phower2112

Members
  • Content count

    32
  • Joined

  • Last visited

About phower2112

  • Rank
    New Member
  1. Maurice, I deleted it and the other two folders weren't present. I really appreciate the time you took to help me. Take care, Pat
  2. Hi Maurice, Well..this is frustrating. My McAfee Virus Scan SW thinks this is a Trojan virus and will not allow me to download. Again, from the beginning of our conversation, I cannot disable my Corporate Virus SW...
  3. Hi...Still didn't work
  4. Hi.. Sorry for the late reply. Still named uninstall.exe - on the desktop
  5. OTL ran and deleted itself. But, combofix is still there. Can I just delete?
  6. I renamed combofix as you requested and ran as Admin - and it extracts the files and tries to run?
  7. Hi Maurice, Since we'be been working together on this, I haven't performed any operation outside of your requests. Other than the wireless issue, both IE and Firefox seem to be functioning as expected. All processes killed ========== PROCESSES ========== ========== FILES ========== recycler not found in C:\ File\Folder c:\progra~1\wi3c8a~1\datamngr\toolbar\searchqudtx.dll not found. ========== REGISTRY ========== Registry delete failed. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ scheduled to be deleted on reboot. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found. ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: All Users User: AT ->Temp folder emptied: 0 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: phower64766 ->Temp folder emptied: 5817090 bytes ->Temporary Internet Files folder emptied: 69464037 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 55661637 bytes ->Flash cache emptied: 16055 bytes User: Public ->Temp folder emptied: 0 bytes User: rvaliantx037575 ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 312990 bytes RecycleBin emptied: 14885188 bytes Total Files Cleaned = 139.00 mb [EMPTYFLASH] User: Administrator ->Flash cache emptied: 0 bytes User: All Users User: AT User: Default User: Default User User: phower64766 ->Flash cache emptied: 0 bytes User: Public User: rvaliantx037575 Total Flash Files Cleaned = 0.00 mb OTL by OldTimer - Version 3.2.31.0 log created on 12292011_062924 Files\Folders moved on Reboot... C:\Windows\temp\FXSAPIDebugLogFile.txt moved successfully. C:\Windows\temp\FXSTIFFDebugLogFile.txt moved successfully. File\Folder C:\Windows\temp\nsd_tmp_2028.tmp not found! Registry entries deleted on Reboot... Registry delete failed. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ scheduled to be deleted on reboot. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
  8. Malwarebytes Anti-Malware 1.60.0.1800 www.malwarebytes.org Database version: v2011.12.28.02 Windows 7 x86 NTFS Internet Explorer 8.0.7600.16385 PHower64766 :: 1B092539H [administrator] 12/28/2011 5:39:15 AM mbam-log-2011-12-28 (05-39-15).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 471827 Time elapsed: 1 hour(s), 48 minute(s), 54 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) OTL logfile created on: 12/28/2011 7:35:04 AM - Run 4 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\phower64766\Desktop Enterprise Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.86 Gb Total Physical Memory | 0.20 Gb Available Physical Memory | 6.83% Memory free 5.72 Gb Paging File | 2.20 Gb Available in Paging File | 38.54% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 119.24 Gb Total Space | 19.54 Gb Free Space | 16.38% Space Free | Partition Type: NTFS Computer Name: 1B092539H | User Name: PHower64766 | NOT logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011/12/26 12:01:54 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\phower64766\Desktop\OTL.exe PRC - [2011/12/24 17:50:16 | 000,981,680 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe PRC - [2011/12/21 00:24:51 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2011/11/09 23:04:50 | 000,370,504 | ---- | M] (Splashtop Inc.) -- C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe PRC - [2011/10/24 17:02:04 | 000,520,040 | ---- | M] (Splashtop Inc.) -- C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe PRC - [2011/10/24 17:02:00 | 002,468,200 | ---- | M] (Splashtop Inc.) -- C:\Program Files\Splashtop\Splashtop Remote\Server\SRServer.exe PRC - [2011/10/24 17:00:40 | 001,922,920 | ---- | M] () -- C:\Program Files\Splashtop\Splashtop Remote\Server\DataProxy.exe PRC - [2011/07/15 21:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2011/06/16 21:04:24 | 000,166,520 | ---- | M] (PGP Corporation) -- C:\Program Files\PGP Corporation\PGP Desktop\RDDService.exe PRC - [2011/06/16 21:04:24 | 000,135,288 | ---- | M] (PGP Corporation) -- C:\Windows\System32\PGPserv.exe PRC - [2011/04/10 14:25:00 | 000,146,535 | ---- | M] (Sase Sham, Inc.) -- C:\Program Files\Wireless AutoSwitch\WrlsAutoSW.exs PRC - [2011/03/02 10:07:04 | 002,745,760 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe PRC - [2011/02/11 11:39:56 | 012,854,680 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\NetBackup DLO\DLO\DLOClientu.exe PRC - [2011/02/11 11:39:48 | 000,968,088 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\NetBackup DLO\DLO\DLOChangeLogSvcu.exe PRC - [2011/01/28 11:08:16 | 001,349,032 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TECO\Teco.exe PRC - [2011/01/14 17:19:42 | 002,885,056 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe PRC - [2011/01/12 15:05:00 | 000,185,664 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe PRC - [2011/01/12 15:05:00 | 000,161,088 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe PRC - [2011/01/12 15:05:00 | 000,120,128 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe PRC - [2011/01/12 15:05:00 | 000,075,072 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\McTray.exe PRC - [2010/12/08 14:51:14 | 000,189,880 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TECO\TecoService.exe PRC - [2010/11/14 19:04:58 | 000,231,888 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10h_ActiveX.exe PRC - [2010/11/05 22:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010/11/05 22:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe PRC - [2010/11/04 10:03:40 | 000,783,224 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TFPU\TFPUTaskMonitor.exe PRC - [2010/11/02 09:38:00 | 000,341,392 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe PRC - [2010/09/16 07:13:50 | 002,538,520 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe PRC - [2010/09/16 07:13:46 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe PRC - [2010/09/16 07:13:40 | 001,522,200 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe PRC - [2010/09/06 15:18:00 | 000,746,384 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe PRC - [2010/08/25 19:07:00 | 000,147,984 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe PRC - [2010/08/25 19:07:00 | 000,069,192 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe PRC - [2010/08/25 19:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe PRC - [2010/08/25 19:07:00 | 000,027,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe PRC - [2010/08/25 19:07:00 | 000,022,816 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe PRC - [2010/08/23 15:12:00 | 000,677,264 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe PRC - [2010/08/23 15:12:00 | 000,087,440 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe PRC - [2010/08/12 20:47:58 | 015,895,392 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE PRC - [2010/08/11 09:26:32 | 000,031,624 | ---- | M] (IBM Corp) -- C:\Program Files\IBM\Lotus\Notes\nslsvice.exe PRC - [2010/08/11 09:26:10 | 003,417,480 | ---- | M] (IBM) -- C:\Program Files\IBM\Lotus\Notes\nsd.exe PRC - [2010/07/27 16:52:26 | 000,984,432 | ---- | M] (Juniper Networks) -- C:\Program Files\Juniper Networks\Network Connect 6.5.0\dsNetworkConnect.exe PRC - [2010/07/27 16:52:26 | 000,623,984 | ---- | M] (Juniper Networks) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe PRC - [2010/06/30 19:21:22 | 005,143,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office Communicator\communicator.exe PRC - [2010/06/17 17:11:56 | 002,043,712 | ---- | M] (AuthenTec, Inc.) -- C:\Program Files\Fingerprint Sensor\AtService.exe PRC - [2010/06/02 16:46:12 | 000,497,008 | ---- | M] (Juniper Networks) -- C:\Users\phower64766\AppData\Roaming\Juniper Networks\Setup Client\JuniperSetupClient.exe PRC - [2010/06/02 16:26:20 | 000,132,464 | ---- | M] (Juniper Networks) -- C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe PRC - [2010/05/11 16:22:04 | 007,824,896 | ---- | M] (AccessData Corporation) -- C:\Program Files\AccessData\Agent\ADService.exe PRC - [2010/04/12 09:46:00 | 000,152,944 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe PRC - [2010/03/29 19:26:00 | 000,227,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE PRC - [2010/03/16 01:58:36 | 000,718,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE PRC - [2010/03/02 09:24:26 | 000,888,752 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TFPU\TFPUPWDBank.exe PRC - [2010/02/25 17:25:00 | 000,288,224 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosSkypeApl.exe PRC - [2009/10/30 22:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009/10/28 07:49:46 | 000,209,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2009/10/28 07:49:40 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe PRC - [2009/09/18 02:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CCM\CcmExec.exe PRC - [2009/07/13 18:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009/07/13 18:14:15 | 000,301,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe PRC - [2009/04/03 17:17:00 | 000,447,816 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe PRC - [2007/01/21 21:33:24 | 000,153,352 | ---- | M] (EMC) -- C:\Program Files\eRoom 7\ERClient7.exe ========== Modules (No Company Name) ========== MOD - [2011/12/21 00:24:51 | 002,124,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll MOD - [2011/11/04 20:15:24 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\655ed19f57b30488bf4c407ae1bc8fc6\IAStorUtil.ni.dll MOD - [2011/11/04 20:15:24 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\9cdcbab4b98eff0399edc83e8728c516\IAStorCommon.ni.dll MOD - [2011/11/04 15:43:38 | 003,313,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d9f057ed30e6941d47a8754bf0bcadea\WindowsBase.ni.dll MOD - [2011/11/04 15:43:33 | 012,431,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d76221993c2fdfb991b8c12ae50a30eb\System.Windows.Forms.ni.dll MOD - [2011/11/04 15:43:23 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\018d2569cf208acbe8ad73908705f607\System.Runtime.Remoting.ni.dll MOD - [2011/11/04 15:43:17 | 011,807,744 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5a95ba97100404e2ab26b5a9ab9ef965\System.Web.ni.dll MOD - [2011/11/04 15:43:11 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\0e245eb9c1067cabd5673fe832d28613\System.Drawing.ni.dll MOD - [2011/11/04 15:43:08 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\275680f2b9db0501d53c50ea7d7a43f0\System.Xml.ni.dll MOD - [2011/11/04 15:43:05 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e9ebeb7959f1c916ebf6fca8f7077d6c\System.Configuration.ni.dll MOD - [2011/11/04 15:42:53 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\95b9866ab6e4437ef5dc5855ebab4e33\System.ni.dll MOD - [2011/11/04 15:42:44 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011/01/08 10:49:22 | 000,295,800 | ---- | M] () -- C:\Program Files\Toshiba\TFPU\TFPUCommon.dll MOD - [2010/12/15 14:18:08 | 000,107,936 | ---- | M] () -- C:\Program Files\Toshiba\TECO\MUIHelp.dll MOD - [2010/03/24 20:17:36 | 008,794,464 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll MOD - [2010/02/28 01:55:42 | 001,040,736 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll MOD - [2010/01/30 01:41:12 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF MOD - [2008/05/19 09:32:20 | 001,212,416 | ---- | M] () -- C:\Program Files\BestOn\EZVirtual Cam\EZVirtualCamDLL.dll MOD - [2007/10/08 08:33:34 | 000,053,248 | ---- | M] () -- C:\Program Files\BestOn\EZVirtual Cam\EZVirtualCam.ax MOD - [2007/09/21 16:19:16 | 000,176,128 | ---- | M] () -- C:\Program Files\BestOn\EZVirtual Cam\FinalTrial.dll MOD - [2007/09/21 15:55:40 | 000,327,680 | ---- | M] () -- C:\Program Files\BestOn\EZVirtual Cam\EZVerify.dll MOD - [2007/09/21 10:47:54 | 000,196,608 | ---- | M] () -- C:\Program Files\BestOn\EZVirtual Cam\Detector.dll MOD - [2007/05/18 20:22:06 | 000,698,432 | ---- | M] () -- C:\Program Files\BestOn\EZVirtual Cam\libmng.dll MOD - [2007/04/18 18:30:46 | 000,471,040 | ---- | M] () -- C:\Program Files\McAfee\Common Framework\ccme_base.dll MOD - [2007/04/18 18:30:46 | 000,393,216 | ---- | M] () -- C:\Program Files\McAfee\Common Framework\cryptocme2.dll MOD - [2007/01/21 21:33:28 | 000,087,816 | ---- | M] () -- C:\Program Files\eRoom 7\Res\ResAddin7409.dll ========== Win32 Services (SafeList) ========== SRV - [2011/11/09 23:04:50 | 000,370,504 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe -- (SSUService) SRV - [2011/10/24 17:02:04 | 000,520,040 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe -- (SplashtopRemoteService) SRV - [2011/06/16 21:04:24 | 000,166,520 | ---- | M] (PGP Corporation) [Auto | Running] -- C:\Program Files\PGP Corporation\PGP Desktop\RDDService.exe -- (PGP RDD Service) SRV - [2011/06/16 21:04:24 | 000,135,288 | ---- | M] (PGP Corporation) [Auto | Running] -- C:\Windows\System32\PGPserv.exe -- (PGPserv) SRV - [2011/06/11 20:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2011/04/10 14:25:00 | 000,146,535 | ---- | M] (Sase Sham, Inc.) [Auto | Running] -- C:\Program Files\Wireless AutoSwitch\WrlsAutoSW.exs -- (Wireless_AutoSwitch) SRV - [2011/02/11 11:39:48 | 000,968,088 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\NetBackup DLO\DLO\DLOChangeLogSvcu.exe -- (DLOChangeJournalSvc) SRV - [2011/01/12 15:05:00 | 000,120,128 | ---- | M] (McAfee, Inc.) [unknown | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework) SRV - [2010/12/08 14:51:14 | 000,189,880 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service) SRV - [2010/11/05 22:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel® SRV - [2010/09/16 07:13:50 | 002,538,520 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel® SRV - [2010/09/16 07:13:46 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel® SRV - [2010/08/25 19:07:00 | 000,147,984 | ---- | M] (McAfee, Inc.) [unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield) SRV - [2010/08/25 19:07:00 | 000,069,192 | ---- | M] (McAfee, Inc.) [unknown | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp) SRV - [2010/08/25 19:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) [unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager) SRV - [2010/08/25 19:07:00 | 000,022,816 | ---- | M] (McAfee, Inc.) [unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe -- (McAfeeEngineService) SRV - [2010/08/11 09:27:12 | 000,058,760 | ---- | M] (IBM Corp) [Disabled | Stopped] -- C:\Program Files\IBM\Lotus\Notes\ntmulti.exe -- (Multi-user Cleanup Service) SRV - [2010/08/11 09:26:32 | 000,031,624 | ---- | M] (IBM Corp) [Auto | Running] -- C:\Program Files\IBM\Lotus\Notes\nslsvice.exe -- (Lotus Notes Single Logon) SRV - [2010/08/11 09:26:10 | 003,417,480 | ---- | M] (IBM) [Auto | Running] -- C:\Program Files\IBM\Lotus\Notes\nsd.exe -- (Lotus Notes Diagnostics) SRV - [2010/07/27 16:52:26 | 000,623,984 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService) SRV - [2010/06/17 17:11:56 | 002,043,712 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Program Files\Fingerprint Sensor\AtService.exe -- (ATService) SRV - [2010/06/02 16:26:20 | 000,132,464 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe -- (JuniperAccessService) SRV - [2010/05/11 16:22:04 | 007,824,896 | ---- | M] (AccessData Corporation) [Auto | Running] -- C:\Program Files\AccessData\Agent\ADService.exe -- (ADService) SRV - [2010/04/12 09:46:00 | 000,152,944 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service) SRV - [2009/10/28 07:49:46 | 000,209,256 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2009/10/28 07:49:40 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2009/09/18 02:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\CCM\CcmExec.exe -- (CcmExec) SRV - [2009/09/18 02:00:00 | 000,246,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\CCM\TSManager.exe -- (smstsmgr) SRV - [2009/07/13 18:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009/07/13 18:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/07/13 18:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009/07/13 18:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2000/10/19 11:55:50 | 000,411,244 | ---- | M] () [On_Demand | Stopped] -- C:\orant\bin\ONRSD.EXE -- (OracleOraHome81ClientCache) ========== Driver Services (SafeList) ========== DRV - [2011/12/28 05:38:59 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2011/12/27 10:59:32 | 000,013,808 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\ad_driver.sys -- (ad_driver) DRV - [2011/06/16 21:04:24 | 000,303,224 | ---- | M] (PGP Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\PGPwded.sys -- (PGPwded) DRV - [2011/06/16 21:04:24 | 000,243,832 | ---- | M] (PGP Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PGPdisk.sys -- (PGPdisk) DRV - [2011/06/16 21:04:24 | 000,040,568 | ---- | M] (PGP Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PGPsdk.sys -- (PGPsdkDriver) DRV - [2011/06/16 21:04:22 | 000,136,824 | ---- | M] (PGP Corporation) [File_System | Boot | Running] -- C:\Windows\System32\Drivers\PGPfsfd.sys -- (pgpfs) DRV - [2011/06/16 21:04:22 | 000,013,944 | ---- | M] (PGP Corporation) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Pgpwdefs.sys -- (Pgpwdefs) DRV - [2011/05/17 08:44:27 | 000,816,792 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pmxdrv.sys -- (pmxdrv) DRV - [2011/02/23 10:03:04 | 000,235,824 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd) DRV - [2011/01/27 14:26:16 | 000,056,888 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb) DRV - [2010/11/29 10:47:00 | 000,070,448 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom) DRV - [2010/11/11 09:26:00 | 000,042,672 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp) DRV - [2010/10/18 03:20:48 | 007,122,944 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETwNs32.sys -- (NETwNs32) ___ Intel® DRV - [2010/08/30 09:48:00 | 000,080,064 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid) DRV - [2010/08/25 19:07:00 | 000,344,712 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mfehidk.sys -- (mfehidk) DRV - [2010/08/25 19:07:00 | 000,091,896 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk) DRV - [2010/08/25 19:07:00 | 000,076,024 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk) DRV - [2010/08/25 19:07:00 | 000,066,536 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet) DRV - [2010/08/25 19:07:00 | 000,064,208 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfetdik.sys -- (mfetdik) DRV - [2010/08/25 19:07:00 | 000,043,192 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk) DRV - [2010/07/27 16:26:06 | 000,026,624 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dsNcAdpt.sys -- (dsNcAdpt) DRV - [2010/06/21 14:14:36 | 000,246,272 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) Intel® DRV - [2010/06/18 15:44:00 | 000,015,160 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec) DRV - [2010/06/17 17:30:04 | 000,677,320 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATSwpWDF.sys -- (ATSwpWDF) DRV - [2010/04/26 10:48:00 | 000,053,760 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\TosRfSnd.sys -- (TosRfSnd) DRV - [2010/04/21 09:36:58 | 006,764,544 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32) Intel® DRV - [2010/04/13 23:01:48 | 000,045,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt) DRV - [2010/04/12 07:26:26 | 000,024,000 | ---- | M] (Cisco Systems) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CipcCdp.sys -- (CipcCdp) DRV - [2010/03/12 17:22:18 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2pl) DRV - [2010/02/26 16:31:22 | 000,132,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd) DRV - [2010/02/24 11:09:38 | 000,141,568 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nusb3xhc.sys -- (nusb3xhc) DRV - [2010/02/24 11:09:38 | 000,060,544 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nusb3hub.sys -- (nusb3hub) DRV - [2009/12/31 02:22:09 | 000,295,936 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm) DRV - [2009/11/27 20:48:00 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\risdpe86.sys -- (risdpcie) DRV - [2009/10/28 07:49:46 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol) DRV - [2009/10/28 07:49:44 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir) DRV - [2009/10/28 07:49:42 | 000,195,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay) DRV - [2009/10/28 07:49:38 | 000,550,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs) DRV - [2009/09/23 18:09:56 | 000,208,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1k6232.sys -- (e1kexpress) Intel® DRV - [2009/09/22 18:19:31 | 000,055,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr) DRV - [2009/09/22 18:18:08 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb) DRV - [2009/09/22 18:18:07 | 000,165,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus) DRV - [2009/09/18 02:00:00 | 000,020,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\CCM\PrepDrv.sys -- (prepdrvr) DRV - [2009/09/17 09:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel® DRV - [2009/07/24 10:31:00 | 000,021,608 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds) DRV - [2009/07/14 13:23:16 | 000,023,512 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ.SYS -- (TVALZ) DRV - [2009/07/13 18:19:10 | 000,445,008 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\drivers\Wdf01000.sys -- (Wdf01000) DRV - [2009/07/13 18:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc) DRV - [2009/07/13 16:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009/07/13 16:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2009/07/13 16:28:49 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netvsc60.sys -- (netvsc) DRV - [2009/07/13 16:28:48 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusVideoM.sys -- (SynthVid) DRV - [2009/07/13 16:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap) DRV - [2009/07/13 16:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID) DRV - [2009/07/13 16:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM) DRV - [2009/07/13 15:02:49 | 000,052,224 | ---- | M] (Microsoft Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dc21x4vm.sys -- (dc21x4vm) DRV - [2009/06/19 09:58:00 | 000,009,608 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\Toshidpt.sys -- (toshidpt) DRV - [2009/06/17 11:59:00 | 000,046,984 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://InsideApplied IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 84 77 96 36 F4 C4 CC 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://insideapplied/" FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C1CA7765-44E4-452e-9D00-A04F3D434281}: C:\Program Files\TOSHIBA\TFPU\FirefoxAddin [2011/08/13 08:58:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/27 05:29:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/27 05:29:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\phower64766\AppData\Roaming\mozilla\Extensions [2011/12/27 05:29:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011/12/21 00:24:52 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011/12/20 21:30:41 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011/12/20 21:30:41 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml O1 HOSTS File: ([2011/12/28 05:34:26 | 000,000,219 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts O1 - Hosts: 152.135.176.36 us.econnect.amat.com O1 - Hosts: ÿþ1 O2 - BHO: (TFPUPWDBankBHO Class) - {030AC7B6-E7EC-40F1-8FB2-C0FD344DE0B9} - C:\Program Files\Toshiba\TFPU\TFPUPWDBankBHO.dll (TODO: <Company name>) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found. O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Microsoft.Medv.UrlRedirectionBHO Class) - {C26B6E5C-9D27-43C7-AAB4-F8A64C09F4DC} - C:\Program Files\Microsoft Enterprise Desktop Virtualization\BHO\x86\UrlRedirectionBHO.dll (Microsoft Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [bCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [CfgDownload] C:\Program Files\IXOS\bin\CfgDownload.exe (IXOS SOFTWARE AG) O4 - HKLM..\Run: [Cisco IP Communicator 7.0.4] C:\Windows\IS\Logs\Cisco.IPCommunicator\7.0.4\LaunchNotice.vbs () O4 - HKLM..\Run: [Communicator] C:\Program Files\Microsoft Office Communicator\communicator.exe (Microsoft Corporation) O4 - HKLM..\Run: [iAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [iMSS] C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation) O4 - HKLM..\Run: [iTSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.) O4 - HKLM..\Run: [shStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.) O4 - HKLM..\Run: [softGridTray] C:\Program Files\Microsoft Application Virtualization Client\SFTTray.exe (Microsoft Corporation) O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jaureg.exe () O4 - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [TFPUPWDBankService] C:\Program Files\TOSHIBA\TFPU\TFPUPWDBank.exe (TOSHIBA) O4 - HKLM..\Run: [TFPUService] C:\Program Files\TOSHIBA\TFPU\TFPUTaskMonitor.exe (TOSHIBA) O4 - HKLM..\Run: [TosVolRegulator] C:\Program Files\Toshiba\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [TSleepSrv] C:\Program Files\Toshiba\TOSHIBA Sleep Utility\TSleepSrv.exe (TOSHIBA) O4 - HKCU..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation) O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\phower64766\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor My eRooms (V7).lnk = C:\Program Files\eRoom 7\ERClient7.exe (EMC) O4 - Startup: C:\Users\phower64766\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWebServices = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPublishingWizard = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\kerberos\parameters: supportedencryptiontypes = 2147483647 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogOff = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisablePersonalDirChange = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\PGPlsp.dll (PGP Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\PGPlsp.dll (PGP Corporation) O15 - HKCU\..Trusted Domains: adp.com ([]https in Trusted sites) O15 - HKCU\..Trusted Domains: myworkday.com ([]https in Trusted sites) O15 - HKCU\..Trusted Domains: workday.com ([]https in Trusted sites) O16 - DPF: {6E2510E6-BF2D-4C78-9F28-2F5C8760F124} https://eroom.intel.com/eRoomSetup/client.cab (ERPageAddin Class) O16 - DPF: {75AA409D-05F9-4F27-BD53-C7339D4B1D0A} http://emamat09.mis.amat.com/dwa85W.cab (IBM Lotus iNotes 8.5 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.) O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://juniper.net/dana-cached/setup/JuniperSetupSP1.cab (JuniperSetupControlXP Class) O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://us.econnect.amat.com/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 152.135.191.189 152.135.192.20 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = amat.com O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{28D4F158-92F4-4239-9051-7BBBC5FB1E26}: DhcpNameServer = 152.135.114.13 152.135.191.191 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8DFAD3DE-F443-4D84-A1F1-1BFE8CFB6B3A}: DhcpNameServer = 192.168.0.1 205.171.2.25 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AE1E0727-5801-45FF-A6F4-1EB394ED62A1}: DhcpNameServer = 152.135.191.189 152.135.192.20 O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP, Walldorf) O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP, Walldorf) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - AppInit_DLLs: (C:\Windows\System32\PGPmapih.dll) -C:\Windows\System32\PGPmapih.dll (PGP Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011/12/28 05:38:40 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011/12/28 05:36:31 | 010,847,608 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\phower64766\Desktop\mbam-setup-1.60.0.1800.exe [2011/12/27 17:32:36 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\phower64766\Desktop\mbam-setup-1.51.2.1300.exe [2011/12/27 09:31:25 | 000,000,000 | ---D | C] -- C:\Users\phower64766\AppData\Local\Adobe [2011/12/27 05:29:09 | 000,000,000 | ---D | C] -- C:\Users\phower64766\AppData\Roaming\Mozilla [2011/12/26 18:53:00 | 000,000,000 | ---D | C] -- C:\Users\phower64766\Desktop\backups [2011/12/26 17:36:02 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\phower64766\Desktop\HijackThis.exe [2011/12/26 16:42:21 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2011/12/26 16:42:16 | 000,000,000 | ---D | C] -- C:\Users\phower64766\AppData\Local\temp [2011/12/26 15:54:55 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2011/12/26 15:54:53 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2011/12/26 15:54:53 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2011/12/26 15:54:33 | 000,000,000 | ---D | C] -- C:\ComboFix [2011/12/26 15:45:01 | 000,000,000 | ---D | C] -- C:\Qoobox [2011/12/26 15:42:24 | 004,352,855 | R--- | C] (Swearware) -- C:\Users\phower64766\Desktop\ComboFix.exe [2011/12/26 13:51:57 | 000,000,000 | ---D | C] -- C:\_OTL [2011/12/26 13:50:22 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2011/12/26 13:48:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT [2011/12/26 13:48:53 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT [2011/12/26 13:47:49 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\phower64766\Desktop\erunt-setup.exe [2011/12/26 12:01:53 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\phower64766\Desktop\OTL.exe [2011/12/26 07:53:51 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\phower64766\Desktop\dds.scr [2011/12/24 10:28:08 | 000,000,000 | ---D | C] -- C:\Users\phower64766\AppData\Local\Mozilla [2011/12/24 10:27:36 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2011/12/24 10:21:08 | 000,000,000 | ---D | C] -- C:\Users\phower64766\AppData\Local\Apple Computer [2011/12/24 10:19:18 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\phower64766\Desktop\GooredFix.exe [2011/12/23 14:52:26 | 001,578,288 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\phower64766\Desktop\TDSSKiller.exe [2011/12/20 13:07:54 | 000,000,000 | ---D | C] -- C:\Users\phower64766\AppData\Roaming\Icox [2011/12/20 13:07:54 | 000,000,000 | ---D | C] -- C:\Users\phower64766\AppData\Roaming\Aktiaca [2011/12/16 12:08:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2011/12/16 12:07:51 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [2011/12/16 12:00:56 | 000,000,000 | ---D | C] -- C:\Config.Msi [2011/12/15 15:19:16 | 000,000,000 | ---D | C] -- C:\orant [2011/12/15 12:29:04 | 000,000,000 | ---D | C] -- C:\Users\phower64766\AppData\Local\ApplicationHistory [2011/12/13 18:33:01 | 000,000,000 | ---D | C] -- C:\Users\phower64766\AppData\Roaming\smkits [2011/12/13 07:07:48 | 000,000,000 | ---D | C] -- C:\Users\phower64766\Documents\Staff [2011/12/09 08:03:13 | 000,000,000 | ---D | C] -- C:\Users\phower64766\AppData\Local\Apps [2011/11/28 15:29:02 | 000,000,000 | ---D | C] -- C:\Users\phower64766\AppData\Roaming\Oskayd [2011/11/28 15:29:02 | 000,000,000 | ---D | C] -- C:\Users\phower64766\AppData\Roaming\Odorapc [2010/07/29 00:50:54 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll ========== Files - Modified Within 30 Days ========== [2011/12/28 05:38:59 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011/12/28 05:38:37 | 000,001,078 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2011/12/28 05:36:45 | 010,847,608 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\phower64766\Desktop\mbam-setup-1.60.0.1800.exe [2011/12/28 05:34:26 | 000,000,219 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts [2011/12/27 17:32:36 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\phower64766\Desktop\mbam-setup-1.51.2.1300.exe [2011/12/27 16:28:21 | 000,012,064 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011/12/27 16:28:21 | 000,012,064 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011/12/27 11:07:53 | 000,718,670 | ---- | M] () -- C:\Windows\System32\perfh00C.dat [2011/12/27 11:07:53 | 000,713,720 | ---- | M] () -- C:\Windows\System32\perfh010.dat [2011/12/27 11:07:53 | 000,668,692 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011/12/27 11:07:53 | 000,639,608 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011/12/27 11:07:53 | 000,418,680 | ---- | M] () -- C:\Windows\System32\perfh012.dat [2011/12/27 11:07:53 | 000,407,372 | ---- | M] () -- C:\Windows\System32\perfh011.dat [2011/12/27 11:07:53 | 000,395,790 | ---- | M] () -- C:\Windows\System32\prfh0404.dat [2011/12/27 11:07:53 | 000,379,488 | ---- | M] () -- C:\Windows\System32\prfh0804.dat [2011/12/27 11:07:53 | 000,375,280 | ---- | M] () -- C:\Windows\System32\perfh00D.dat [2011/12/27 11:07:53 | 000,137,138 | ---- | M] () -- C:\Windows\System32\perfc00C.dat [2011/12/27 11:07:53 | 000,136,440 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011/12/27 11:07:53 | 000,134,328 | ---- | M] () -- C:\Windows\System32\perfc010.dat [2011/12/27 11:07:53 | 000,112,736 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011/12/27 11:07:53 | 000,112,550 | ---- | M] () -- C:\Windows\System32\perfc011.dat [2011/12/27 11:07:53 | 000,110,838 | ---- | M] () -- C:\Windows\System32\perfc012.dat [2011/12/27 11:07:53 | 000,110,410 | ---- | M] () -- C:\Windows\System32\prfc0804.dat [2011/12/27 11:07:53 | 000,105,496 | ---- | M] () -- C:\Windows\System32\prfc0404.dat [2011/12/27 11:07:53 | 000,075,256 | ---- | M] () -- C:\Windows\System32\perfc00D.dat [2011/12/27 11:00:12 | 000,000,470 | ---- | M] () -- C:\Windows\SMSCFG.INI [2011/12/27 10:59:32 | 000,013,808 | ---- | M] () -- C:\Windows\System32\ad_driver.sys [2011/12/27 10:59:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011/12/27 10:59:25 | 2303,004,672 | -HS- | M] () -- C:\hiberfil.sys [2011/12/27 05:31:17 | 000,012,797 | ---- | M] () -- C:\Users\phower64766\Desktop\hijackthis1 [2011/12/27 05:29:06 | 000,001,107 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011/12/26 17:36:02 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\phower64766\Desktop\HijackThis.exe [2011/12/26 15:42:39 | 004,352,855 | R--- | M] (Swearware) -- C:\Users\phower64766\Desktop\ComboFix.exe [2011/12/26 13:51:48 | 000,007,598 | ---- | M] () -- C:\Users\phower64766\AppData\Local\Resmon.ResmonCfg [2011/12/26 13:48:55 | 000,000,905 | ---- | M] () -- C:\Users\phower64766\Desktop\NTREGOPT.lnk [2011/12/26 13:48:55 | 000,000,886 | ---- | M] () -- C:\Users\phower64766\Desktop\ERUNT.lnk [2011/12/26 13:47:51 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\phower64766\Desktop\erunt-setup.exe [2011/12/26 12:01:54 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\phower64766\Desktop\OTL.exe [2011/12/26 07:53:54 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\phower64766\Desktop\dds.scr [2011/12/24 10:31:45 | 000,000,115 | ---- | M] () -- C:\Users\phower64766\Desktop\fixme.reg [2011/12/24 10:18:31 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\phower64766\Desktop\GooredFix.exe [2011/12/23 14:52:26 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\phower64766\Desktop\TDSSKiller.exe [2011/12/21 14:22:22 | 000,073,566 | RHS- | M] () -- C:\Users\phower64766\ntuser.pol [2011/12/21 10:56:47 | 000,001,273 | ---- | M] () -- C:\Users\phower64766\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2011/12/20 11:02:13 | 000,000,130 | ---- | M] () -- C:\Users\phower64766\Documents\amgi.dsn [2011/12/20 10:50:21 | 000,344,064 | ---- | M] () -- C:\Users\phower64766\Documents\Database22.accdb [2011/12/20 10:49:09 | 267,542,528 | ---- | M] () -- C:\Users\phower64766\Desktop\Critical Parts Rev2_Backup.accdb [2011/12/20 10:49:09 | 267,542,528 | ---- | M] () -- C:\Users\phower64766\Desktop\Critical Parts Rev2.accdb [2011/12/16 12:08:37 | 000,001,822 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2011/12/15 21:23:53 | 000,075,354 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2011/12/15 16:01:42 | 267,001,856 | ---- | M] () -- C:\Users\phower64766\Desktop\Critical Parts.accdb [2011/12/15 10:43:11 | 000,000,406 | ---- | M] () -- C:\Windows\ODBC.INI [2011/12/14 12:42:17 | 029,884,416 | ---- | M] () -- C:\Users\phower64766\Desktop\VF BOM MANAGEMENT TOOL for NM.accdb [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011/12/08 13:41:57 | 000,002,024 | ---- | M] () -- C:\Users\phower64766\Documents\Default.rdp [2011/12/08 07:30:42 | 000,471,040 | ---- | M] () -- C:\Users\phower64766\Documents\Database25.accdb [2011/12/04 12:14:17 | 000,425,984 | ---- | M] () -- C:\Users\phower64766\Documents\SO Demand - Usage.accdb ========== Files Created - No Company Name ========== [2011/12/28 05:37:39 | 000,001,078 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2011/12/27 05:31:17 | 000,012,797 | ---- | C] () -- C:\Users\phower64766\Desktop\hijackthis1 [2011/12/27 05:29:06 | 000,001,119 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2011/12/27 05:29:06 | 000,001,107 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011/12/26 15:54:55 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2011/12/26 15:54:53 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2011/12/26 15:54:53 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2011/12/26 15:54:53 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2011/12/26 15:54:53 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2011/12/26 13:48:55 | 000,000,905 | ---- | C] () -- C:\Users\phower64766\Desktop\NTREGOPT.lnk [2011/12/26 13:48:55 | 000,000,886 | ---- | C] () -- C:\Users\phower64766\Desktop\ERUNT.lnk [2011/12/24 10:31:32 | 000,000,115 | ---- | C] () -- C:\Users\phower64766\Desktop\fixme.reg [2011/12/20 11:02:13 | 000,000,130 | ---- | C] () -- C:\Users\phower64766\Documents\amgi.dsn [2011/12/20 10:49:25 | 000,344,064 | ---- | C] () -- C:\Users\phower64766\Documents\Database22.accdb [2011/12/20 10:49:14 | 267,542,528 | ---- | C] () -- C:\Users\phower64766\Desktop\Critical Parts Rev2_Backup.accdb [2011/12/19 10:05:42 | 267,542,528 | ---- | C] () -- C:\Users\phower64766\Desktop\Critical Parts Rev2.accdb [2011/12/16 12:08:37 | 000,001,822 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2011/12/04 07:24:19 | 000,425,984 | ---- | C] () -- C:\Users\phower64766\Documents\SO Demand - Usage.accdb [2011/10/10 06:42:20 | 000,001,473 | ---- | C] () -- C:\Windows\System32\shortcut_ex.dat [2011/10/06 12:14:27 | 000,004,096 | -H-- | C] () -- C:\Users\phower64766\AppData\Local\keyfile3.drm [2011/08/29 06:45:15 | 000,000,218 | ---- | C] () -- C:\Windows\oraodbc.ini [2011/08/25 07:41:18 | 000,000,183 | ---- | C] () -- C:\Windows\hpbafd.ini [2011/08/12 08:16:45 | 000,004,764 | ---- | C] () -- C:\Windows\System32\CcmFramework.ini [2011/06/16 21:04:24 | 000,000,280 | ---- | C] () -- C:\Windows\System32\PGPsdk.dll.sig [2011/05/30 09:36:16 | 000,000,016 | ---- | C] () -- C:\Windows\System32\jgldog11.dll [2011/05/28 08:53:37 | 000,007,598 | ---- | C] () -- C:\Users\phower64766\AppData\Local\Resmon.ResmonCfg [2011/05/18 14:53:15 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat [2011/05/18 12:12:06 | 000,013,808 | ---- | C] () -- C:\Windows\System32\ad_driver.sys [2011/05/17 09:30:19 | 000,000,406 | ---- | C] () -- C:\Windows\ODBC.INI [2011/05/17 09:30:18 | 000,054,343 | ---- | C] () -- C:\Windows\bqmeta0.ini [2011/05/17 09:30:16 | 000,027,955 | ---- | C] () -- C:\Windows\bqformat.ini [2011/05/17 09:07:40 | 000,049,152 | ---- | C] () -- C:\Windows\adminset.exe [2011/05/17 08:50:45 | 000,075,354 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2011/05/17 08:43:40 | 000,816,792 | ---- | C] () -- C:\Windows\System32\drivers\pmxdrv.sys [2011/05/17 08:24:11 | 000,870,560 | ---- | C] () -- C:\Windows\System32\igkrng575.bin [2011/05/17 08:24:11 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll [2011/05/17 08:24:11 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll [2011/05/17 08:24:11 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config [2010/11/14 22:18:00 | 000,418,680 | ---- | C] () -- C:\Windows\System32\perfh012.dat [2010/11/14 22:18:00 | 000,157,694 | ---- | C] () -- C:\Windows\System32\perfi012.dat [2010/11/14 22:18:00 | 000,110,838 | ---- | C] () -- C:\Windows\System32\perfc012.dat [2010/11/14 22:18:00 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd012.dat [2010/11/14 22:09:08 | 000,141,988 | ---- | C] () -- C:\Windows\System32\perfi011.dat [2010/11/14 22:09:07 | 000,407,372 | ---- | C] () -- C:\Windows\System32\perfh011.dat [2010/11/14 22:09:07 | 000,112,550 | ---- | C] () -- C:\Windows\System32\perfc011.dat [2010/11/14 22:09:07 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd011.dat [2010/11/14 22:00:06 | 000,335,478 | ---- | C] () -- C:\Windows\System32\perfi010.dat [2010/11/14 22:00:05 | 000,713,720 | ---- | C] () -- C:\Windows\System32\perfh010.dat [2010/11/14 22:00:05 | 000,134,328 | ---- | C] () -- C:\Windows\System32\perfc010.dat [2010/11/14 22:00:05 | 000,037,534 | ---- | C] () -- C:\Windows\System32\perfd010.dat [2010/11/14 21:53:10 | 000,375,280 | ---- | C] () -- C:\Windows\System32\perfh00D.dat [2010/11/14 21:53:10 | 000,229,316 | ---- | C] () -- C:\Windows\System32\perfi00D.dat [2010/11/14 21:53:10 | 000,075,256 | ---- | C] () -- C:\Windows\System32\perfc00D.dat [2010/11/14 21:53:10 | 000,032,166 | ---- | C] () -- C:\Windows\System32\perfd00D.dat [2010/11/14 21:46:41 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2010/11/14 21:46:40 | 000,668,692 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2010/11/14 21:46:40 | 000,136,440 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2010/11/14 21:46:40 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2010/11/14 21:39:50 | 000,718,670 | ---- | C] () -- C:\Windows\System32\perfh00C.dat [2010/11/14 21:39:50 | 000,344,522 | ---- | C] () -- C:\Windows\System32\perfi00C.dat [2010/11/14 21:39:50 | 000,137,138 | ---- | C] () -- C:\Windows\System32\perfc00C.dat [2010/11/14 21:39:50 | 000,038,160 | ---- | C] () -- C:\Windows\System32\perfd00C.dat [2010/11/14 21:33:08 | 000,117,840 | ---- | C] () -- C:\Windows\System32\prfi0404.dat [2010/11/14 21:33:07 | 000,395,790 | ---- | C] () -- C:\Windows\System32\prfh0404.dat [2010/11/14 21:33:07 | 000,105,496 | ---- | C] () -- C:\Windows\System32\prfc0404.dat [2010/11/14 21:33:07 | 000,031,548 | ---- | C] () -- C:\Windows\System32\prfd0404.dat [2010/11/14 21:26:46 | 000,111,310 | ---- | C] () -- C:\Windows\System32\prfi0804.dat [2010/11/14 21:26:45 | 000,379,488 | ---- | C] () -- C:\Windows\System32\prfh0804.dat [2010/11/14 21:26:45 | 000,110,410 | ---- | C] () -- C:\Windows\System32\prfc0804.dat [2010/11/14 21:26:45 | 000,031,548 | ---- | C] () -- C:\Windows\System32\prfd0804.dat [2010/11/14 19:11:18 | 000,006,251 | ---- | C] () -- C:\Windows\saplogon.ini [2010/11/14 19:08:42 | 001,064,960 | ---- | C] () -- C:\Windows\System32\h5krnl32.dll [2010/11/14 19:08:42 | 000,188,928 | ---- | C] () -- C:\Windows\System32\h5icon32.dll [2010/11/14 19:08:42 | 000,175,616 | ---- | C] () -- C:\Windows\System32\h5menu32.dll [2010/11/14 19:08:42 | 000,095,744 | ---- | C] () -- C:\Windows\System32\h5rtf32.dll [2010/11/14 19:08:42 | 000,051,200 | ---- | C] () -- C:\Windows\System32\h5tool32.dll [2010/11/14 19:07:16 | 000,000,078 | ---- | C] () -- C:\Windows\init.ini [2010/11/14 18:34:19 | 000,000,470 | ---- | C] () -- C:\Windows\SMSCFG.INI [2010/07/29 01:31:12 | 000,127,868 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin [2010/07/29 01:31:10 | 000,104,796 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin [2009/07/13 21:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009/07/13 21:33:53 | 000,411,984 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009/07/13 19:05:48 | 000,639,608 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009/07/13 19:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009/07/13 19:05:48 | 000,112,736 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009/07/13 19:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009/07/13 19:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009/07/13 19:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009/07/13 17:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2009/07/13 16:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009/07/13 16:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009/07/13 16:11:47 | 000,445,008 | ---- | C] () -- C:\Windows\System32\drivers\Wdf01000.sys [2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2003/07/03 15:43:04 | 000,000,290 | ---- | C] () -- C:\Windows\brioqry6.ini ========== LOP Check ========== [2011/12/21 17:01:03 | 000,000,000 | ---D | M] -- C:\Users\phower64766\AppData\Roaming\Aktiaca [2011/07/28 12:29:04 | 000,000,000 | ---D | M] -- C:\Users\phower64766\AppData\Roaming\BestOn [2011/05/29 11:17:41 | 000,000,000 | ---D | M] -- C:\Users\phower64766\AppData\Roaming\Cisco [2011/05/17 09:41:57 | 000,000,000 | ---D | M] -- C:\Users\phower64766\AppData\Roaming\ICAClient [2011/12/21 14:28:38 | 000,000,000 | ---D | M] -- C:\Users\phower64766\AppData\Roaming\Icox [2011/07/04 06:58:53 | 000,000,000 | ---D | M] -- C:\Users\phower64766\AppData\Roaming\Juniper Networks [2011/12/07 15:30:01 | 000,000,000 | ---D | M] -- C:\Users\phower64766\AppData\Roaming\Odorapc [2011/12/07 16:00:43 | 000,000,000 | ---D | M] -- C:\Users\phower64766\AppData\Roaming\Oskayd [2011/11/08 01:33:15 | 000,000,000 | ---D | M] -- C:\Users\phower64766\AppData\Roaming\PGP Corporation [2011/12/26 10:34:13 | 000,000,000 | ---D | M] -- C:\Users\phower64766\AppData\Roaming\SAP [2011/12/13 18:33:01 | 000,000,000 | ---D | M] -- C:\Users\phower64766\AppData\Roaming\smkits [2011/12/27 11:00:22 | 000,000,000 | ---D | M] -- C:\Users\phower64766\AppData\Roaming\SoftGrid Client [2011/08/13 09:05:57 | 000,000,000 | ---D | M] -- C:\Users\phower64766\AppData\Roaming\TFPU [2011/12/16 11:26:22 | 000,000,000 | ---D | M] -- C:\Users\phower64766\AppData\Roaming\webex [2011/05/20 07:57:31 | 000,000,000 | ---D | M] -- C:\Users\phower64766\AppData\Roaming\WinBatch [2011/06/02 11:57:54 | 000,000,000 | ---D | M] -- C:\Users\phower64766\AppData\Roaming\Xerox [2011/11/08 05:42:29 | 000,000,382 | ---- | M] () -- C:\Windows\Tasks\DLOClientu.exe - .job [2011/11/19 00:38:01 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Files - Unicode (All) ========== [2011/05/18 13:42:00 | 001,359,590 | ---- | C] ()(C:\Users\phower64766\Desktop\???.JPG) -- C:\Users\phower64766\Desktop\潘好乐.JPG [2011/01/02 12:36:58 | 001,359,590 | ---- | M] ()(C:\Users\phower64766\Desktop\???.JPG) -- C:\Users\phower64766\Desktop\潘好乐.JPG < End of report >
  9. Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Database version: 911122705 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 12/27/2011 9:10:57 PM mbam-log-2011-12-27 (21-10-57).txt Scan type: Full scan (C:\|U:\|) Objects scanned: 470346 Time elapsed: 1 hour(s), 4 minute(s), 30 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  10. My company is on holiday shutdown so GIS support is limited.
  11. Maurice, Just stumbled upon something. When I am on my wireless network - I cannot access google or bing. But, when I log onto my work intranet via a network connection (internal website that is RSA encrypted) - I can access both google and bing.
  12. De and reinstalled Firefox...no change. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 5:31:17 AM, on 12/27/2011 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16869) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Microsoft Office Communicator\communicator.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\McAfee\Common Framework\UdaterUI.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files\Toshiba\TECO\Teco.exe C:\Program Files\Toshiba\TFPU\TFPUPWDBank.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Toshiba\TFPU\TFPUTaskMonitor.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files\eRoom 7\ERClient7.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Symantec\NetBackup DLO\DLO\DLOClientu.exe C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE C:\Program Files\McAfee\Common Framework\McTray.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosSkypeApl.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Users\phower64766\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://InsideApplied R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ÿþ127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: BHOHOOK - {030AC7B6-E7EC-40F1-8FB2-C0FD344DE0B9} - C:\Program Files\TOSHIBA\TFPU\TFPUPWDBankBHO.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - (no file) O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL O2 - BHO: Microsoft.Medv.UrlRedirectionBHO - {C26B6E5C-9D27-43C7-AAB4-F8A64C09F4DC} - C:\Program Files\Microsoft Enterprise Desktop Virtualization\BHO\x86\UrlRedirectionBHO.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\communicator.exe" /fromrunkey O4 - HKLM\..\Run: [softGridTray] "C:\Program Files\Microsoft Application Virtualization Client\SFTTray.exe" /autostart O4 - HKLM\..\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [iMSS] "C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" O4 - HKLM\..\Run: [Cisco IP Communicator 7.0.4] C:\Windows\Is\Logs\Cisco.IPCommunicator\7.0.4\LaunchNotice.vbs O4 - HKLM\..\Run: [CfgDownload] C:\Program Files\IXOS\bin\CfgDownload.exe O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jaureg.exe" -u auto-update O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe O4 - HKLM\..\Run: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r O4 - HKLM\..\Run: [TSleepSrv] %ProgramFiles%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe O4 - HKLM\..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe O4 - HKLM\..\Run: [TFPUPWDBankService] C:\Program Files\TOSHIBA\TFPU\TFPUPWDBank.exe /start O4 - HKLM\..\Run: [TFPUService] C:\Program Files\TOSHIBA\TFPU\TFPUTaskMonitor.exe /start O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [iTSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE" O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - Startup: Monitor My eRooms (V7).lnk = C:\Program Files\eRoom 7\ERClient7.exe O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE O4 - Global Startup: Bluetooth Manager.lnk = ? O4 - Global Startup: Monitor My eRooms (V7).lnk = C:\Program Files\eRoom 7\ERClient7.exe O4 - Global Startup: Symantec NetBackup Desktop Agent.lnk = C:\Program Files\Symantec\NetBackup DLO\DLO\DLOClientu.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O16 - DPF: {6E2510E6-BF2D-4C78-9F28-2F5C8760F124} (ERPageAddin Class) - https://eroom.intel.com/eRoomSetup/client.cab O16 - DPF: {75AA409D-05F9-4F27-BD53-C7339D4B1D0A} (IBM Lotus iNotes 8.5 Control) - http://emamat09.mis.amat.com/dwa85W.cab O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupControlXP Class) - https://juniper.net/dana-cached/setup/JuniperSetupSP1.cab O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://us.econnect.amat.com/dana-cached/sc/JuniperSetupClient.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = amat.com O17 - HKLM\Software\..\Telephony: DomainName = amat.com O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = amat.com O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = amat.com,mis.amat.com O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = amat.com O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = amat.com,mis.amat.com O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = amat.com,mis.amat.com O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O20 - AppInit_DLLs: C:\Windows\System32\PGPmapih.dll O23 - Service: ADService - AccessData Corporation - C:\Program Files\AccessData\Agent\ADService.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - C:\Program Files\Fingerprint Sensor\AtService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec NetBackup Desktop Agent Change Journal Reader (DLOChangeJournalSvc) - Symantec Corporation - C:\Program Files\Symantec\NetBackup DLO\DLO\DLOChangeLogSvcu.exe O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Juniper Unified Network Service (JuniperAccessService) - Juniper Networks - C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe O23 - Service: Lotus Notes Diagnostics - IBM - C:\Program Files\IBM\Lotus\Notes\nsd.exe O23 - Service: Lotus Notes Single Logon - IBM Corp - C:\Program Files\IBM\Lotus\Notes\nslsvice.exe O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Windows\system32\mfevtps.exe O23 - Service: OracleOraHome81ClientCache - Unknown owner - C:\orant\BIN\ONRSD.EXE O23 - Service: PGP RDD Service - PGP Corporation - C:\Program Files\PGP Corporation\PGP Desktop\RDDService.exe O23 - Service: PGPserv - PGP Corporation - C:\Windows\system32\PGPserv.exe O23 - Service: Splashtop® Remote Service (SplashtopRemoteService) - Splashtop Inc. - C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe O23 - Service: Splashtop Software Updater Service (SSUService) - Splashtop Inc. - C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe O23 - Service: Wireless AutoSwitch (Wireless_AutoSwitch) - Unknown owner - C:\Program.exe (file missing) -- End of file - 12795 bytes
  13. Hi Maurice, Glutten for punishment.... Here you go. I'm here for as long as you are. Obviously no issues with you hangin' it up for the evening. Thanks Pat ========== OTL ========== Registry delete failed. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ scheduled to be deleted on reboot. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found. OTL by OldTimer - Version 3.2.31.0 log created on 12262011_195857 Files\Folders moved on Reboot... Registry entries deleted on Reboot... Registry delete failed. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ scheduled to be deleted on reboot. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
  14. Maurice, Totally understand. Thanks again...I'll be here tomorrow - whenever you can. So, followed directions below. Nothing needed to be changed. Firefox still cannot find google.com
  15. OTL logfile created on: 12/26/2011 6:54:24 PM - Run 3 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\phower64766\Desktop Enterprise Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.86 Gb Total Physical Memory | 1.58 Gb Available Physical Memory | 55.13% Memory free 5.72 Gb Paging File | 4.31 Gb Available in Paging File | 75.46% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 119.24 Gb Total Space | 20.69 Gb Free Space | 17.35% Space Free | Partition Type: NTFS Computer Name: 1B092539H | User Name: PHower64766 | NOT logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011/12/26 12:01:54 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\phower64766\Desktop\OTL.exe PRC - [2011/11/09 23:04:50 | 000,370,504 | ---- | M] (Splashtop Inc.) -- C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe PRC - [2011/10/24 17:02:04 | 000,520,040 | ---- | M] (Splashtop Inc.) -- C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe PRC - [2011/10/24 17:02:00 | 002,468,200 | ---- | M] (Splashtop Inc.) -- C:\Program Files\Splashtop\Splashtop Remote\Server\SRServer.exe PRC - [2011/10/24 17:00:40 | 001,922,920 | ---- | M] () -- C:\Program Files\Splashtop\Splashtop Remote\Server\DataProxy.exe PRC - [2011/07/15 21:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2011/06/16 21:04:24 | 000,166,520 | ---- | M] (PGP Corporation) -- C:\Program Files\PGP Corporation\PGP Desktop\RDDService.exe PRC - [2011/06/16 21:04:24 | 000,135,288 | ---- | M] (PGP Corporation) -- C:\Windows\System32\PGPserv.exe PRC - [2011/04/10 14:25:00 | 000,146,535 | ---- | M] (Sase Sham, Inc.) -- C:\Program Files\Wireless AutoSwitch\WrlsAutoSW.exs PRC - [2011/03/02 10:07:04 | 002,745,760 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe PRC - [2011/02/11 11:39:56 | 012,854,680 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\NetBackup DLO\DLO\DLOClientu.exe PRC - [2011/02/11 11:39:48 | 000,968,088 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\NetBackup DLO\DLO\DLOChangeLogSvcu.exe PRC - [2011/01/28 11:08:16 | 001,349,032 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TECO\Teco.exe PRC - [2011/01/14 17:19:42 | 002,885,056 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe PRC - [2011/01/12 15:05:00 | 000,185,664 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe PRC - [2011/01/12 15:05:00 | 000,161,088 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe PRC - [2011/01/12 15:05:00 | 000,120,128 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe PRC - [2011/01/12 15:05:00 | 000,075,072 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\McTray.exe PRC - [2010/12/08 14:51:14 | 000,189,880 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TECO\TecoService.exe PRC - [2010/11/14 19:04:58 | 000,231,888 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10h_ActiveX.exe PRC - [2010/11/05 22:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010/11/05 22:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe PRC - [2010/11/04 10:03:40 | 000,783,224 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TFPU\TFPUTaskMonitor.exe PRC - [2010/11/02 09:38:00 | 000,341,392 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe PRC - [2010/09/16 07:13:50 | 002,538,520 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe PRC - [2010/09/16 07:13:46 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe PRC - [2010/09/16 07:13:40 | 001,522,200 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe PRC - [2010/09/06 15:18:00 | 000,746,384 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe PRC - [2010/08/25 19:07:00 | 000,147,984 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe PRC - [2010/08/25 19:07:00 | 000,069,192 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe PRC - [2010/08/25 19:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe PRC - [2010/08/25 19:07:00 | 000,027,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe PRC - [2010/08/25 19:07:00 | 000,022,816 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe PRC - [2010/08/23 15:12:00 | 000,677,264 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe PRC - [2010/08/23 15:12:00 | 000,087,440 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe PRC - [2010/08/11 09:26:32 | 000,031,624 | ---- | M] (IBM Corp) -- C:\Program Files\IBM\Lotus\Notes\nslsvice.exe PRC - [2010/08/11 09:26:10 | 003,417,480 | ---- | M] (IBM) -- C:\Program Files\IBM\Lotus\Notes\nsd.exe PRC - [2010/07/27 16:52:26 | 000,623,984 | ---- | M] (Juniper Networks) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe PRC - [2010/06/30 19:21:22 | 005,143,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office Communicator\communicator.exe PRC - [2010/06/17 17:11:56 | 002,043,712 | ---- | M] (AuthenTec, Inc.) -- C:\Program Files\Fingerprint Sensor\AtService.exe PRC - [2010/06/02 16:26:20 | 000,132,464 | ---- | M] (Juniper Networks) -- C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe PRC - [2010/05/11 16:22:04 | 007,824,896 | ---- | M] (AccessData Corporation) -- C:\Program Files\AccessData\Agent\ADService.exe PRC - [2010/04/12 09:46:00 | 000,152,944 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe PRC - [2010/03/29 19:26:00 | 000,227,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE PRC - [2010/03/16 01:58:36 | 000,718,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE PRC - [2010/03/02 09:24:26 | 000,888,752 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TFPU\TFPUPWDBank.exe PRC - [2010/02/25 17:25:00 | 000,288,224 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosSkypeApl.exe PRC - [2009/10/30 22:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009/10/28 07:49:46 | 000,209,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2009/10/28 07:49:40 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe PRC - [2009/09/18 02:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CCM\CcmExec.exe PRC - [2009/07/13 18:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009/04/03 17:17:00 | 000,447,816 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe PRC - [2007/01/21 21:33:24 | 000,153,352 | ---- | M] (EMC) -- C:\Program Files\eRoom 7\ERClient7.exe ========== Modules (No Company Name) ========== MOD - [2011/11/04 20:15:24 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\655ed19f57b30488bf4c407ae1bc8fc6\IAStorUtil.ni.dll MOD - [2011/11/04 20:15:24 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\9cdcbab4b98eff0399edc83e8728c516\IAStorCommon.ni.dll MOD - [2011/11/04 15:43:38 | 003,313,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d9f057ed30e6941d47a8754bf0bcadea\WindowsBase.ni.dll MOD - [2011/11/04 15:43:33 | 012,431,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d76221993c2fdfb991b8c12ae50a30eb\System.Windows.Forms.ni.dll MOD - [2011/11/04 15:43:23 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\018d2569cf208acbe8ad73908705f607\System.Runtime.Remoting.ni.dll MOD - [2011/11/04 15:43:11 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\0e245eb9c1067cabd5673fe832d28613\System.Drawing.ni.dll MOD - [2011/11/04 15:43:08 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\275680f2b9db0501d53c50ea7d7a43f0\System.Xml.ni.dll MOD - [2011/11/04 15:43:05 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e9ebeb7959f1c916ebf6fca8f7077d6c\System.Configuration.ni.dll MOD - [2011/11/04 15:42:53 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\95b9866ab6e4437ef5dc5855ebab4e33\System.ni.dll MOD - [2011/11/04 15:42:44 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011/01/08 10:49:22 | 000,295,800 | ---- | M] () -- C:\Program Files\Toshiba\TFPU\TFPUCommon.dll MOD - [2010/12/15 14:18:08 | 000,107,936 | ---- | M] () -- C:\Program Files\Toshiba\TECO\MUIHelp.dll MOD - [2010/03/24 20:17:36 | 008,794,464 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll MOD - [2010/01/30 01:41:12 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF MOD - [2008/05/19 09:32:20 | 001,212,416 | ---- | M] () -- C:\Program Files\BestOn\EZVirtual Cam\EZVirtualCamDLL.dll MOD - [2007/10/08 08:33:34 | 000,053,248 | ---- | M] () -- C:\Program Files\BestOn\EZVirtual Cam\EZVirtualCam.ax MOD - [2007/09/21 16:19:16 | 000,176,128 | ---- | M] () -- C:\Program Files\BestOn\EZVirtual Cam\FinalTrial.dll MOD - [2007/09/21 15:55:40 | 000,327,680 | ---- | M] () -- C:\Program Files\BestOn\EZVirtual Cam\EZVerify.dll MOD - [2007/09/21 10:47:54 | 000,196,608 | ---- | M] () -- C:\Program Files\BestOn\EZVirtual Cam\Detector.dll MOD - [2007/05/18 20:22:06 | 000,698,432 | ---- | M] () -- C:\Program Files\BestOn\EZVirtual Cam\libmng.dll MOD - [2007/04/18 18:30:46 | 000,471,040 | ---- | M] () -- C:\Program Files\McAfee\Common Framework\ccme_base.dll MOD - [2007/04/18 18:30:46 | 000,393,216 | ---- | M] () -- C:\Program Files\McAfee\Common Framework\cryptocme2.dll MOD - [2007/01/21 21:33:28 | 000,087,816 | ---- | M] () -- C:\Program Files\eRoom 7\Res\ResAddin7409.dll ========== Win32 Services (SafeList) ========== SRV - [2011/11/09 23:04:50 | 000,370,504 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe -- (SSUService) SRV - [2011/10/24 17:02:04 | 000,520,040 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe -- (SplashtopRemoteService) SRV - [2011/06/16 21:04:24 | 000,166,520 | ---- | M] (PGP Corporation) [Auto | Running] -- C:\Program Files\PGP Corporation\PGP Desktop\RDDService.exe -- (PGP RDD Service) SRV - [2011/06/16 21:04:24 | 000,135,288 | ---- | M] (PGP Corporation) [Auto | Running] -- C:\Windows\System32\PGPserv.exe -- (PGPserv) SRV - [2011/06/11 20:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2011/04/10 14:25:00 | 000,146,535 | ---- | M] (Sase Sham, Inc.) [Auto | Running] -- C:\Program Files\Wireless AutoSwitch\WrlsAutoSW.exs -- (Wireless_AutoSwitch) SRV - [2011/02/11 11:39:48 | 000,968,088 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\NetBackup DLO\DLO\DLOChangeLogSvcu.exe -- (DLOChangeJournalSvc) SRV - [2011/01/12 15:05:00 | 000,120,128 | ---- | M] (McAfee, Inc.) [unknown | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework) SRV - [2010/12/08 14:51:14 | 000,189,880 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service) SRV - [2010/11/05 22:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel® SRV - [2010/09/16 07:13:50 | 002,538,520 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel® SRV - [2010/09/16 07:13:46 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel® SRV - [2010/08/25 19:07:00 | 000,147,984 | ---- | M] (McAfee, Inc.) [unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield) SRV - [2010/08/25 19:07:00 | 000,069,192 | ---- | M] (McAfee, Inc.) [unknown | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp) SRV - [2010/08/25 19:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) [unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager) SRV - [2010/08/25 19:07:00 | 000,022,816 | ---- | M] (McAfee, Inc.) [unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe -- (McAfeeEngineService) SRV - [2010/08/11 09:27:12 | 000,058,760 | ---- | M] (IBM Corp) [Disabled | Stopped] -- C:\Program Files\IBM\Lotus\Notes\ntmulti.exe -- (Multi-user Cleanup Service) SRV - [2010/08/11 09:26:32 | 000,031,624 | ---- | M] (IBM Corp) [Auto | Running] -- C:\Program Files\IBM\Lotus\Notes\nslsvice.exe -- (Lotus Notes Single Logon) SRV - [2010/08/11 09:26:10 | 003,417,480 | ---- | M] (IBM) [Auto | Running] -- C:\Program Files\IBM\Lotus\Notes\nsd.exe -- (Lotus Notes Diagnostics) SRV - [2010/07/27 16:52:26 | 000,623,984 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService) SRV - [2010/06/17 17:11:56 | 002,043,712 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Program Files\Fingerprint Sensor\AtService.exe -- (ATService) SRV - [2010/06/02 16:26:20 | 000,132,464 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe -- (JuniperAccessService) SRV - [2010/05/11 16:22:04 | 007,824,896 | ---- | M] (AccessData Corporation) [Auto | Running] -- C:\Program Files\AccessData\Agent\ADService.exe -- (ADService) SRV - [2010/04/12 09:46:00 | 000,152,944 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service) SRV - [2009/10/28 07:49:46 | 000,209,256 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2009/10/28 07:49:40 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2009/09/18 02:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\CCM\CcmExec.exe -- (CcmExec) SRV - [2009/09/18 02:00:00 | 000,246,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\CCM\TSManager.exe -- (smstsmgr) SRV - [2009/07/13 18:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009/07/13 18:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/07/13 18:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009/07/13 18:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2000/10/19 11:55:50 | 000,411,244 | ---- | M] () [On_Demand | Stopped] -- C:\orant\bin\ONRSD.EXE -- (OracleOraHome81ClientCache) ========== Driver Services (SafeList) ========== DRV - [2011/12/26 17:37:54 | 000,013,808 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\ad_driver.sys -- (ad_driver) DRV - [2011/06/16 21:04:24 | 000,303,224 | ---- | M] (PGP Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\PGPwded.sys -- (PGPwded) DRV - [2011/06/16 21:04:24 | 000,243,832 | ---- | M] (PGP Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PGPdisk.sys -- (PGPdisk) DRV - [2011/06/16 21:04:24 | 000,040,568 | ---- | M] (PGP Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PGPsdk.sys -- (PGPsdkDriver) DRV - [2011/06/16 21:04:22 | 000,136,824 | ---- | M] (PGP Corporation) [File_System | Boot | Running] -- C:\Windows\System32\Drivers\PGPfsfd.sys -- (pgpfs) DRV - [2011/06/16 21:04:22 | 000,013,944 | ---- | M] (PGP Corporation) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Pgpwdefs.sys -- (Pgpwdefs) DRV - [2011/05/17 08:44:27 | 000,816,792 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pmxdrv.sys -- (pmxdrv) DRV - [2011/02/23 10:03:04 | 000,235,824 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd) DRV - [2011/01/27 14:26:16 | 000,056,888 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb) DRV - [2010/11/29 10:47:00 | 000,070,448 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom) DRV - [2010/11/11 09:26:00 | 000,042,672 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp) DRV - [2010/10/18 03:20:48 | 007,122,944 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETwNs32.sys -- (NETwNs32) ___ Intel® DRV - [2010/08/30 09:48:00 | 000,080,064 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid) DRV - [2010/08/25 19:07:00 | 000,344,712 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mfehidk.sys -- (mfehidk) DRV - [2010/08/25 19:07:00 | 000,091,896 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk) DRV - [2010/08/25 19:07:00 | 000,076,024 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk) DRV - [2010/08/25 19:07:00 | 000,066,536 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet) DRV - [2010/08/25 19:07:00 | 000,064,208 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfetdik.sys -- (mfetdik) DRV - [2010/08/25 19:07:00 | 000,043,192 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk) DRV - [2010/07/27 16:26:06 | 000,026,624 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dsNcAdpt.sys -- (dsNcAdpt) DRV - [2010/06/21 14:14:36 | 000,246,272 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) Intel® DRV - [2010/06/18 15:44:00 | 000,015,160 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec) DRV - [2010/06/17 17:30:04 | 000,677,320 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATSwpWDF.sys -- (ATSwpWDF) DRV - [2010/04/26 10:48:00 | 000,053,760 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\TosRfSnd.sys -- (TosRfSnd) DRV - [2010/04/21 09:36:58 | 006,764,544 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32) Intel® DRV - [2010/04/13 23:01:48 | 000,045,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt) DRV - [2010/04/12 07:26:26 | 000,024,000 | ---- | M] (Cisco Systems) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CipcCdp.sys -- (CipcCdp) DRV - [2010/03/12 17:22:18 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2pl) DRV - [2010/02/26 16:31:22 | 000,132,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd) DRV - [2010/02/24 11:09:38 | 000,141,568 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nusb3xhc.sys -- (nusb3xhc) DRV - [2010/02/24 11:09:38 | 000,060,544 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nusb3hub.sys -- (nusb3hub) DRV - [2009/12/31 02:22:09 | 000,295,936 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm) DRV - [2009/11/27 20:48:00 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\risdpe86.sys -- (risdpcie) DRV - [2009/10/28 07:49:46 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol) DRV - [2009/10/28 07:49:44 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir) DRV - [2009/10/28 07:49:42 | 000,195,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay) DRV - [2009/10/28 07:49:38 | 000,550,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs) DRV - [2009/09/23 18:09:56 | 000,208,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1k6232.sys -- (e1kexpress) Intel® DRV - [2009/09/22 18:19:31 | 000,055,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr) DRV - [2009/09/22 18:18:08 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb) DRV - [2009/09/22 18:18:07 | 000,165,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus) DRV - [2009/09/18 02:00:00 | 000,020,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\CCM\PrepDrv.sys -- (prepdrvr) DRV - [2009/09/17 09:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel® DRV - [2009/07/24 10:31:00 | 000,021,608 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds) DRV - [2009/07/14 13:23:16 | 000,023,512 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ.SYS -- (TVALZ) DRV - [2009/07/13 18:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc) DRV - [2009/07/13 16:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009/07/13 16:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2009/07/13 16:28:49 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netvsc60.sys -- (netvsc) DRV - [2009/07/13 16:28:48 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusVideoM.sys -- (SynthVid) DRV - [2009/07/13 16:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap) DRV - [2009/07/13 16:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID) DRV - [2009/07/13 16:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM) DRV - [2009/07/13 15:02:49 | 000,052,224 | ---- | M] (Microsoft Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dc21x4vm.sys -- (dc21x4vm) DRV - [2009/06/19 09:58:00 | 000,009,608 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\Toshidpt.sys -- (toshidpt) DRV - [2009/06/17 11:59:00 | 000,046,984 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://InsideApplied IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 23 21 46 92 AA B3 CC 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://insideapplied/" FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C1CA7765-44E4-452e-9D00-A04F3D434281}: C:\Program Files\TOSHIBA\TFPU\FirefoxAddin [2011/08/13 08:58:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/24 10:27:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/24 10:28:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\phower64766\AppData\Roaming\mozilla\Extensions [2011/12/24 10:27:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011/12/21 00:24:52 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011/12/20 21:30:41 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011/12/20 21:30:41 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml O1 HOSTS File: ([2011/12/26 17:36:35 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (TFPUPWDBankBHO Class) - {030AC7B6-E7EC-40F1-8FB2-C0FD344DE0B9} - C:\Program Files\Toshiba\TFPU\TFPUPWDBankBHO.dll (TODO: <Company name>) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found. O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Microsoft.Medv.UrlRedirectionBHO Class) - {C26B6E5C-9D27-43C7-AAB4-F8A64C09F4DC} - C:\Program Files\Microsoft Enterprise Desktop Virtualization\BHO\x86\UrlRedirectionBHO.dll (Microsoft Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [bCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [CfgDownload] C:\Program Files\IXOS\bin\CfgDownload.exe (IXOS SOFTWARE AG) O4 - HKLM..\Run: [Cisco IP Communicator 7.0.4] C:\Windows\IS\Logs\Cisco.IPCommunicator\7.0.4\LaunchNotice.vbs () O4 - HKLM..\Run: [Communicator] C:\Program Files\Microsoft Office Communicator\communicator.exe (Microsoft Corporation) O4 - HKLM..\Run: [iAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [iMSS] C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation) O4 - HKLM..\Run: [iTSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.) O4 - HKLM..\Run: [shStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.) O4 - HKLM..\Run: [softGridTray] C:\Program Files\Microsoft Application Virtualization Client\SFTTray.exe (Microsoft Corporation) O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jaureg.exe () O4 - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [TFPUPWDBankService] C:\Program Files\TOSHIBA\TFPU\TFPUPWDBank.exe (TOSHIBA) O4 - HKLM..\Run: [TFPUService] C:\Program Files\TOSHIBA\TFPU\TFPUTaskMonitor.exe (TOSHIBA) O4 - HKLM..\Run: [TosVolRegulator] C:\Program Files\Toshiba\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [TSleepSrv] C:\Program Files\Toshiba\TOSHIBA Sleep Utility\TSleepSrv.exe (TOSHIBA) O4 - HKCU..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation) O4 - Startup: C:\Users\phower64766\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor My eRooms (V7).lnk = C:\Program Files\eRoom 7\ERClient7.exe (EMC) O4 - Startup: C:\Users\phower64766\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWebServices = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPublishingWizard = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\kerberos\parameters: supportedencryptiontypes = 2147483647 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogOff = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisablePersonalDirChange = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\PGPlsp.dll (PGP Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\PGPlsp.dll (PGP Corporation) O15 - HKCU\..Trusted Domains: adp.com ([]https in Trusted sites) O15 - HKCU\..Trusted Domains: myworkday.com ([]https in Trusted sites) O15 - HKCU\..Trusted Domains: workday.com ([]https in Trusted sites) O16 - DPF: {6E2510E6-BF2D-4C78-9F28-2F5C8760F124} https://eroom.intel.com/eRoomSetup/client.cab (ERPageAddin Class) O16 - DPF: {75AA409D-05F9-4F27-BD53-C7339D4B1D0A} http://emamat09.mis.amat.com/dwa85W.cab (IBM Lotus iNotes 8.5 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.) O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://juniper.net/dana-cached/setup/JuniperSetupSP1.cab (JuniperSetupControlXP Class) O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://us.econnect.amat.com/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.2.25 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = amat.com O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{28D4F158-92F4-4239-9051-7BBBC5FB1E26}: DhcpNameServer = 152.135.114.13 152.135.191.191 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8DFAD3DE-F443-4D84-A1F1-1BFE8CFB6B3A}: DhcpNameServer = 192.168.0.1 205.171.2.25 O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP, Walldorf) O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP, Walldorf) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - AppInit_DLLs: (C:\Windows\System32\PGPmapih.dll) -C:\Windows\System32\PGPmapih.dll (PGP Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: McAfeeEngineService - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe (McAfee, Inc.) SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {0EEB34F6-991D-4a1b-8EEB-772DA0EADB22} - Microsoft Office Communicator 2007 R2 ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1 ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {23A20C3C-2ADD-4A80-AFB4-C146F8847D79} - .NET Framework ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5A604D2C-E968-429B-8327-62B5CE52126D} - .NET Framework ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {78705f0d-e8db-4b2d-8193-982bdda15ecd} - .NET Framework ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {A59B76D1-5E3B-4893-BB7F-AF69B2570A73} - .NET Framework ActiveX: {BFA2E378-31D9-4595-AFA9-CA19E610DC0F} - .NET Framework ActiveX: {C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {FE600E50-2C69-46D5-ACAA-2B617006245C} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011/12/26 18:53:00 | 000,000,000 | ---D | C] -- C:\Users\phower64766\Desktop\backups [2011/12/26 17:36:02 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\phower64766\Desktop\HijackThis.exe [2011/12/26 16:42:21 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2011/12/26 16:42:16 | 000,000,000 | ---D | C] -- C:\Users\phower64766\AppData\Local\temp [2011/12/26 15:54:55 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2011/12/26 15:54:53 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2011/12/26 15:54:53 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2011/12/26 15:54:33 | 000,000,000 | ---D | C] -- C:\ComboFix [2011/12/26 15:45:01 | 000,000,000 | ---D | C] -- C:\Qoobox [2011/12/26 15:42:24 | 004,352,855 | R--- | C] (Swearware) -- C:\Users\phower64766\Desktop\ComboFix.exe [2011/12/26 13:51:57 | 000,000,000 | ---D | C] -- C:\_OTL [2011/12/26 13:50:22 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2011/12/26 13:48:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT [2011/12/26 13:48:53 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT [2011/12/26 13:47:49 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\phower64766\Desktop\erunt-setup.exe [2011/12/26 12:01:53 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\phower64766\Desktop\OTL.exe [2011/12/26 07:53:51 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\phower64766\Desktop\dds.scr [2011/12/24 10:28:08 | 000,000,000 | ---D | C] -- C:\Users\phower64766\AppData\Roaming\Mozilla [2011/12/24 10:28:08 | 000,000,000 | ---D | C] -- C:\Users\phower64766\AppData\Local\Mozilla [2011/12/24 10:27:36 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2011/12/24 10:26:38 | 015,292,208 | ---- | C] (Mozilla) -- C:\Users\phower64766\Desktop\Firefox Setup 9.0.1.exe [2011/12/24 10:21:08 | 000,000,000 | ---D | C] -- C:\Users\phower64766\AppData\Local\Apple Computer [2011/12/24 10:19:18 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\phower64766\Desktop\GooredFix.exe [2011/12/24 10:14:17 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Users\phower64766\Desktop\ATF_Cleaner.exe [2011/12/23 14:52:26 | 001,578,288 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\phower64766\Desktop\TDSSKiller.exe [2011/12/20 13:07:54 | 000,000,000 | ---D | C] -- C:\Users\phower64766\AppData\Roaming\Icox [2011/12/20 13:07:54 | 000,000,000 | ---D | C] -- C:\Users\phower64766\AppData\Roaming\Aktiaca [2011/12/16 12:08:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2011/12/16 12:07:51 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [2011/12/16 12:00:56 | 000,000,000 | ---D | C] -- C:\Config.Msi [2011/12/15 15:19:16 | 000,000,000 | ---D | C] -- C:\orant [2011/12/15 12:29:04 | 000,000,000 | ---D | C] -- C:\Users\phower64766\AppData\Local\ApplicationHistory [2011/12/13 18:33:01 | 000,000,000 | ---D | C] -- C:\Users\phower64766\AppData\Roaming\smkits [2011/12/13 07:07:48 | 000,000,000 | ---D | C] -- C:\Users\phower64766\Documents\Staff [2011/12/09 08:03:13 | 000,000,000 | ---D | C] -- C:\Users\phower64766\AppData\Local\Apps [2011/11/28 15:29:02 | 000,000,000 | ---D | C] -- C:\Users\phower64766\AppData\Roaming\Oskayd [2011/11/28 15:29:02 | 000,000,000 | ---D | C] -- C:\Users\phower64766\AppData\Roaming\Odorapc [2010/07/29 00:50:54 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll ========== Files - Modified Within 30 Days ========== [2011/12/26 17:46:16 | 000,718,670 | ---- | M] () -- C:\Windows\System32\perfh00C.dat [2011/12/26 17:46:16 | 000,713,720 | ---- | M] () -- C:\Windows\System32\perfh010.dat [2011/12/26 17:46:16 | 000,668,692 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011/12/26 17:46:16 | 000,639,608 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011/12/26 17:46:16 | 000,418,680 | ---- | M] () -- C:\Windows\System32\perfh012.dat [2011/12/26 17:46:16 | 000,407,372 | ---- | M] () -- C:\Windows\System32\perfh011.dat [2011/12/26 17:46:16 | 000,395,790 | ---- | M] () -- C:\Windows\System32\prfh0404.dat [2011/12/26 17:46:16 | 000,379,488 | ---- | M] () -- C:\Windows\System32\prfh0804.dat [2011/12/26 17:46:16 | 000,375,280 | ---- | M] () -- C:\Windows\System32\perfh00D.dat [2011/12/26 17:46:16 | 000,137,138 | ---- | M] () -- C:\Windows\System32\perfc00C.dat [2011/12/26 17:46:16 | 000,136,440 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011/12/26 17:46:16 | 000,134,328 | ---- | M] () -- C:\Windows\System32\perfc010.dat [2011/12/26 17:46:16 | 000,112,736 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011/12/26 17:46:16 | 000,112,550 | ---- | M] () -- C:\Windows\System32\perfc011.dat [2011/12/26 17:46:16 | 000,110,838 | ---- | M] () -- C:\Windows\System32\perfc012.dat [2011/12/26 17:46:16 | 000,110,410 | ---- | M] () -- C:\Windows\System32\prfc0804.dat [2011/12/26 17:46:16 | 000,105,496 | ---- | M] () -- C:\Windows\System32\prfc0404.dat [2011/12/26 17:46:16 | 000,075,256 | ---- | M] () -- C:\Windows\System32\perfc00D.dat [2011/12/26 17:45:08 | 000,012,064 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011/12/26 17:45:08 | 000,012,064 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011/12/26 17:39:08 | 000,000,470 | ---- | M] () -- C:\Windows\SMSCFG.INI [2011/12/26 17:37:54 | 000,013,808 | ---- | M] () -- C:\Windows\System32\ad_driver.sys [2011/12/26 17:37:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011/12/26 17:37:46 | 2303,004,672 | -HS- | M] () -- C:\hiberfil.sys [2011/12/26 17:36:35 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts [2011/12/26 17:36:02 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\phower64766\Desktop\HijackThis.exe [2011/12/26 15:42:39 | 004,352,855 | R--- | M] (Swearware) -- C:\Users\phower64766\Desktop\ComboFix.exe [2011/12/26 13:51:48 | 000,007,598 | ---- | M] () -- C:\Users\phower64766\AppData\Local\Resmon.ResmonCfg [2011/12/26 13:48:55 | 000,000,905 | ---- | M] () -- C:\Users\phower64766\Desktop\NTREGOPT.lnk [2011/12/26 13:48:55 | 000,000,886 | ---- | M] () -- C:\Users\phower64766\Desktop\ERUNT.lnk [2011/12/26 13:47:51 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\phower64766\Desktop\erunt-setup.exe [2011/12/26 12:01:54 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\phower64766\Desktop\OTL.exe [2011/12/26 07:53:54 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\phower64766\Desktop\dds.scr [2011/12/24 10:31:45 | 000,000,115 | ---- | M] () -- C:\Users\phower64766\Desktop\fixme.reg [2011/12/24 10:27:41 | 000,001,107 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011/12/24 10:26:38 | 015,292,208 | ---- | M] (Mozilla) -- C:\Users\phower64766\Desktop\Firefox Setup 9.0.1.exe [2011/12/24 10:18:31 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\phower64766\Desktop\GooredFix.exe [2011/12/24 10:14:17 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Users\phower64766\Desktop\ATF_Cleaner.exe [2011/12/23 14:52:26 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\phower64766\Desktop\TDSSKiller.exe [2011/12/21 14:22:22 | 000,073,566 | RHS- | M] () -- C:\Users\phower64766\ntuser.pol [2011/12/21 10:56:47 | 000,001,273 | ---- | M] () -- C:\Users\phower64766\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2011/12/20 11:02:13 | 000,000,130 | ---- | M] () -- C:\Users\phower64766\Documents\amgi.dsn [2011/12/20 10:50:21 | 000,344,064 | ---- | M] () -- C:\Users\phower64766\Documents\Database22.accdb [2011/12/20 10:49:09 | 267,542,528 | ---- | M] () -- C:\Users\phower64766\Desktop\Critical Parts Rev2_Backup.accdb [2011/12/20 10:49:09 | 267,542,528 | ---- | M] () -- C:\Users\phower64766\Desktop\Critical Parts Rev2.accdb [2011/12/16 12:08:37 | 000,001,822 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2011/12/15 21:23:53 | 000,075,354 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2011/12/15 16:01:42 | 267,001,856 | ---- | M] () -- C:\Users\phower64766\Desktop\Critical Parts.accdb [2011/12/15 10:43:11 | 000,000,406 | ---- | M] () -- C:\Windows\ODBC.INI [2011/12/14 12:42:17 | 029,884,416 | ---- | M] () -- C:\Users\phower64766\Desktop\VF BOM MANAGEMENT TOOL for NM.accdb [2011/12/08 13:41:57 | 000,002,024 | ---- | M] () -- C:\Users\phower64766\Documents\Default.rdp [2011/12/08 07:30:42 | 000,471,040 | ---- | M] () -- C:\Users\phower64766\Documents\Database25.accdb [2011/12/04 12:14:17 | 000,425,984 | ---- | M] () -- C:\Users\phower64766\Documents\SO Demand - Usage.accdb ========== Files Created - No Company Name ========== [2011/12/26 15:54:55 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2011/12/26 15:54:53 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2011/12/26 15:54:53 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2011/12/26 15:54:53 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2011/12/26 15:54:53 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2011/12/26 13:48:55 | 000,000,905 | ---- | C] () -- C:\Users\phower64766\Desktop\NTREGOPT.lnk [2011/12/26 13:48:55 | 000,000,886 | ---- | C] () -- C:\Users\phower64766\Desktop\ERUNT.lnk [2011/12/24 10:31:32 | 000,000,115 | ---- | C] () -- C:\Users\phower64766\Desktop\fixme.reg [2011/12/24 10:27:41 | 000,001,119 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2011/12/24 10:27:41 | 000,001,107 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011/12/20 11:02:13 | 000,000,130 | ---- | C] () -- C:\Users\phower64766\Documents\amgi.dsn [2011/12/20 10:49:25 | 000,344,064 | ---- | C] () -- C:\Users\phower64766\Documents\Database22.accdb [2011/12/20 10:49:14 | 267,542,528 | ---- | C] () -- C:\Users\phower64766\Desktop\Critical Parts Rev2_Backup.accdb [2011/12/19 10:05:42 | 267,542,528 | ---- | C] () -- C:\Users\phower64766\Desktop\Critical Parts Rev2.accdb [2011/12/16 12:08:37 | 000,001,822 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2011/12/04 07:24:19 | 000,425,984 | ---- | C] () -- C:\Users\phower64766\Documents\SO Demand - Usage.accdb [2011/10/10 06:42:20 | 000,001,473 | ---- | C] () -- C:\Windows\System32\shortcut_ex.dat [2011/10/06 12:14:27 | 000,004,096 | -H-- | C] () -- C:\Users\phower64766\AppData\Local\keyfile3.drm [2011/08/29 06:45:15 | 000,000,218 | ---- | C] () -- C:\Windows\oraodbc.ini [2011/08/25 07:41:18 | 000,000,183 | ---- | C] () -- C:\Windows\hpbafd.ini [2011/08/12 08:16:45 | 000,004,764 | ---- | C] () -- C:\Windows\System32\CcmFramework.ini [2011/06/16 21:04:24 | 000,000,280 | ---- | C] () -- C:\Windows\System32\PGPsdk.dll.sig [2011/05/30 09:36:16 | 000,000,016 | ---- | C] () -- C:\Windows\System32\jgldog11.dll [2011/05/28 08:53:37 | 000,007,598 | ---- | C] () -- C:\Users\phower64766\AppData\Local\Resmon.ResmonCfg [2011/05/18 14:53:15 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat [2011/05/18 12:12:06 | 000,013,808 | ---- | C] () -- C:\Windows\System32\ad_driver.sys [2011/05/17 09:30:19 | 000,000,406 | ---- | C] () -- C:\Windows\ODBC.INI [2011/05/17 09:30:18 | 000,054,343 | ---- | C] () -- C:\Windows\bqmeta0.ini [2011/05/17 09:30:16 | 000,027,955 | ---- | C] () -- C:\Windows\bqformat.ini [2011/05/17 09:07:40 | 000,049,152 | ---- | C] () -- C:\Windows\adminset.exe [2011/05/17 08:50:45 | 000,075,354 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2011/05/17 08:43:40 | 000,816,792 | ---- | C] () -- C:\Windows\System32\drivers\pmxdrv.sys [2011/05/17 08:24:11 | 000,870,560 | ---- | C] () -- C:\Windows\System32\igkrng575.bin [2011/05/17 08:24:11 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll [2011/05/17 08:24:11 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll [2011/05/17 08:24:11 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config [2010/11/14 22:18:00 | 000,418,680 | ---- | C] () -- C:\Windows\System32\perfh012.dat [2010/11/14 22:18:00 | 000,157,694 | ---- | C] () -- C:\Windows\System32\perfi012.dat [2010/11/14 22:18:00 | 000,110,838 | ---- | C] () -- C:\Windows\System32\perfc012.dat [2010/11/14 22:18:00 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd012.dat [2010/11/14 22:09:08 | 000,141,988 | ---- | C] () -- C:\Windows\System32\perfi011.dat [2010/11/14 22:09:07 | 000,407,372 | ---- | C] () -- C:\Windows\System32\perfh011.dat [2010/11/14 22:09:07 | 000,112,550 | ---- | C] () -- C:\Windows\System32\perfc011.dat [2010/11/14 22:09:07 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd011.dat [2010/11/14 22:00:06 | 000,335,478 | ---- | C] () -- C:\Windows\System32\perfi010.dat [2010/11/14 22:00:05 | 000,713,720 | ---- | C] () -- C:\Windows\System32\perfh010.dat [2010/11/14 22:00:05 | 000,134,328 | ---- | C] () -- C:\Windows\System32\perfc010.dat [2010/11/14 22:00:05 | 000,037,534 | ---- | C] () -- C:\Windows\System32\perfd010.dat [2010/11/14 21:53:10 | 000,375,280 | ---- | C] () -- C:\Windows\System32\perfh00D.dat [2010/11/14 21:53:10 | 000,229,316 | ---- | C] () -- C:\Windows\System32\perfi00D.dat [2010/11/14 21:53:10 | 000,075,256 | ---- | C] () -- C:\Windows\System32\perfc00D.dat [2010/11/14 21:53:10 | 000,032,166 | ---- | C] () -- C:\Windows\System32\perfd00D.dat [2010/11/14 21:46:41 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2010/11/14 21:46:40 | 000,668,692 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2010/11/14 21:46:40 | 000,136,440 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2010/11/14 21:46:40 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2010/11/14 21:39:50 | 000,718,670 | ---- | C] () -- C:\Windows\System32\perfh00C.dat [2010/11/14 21:39:50 | 000,344,522 | ---- | C] () -- C:\Windows\System32\perfi00C.dat [2010/11/14 21:39:50 | 000,137,138 | ---- | C] () -- C:\Windows\System32\perfc00C.dat [2010/11/14 21:39:50 | 000,038,160 | ---- | C] () -- C:\Windows\System32\perfd00C.dat [2010/11/14 21:33:08 | 000,117,840 | ---- | C] () -- C:\Windows\System32\prfi0404.dat [2010/11/14 21:33:07 | 000,395,790 | ---- | C] () -- C:\Windows\System32\prfh0404.dat [2010/11/14 21:33:07 | 000,105,496 | ---- | C] () -- C:\Windows\System32\prfc0404.dat [2010/11/14 21:33:07 | 000,031,548 | ---- | C] () -- C:\Windows\System32\prfd0404.dat [2010/11/14 21:26:46 | 000,111,310 | ---- | C] () -- C:\Windows\System32\prfi0804.dat [2010/11/14 21:26:45 | 000,379,488 | ---- | C] () -- C:\Windows\System32\prfh0804.dat [2010/11/14 21:26:45 | 000,110,410 | ---- | C] () -- C:\Windows\System32\prfc0804.dat [2010/11/14 21:26:45 | 000,031,548 | ---- | C] () -- C:\Windows\System32\prfd0804.dat [2010/11/14 19:11:18 | 000,006,251 | ---- | C] () -- C:\Windows\saplogon.ini [2010/11/14 19:08:42 | 001,064,960 | ---- | C] () -- C:\Windows\System32\h5krnl32.dll [2010/11/14 19:08:42 | 000,188,928 | ---- | C] () -- C:\Windows\System32\h5icon32.dll [2010/11/14 19:08:42 | 000,175,616 | ---- | C] () -- C:\Windows\System32\h5menu32.dll [2010/11/14 19:08:42 | 000,095,744 | ---- | C] () -- C:\Windows\System32\h5rtf32.dll [2010/11/14 19:08:42 | 000,051,200 | ---- | C] () -- C:\Windows\System32\h5tool32.dll [2010/11/14 19:07:16 | 000,000,078 | ---- | C] () -- C:\Windows\init.ini [2010/11/14 18:34:19 | 000,000,470 | ---- | C] () -- C:\Windows\SMSCFG.INI [2010/07/29 01:31:12 | 000,127,868 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin [2010/07/29 01:31:10 | 000,104,796 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin [2009/07/13 21:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009/07/13 21:33:53 | 000,411,984 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009/07/13 19:05:48 | 000,639,608 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009/07/13 19:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009/07/13 19:05:48 | 000,112,736 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009/07/13 19:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009/07/13 19:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009/07/13 19:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009/07/13 17:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2009/07/13 16:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009/07/13 16:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2003/07/03 15:43:04 | 000,000,290 | ---- | C] () -- C:\Windows\brioqry6.ini ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011/05/18 14:17:41 | 000,000,000 | ---D | M] -- C:\Users\phower64766\AppData\Roaming\Adobe [2011/12/21 17:01:03 | 000,000,000 | ---D | M] -- C:\Users\phower64766\AppData\Roaming\Aktiaca [2011/10/28 19:30:23 | 000,000,000 | ---D | M] -- C:\Users\phower64766\AppData\Roaming\Apple Computer [2011/07/28 12:29:04 | 000,000,000 | ---D | M] -- C:\Users\phower64766\AppData\Roaming\BestOn [2011/05/29 11:17:41 | 000,000,000 | ---D | M] -- C:\Users\phower64766\AppData\Roaming\Cisco [2011/05/17 09:41:57 | 000,000,000 | ---D | M] -- C:\Users\phower64766\AppData\Roaming\ICAClient [2011/12/21 14:28:38 | 000,000,000 | ---D | M] -- C:\Users\phower64766\AppData\Roaming\Icox [2011/05/17 09:15:55 | 000,000,000 | ---D | M] -- C:\Users\phower64766\AppData\Roaming\Identities [2011/08/13 09:05:58 | 000,000,000 | ---D | M] -- C:\Users\phower64766\AppData\Roaming\Intel Corporation [2011/07/04 06:58:53 | 000,000,000 | ---D | M] -- C:\Users\phower64766\AppData\Roaming\Juniper Networks [2011/05/18 12:20:40 | 000,000,000 | ---D | M] -- C:\Users\phower64766\AppData\Roaming\Macromedia [2011/05/19 05:07:36 | 000,000,000 | ---D | M] -- C:\Users\phower64766\AppData\Roaming\Malwarebytes [2011/05/17 09:16:08 | 000,000,000 | ---D | M] -- C:\Users\phower64766\AppData\Roaming\McAfee [2009/07/14 00:20:18 | 000,000,000 | ---D | M] -- C:\Users\phower64766\AppData\Roaming\Media Center Programs [2011/11/28 15:29:27 | 000,000,000 | --SD | M] -- C:\Users\phower64766\AppData\Roaming\Microsoft [2011/12/24 10:28:18 | 000,000,000 | ---D | M] -- C:\Users\phower64766\AppData\Roaming\Mozilla [2011/12/07 15:30:01 | 000,000,000 | ---D | M] -- C:\Users\phower64766\AppData\Roaming\Odorapc [2011/12/07 16:00:43 | 000,000,000 | ---D | M] -- C:\Users\phower64766\AppData\Roaming\Oskayd [2011/11/08 01:33:15 | 000,000,000 | ---D | M] -- C:\Users\phower64766\AppData\Roaming\PGP Corporation [2011/07/22 11:28:53 | 000,000,000 | ---D | M] -- C:\Users\phower64766\AppData\Roaming\Prism Deploy [2011/12/26 10:34:13 | 000,000,000 | ---D | M] -- C:\Users\phower64766\AppData\Roaming\SAP [2011/06/13 10:13:13 | 000,000,000 | ---D | M] -- C:\Users\phower64766\AppData\Roaming\Skype [2011/12/26 10:41:22 | 000,000,000 | ---D | M] -- C:\Users\phower64766\AppData\Roaming\skypePM [2011/12/13 18:33:01 | 000,000,000 | ---D | M] -- C:\Users\phower64766\AppData\Roaming\smkits [2011/12/26 17:38:40 | 000,000,000 | ---D | M] -- C:\Users\phower64766\AppData\Roaming\SoftGrid Client [2011/08/13 09:05:57 | 000,000,000 | ---D | M] -- C:\Users\phower64766\AppData\Roaming\TFPU [2011/12/16 11:26:22 | 000,000,000 | ---D | M] -- C:\Users\phower64766\AppData\Roaming\webex [2011/05/20 07:57:31 | 000,000,000 | ---D | M] -- C:\Users\phower64766\AppData\Roaming\WinBatch [2011/06/02 11:57:54 | 000,000,000 | ---D | M] -- C:\Users\phower64766\AppData\Roaming\Xerox < %APPDATA%\*.exe /s > [2010/07/27 17:11:06 | 000,300,400 | ---- | M] (Juniper Networks") -- C:\Users\phower64766\AppData\Roaming\Juniper Networks\Host Checker\dsHostChecker.exe [2010/07/27 17:11:08 | 000,234,864 | ---- | M] (Juniper Networks) -- C:\Users\phower64766\AppData\Roaming\Juniper Networks\Host Checker\dsHostCheckerProxy.exe [2010/07/27 17:11:08 | 000,157,040 | ---- | M] () -- C:\Users\phower64766\AppData\Roaming\Juniper Networks\Host Checker\InstallHelper.exe [2010/07/27 17:11:18 | 000,056,072 | ---- | M] () -- C:\Users\phower64766\AppData\Roaming\Juniper Networks\Host Checker\uninstall.exe [2010/06/02 16:46:12 | 000,132,464 | ---- | M] () -- C:\Users\phower64766\AppData\Roaming\Juniper Networks\Setup Client\dsmmf.exe [2010/06/02 16:46:12 | 000,497,008 | ---- | M] (Juniper Networks) -- C:\Users\phower64766\AppData\Roaming\Juniper Networks\Setup Client\JuniperSetupClient.exe [2010/06/02 16:45:36 | 000,330,088 | ---- | M] () -- C:\Users\phower64766\AppData\Roaming\Juniper Networks\Setup Client\JuniperSetupClientOCX.exe [2010/06/02 16:44:10 | 000,218,232 | ---- | M] () -- C:\Users\phower64766\AppData\Roaming\Juniper Networks\Setup Client\JuniperSetupXP.exe [2010/06/02 16:46:18 | 000,050,840 | ---- | M] (Juniper Networks) -- C:\Users\phower64766\AppData\Roaming\Juniper Networks\Setup Client\uninstall.exe [2011/05/21 06:56:20 | 000,162,720 | ---- | M] () -- C:\Users\phower64766\AppData\Roaming\Juniper Networks\Setup Client\x86_Microsoft.VC80.CRTP_8.0.50727.762.exe [2011/05/21 06:56:18 | 000,292,768 | ---- | M] () -- C:\Users\phower64766\AppData\Roaming\Juniper Networks\Setup Client\x86_Microsoft.VC80.CRTR_8.0.50727.762.exe [2004/09/13 00:00:00 | 001,916,928 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Users\phower64766\AppData\Roaming\Prism Deploy\Ptclient.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009/07/13 18:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\ERDNT\cache\AGP440.sys [2009/07/13 18:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009/07/13 18:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys [2009/07/13 18:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys < MD5 for: ATAPI.SYS > [2009/07/13 18:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\ERDNT\cache\atapi.sys [2009/07/13 18:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009/07/13 18:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys [2009/07/13 18:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys < MD5 for: BEEP.SYS > [2009/07/13 16:45:01 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=505506526A9D467307B3C393DEDAF858 -- C:\Windows\ERDNT\cache\beep.sys [2009/07/13 16:45:01 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=505506526A9D467307B3C393DEDAF858 -- C:\Windows\System32\drivers\beep.sys [2009/07/13 16:45:01 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=505506526A9D467307B3C393DEDAF858 -- C:\Windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.1.7600.16385_none_c3f6f77668f0ddcc\beep.sys < MD5 for: CNGAUDIT.DLL > [2009/07/13 18:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache\cngaudit.dll [2009/07/13 18:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009/07/13 18:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: EVENTLOG.DLL > [2004/11/15 09:37:52 | 000,028,672 | ---- | M] () MD5=9937F303C344C00849E8E5CA26CED439 -- C:\oracle\product\10.2.0\client_1\perl\site\5.8.3\lib\MSWin32-x86-multi-thread\auto\Win32\EventLog\EventLog.dll < MD5 for: IASTOR.SYS > [2010/11/05 22:39:18 | 000,354,840 | ---- | M] (Intel Corporation) MD5=F4037A3FEDB92DD97C95F320766EA5C9 -- C:\Windows\System32\drivers\iaStor.sys [2010/11/05 22:39:18 | 000,354,840 | ---- | M] (Intel Corporation) MD5=F4037A3FEDB92DD97C95F320766EA5C9 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_c1d4bb208009ee37\iaStor.sys < MD5 for: IASTORV.SYS > [2009/07/13 18:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys [2009/07/13 18:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys [2009/07/13 18:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009/07/13 18:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\ERDNT\cache\netlogon.dll [2009/07/13 18:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll [2009/07/13 18:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2009/07/13 18:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys [2009/07/13 18:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys [2009/07/13 18:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009/07/13 18:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\ERDNT\cache\scecli.dll [2009/07/13 18:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll [2009/07/13 18:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll < MD5 for: THEMEUI.DLL > [2009/07/13 18:16:16 | 002,755,072 | ---- | M] (Microsoft Corporation) MD5=BA25800813148F910A600B6DE1F78B2B -- C:\Windows\System32\themeui.dll [2009/07/13 18:16:16 | 002,755,072 | ---- | M] (Microsoft Corporation) MD5=BA25800813148F910A600B6DE1F78B2B -- C:\Windows\winsxs\x86_microsoft-windows-themeui_31bf3856ad364e35_6.1.7600.16385_none_84d4ec967cd4beac\themeui.dll < MD5 for: USERINIT.EXE > [2009/07/13 18:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\ERDNT\cache\userinit.exe [2009/07/13 18:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe [2009/07/13 18:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009/07/13 18:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll [2009/07/13 18:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll < > ========== Files - Unicode (All) ========== [2011/05/18 13:42:00 | 001,359,590 | ---- | C] ()(C:\Users\phower64766\Desktop\???.JPG) -- C:\Users\phower64766\Desktop\潘好乐.JPG [2011/01/02 12:36:58 | 001,359,590 | ---- | M] ()(C:\Users\phower64766\Desktop\???.JPG) -- C:\Users\phower64766\Desktop\潘好乐.JPG < End of report >