 000,091,896 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk) DRV - [2010/08/25 19:07:00 | 000,076,024 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk) DRV - [2010/08/25 19:07:00 | 000,066,536 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet) DRV - [2010/08/25 19:07:00 | 000,064,208 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfetdik.sys -- (mfetdik) DRV - [2010/08/25 19:07:00 | 000,043,192 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk) DRV - [2010/07/27 16:26:06 | 000,026,624 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dsNcAdpt.sys -- (dsNcAdpt) DRV - [2010/06/21 14:14:36 | 000,246,272 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) Intel® DRV - [2010/06/18 15:44:00 | 000,015,160 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec) DRV - [2010/06/17 17:30:04 | 000,677,320 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATSwpWDF.sys -- (ATSwpWDF) DRV - [2010/04/26 10:48:00 | 000,053,760 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\TosRfSnd.sys -- (TosRfSnd) DRV - [2010/04/21 09:36:58 | 006,764,544 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32) Intel® DRV - [2010/04/13 23:01:48 | 000,045,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt) DRV - [2010/04/12 07:26:26 | 000,024,000 | ---- | M] (Cisco Systems) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CipcCdp.sys -- (CipcCdp) DRV - [2010/03/12 17:22:18 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2pl) DRV - [2010/02/26 16:31:22 | 000,132,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd) DRV - [2010/02/24 11:09:38 | 000,141,568 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nusb3xhc.sys -- (nusb3xhc) DRV - [2010/02/24 11:09:38 | 000,060,544 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nusb3hub.sys -- (nusb3hub) DRV - [2009/12/31 02:22:09 | 000,295,936 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm) DRV - [2009/11/27 20:48:00 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\risdpe86.sys -- (risdpcie) DRV - [2009/10/28 07:49:46 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol) DRV - [2009/10/28 07:49:44 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir) DRV - [2009/10/28 07:49:42 | 000,195,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay) DRV - [2009/10/28 07:49:38 | 000,550,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs) DRV - [2009/09/23 18:09:56 | 000,208,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1k6232.sys -- (e1kexpress) Intel® DRV - [2009/09/22 18:19:31 | 000,055,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr) DRV - [2009/09/22 18:18:08 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb) DRV - [2009/09/22 18:18:07 | 000,165,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus) DRV - [2009/09/18 02:00:00 | 000,020,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\CCM\PrepDrv.sys -- (prepdrvr) DRV - [2009/09/17 09:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel® DRV - [2009/07/24 10:31:00 | 000,021,608 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds) DRV - [2009/07/14 13:23:16 | 000,023,512 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ.SYS -- (TVALZ) DRV - [2009/07/13 18:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc) DRV - [2009/07/13 16:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009/07/13 16:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2009/07/13 16:28:49 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netvsc60.sys -- (netvsc) DRV - [2009/07/13 16:28:48 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusVideoM.sys -- (SynthVid) DRV - [2009/07/13 16:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap) DRV - [2009/07/13 16:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID) DRV - [2009/07/13 16:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM) DRV - [2009/07/13 15:02:49 | 000,052,224 | ---- | M] (Microsoft Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dc21x4vm.sys -- (dc21x4vm) DRV - [2009/06/19 09:58:00 | 000,009,608 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\Toshidpt.sys -- (toshidpt) DRV - [2009/06/17 11:59:00 | 000,046,984 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://InsideApplied IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 23 21 46 92 AA B3 CC 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://insideapplied/" FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C1CA7765-44E4-452e-9D00-A04F3D434281}: C:\Program Files\TOSHIBA\TFPU\FirefoxAddin [2011/08/13 08:58:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/24 10:27:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/24 10:28:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\phower64766\AppData\Roaming\mozilla\Extensions [2011/12/24 10:27:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011/12/21 00:24:52 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011/12/20 21:30:41 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011/12/20 21:30:41 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml O1 HOSTS File: ([2011/12/26 17:36:35 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (TFPUPWDBankBHO Class) - {030AC7B6-E7EC-40F1-8FB2-C0FD344DE0B9} - C:\Program Files\Toshiba\TFPU\TFPUPWDBankBHO.dll (TODO: <Company name>) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found. O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Microsoft.Medv.UrlRedirectionBHO Class) - {C26B6E5C-9D27-43C7-AAB4-F8A64C09F4DC} - C:\Program Files\Microsoft Enterprise Desktop Virtualization\BHO\x86\UrlRedirectionBHO.dll (Microsoft Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [bCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [CfgDownload] C:\Program Files\IXOS\bin\CfgDownload.exe (IXOS SOFTWARE AG) O4 - HKLM..\Run: [Cisco IP Communicator 7.0.4] C:\Windows\IS\Logs\Cisco.IPCommunicator\7.0.4\LaunchNotice.vbs () O4 - HKLM..\Run: [Communicator] C:\Program Files\Microsoft Office Communicator\communicator.exe (Microsoft Corporation) O4 - HKLM..\Run: [iAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [iMSS] C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation) O4 - HKLM..\Run: [iTSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.) O4 - HKLM..\Run: [shStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.) O4 - HKLM..\Run: [softGridTray] C:\Program Files\Microsoft Application Virtualization Client\SFTTray.exe (Microsoft Corporation) O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jaureg.exe () O4 - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [TFPUPWDBankService] C:\Program Files\TOSHIBA\TFPU\TFPUPWDBank.exe (TOSHIBA) O4 - HKLM..\Run: [TFPUService] C:\Program Files\TOSHIBA\TFPU\TFPUTaskMonitor.exe (TOSHIBA) O4 - HKLM..\Run: [TosVolRegulator] C:\Program Files\Toshiba\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [TSleepSrv] C:\Program Files\Toshiba\TOSHIBA Sleep Utility\TSleepSrv.exe (TOSHIBA) O4 - HKCU..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation) O4 - Startup: C:\Users\phower64766\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor My eRooms (V7).lnk = C:\Program Files\eRoom 7\ERClient7.exe (EMC) O4 - Startup: C:\Users\phower64766\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWebServices = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPublishingWizard = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\kerberos\parameters: supportedencryptiontypes = 2147483647 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogOff = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisablePersonalDirChange = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\PGPlsp.dll (PGP Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\PGPlsp.dll (PGP Corporation) O15 - HKCU\..Trusted Domains: adp.com ([]https in Trusted sites) O15 - HKCU\..Trusted Domains: myworkday.com ([]https in Trusted sites) O15 - HKCU\..Trusted Domains: workday.com ([]https in Trusted sites) O16 - DPF: {6E2510E6-BF2D-4C78-9F28-2F5C8760F124} https://eroom.intel.com/eRoomSetup/client.cab (ERPageAddin Class) O16 - DPF: {75AA409D-05F9-4F27-BD53-C7339D4B1D0A} http://emamat09.mis.amat.com/dwa85W.cab (IBM Lotus iNotes 8.5 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.) O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://juniper.net/dana-cached/setup/JuniperSetupSP1.cab (JuniperSetupControlXP Class) O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://us.econnect.amat.com/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.2.25 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = amat.com O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{28D4F158-92F4-4239-9051-7BBBC5FB1E26}: DhcpNameServer = 152.135.114.13 152.135.191.191 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8DFAD3DE-F443-4D84-A1F1-1BFE8CFB6B3A}: DhcpNameServer = 192.168.0.1 205.171.2.25 O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP, Walldorf) O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP, Walldorf) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - AppInit_DLLs: (C:\Windows\System32\PGPmapih.dll) -C:\Windows\System32\PGPmapih.dll (PGP Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: McAfeeEngineService - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe (McAfee, Inc.) SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {0EEB34F6-991D-4a1b-8EEB-772DA0EADB22} - Microsoft Office Communicator 2007 R2 ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1 ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {23A20C3C-2ADD-4A80-AFB4-C146F8847D79} - .NET Framework ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5A604D2C-E968-429B-8327-62B5CE52126D} - .NET Framework ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {78705f0d-e8db-4b2d-8193-982bdda15ecd} - .NET Framework ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {A59B76D1-5E3B-4893-BB7F-AF69B2570A73} - .NET Framework ActiveX: {BFA2E378-31D9-4595-AFA9-CA19E610DC0F} - .NET Framework ActiveX: {C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {FE600E50-2C69-46D5-ACAA-2B617006245C} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011/12/26 18:53:00 | 000,000,000 | ---D | C] -- C:\Users\phower64766\Desktop\backups [2011/12/26 17:36:02 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\phower64766\Desktop\HijackThis.exe [2011/12/26 16:42:21 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2011/12/26 16:42:16 | 000,000,000 | ---D | C] -- C:\Users\phower64766\AppData\Local\temp [2011/12/26 15:54:55 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2011/12/26 15:54:53 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2011/12/26 15:54:53 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2011/12/26 15:54:33 | 000,000,000 | ---D | C] -- C:\ComboFix [2011/12/26 15:45:01 | 000,000,000 | ---D | C] -- C:\Qoobox [2011/12/26 15:42:24 | 004,352,855 | R--- | C] (Swearware) -- C:\Users\phower64766\Desktop\ComboFix.exe [2011/12/26 13:51:57 | 000,000,000 | ---D | C] -- C:\_OTL [2011/12/26 13:50:22 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2011/12/26 13:48:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT [2011/12/26 13:48:53 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT [2011/12/26 13:47:49 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\phower64766\Desktop\erunt-setup.exe [2011/12/26 12:01:53 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\phower64766\Desktop\OTL.exe [2011/12/26 07:53:51 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\phower64766\Desktop\dds.scr [2011/12/24 10:28:08 | 000,000,000 | ---D | C] -- C:\Users\phower64766\AppData\Roaming\Mozilla [2011/12/24 10:28:08 | 000,000,000 | ---D | C] -- C:\Users\phower64766\AppData\Local\Mozilla [2011/12/24 10:27:36 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2011/12/24 10:26:38 | 015,292,208 | ---- | C] (Mozilla) -- C:\Users\phower64766\Desktop\Firefox Setup 9.0.1.exe [2011/12/24 10:21:08 | 000,000,000 | ---D | C] -- C:\Users\phower64766\AppData\Local\Apple Computer [2011/12/24 10:19:18 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\phower64766\Desktop\GooredFix.exe [2011/12/24 10:14:17 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Users\phower64766\Desktop\ATF_Cleaner.exe [2011/12/23 14:52:26 | 001,578,288 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\phower64766\Desktop\TDSSKiller.exe [2011/12/20 13:07:54 | 000,000,000 | ---D | C] -- C:\Users\phower64766\AppData\Roaming\Icox [2011/12/20 13:07:54 | 000,000,000 | ---D | C] -- C:\Users\phower64766\AppData\Roaming\Aktiaca [2011/12/16 12:08:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2011/12/16 12:07:51 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [2011/12/16 12:00:56 | 000,000,000 | ---D | C] -- C:\Config.Msi [2011/12/15 15:19:16 | 000,000,000 | ---D | C] -- C:\orant [2011/12/15 12:29:04 | 000,000,000 | ---D | C] -- C:\Users\phower64766\AppData\Local\ApplicationHistory [2011/12/13 18:33:01 | 000,000,000 | ---D | C] -- C:\Users\phower64766\AppData\Roaming\smkits [2011/12/13 07:07:48 | 000,000,000 | ---D | C] -- C:\Users\phower64766\Documents\Staff [2011/12/09 08:03:13 | 000,000,000 | ---D | C] -- C:\Users\phower64766\AppData\Local\Apps [2011/11/28 15:29:02 | 000,000,000 | ---D | C] -- C:\Users\phower64766\AppData\Roaming\Oskayd [2011/11/28 15:29:02 | 000,000,000 | ---D | C] -- C:\Users\phower64766\AppData\Roaming\Odorapc [2010/07/29 00:50:54 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll ========== Files - Modified Within 30 Days ========== [2011/12/26 17:46:16 | 000,718,670 | ---- | M] () -- C:\Windows\System32\perfh00C.dat [2011/12/26 17:46:16 | 000,713,720 | ---- | M] () -- C:\Windows\System32\perfh010.dat [2011/12/26 17:46:16 | 000,668,692 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011/12/26 17:46:16 | 000,639,608 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011/12/26 17:46:16 | 000,418,680 | ---- | M] () -- C:\Windows\System32\perfh012.dat [2011/12/26 17:46:16 | 000,407,372 | ---- | M] () -- C:\Windows\System32\perfh011.dat [2011/12/26 17:46:16 | 000,395,790 | ---- | M] () -- C:\Windows\System32\prfh0404.dat [2011/12/26 17:46:16 | 000,379,488 | ---- | M] () -- C:\Windows\System32\prfh0804.dat [2011/12/26 17:46:16 | 000,375,280 | ---- | M] () -- C:\Windows\System32\perfh00D.dat [2011/12/26 17:46:16 | 000,137,138 | ---- | M] () -- C:\Windows\System32\perfc00C.dat [2011/12/26 17:46:16 | 000,136,440 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011/12/26 17:46:16 | 000,134,328 | ---- | M] () -- C:\Windows\System32\perfc010.dat [2011/12/26 17:46:16 | 000,112,736 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011/12/26 17:46:16 | 000,112,550 | ---- | M] () -- C:\Windows\System32\perfc011.dat [2011/12/26 17:46:16 | 000,110,838 | ---- | M] () -- C:\Windows\System32\perfc012.dat [2011/12/26 17:46:16 | 000,110,410 | ---- | M] () -- C:\Windows\System32\prfc0804.dat [2011/12/26 17:46:16 | 000,105,496 | ---- | M] () -- C:\Windows\System32\prfc0404.dat [2011/12/26 17:46:16 | 000,075,256 | ---- | M] () -- C:\Windows\System32\perfc00D.dat [2011/12/26 17:45:08 | 000,012,064 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011/12/26 17:45:08 | 000,012,064 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011/12/26 17:39:08 | 000,000,470 | ---- | M] () -- C:\Windows\SMSCFG.INI [2011/12/26 17:37:54 | 000,013,808 | ---- | M] () -- C:\Windows\System32\ad_driver.sys [2011/12/26 17:37:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011/12/26 17:37:46 | 2303,004,672 | -HS- | M] () -- C:\hiberfil.sys [2011/12/26 17:36:35 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts [2011/12/26 17:36:02 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\phower64766\Desktop\HijackThis.exe [2011/12/26 15:42:39 | 004,352,855 | R--- | M] (Swearware) -- C:\Users\phower64766\Desktop\ComboFix.exe [2011/12/26 13:51:48 | 000,007,598 | ---- | M] () -- C:\Users\phower64766\AppData\Local\Resmon.ResmonCfg [2011/12/26 13:48:55 | 000,000,905 | ---- | M] () -- C:\Users\phower64766\Desktop\NTREGOPT.lnk [2011/12/26 13:48:55 | 000,000,886 | ---- | M] () -- C:\Users\phower64766\Desktop\ERUNT.lnk [2011/12/26 13:47:51 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\phower64766\Desktop\erunt-setup.exe [2011/12/26 12:01:54 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\phower64766\Desktop\OTL.exe [2011/12/26 07:53:54 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\phower64766\Desktop\dds.scr [2011/12/24 10:31:45 | 000,000,115 | ---- | M] () -- C:\Users\phower64766\Desktop\fixme.reg [2011/12/24 10:27:41 | 000,001,107 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011/12/24 10:26:38 | 015,292,208 | ---- | M] (Mozilla) -- C:\Users\phower64766\Desktop\Firefox Setup 9.0.1.exe [2011/12/24 10:18:31 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\phower64766\Desktop\GooredFix.exe [2011/12/24 10:14:17 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Users\phower64766\Desktop\ATF_Cleaner.exe [2011/12/23 14:52:26 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\phower64766\Desktop\TDSSKiller.exe [2011/12/21 14:22:22 | 000,073,566 | RHS- | M] () -- C:\Users\phower64766\ntuser.pol [2011/12/21 10:56:47 | 000,001,273 | ---- | M] () -- C:\Users\phower64766\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2011/12/20 11:02:13 | 000,000,130 | ---- | M] () -- C:\Users\phower64766\Documents\amgi.dsn [2011/12/20 10:50:21 | 000,344,064 | ---- | M] () -- C:\Users\phower64766\Documents\Database22.accdb [2011/12/20 10:49:09 | 267,542,528 | ---- | M] () -- C:\Users\phower64766\Desktop\Critical Parts Rev2_Backup.accdb [2011/12/20 10:49:09 | 267,542,528 | ---- | M] () -- C:\Users\phower64766\Desktop\Critical Parts Rev2.accdb [2011/12/16 12:08:37 | 000,001,822 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2011/12/15 21:23:53 | 000,075,354 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2011/12/15 16:01:42 | 267,001,856 | ---- | M] () -- C:\Users\phower64766\Desktop\Critical Parts.accdb [2011/12/15 10:43:11 | 000,000,406 | ---- | M] () -- C:\Windows\ODBC.INI [2011/12/14 12:42:17 | 029,884,416 | ---- | M] () -- C:\Users\phower64766\Desktop\VF BOM MANAGEMENT TOOL for NM.accdb [2011/12/08 13:41:57 | 000,002,024 | ---- | M] () -- C:\Users\phower64766\Documents\Default.rdp [2011/12/08 07:30:42 | 000,471,040 | ---- | M] () -- C:\Users\phower64766\Documents\Database25.accdb [2011/12/04 12:14:17 | 000,425,984 | ---- | M] () -- C:\Users\phower64766\Documents\SO Demand - Usage.accdb ========== Files Created - No Company Name ========== [2011/12/26 15:54:55 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2011/12/26 15:54:53 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2011/12/26 15:54:53 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2011/12/26 15:54:53 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2011/12/26 15:54:53 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2011/12/26 13:48:55 | 000,000,905 | ---- | C] () -- C:\Users\phower64766\Desktop\NTREGOPT.lnk [2011/12/26 13:48:55 | 000,000,886 | ---- | C] () -- C:\Users\phower64766\Desktop\ERUNT.lnk [2011/12/24 10:31:32 | 000,000,115 | ---- | C] () -- C:\Users\phower64766\Desktop\fixme.reg [2011/12/24 10:27:41 | 000,001,119 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2011/12/24 10:27:41 | 000,001,107 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011/12/20 11:02:13 | 000,000,130 | ---- | C] () -- C:\Users\phower64766\Documents\amgi.dsn [2011/12/20 10:49:25 | 000,344,064 | ---- | C] () -- C:\Users\phower64766\Documents\Database22.accdb [2011/12/20 10:49:14 | 267,542,528 | ---- | C] () -- C:\Users\phower64766\Desktop\Critical Parts Rev2_Backup.accdb [2011/12/19 10:05:42 | 267,542,528 | ---- | C] () -- C:\Users\phower64766\Desktop\Critical Parts Rev2.accdb [2011/12/16 12:08:37 | 000,001,822 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2011/12/04 07:24:19 | 000,425,984 | ---- | C] () -- C:\Users\phower64766\Documents\SO Demand - Usage.accdb [2011/10/10 06:42:20 | 000,001,473 | ---- | C] () -- C:\Windows\System32\shortcut_ex.dat [2011/10/06 12:14:27 | 000,004,096 | -H-- | C] () -- C:\Users\phower64766\AppData\Local\keyfile3.drm [2011/08/29 06:45:15 | 000,000,218 | ---- | C] () -- C:\Windows\oraodbc.ini [2011/08/25 07:41:18 | 000,000,183 | ---- | C] () -- C:\Windows\hpbafd.ini [2011/08/12 08:16:45 | 000,004,764 | ---- | C] () -- C:\Windows\System32\CcmFramework.ini [2011/06/16 21:04:24 | 000,000,280 | ---- | C] () -- C:\Windows\System32\PGPsdk.dll.sig [2011/05/30 09:36:16 | 000,000,016 | ---- | C] () -- C:\Windows\System32\jgldog11.dll [2011/05/28 08:53:37 | 000,007,598 | ---- | C] () -- C:\Users\phower64766\AppData\Local\Resmon.ResmonCfg [2011/05/18 14:53:15 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat [2011/05/18 12:12:06 | 000,013,808 | ---- | C] () -- C:\Windows\System32\ad_driver.sys [2011/05/17 09:30:19 | 000,000,406 | ---- | C] () -- C:\Windows\ODBC.INI [2011/05/17 09:30:18 | 000,054,343 | ---- | C] () -- C:\Windows\bqmeta0.ini [2011/05/17 09:30:16 | 000,027,955 | ---- | C] () -- C:\Windows\bqformat.ini [2011/05/17 09:07:40 | 000,049,152 | ---- | C] () -- C:\Windows\adminset.exe [2011/05/17 08:50:45 | 000,075,354 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2011/05/17 08:43:40 | 000,816,792 | ---- | C] () -- C:\Windows\System32\drivers\pmxdrv.sys [2011/05/17 08:24:11 | 000,870,560 | ---- | C] () -- C:\Windows\System32\igkrng575.bin [2011/05/17 08:24:11 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll [2011/05/17 08:24:11 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll [2011/05/17 08:24:11 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config [2010/11/14 22:18:00 | 000,418,680 | ---- | C] () -- C:\Windows\System32\perfh012.dat [2010/11/14 22:18:00 | 000,157,694 | ---- | C] () -- C:\Windows\System32\perfi012.dat [2010/11/14 22:18:00 | 000,110,838 | ---- | C] () -- C:\Windows\System32\perfc012.dat [2010/11/14 22:18:00 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd012.dat [2010/11/14 22:09:08 | 000,141,988 | ---- | C] () -- C:\Windows\System32\perfi011.dat [2010/11/14 22:09:07 | 000,407,372 | ---- | C] () -- C:\Windows\System32\perfh011.dat [2010/11/14 22:09:07 | 000,112,550 | ---- | C] () -- C:\Windows\System32\perfc011.dat [2010/11/14 22:09:07 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd011.dat [2010/11/14 22:00:06 | 000,335,478 | ---- | C] () -- C:\Windows\System32\perfi010.dat [2010/11/14 22:00:05 | 000,713,720 | ---- | C] () -- C:\Windows\System32\perfh010.dat [2010/11/14 22:00:05 | 000,134,328 | ---- | C] () -- C:\Windows\System32\perfc010.dat [2010/11/14 22:00:05 | 000,037,534 | ---- | C] () -- C:\Windows\System32\perfd010.dat [2010/11/14 21:53:10 | 000,375,280 | ---- | C] () -- C:\Windows\System32\perfh00D.dat [2010/11/14 21:53:10 | 000,229,316 | ---- | C] () -- C:\Windows\System32\perfi00D.dat [2010/11/14 21:53:10 | 000,075,256 | ---- | C] () -- C:\Windows\System32\perfc00D.dat [2010/11/14 21:53:10 | 000,032,166 | ---- | C] () -- C:\Windows\System32\perfd00D.dat [2010/11/14 21:46:41 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2010/11/14 21:46:40 | 000,668,692 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2010/11/14 21:46:40 | 000,136,440 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2010/11/14 21:46:40 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2010/11/14 21:39:50 | 000,718,670 | ---- | C] () -- C:\Windows\System32\perfh00C.dat [2010/11/14 21:39:50 | 000,344,522 | ---- | C] () -- C:\Windows\System32\perfi00C.dat [2010/11/14 21:39:50 | 000,137,138 | ---- | C] () -- C:\Windows\System32\perfc00C.dat [2010/11/14 21:39:50 | 000,038,160 | ---- | C] () -- C:\Windows\System32\perfd00C.dat [2010/11/14 21:33:08 | 000,117,840 | ---- | C] () -- C:\Windows\System32\prfi0404.dat [2010/11/14 21:33:07 | 000,395,790 | ---- | C] () -- C:\Windows\System32\prfh0404.dat [2010/11/14 21:33:07 | 000,105,496 | ---- | C] () -- C:\Windows\System32\prfc0404.dat [2010/11/14 21:33:07 | 000,031,548 | ---- | C] () -- C:\Windows\System32\prfd0404.dat [2010/11/14 21:26:46 | 000,111,310 | ---- | C] () -- C:\Windows\System32\prfi0804.dat [2010/11/14 21:26:45 | 000,379,488 | ---- | C] () -- C:\Windows\System32\prfh0804.dat [2010/11/14 21:26:45 | 000,110,410 | ---- | C] () -- C:\Windows\System32\prfc0804.dat [2010/11/14 21:26:45 | 000,031,548 | ---- | C] () -- C:\Windows\System32\prfd0804.dat [2010/11/14 19:11:18 | 000,006,251 | ---- | C] () -- C:\Windows\saplogon.ini [2010/11/14 19:08:42 | 001,064,960 | ---- | C] () -- C:\Windows\System32\h5krnl32.dll [2010/11/14 19:08:42 | 000,188,928 | ---- | C] () -- C:\Windows\System32\h5icon32.dll [2010/11/14 19:08:42 | 000,175,616 | ---- | C] () -- C:\Windows\System32\h5menu32.dll [2010/11/14 19:08:42 | 000,095,744 | ---- | C] () -- C:\Windows\System32\h5rtf32.dll [2010/11/14 19:08:42 | 000,051,200 | ---- | C] () -- C:\Windows\System32\h5tool32.dll [2010/11/14 19:07:16 | 000,000,078 | ---- | C] () -- C:\Windows\init.ini [2010/11/14 18:34:19 | 000,000,470 | ---- | C] () -- C:\Windows\SMSCFG.INI [2010/07/29 01:31:12 | 000,127,868 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin [2010/07/29 01:31:10 | 000,104,796 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin [2009/07/13 21:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009/07/13 21:33:53 | 000,411,984 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009/07/13 19:05:48 | 000,639,608 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009/07/13 19:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009/07/13 19:05:48 | 000,112,736 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009/07/13 19:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009/07/13 19:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009/07/13 19:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009/07/13 17:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2009/07/13 16:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009/07/13 16:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2003/07/03 15:43:04 | 000,000,290 | ---- | C] () -- C:\Windows\brioqry6.ini ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011/05/18 14:17:41 | 000,000,000 | ---D | M] -- C:\Users\phower64766\AppData\Roaming\Adobe [2011/12/21 17:01:03 | 000,000,000 | ---D | M] -- C:\Users\phower64766\AppData\Roaming\Aktiaca [2011/10/28 19:30:23 | 000,000,000 | ---D | M] -- C:\Users\phower64766\AppData\Roaming\Apple Computer [2011/07/28 12:29:04 | 000,000,000 | ---D | M] -- C:\Users\phower64766\AppData\Roaming\BestOn [2011/05/29 11:17:41 | 000,000,000 | ---D | M] -- C:\Users\phower64766\AppData\Roaming\Cisco [2011/05/17 09:41:57 | 000,000,000 | ---D | M] -- C:\Users\phower64766\AppData\Roaming\ICAClient [2011/12/21 14:28:38 | 000,000,000 | ---D | M] -- C:\Users\phower64766\AppData\Roaming\Icox [2011/05/17 09:15:55 | 000,000,000 | ---D | M] -- C:\Users\phower64766\AppData\Roaming\Identities [2011/08/13 09:05:58 | 000,000,000 | ---D | M] -- C:\Users\phower64766\AppData\Roaming\Intel Corporation [2011/07/04 06:58:53 | 000,000,000 | ---D | M] -- C:\Users\phower64766\AppData\Roaming\Juniper Networks [2011/05/18 12:20:40 | 000,000,000 | ---D | M] -- C:\Users\phower64766\AppData\Roaming\Macromedia [2011/05/19 05:07:36 | 000,000,000 | ---D | M] -- C:\Users\phower64766\AppData\Roaming\Malwarebytes [2011/05/17 09:16:08 | 000,000,000 | ---D | M] -- C:\Users\phower64766\AppData\Roaming\McAfee [2009/07/14 00:20:18 | 000,000,000 | ---D | M] -- C:\Users\phower64766\AppData\Roaming\Media Center Programs [2011/11/28 15:29:27 | 000,000,000 | --SD | M] -- C:\Users\phower64766\AppData\Roaming\Microsoft [2011/12/24 10:28:18 | 000,000,000 | ---D | M] -- C:\Users\phower64766\AppData\Roaming\Mozilla [2011/12/07 15:30:01 | 000,000,000 | ---D | M] -- C:\Users\phower64766\AppData\Roaming\Odorapc [2011/12/07 16:00:43 | 000,000,000 | ---D | M] -- C:\Users\phower64766\AppData\Roaming\Oskayd [2011/11/08 01:33:15 | 000,000,000 | ---D | M] -- C:\Users\phower64766\AppData\Roaming\PGP Corporation [2011/07/22 11:28:53 | 000,000,000 | ---D | M] -- C:\Users\phower64766\AppData\Roaming\Prism Deploy [2011/12/26 10:34:13 | 000,000,000 | ---D | M] -- C:\Users\phower64766\AppData\Roaming\SAP [2011/06/13 10:13:13 | 000,000,000 | ---D | M] -- C:\Users\phower64766\AppData\Roaming\Skype [2011/12/26 10:41:22 | 000,000,000 | ---D | M] -- C:\Users\phower64766\AppData\Roaming\skypePM [2011/12/13 18:33:01 | 000,000,000 | ---D | M] -- C:\Users\phower64766\AppData\Roaming\smkits [2011/12/26 17:38:40 | 000,000,000 | ---D | M] -- C:\Users\phower64766\AppData\Roaming\SoftGrid Client [2011/08/13 09:05:57 | 000,000,000 | ---D | M] -- C:\Users\phower64766\AppData\Roaming\TFPU [2011/12/16 11:26:22 | 000,000,000 | ---D | M] -- C:\Users\phower64766\AppData\Roaming\webex [2011/05/20 07:57:31 | 000,000,000 | ---D | M] -- C:\Users\phower64766\AppData\Roaming\WinBatch [2011/06/02 11:57:54 | 000,000,000 | ---D | M] -- C:\Users\phower64766\AppData\Roaming\Xerox < %APPDATA%\*.exe /s > [2010/07/27 17:11:06 | 000,300,400 | ---- | M] (Juniper Networks") -- C:\Users\phower64766\AppData\Roaming\Juniper Networks\Host Checker\dsHostChecker.exe [2010/07/27 17:11:08 | 000,234,864 | ---- | M] (Juniper Networks) -- C:\Users\phower64766\AppData\Roaming\Juniper Networks\Host Checker\dsHostCheckerProxy.exe [2010/07/27 17:11:08 | 000,157,040 | ---- | M] () -- C:\Users\phower64766\AppData\Roaming\Juniper Networks\Host Checker\InstallHelper.exe [2010/07/27 17:11:18 | 000,056,072 | ---- | M] () -- C:\Users\phower64766\AppData\Roaming\Juniper Networks\Host Checker\uninstall.exe [2010/06/02 16:46:12 | 000,132,464 | ---- | M] () -- C:\Users\phower64766\AppData\Roaming\Juniper Networks\Setup Client\dsmmf.exe [2010/06/02 16:46:12 | 000,497,008 | ---- | M] (Juniper Networks) -- C:\Users\phower64766\AppData\Roaming\Juniper Networks\Setup Client\JuniperSetupClient.exe [2010/06/02 16:45:36 | 000,330,088 | ---- | M] () -- C:\Users\phower64766\AppData\Roaming\Juniper Networks\Setup Client\JuniperSetupClientOCX.exe [2010/06/02 16:44:10 | 000,218,232 | ---- | M] () -- C:\Users\phower64766\AppData\Roaming\Juniper Networks\Setup Client\JuniperSetupXP.exe [2010/06/02 16:46:18 | 000,050,840 | ---- | M] (Juniper Networks) -- C:\Users\phower64766\AppData\Roaming\Juniper Networks\Setup Client\uninstall.exe [2011/05/21 06:56:20 | 000,162,720 | ---- | M] () -- C:\Users\phower64766\AppData\Roaming\Juniper Networks\Setup Client\x86_Microsoft.VC80.CRTP_8.0.50727.762.exe [2011/05/21 06:56:18 | 000,292,768 | ---- | M] () -- C:\Users\phower64766\AppData\Roaming\Juniper Networks\Setup Client\x86_Microsoft.VC80.CRTR_8.0.50727.762.exe [2004/09/13 00:00:00 | 001,916,928 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Users\phower64766\AppData\Roaming\Prism Deploy\Ptclient.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009/07/13 18:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\ERDNT\cache\AGP440.sys [2009/07/13 18:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009/07/13 18:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys [2009/07/13 18:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys < MD5 for: ATAPI.SYS > [2009/07/13 18:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\ERDNT\cache\atapi.sys [2009/07/13 18:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009/07/13 18:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys [2009/07/13 18:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys < MD5 for: BEEP.SYS > [2009/07/13 16:45:01 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=505506526A9D467307B3C393DEDAF858 -- C:\Windows\ERDNT\cache\beep.sys [2009/07/13 16:45:01 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=505506526A9D467307B3C393DEDAF858 -- C:\Windows\System32\drivers\beep.sys [2009/07/13 16:45:01 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=505506526A9D467307B3C393DEDAF858 -- C:\Windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.1.7600.16385_none_c3f6f77668f0ddcc\beep.sys < MD5 for: CNGAUDIT.DLL > [2009/07/13 18:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache\cngaudit.dll [2009/07/13 18:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009/07/13 18:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: EVENTLOG.DLL > [2004/11/15 09:37:52 | 000,028,672 | ---- | M] () MD5=9937F303C344C00849E8E5CA26CED439 -- C:\oracle\product\10.2.0\client_1\perl\site\5.8.3\lib\MSWin32-x86-multi-thread\auto\Win32\EventLog\EventLog.dll < MD5 for: IASTOR.SYS > [2010/11/05 22:39:18 | 000,354,840 | ---- | M] (Intel Corporation) MD5=F4037A3FEDB92DD97C95F320766EA5C9 -- C:\Windows\System32\drivers\iaStor.sys [2010/11/05 22:39:18 | 000,354,840 | ---- | M] (Intel Corporation) MD5=F4037A3FEDB92DD97C95F320766EA5C9 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_c1d4bb208009ee37\iaStor.sys < MD5 for: IASTORV.SYS > [2009/07/13 18:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys [2009/07/13 18:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys [2009/07/13 18:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009/07/13 18:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\ERDNT\cache\netlogon.dll [2009/07/13 18:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll [2009/07/13 18:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2009/07/13 18:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys [2009/07/13 18:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys [2009/07/13 18:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009/07/13 18:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\ERDNT\cache\scecli.dll [2009/07/13 18:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll [2009/07/13 18:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll < MD5 for: THEMEUI.DLL > [2009/07/13 18:16:16 | 002,755,072 | ---- | M] (Microsoft Corporation) MD5=BA25800813148F910A600B6DE1F78B2B -- C:\Windows\System32\themeui.dll [2009/07/13 18:16:16 | 002,755,072 | ---- | M] (Microsoft Corporation) MD5=BA25800813148F910A600B6DE1F78B2B -- C:\Windows\winsxs\x86_microsoft-windows-themeui_31bf3856ad364e35_6.1.7600.16385_none_84d4ec967cd4beac\themeui.dll < MD5 for: USERINIT.EXE > [2009/07/13 18:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\ERDNT\cache\userinit.exe [2009/07/13 18:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe [2009/07/13 18:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009/07/13 18:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll [2009/07/13 18:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll < > ========== Files - Unicode (All) ========== [2011/05/18 13:42:00 | 001,359,590 | ---- | C] ()(C:\Users\phower64766\Desktop\???.JPG) -- C:\Users\phower64766\Desktop\潘好乐.JPG [2011/01/02 12:36:58 | 001,359,590 | ---- | M] ()(C:\Users\phower64766\Desktop\???.JPG) -- C:\Users\phower64766\Desktop\潘好乐.JPG < End of report >