[code] OTS logfile created on: 6/23/2012 11:54:44 PM - Run 1 OTS by OldTimer - Version 3.1.47.2 Folder = C:\Users\naveenks\Desktop 64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 4.00 Gb Total Physical Memory | 0.00 Gb Available Physical Memory | 8.00% Memory free 8.00 Gb Paging File | 3.00 Gb Available in Paging File | 41.00% Paging File free Paging file location(s): c:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 297.89 Gb Total Space | 160.85 Gb Free Space | 54.00% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: NAVEENKS04 Current User Name: NAVEENKS NOT logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days [Processes - Safe List] ots.exe -> C:\Users\naveenks\Desktop\OTS.exe -> [2012/06/23 23:26:50 | 000,646,656 | ---- | M] (OldTimer Tools) discagnt.exe -> C:\Program Files (x86)\Hewlett-Packard\Discovery Agent\bin32\discagnt.exe -> [2012/04/20 09:38:40 | 000,775,736 | ---- | M] () discusge.exe -> C:\Program Files (x86)\Hewlett-Packard\Discovery Agent\Plugins\usage\discusge.exe -> [2012/04/20 09:38:40 | 000,525,880 | ---- | M] () mbamservice.exe -> C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -> [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) communicator.exe -> C:\Program Files (x86)\Microsoft Lync\communicator.exe -> [2012/01/27 03:02:36 | 012,065,056 | ---- | M] (Microsoft Corporation) a180wd.exe -> C:\Program Files (x86)\Aternity\Agent\A180WD.exe -> [2011/03/21 20:05:42 | 000,178,176 | ---- | M] (Aternity Systems LTD.) a180ag.exe -> C:\Program Files (x86)\Aternity\Agent\A180AG.exe -> [2011/03/21 20:05:42 | 000,020,480 | ---- | M] (Aternity Systems LTD.) a180cm.exe -> C:\PROGRA~2\Aternity\Agent\.\A180CM.exe -> [2011/03/21 20:05:42 | 000,016,384 | ---- | M] () tpscrex.exe -> C:\Program Files\Lenovo\ZOOM\TpScrex.exe -> [2011/03/08 03:21:18 | 000,138,168 | ---- | M] (Lenovo Group Limited) tponscr.exe -> C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe -> [2011/03/08 03:20:58 | 000,267,624 | ---- | M] (Lenovo Group Limited) cvpnd.exe -> C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -> [2011/03/04 13:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) wsnm.exe -> C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe -> [2011/02/18 19:37:56 | 000,494,192 | ---- | M] (VMware, Inc.) ipassperiodicupdateservice.exe -> C:\Program Files (x86)\iPass\iPassConnect\iPassPeriodicUpdateService.exe -> [2010/12/02 19:04:48 | 000,114,688 | ---- | M] (iPass, Inc.) ipassperiodicupdateapp.exe -> C:\Program Files (x86)\iPass\iPassConnect\iPassPeriodicUpdateApp.exe -> [2010/12/02 19:04:36 | 000,176,128 | ---- | M] (iPass, Inc.) tphksvc.exe -> C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -> [2010/12/02 02:55:54 | 000,064,440 | ---- | M] (Lenovo Group Limited) tposdsvc.exe -> C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe -> [2010/11/29 06:32:44 | 000,069,560 | ---- | M] (Lenovo Group Limited) micmute.exe -> C:\Program Files\Lenovo\HOTKEY\micmute.exe -> [2010/11/24 06:34:24 | 000,045,496 | ---- | M] (Lenovo Group Limited) ccsvchst.exe -> C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -> [2010/08/24 00:39:11 | 000,108,392 | ---- | M] (Symantec Corporation) ccapp.exe -> C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe -> [2010/08/24 00:39:10 | 000,115,560 | ---- | M] (Symantec Corporation) protectionutilsurrogate.exe -> C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe -> [2010/08/24 00:39:09 | 000,050,544 | ---- | M] (Symantec Corporation) lvvsst.exe -> C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe -> [2010/04/07 04:37:38 | 000,093,032 | ---- | M] (Lenovo Group Limited) virtscrl.exe -> C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe -> [2010/04/01 04:50:44 | 000,043,960 | ---- | M] (Lenovo Group Limited) wfcrun32.exe -> C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe -> [2010/03/11 00:22:04 | 000,599,408 | ---- | M] (Citrix Systems, Inc.) concentr.exe -> C:\Program Files (x86)\Citrix\ICA Client\concentr.exe -> [2010/03/11 00:21:16 | 000,300,400 | ---- | M] (Citrix Systems, Inc.) [Modules - No Company Name] [Win32 Services - Safe List] 64bit-(MYCOMPANYSIMS) [Auto | Running] -> C:\Windows\SysNative\sims\MYCOMPANYSIMS.exe -> [2012/01/22 09:45:50 | 001,886,208 | ---- | M] (MYCOMPANY) 64bit-(MBAMAgent) [Auto | Running] -> C:\Program Files\Microsoft\MDOP MBAM\MBAMAgent.exe -> [2011/06/14 16:42:44 | 000,239,528 | ---- | M] (Microsoft Corp.) 64bit-(wsnm_usbctrl) [Auto | Running] -> C:\Program Files\VMware\VMware View\Client\bin\wsnm_usbctrl.exe -> [2011/02/18 19:41:20 | 001,120,368 | ---- | M] (VMware, Inc.) 64bit-(wsnm) [Auto | Running] -> C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe -> [2011/02/18 19:37:56 | 000,494,192 | ---- | M] (VMware, Inc.) 64bit-(TPHDEXLGSVC) [On_Demand | Stopped] -> C:\Windows\SysNative\TPHDEXLG64.exe -> [2011/01/13 15:05:46 | 000,047,728 | ---- | M] (Lenovo.) 64bit-(EvtEng) [Auto | Running] -> C:\Program Files\Intel\WiFi\bin\EvtEng.exe -> [2010/12/17 15:41:32 | 001,515,792 | ---- | M] (Intel(R) Corporation) 64bit-(RegSrvc) [Auto | Running] -> C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -> [2010/12/17 15:26:50 | 000,836,880 | ---- | M] (Intel(R) Corporation) 64bit-(TPHKLOAD) [Auto | Running] -> C:\Program Files\Lenovo\HOTKEY\tphkload.exe -> [2010/12/03 01:00:54 | 000,114,024 | ---- | M] (Lenovo Group Limited) 64bit-(TPHKSVC) [Auto | Running] -> C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -> [2010/12/02 02:55:54 | 000,064,440 | ---- | M] (Lenovo Group Limited) 64bit-(LENOVO.MICMUTE) [Auto | Running] -> C:\Program Files\Lenovo\HOTKEY\micmute.exe -> [2010/11/24 06:34:24 | 000,045,496 | ---- | M] (Lenovo Group Limited) 64bit-(Lenovo.VIRTSCRLSVC) [Auto | Running] -> C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe -> [2010/04/07 04:37:38 | 000,093,032 | ---- | M] (Lenovo Group Limited) 64bit-(IBMPMSVC) [Auto | Running] -> C:\Windows\SysNative\ibmpmsvc.exe -> [2009/11/18 04:04:24 | 000,045,928 | ---- | M] (Lenovo.) 64bit-(WinDefend) [Auto | Stopped] -> C:\Program Files\Windows Defender\MpSvc.dll -> [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) 64bit-(AppMgmt) [On_Demand | Stopped] -> C:\Windows\SysNative\appmgmts.dll -> [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) (MozillaMaintenance) Mozilla Maintenance Service [On_Demand | Stopped] -> C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -> [2012/06/17 01:59:25 | 000,113,120 | ---- | M] (Mozilla Foundation) (prgnDiscAgent) HP DDMI Agent [Auto | Running] -> C:\Program Files (x86)\Hewlett-Packard\Discovery Agent\bin32\discagnt.exe -> [2012/04/20 09:38:40 | 000,775,736 | ---- | M] () (MBAMService) MBAMService [Auto | Running] -> C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -> [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) (PSEXESVC) PsExec [On_Demand | Stopped] -> C:\Windows\PSEXESVC.EXE -> [2012/01/03 23:03:05 | 000,053,248 | ---- | M] (Sysinternals) (tmlisten) OfficeScan NT Listener [Auto | Stopped] -> C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmlisten.exe -> [2011/08/26 02:52:40 | 002,772,096 | ---- | M] (Trend Micro Inc.) (ntrtscan) OfficeScan NT RealTime Scan [Auto | Running] -> C:\Program Files (x86)\Trend Micro\OfficeScan Client\ntrtscan.exe -> [2011/08/26 02:43:24 | 002,771,856 | ---- | M] (Trend Micro Inc.) (TmProxy) OfficeScan NT Proxy Service [On_Demand | Stopped] -> C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmProxy.exe -> [2011/04/15 13:17:44 | 000,918,032 | ---- | M] (Trend Micro Inc.) (A180WD) A180WD [Unknown | Running] -> C:\Program Files (x86)\Aternity\Agent\A180WD.exe -> [2011/03/21 20:05:42 | 000,178,176 | ---- | M] (Aternity Systems LTD.) (A180AG) A180AG [Unknown | Running] -> C:\Program Files (x86)\Aternity\Agent\A180AG.exe -> [2011/03/21 20:05:42 | 000,020,480 | ---- | M] (Aternity Systems LTD.) (CVPND) Cisco Systems, Inc. VPN Service [Auto | Running] -> C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -> [2011/03/04 13:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) (iPassConnectEngine) iPassConnectEngine [On_Demand | Stopped] -> C:\Program Files (x86)\iPass\iPassConnect\iPassConnectEngine.exe -> [2010/12/02 19:25:22 | 001,757,184 | ---- | M] (iPass, Inc.) (iPassPeriodicUpdateService) iPassPeriodicUpdateService [Auto | Running] -> C:\Program Files (x86)\iPass\iPassConnect\iPassPeriodicUpdateService.exe -> [2010/12/02 19:04:48 | 000,114,688 | ---- | M] (iPass, Inc.) (iPassPeriodicUpdateApp) iPassPeriodicUpdateApp [On_Demand | Running] -> C:\Program Files (x86)\iPass\iPassConnect\iPassPeriodicUpdateApp.exe -> [2010/12/02 19:04:36 | 000,176,128 | ---- | M] (iPass, Inc.) (ccSetMgr) Symantec Settings Manager [Auto | Running] -> C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -> [2010/08/24 00:39:11 | 000,108,392 | ---- | M] (Symantec Corporation) (ccEvtMgr) Symantec Event Manager [Auto | Running] -> C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -> [2010/08/24 00:39:11 | 000,108,392 | ---- | M] (Symantec Corporation) (SmcService) Symantec Management Client [Auto | Running] -> C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe -> [2010/08/24 00:39:10 | 003,197,256 | ---- | M] (Symantec Corporation) (SNAC) Symantec Network Access Control [Disabled | Stopped] -> C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE -> [2010/08/24 00:39:10 | 000,411,976 | ---- | M] (Symantec Corporation) (OracleServiceMM82) OracleServiceMM82 [On_Demand | Stopped] -> c:\oracle\product\11.2.0\dbhome_1\bin\ORACLE.EXE -> [2010/03/30 06:32:28 | 134,018,048 | ---- | M] (Oracle Corporation) (OracleJobSchedulerMM82) OracleJobSchedulerMM82 [Disabled | Stopped] -> c:\oracle\product\11.2.0\dbhome_1\Bin\extjob.exe -> [2010/03/30 06:30:20 | 000,045,568 | ---- | M] () (OracleVssWriterMM82) Oracle MM82 VSS Writer Service [On_Demand | Stopped] -> c:\oracle\product\11.2.0\dbhome_1\bin\OraVSSW.exe -> [2010/03/30 05:47:58 | 000,192,000 | ---- | M] () (clr_optimization_v4.0.30319_32) Microsoft .NET Framework NGEN v4.0.30319_X86 [Auto | Stopped] -> C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -> [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) (OracleOraDb11g_home1TNSListener) OracleOraDb11g_home1TNSListener [Auto | Running] -> C:\Oracle\product\11.2.0\dbhome_1\BIN\TNSLSNR.exe -> [2010/03/15 19:48:10 | 000,518,144 | ---- | M] (Oracle Corporation) (OracleOraDb11g_home1ClrAgent) OracleOraDb11g_home1ClrAgent [On_Demand | Stopped] -> C:\Oracle\product\11.2.0\dbhome_1\bin\OraClrAgnt.exe -> [2010/03/12 08:05:26 | 000,083,968 | ---- | M] (Oracle Corporation) (OracleMTSRecoveryService) OracleMTSRecoveryService [Auto | Running] -> C:\Oracle\product\11.2.0\dbhome_1\bin\omtsreco.exe -> [2010/03/12 05:59:36 | 000,081,408 | ---- | M] (Oracle Corporation) (OracleDBConsolemm82) OracleDBConsolemm82 [Auto | Running] -> C:\Oracle\product\11.2.0\dbhome_1\BIN\nmesrvc.exe -> [2010/03/02 10:21:58 | 000,035,328 | ---- | M] (Oracle Corporation) (CcmExec) SMS Agent Host [Auto | Stopped] -> C:\Windows\SysWOW64\CCM\CcmExec.exe -> [2009/09/18 05:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) (smstsmgr) SMS Task Sequence Agent [On_Demand | Stopped] -> C:\Windows\SysWOW64\CCM\TSManager.exe -> [2009/09/18 05:00:00 | 000,246,624 | ---- | M] (Microsoft Corporation) (LiveUpdate) LiveUpdate [On_Demand | Stopped] -> C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE -> [2009/07/13 13:06:15 | 003,093,880 | ---- | M] (Symantec Corporation) (clr_optimization_v2.0.50727_32) Microsoft .NET Framework NGEN v2.0.50727_X86 [Disabled | Stopped] -> C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) (HsfXAudioService) HsfXAudioService [Auto | Running] -> C:\Windows\SysWOW64\XAudio64.dll -> [2009/04/29 01:21:18 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Driver Services - Safe List] 64bit-(ProcObsrv) Process creation detector [Kernel | On_Demand | Running] -> C:\Windows\SysNative\sims\ProcObsrv.sys -> [2012/06/23 22:48:37 | 000,009,760 | ---- | M] () 64bit-(MBAMProtector) MBAMProtector [File_System | On_Demand | Running] -> C:\Windows\SysNative\drivers\mbam.sys -> [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) 64bit-(WpsHelper) WpsHelper [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\wpshelper.sys -> [2011/07/04 15:36:12 | 000,225,328 | ---- | M] (Symantec Corporation) 64bit-(CVPNDRVA) Cisco Systems Inc. IPSec Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\CVPNDRVA.sys -> [2011/03/04 13:51:50 | 000,306,536 | ---- | M] () 64bit-(vmwvusb) VMware View Generic USB Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\vmwvusb.sys -> [2011/02/18 19:41:20 | 000,047,664 | ---- | M] (VMware, Inc.) 64bit-(ssudnflt) Remote NDIS Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\ssudnflt.sys -> [2011/02/17 22:40:06 | 000,019,520 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) 64bit-(ssudmdm) SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.) [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\ssudmdm.sys -> [2011/02/17 21:47:42 | 000,202,560 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) 64bit-(dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.) [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\ssudbus.sys -> [2011/02/17 21:47:42 | 000,082,112 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) 64bit-(SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\SynTP.sys -> [2011/02/17 09:25:02 | 001,419,824 | ---- | M] (Synaptics Incorporated) 64bit-(Shockprf) Shockprf [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\ApsX64.sys -> [2011/01/13 15:04:20 | 000,139,888 | ---- | M] (Lenovo.) 64bit-(TPDIGIMN) TPDIGIMN [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\ApsHM64.sys -> [2011/01/13 15:02:28 | 000,023,664 | ---- | M] (Lenovo.) 64bit-(NETwNs64) ___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\NETwNs64.sys -> [2010/12/21 10:08:48 | 008,505,856 | ---- | M] (Intel Corporation) 64bit-(tmtdi) Trend Micro TDI Driver [Kernel | System | Running] -> C:\Windows\SysNative\drivers\tmtdi.sys -> [2010/12/07 04:58:38 | 000,108,624 | ---- | M] (Trend Micro Inc.) 64bit-(RdpVideoMiniport) Remote Desktop Video Miniport Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\rdpvideominiport.sys -> [2010/11/20 20:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) 64bit-(TsUsbFlt) TsUsbFlt [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\TsUsbFlt.sys -> [2010/11/20 20:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) 64bit-(tsusbhub) Remote Deskotop USB Hub [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\tsusbhub.sys -> [2010/11/20 20:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) 64bit-(Synth3dVsc) Microsoft Virtual 3D Video Transport Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\Synth3dVsc.sys -> [2010/11/20 20:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) 64bit-(dmvsc) dmvsc [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\dmvsc.sys -> [2010/11/20 20:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) 64bit-(terminpt) Microsoft Remote Desktop Input Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\terminpt.sys -> [2010/11/20 20:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) 64bit-(sdbus) sdbus [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\sdbus.sys -> [2010/11/20 20:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) 64bit-(amdsata) amdsata [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\amdsata.sys -> [2010/11/20 20:23:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) 64bit-(HpSAMD) HpSAMD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\HpSAMD.sys -> [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) 64bit-(TsUsbGD) Remote Desktop Generic USB Device [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\TsUsbGD.sys -> [2010/11/20 20:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) 64bit-(amdxata) amdxata [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\amdxata.sys -> [2010/11/20 20:23:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) 64bit-(lenovo.smi) Lenovo System Interface Driver [Kernel | System | Running] -> C:\Windows\SysNative\drivers\smiifx64.sys -> [2010/09/07 04:09:34 | 000,015,472 | ---- | M] (Lenovo Group Limited) 64bit-(IntcDAud) Intel(R) Display Audio [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\IntcDAud.sys -> [2010/08/30 11:17:36 | 000,289,280 | ---- | M] (Intel(R) Corporation) 64bit-(igfx) igfx [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\igdkmd64.sys -> [2010/08/25 19:36:02 | 010,611,552 | ---- | M] (Intel Corporation) 64bit-(CnxtHdAudService) Conexant UAA Function Driver for High Definition Audio Service [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\CHDRT64.sys -> [2010/08/25 16:46:18 | 000,682,624 | ---- | M] (Conexant Systems Inc.) 64bit-(WPS) WPS [Kernel | System | Running] -> C:\Windows\SysNative\drivers\WPSDRVnt.sys -> [2010/08/24 00:39:12 | 000,052,784 | ---- | M] (Symantec Corporation) 64bit-(Teefer2) Teefer2 Miniport [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\Teefer2.sys -> [2010/08/24 00:39:10 | 000,062,512 | ---- | M] (Symantec Corporation) 64bit-(e1kexpress) Intel(R) PRO/1000 PCI Express Network Connection Driver K [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\e1k62x64.sys -> [2010/07/22 01:39:10 | 000,295,600 | ---- | M] (Intel Corporation) 64bit-(Impcd) Impcd [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\Impcd.sys -> [2010/02/26 23:32:12 | 000,158,976 | ---- | M] (Intel Corporation) 64bit-(CVirtA) Cisco Systems VPN Adapter for 64-bit Windows [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\CVirtA64.sys -> [2010/02/08 09:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) 64bit-(IBMPMDRV) IBMPMDRV [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\ibmpmdrv.sys -> [2009/11/18 04:04:04 | 000,032,880 | ---- | M] (Lenovo.) 64bit-(rimspci) rimspci [Kernel | Auto | Running] -> C:\Windows\SysNative\drivers\rimspe64.sys -> [2009/10/26 04:52:00 | 000,061,952 | ---- | M] (REDC) 64bit-(ctxusbm) Citrix USB Monitor Driver [Kernel | System | Running] -> C:\Windows\SysNative\drivers\ctxusbm.sys -> [2009/10/05 10:08:44 | 000,087,600 | ---- | M] (Citrix Systems, Inc.) 64bit-(rixdpcie) rixdpcie [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\rixdpe64.sys -> [2009/09/28 06:46:00 | 000,055,808 | ---- | M] (REDC) 64bit-(HECIx64) Intel(R) Management Engine Interface [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\HECIx64.sys -> [2009/09/17 02:54:54 | 000,056,344 | ---- | M] (Intel Corporation) 64bit-(amdsbs) amdsbs [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\amdsbs.sys -> [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) 64bit-(LSI_SAS2) LSI_SAS2 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\lsi_sas2.sys -> [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) 64bit-(stexstor) stexstor [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\stexstor.sys -> [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) 64bit-(usb_rndisx) USB RNDIS Adapter [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\usb8023x.sys -> [2009/07/13 17:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) 64bit-(TPM) TPM [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\tpm.sys -> [2009/07/13 16:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) 64bit-(HSF_DPV) HSF_DPV [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\CAX_DPV.sys -> [2009/06/30 03:05:16 | 001,486,848 | ---- | M] (Conexant Systems, Inc.) 64bit-(CAXHWAZL) CAXHWAZL [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\CAXHWAZL.sys -> [2009/06/30 03:01:16 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) 64bit-(winachsf) winachsf [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\CAX_CNXT.sys -> [2009/06/30 02:59:54 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) 64bit-(ebdrv) Broadcom NetXtreme II 10 GigE VBD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\evbda.sys -> [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) 64bit-(b06bdrv) Broadcom NetXtreme II VBD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\bxvbda.sys -> [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) 64bit-(b57nd60a) Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\b57nd60a.sys -> [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) 64bit-(hcw85cir) Hauppauge Consumer Infrared Receiver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\hcw85cir.sys -> [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) 64bit-(XAudio) XAudio [Kernel | Auto | Running] -> C:\Windows\SysNative\drivers\XAudio64.sys -> [2009/04/29 01:21:08 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) 64bit-(DNE) Deterministic Network Enhancer Miniport [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\dne64x.sys -> [2008/11/16 19:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) 64bit-(mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> C:\Windows\SysNative\drivers\mdmxsdk.sys -> [2006/06/18 12:27:24 | 000,017,024 | ---- | M] (Conexant) (TmFilter) Trend Micro Filter [Kernel | Auto | Running] -> C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmxpflt.sys -> [2011/07/12 11:56:50 | 000,342,288 | ---- | M] (Trend Micro Inc.) (TmPreFilter) Trend Micro PreFilter [Kernel | Auto | Running] -> C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmpreflt.sys -> [2011/07/12 11:56:36 | 000,042,768 | ---- | M] (Trend Micro Inc.) (VSApiNt) Trend Micro VSAPI NT [Kernel | Auto | Running] -> C:\Program Files (x86)\Trend Micro\OfficeScan Client\VsapiNT.sys -> [2011/07/12 11:47:06 | 002,077,456 | ---- | M] (Trend Micro Inc.) (prepdrvr) SMS Process Event Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysWOW64\CCM\PrepDrv.sys -> [2009/09/18 05:00:00 | 000,026,992 | ---- | M] (Microsoft Corporation) (WIMMount) WIMMount [File_System | On_Demand | Stopped] -> C:\Windows\SysWOW64\drivers\wimmount.sys -> [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [Registry - Safe List] < 64bit-Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\Windows\SysWOW64\blank.htm -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-143744227-174999600-642189945-171198\] > -> -> HKEY_USERS\S-1-5-21-143744227-174999600-642189945-171198\: Main\\"Start Page" -> about:blank -> HKEY_USERS\S-1-5-21-143744227-174999600-642189945-171198\: Main\\"Start Page Redirect Cache AcceptLangs" -> en-us -> HKEY_USERS\S-1-5-21-143744227-174999600-642189945-171198\: Main\\"Start Page Redirect Cache_TIMESTAMP" -> 82 69 19 AF 9A BE CC 01 [binary data] -> HKEY_USERS\S-1-5-21-143744227-174999600-642189945-171198\: "ProxyEnable" -> 0 -> HKEY_USERS\S-1-5-21-143744227-174999600-642189945-171198\: "ProxyOverride" -> *.ap.MYCOMPANY.com;*.na.MYCOMPANY.com;*eu.MYCOMPANY.com;meet.MYCOMPANY.com;erpdbsso*;erpprodsso*;*corp.MYCOMPANY.com;10.*;local;aps*;bentz*;erp*;nemo*;*.na.MYCOMPANY.com;*.corp.MYCOMPANY.com;erpdbsso*;*10.21.112*;*indlin182*;*d3icr1m1*;*10.232.192*;*inlincr*;*10.72.109*;*wiki.web.att.com*;*d3icr1m1*;*cisrc.sbc.com*;D3icr1m1.snt.bst.bls.com;139.76.214.207; -> HKEY_USERS\S-1-5-21-143744227-174999600-642189945-171198\: "ProxyServer" -> genproxy:8080 -> < FireFox Settings [Prefs.js] > -> C:\Users\naveenks\AppData\Roaming\Mozilla\FireFox\Profiles\cz2x9amd.default\prefs.js -> network.proxy.backup.ftp -> "genproxy.MYCOMPANY.com" -> network.proxy.backup.ftp_port -> 8080 -> network.proxy.backup.socks -> "genproxy.MYCOMPANY.com" -> network.proxy.backup.socks_port -> 8080 -> network.proxy.backup.ssl -> "genproxy.MYCOMPANY.com" -> network.proxy.backup.ssl_port -> 8080 -> network.proxy.ftp -> "genproxy.MYCOMPANY.com" -> network.proxy.ftp_port -> 8080 -> network.proxy.http -> "genproxy.MYCOMPANY.com" -> network.proxy.http_port -> 8080 -> network.proxy.no_proxies_on -> "*.ap.MYCOMPANY.com,*.na.MYCOMPANY.com,*.eu.MYCOMPANY.com,meet.MYCOMPANY.com,*.corp.MYCOMPANY.com,erpprodsso*,erpdbsso*,10.*,localhost,127.0.0.1,10.21.112.52,naveenks03,*incaifnformatics*" -> network.proxy.share_proxy_settings -> true -> network.proxy.socks -> "genproxy.MYCOMPANY.com" -> network.proxy.socks_port -> 8080 -> network.proxy.ssl -> "genproxy.MYCOMPANY.com" -> network.proxy.ssl_port -> 8080 -> network.proxy.type -> 0 -> < FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla HKLM\software\mozilla\Firefox\Extensions -> -> HKLM\software\mozilla\Mozilla Firefox 13.0.1\extensions -> -> HKLM\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components -> C:\Program Files (x86)\Mozilla Firefox\components [C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\COMPONENTS] -> [2012/06/17 01:59:26 | 000,000,000 | ---D | M] HKLM\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins -> C:\Program Files (x86)\Mozilla Firefox\plugins [C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\PLUGINS] -> [2012/05/25 15:13:53 | 000,000,000 | ---D | M] < FireFox Extensions [User Folders] > -> -> C:\Users\naveenks\AppData\Roaming\mozilla\Extensions -> [2011/12/21 07:42:42 | 000,000,000 | ---D | M] -> C:\Users\naveenks\AppData\Roaming\mozilla\Firefox\Profiles\cz2x9amd.default\extensions -> [2012/06/17 01:59:34 | 000,000,000 | ---D | M] WOT -> C:\Users\naveenks\AppData\Roaming\mozilla\Firefox\Profiles\cz2x9amd.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} -> [2012/05/17 17:55:10 | 000,000,000 | ---D | M] -> C:\Users\naveenks\AppData\Roaming\mozilla\Firefox\Profiles\cz2x9amd.default\extensions\coralietab@mozdev.org -> [2012/04/29 11:47:20 | 000,000,000 | ---D | M] < FireFox Extensions [Program Folders] > -> -> C:\Program Files (x86)\Mozilla Firefox\extensions -> [2012/04/29 11:42:00 | 000,000,000 | ---D | M] Skype Click to Call -> C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} -> [2011/12/26 11:15:39 | 000,000,000 | ---D | M] No name found -> C:\USERS\NAVEENKS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CZ2X9AMD.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI -> () No name found -> C:\USERS\NAVEENKS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CZ2X9AMD.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI -> () No name found -> C:\USERS\NAVEENKS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CZ2X9AMD.DEFAULT\EXTENSIONS\{D5EA4520-61A1-11DA-8CD6-0800200C9A66}.XPI -> () IE Tab + -> C:\USERS\NAVEENKS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CZ2X9AMD.DEFAULT\EXTENSIONS\CORALIETAB@MOZDEV.ORG -> [2012/04/29 11:47:20 | 000,000,000 | ---D | M] < FireFox Components [Program Folders] > -> < FireFox Plugins [Program Folders] > -> npCoralIETab.dll -> C:\USERS\NAVEENKS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CZ2X9AMD.DEFAULT\EXTENSIONS\CORALIETAB@MOZDEV.ORG\plugins\npCoralIETab.dll -> [2011/03/26 23:13:50 | 000,327,168 | ---- | M] (coralietab.mozdev.org) < HOSTS File > ([2012/06/23 23:40:01 | 000,000,027 | ---- | M] - 1 lines) -> C:\Windows\SysNative\Drivers\etc\hosts -> Reset Hosts 127.0.0.1 localhost < 64bit-BHO's [HKEY_LOCAL_MACHINE] > -> 64bit-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {00011268-E188-40DF-A514-835FCD78B1BF} [HKLM] -> C:\Program Files (x86)\IEPro\IEPro.dll [IE7Pro BHO] -> [2010/06/01 23:30:06 | 000,777,392 | ---- | M] (IE7Pro.com) {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} [HKLM] -> C:\Program Files (x86)\Microsoft Lync\OCHelper.dll [Lync Browser Helper] -> [2010/10/22 02:24:22 | 000,211,720 | ---- | M] (Microsoft Corporation) {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} [HKLM] -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [Skype Browser Helper] -> [2011/11/29 07:22:06 | 003,844,768 | ---- | M] (Skype Technologies S.A.) {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} [HKLM] -> C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll [WeCareReminder Class] -> [2011/12/01 13:59:48 | 000,299,008 | ---- | M] (We-Care.com) < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> "{C55BBCD6-41AD-48AD-9953-3609C48EACC7}" [HKLM] -> C:\Program Files (x86)\IEPro\IEProRecorder.dll [Grab Pro] -> [2010/06/01 23:30:06 | 000,662,736 | ---- | M] () < Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-143744227-174999600-642189945-171198\] > -> HKEY_USERS\S-1-5-21-143744227-174999600-642189945-171198\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\"{C55BBCD6-41AD-48AD-9953-3609C48EACC7}" [HKLM] -> C:\Program Files (x86)\IEPro\IEProRecorder.dll [Grab Pro] -> [2010/06/01 23:30:06 | 000,662,736 | ---- | M] () < 64bit-Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "HotKeysCmds" -> C:\Windows\SysNative\hkcmd.exe [C:\Windows\system32\hkcmd.exe] -> [2010/09/04 04:33:40 | 000,386,584 | ---- | M] (Intel Corporation) "IgfxTray" -> C:\Windows\SysNative\igfxtray.exe [C:\Windows\system32\igfxtray.exe] -> [2010/09/04 04:33:50 | 000,161,304 | ---- | M] (Intel Corporation) "Persistence" -> C:\Windows\SysNative\igfxpers.exe [C:\Windows\system32\igfxpers.exe] -> [2010/09/04 04:33:44 | 000,415,256 | ---- | M] (Intel Corporation) "TpShocks" -> C:\Windows\SysNative\TpShocks.exe [TpShocks.exe] -> [2011/01/14 14:14:18 | 000,380,776 | ---- | M] (Lenovo.) < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "ccApp" -> C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe ["C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"] -> [2010/08/24 00:39:10 | 000,115,560 | ---- | M] (Symantec Corporation) "Communicator" -> C:\Program Files (x86)\Microsoft Lync\communicator.exe ["C:\Program Files (x86)\Microsoft Lync\communicator.exe" /fromrunkey] -> [2012/01/27 03:02:36 | 012,065,056 | ---- | M] (Microsoft Corporation) "ConnectionCenter" -> C:\Program Files (x86)\Citrix\ICA Client\concentr.exe ["C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup] -> [2010/03/11 00:21:16 | 000,300,400 | ---- | M] (Citrix Systems, Inc.) "EDFcsn" -> C:\Program Files (x86)\Hewlett-Packard\Discovery Agent\Plugins\usage\discfcsn.exe [C:\Program Files (x86)\Hewlett-Packard\Discovery Agent\Plugins\usage\discfcsn.exe] -> [2012/04/20 09:38:40 | 000,177,720 | ---- | M] () "OfficeScanNT Monitor" -> C:\Program Files (x86)\Trend Micro\OfficeScan Client\pccntmon.exe ["C:\Program Files (x86)\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow] -> [2011/08/29 04:35:50 | 001,836,592 | ---- | M] (Trend Micro Inc.) < Run [HKEY_USERS\S-1-5-21-143744227-174999600-642189945-171198\] > -> HKEY_USERS\S-1-5-21-143744227-174999600-642189945-171198\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "Push Client" -> C:\Users\naveenks\AppData\Local\ATT Connect\Participant\pull.exe [C:\Users\naveenks\AppData\Local\ATT Connect\Participant\pull.exe] -> [2010/06/03 16:17:26 | 000,965,872 | ---- | M] (AT&T Inc.) < Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Main \Main\\"DisableFirstRunCustomize" -> [1] -> File not found < Software Policy Settings [HKEY_USERS\S-1-5-21-143744227-174999600-642189945-171198] > -> HKEY_USERS\S-1-5-21-143744227-174999600-642189945-171198\SOFTWARE\Policies\Microsoft\Internet Explorer -> < CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [255] -> File not found \\"NoDrives" -> [0] -> File not found < CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System \\"ConsentPromptBehaviorAdmin" -> [0] -> File not found \\"ConsentPromptBehaviorUser" -> [3] -> File not found \\"EnableInstallerDetection" -> [0] -> File not found HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-143744227-174999600-642189945-171198] > -> HKEY_USERS\S-1-5-21-143744227-174999600-642189945-171198\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\S-1-5-21-143744227-174999600-642189945-171198\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [145] -> File not found \\"DisallowCpl" -> [1] -> File not found \\"ForceRunOnStartMenu" -> [1] -> File not found \\"NoDrives" -> [0] -> File not found HKEY_USERS\S-1-5-21-143744227-174999600-642189945-171198\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl \DisallowCpl\\"2" -> [BitLocker Encryption Options] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-143744227-174999600-642189945-171198] > -> HKEY_USERS\S-1-5-21-143744227-174999600-642189945-171198\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {000002a3-84fe-43f1-b958-f2c3ca804f1a}:{CD275D4E-791A-4993-9D4D-6A071EDD2709} [HKLM] -> C:\Program Files (x86)\IEPro\IEPro.dll [Button: IE7Pro Grab and Drag] -> [2010/06/01 23:30:06 | 000,777,392 | ---- | M] (IE7Pro.com) {000002a3-84fe-43f1-b958-f2c3ca804f1a}:{CD275D4E-791A-4993-9D4D-6A071EDD2709} [HKLM] -> C:\Program Files (x86)\IEPro\IEPro.dll [Menu: IE7Pro Grab and Drag] -> [2010/06/01 23:30:06 | 000,777,392 | ---- | M] (IE7Pro.com) {0026439F-A980-4f18-8C95-4F1CBBF9C1D8}:{B119EB0C-C021-46CF-85B0-34A760E0D5FE} [HKLM] -> C:\Program Files (x86)\IEPro\IEPro.dll [Button: IE7Pro Preferences] -> [2010/06/01 23:30:06 | 000,777,392 | ---- | M] (IE7Pro.com) {0026439F-A980-4f18-8C95-4F1CBBF9C1D8}:{B119EB0C-C021-46CF-85B0-34A760E0D5FE} [HKLM] -> C:\Program Files (x86)\IEPro\IEPro.dll [Menu: IE7Pro Preferences] -> [2010/06/01 23:30:06 | 000,777,392 | ---- | M] (IE7Pro.com) {31D09BA0-12F5-4CCE-BE8A-2923E76605DA}:{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} [HKLM] -> C:\Program Files (x86)\Microsoft Lync\OCHelper.dll [Button: Lync add-on] -> [2010/10/22 02:24:22 | 000,211,720 | ---- | M] (Microsoft Corporation) {31D09BA0-12F5-4CCE-BE8A-2923E76605DA}:{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} [HKLM] -> C:\Program Files (x86)\Microsoft Lync\OCHelper.dll [Menu: Lync add-on] -> [2010/10/22 02:24:22 | 000,211,720 | ---- | M] (Microsoft Corporation) {898EA8C8-E7FF-479B-8935-AEC46303B9E5}:{898EA8C8-E7FF-479B-8935-AEC46303B9E5} [HKLM] -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [Button: Skype Click to Call] -> [2011/11/29 07:22:06 | 003,844,768 | ---- | M] (Skype Technologies S.A.) {898EA8C8-E7FF-479B-8935-AEC46303B9E5}:{898EA8C8-E7FF-479B-8935-AEC46303B9E5} [HKLM] -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [Menu: Skype Click to Call] -> [2011/11/29 07:22:06 | 003,844,768 | ---- | M] (Skype Technologies S.A.) {9FCE0361-EBEC-4EBA-AE4A-34967AABFF01}:Exec [HKLM] -> C:\Windows\SysWOW64\IEProxy.exe [Button: Proxy Switch] -> [2010/03/25 17:38:16 | 000,206,160 | ---- | M] () {9FCE0361-EBEC-4EBA-AE4A-34967AABFF01}:Exec [HKLM] -> C:\Windows\SysWOW64\IEProxy.exe [Menu: Proxy Switch] -> [2010/03/25 17:38:16 | 000,206,160 | ---- | M] () < 64bit-Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> < 64bit-Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix "" -> http:// < Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix "" -> http:// < 64bit-Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < 64bit-Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> *.corp_MYCOMPANY.com [*] -> Local intranet -> < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> *.corp_MYCOMPANY.com [*] -> Local intranet -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-143744227-174999600-642189945-171198\] > -> HKEY_USERS\S-1-5-21-143744227-174999600-642189945-171198\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-143744227-174999600-642189945-171198\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> amadeus.com .[*] -> Trusted sites -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-143744227-174999600-642189945-171198\] > -> HKEY_USERS\S-1-5-21-143744227-174999600-642189945-171198\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-143744227-174999600-642189945-171198\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < 64bit-Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {7530BFB8-7293-4D34-9923-61A11451AFC5} [HKLM] -> http://download.eset.com/special/eos/OnlineScanner.cab [OnlineScanner Control] -> < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab [Java Plug-in 1.6.0_23] -> {B94C2238-346E-4C5E-9B36-8CC627F35574} [HKLM] -> Reg Error: Key error. [VMware Remote Console Plug-in 2.5.0.00000] -> {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab [Java Plug-in 1.6.0_23] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab [Java Plug-in 1.6.0_23] -> < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> DhcpNameServer -> 75.75.75.75 75.75.76.76 -> Domain -> corp.MYCOMPANY.com -> < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {174DAA32-1CC1-45F7-9995-6F711F440D84}\\DhcpNameServer -> 192.168.42.129 (SAMSUNG Mobile USB Remote NDIS Network Device) -> {923F988A-A95F-47CB-BD0F-71C0EFB80960}\\DhcpNameServer -> 75.75.75.75 75.75.76.76 (Intel(R) Centrino(R) Advanced-N 6200 AGN) -> < 64bit-Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 64bit-*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> Explorer.exe -> C:\Windows\explorer.exe -> [2010/11/20 20:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) *MultiFile Done* -> -> 64bit-*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> C:\Windows\system32\userinit.exe -> C:\Windows\SysNative\userinit.exe -> [2010/11/20 20:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) *MultiFile Done* -> -> 64bit-*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> SystemPropertiesPerformance.exe -> C:\Windows\SysNative\SystemPropertiesPerformance.exe -> [2009/07/13 18:39:47 | 000,082,432 | ---- | M] (Microsoft Corporation) /pagefile -> -> File not found *MultiFile Done* -> -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> Explorer.exe -> C:\Windows\SysWow64\explorer.exe -> [2010/11/20 20:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) *MultiFile Done* -> -> *UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> C:\Windows\system32\userinit.exe -> C:\Windows\SysWOW64\userinit.exe -> [2010/11/20 20:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) *MultiFile Done* -> -> *VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> /pagefile -> -> File not found *MultiFile Done* -> -> < 64bit-Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> igfxcui -> C:\Windows\SysNative\igfxdev.dll -> [2010/08/25 19:03:48 | 000,271,360 | ---- | M] (Intel Corporation) < LSA Security Packages [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 64bit-*LSA Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> wsauth -> C:\Windows\SysNative\wsauth.dll -> [2011/02/18 19:41:28 | 000,983,664 | ---- | M] (VMware, Inc.) *MultiFile Done* -> -> *LSA Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> wsauth -> -> File not found *MultiFile Done* -> -> < Vista Public Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications -> < Vista Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications -> 64bit-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List \List\\"C:\Program Files (x86)\IEPro\MiniDM.exe" -> C:\Program Files (x86)\IEPro\MiniDM.exe [C:\Program Files (x86)\IEPro\MiniDM.exe:*:Enabled:MiniDM] -> [2010/06/01 23:30:06 | 000,715,984 | ---- | M] (IE7Pro.com) < Vista Active Firewall Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules -> {B982FD5E-6FF2-435E-B302-BF3F474CB531} -> rport=5355 | profile=domain | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-28550 | app=%systemroot%\system32\svchost.exe | svc=dnscache | {C3030C1B-9457-4D6F-AC69-D6225609C885} -> lport=6004 | profile=private | protocol=17 | dir=in | action=allow | name=microsoft office outlook | app=c:\program files (x86)\microsoft office\office14\outlook.exe | {FEB06C13-D48D-4660-8EAD-DB128937CA4D} -> lport=5355 | profile=domain | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-28548 | app=%systemroot%\system32\svchost.exe | svc=dnscache | < Vista Active Application Exception Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules -> {136EF43F-83FB-4EDE-A80E-25B12BD9C8D0} -> profile=domain | protocol=17 | dir=in | action=allow | name=snac64 service | app=c:\program files (x86)\symantec\symantec endpoint protection\snac64.exe | {215391A0-43AD-4D7D-987A-8D435CF8C337} -> profile=domain | protocol=6 | dir=in | action=allow | name=lync | app=c:\program files (x86)\microsoft lync\communicator.exe | {3280E0ED-C7C9-415C-85C7-4015259BD689} -> profile=private | protocol=6 | dir=in | action=allow | name=vmware view client | app=c:\program files\vmware\vmware view\client\bin\wswc.exe | {45328135-19D8-461C-86EE-AD7C1645DF5E} -> profile=private | protocol=17 | dir=in | action=allow | name=vmware remote mks | app=c:\program files\vmware\vmware view\client\bin\vmware-remotemks.exe | {583FB865-78D1-45C2-AACB-2D42F18460C3} -> profile=domain | protocol=17 | dir=in | action=allow | name=xagent - ssh agent for xshell | app=c:\program files (x86)\netsarang\xshell 4\xagent.exe | {5C39494D-DF33-45A8-9FEE-7AD8067386F9} -> dir=in | action=allow | name=ucmapi64 | app=c:\program files\microsoft lync\ucmapi64.exe | {5DAF6B68-60DB-469F-8714-70CE0B9E422E} -> dir=in | action=allow | name=ucmapi | app=c:\program files (x86)\microsoft lync\ucmapi.exe | {63ABA784-70D4-4BC8-85A3-2DA1AAB46D92} -> dir=in | action=allow | name=skype | app=c:\program files (x86)\skype\phone\skype.exe | {655CB046-7E0B-42C7-A794-7DEBEF71A4E2} -> profile=domain | protocol=17 | dir=in | action=allow | name=xshell - secure terminal emulator | app=c:\program files (x86)\netsarang\xshell 4\xshell.exe | {6D21A345-DFCC-4FC1-ACCD-D23755E7733A} -> profile=domain | protocol=17 | dir=in | action=allow | name=vmware view client | app=c:\program files\vmware\vmware view\client\bin\wswc.exe | {755BB0B1-D9AD-4ADB-8A0A-3561861ADB5D} -> profile=private | protocol=6 | dir=in | action=allow | name=microsoft sharepoint workspace | app=c:\program files (x86)\microsoft office\office14\groove.exe | {7854CE87-6E64-428F-80C9-90F18BD838FC} -> profile=private | protocol=17 | dir=in | action=allow | name=microsoft onenote | app=c:\program files (x86)\microsoft office\office14\onenote.exe | {88076F38-7577-478F-8ECA-1FAB73F329BB} -> profile=domain | protocol=6 | dir=in | action=allow | name=vmware view client | app=c:\program files\vmware\vmware view\client\bin\wswc.exe | {8C8D9318-2B53-4A44-BD72-AC7BB350A33E} -> profile=public | protocol=17 | dir=in | action=allow | name=hp ddm inventory agent | app=c:\program files (x86)\hewlett-packard\discovery agent\bin32\discagnt.exe | {9C4F32F5-B1C0-492B-B4D0-4AFDC6FE4E8B} -> profile=private | protocol=17 | dir=in | action=allow | name=microsoft sharepoint workspace | app=c:\program files (x86)\microsoft office\office14\groove.exe | {A5ACFFB0-E03E-41AE-AB8D-4CB4DE75CFBC} -> profile=domain | protocol=17 | dir=in | action=allow | name=symantec email | app=c:\program files (x86)\common files\symantec shared\ccapp.exe | {C185B613-07C6-4AB1-A9A4-646C2937783C} -> profile=domain | protocol=17 | dir=in | action=allow | name=smc service | app=c:\program files (x86)\symantec\symantec endpoint protection\smc.exe | {C24CDDBE-A179-4F26-B76B-93F33B358718} -> profile=domain | protocol=17 | dir=in | action=allow | name=hp ddm inventory agent | app=c:\program files (x86)\hewlett-packard\discovery agent\bin32\discagnt.exe | {C3AD352E-E98F-491E-9969-C63C33124710} -> profile=domain | protocol=6 | dir=in | action=allow | name=symantec email | app=c:\program files (x86)\common files\symantec shared\ccapp.exe | {C915A020-16C2-4C25-B12A-DFA4F579ED2F} -> profile=domain | protocol=6 | dir=in | action=allow | name=xshell - secure terminal emulator | app=c:\program files (x86)\netsarang\xshell 4\xshell.exe | {CA8C6A52-F52A-4D1E-A801-711694C72642} -> profile=domain | protocol=6 | dir=in | action=allow | name=hp ddm inventory agent | app=c:\program files (x86)\hewlett-packard\discovery agent\bin32\discagnt.exe | {D86BD55D-89DA-4F50-8057-2399355BCAC9} -> profile=domain | protocol=17 | dir=in | action=allow | name=lync | app=c:\program files (x86)\microsoft lync\communicator.exe | {E0967469-18C4-4D6E-8BD0-439DB0F0BABC} -> profile=private | protocol=17 | dir=in | action=allow | name=vmware view client | app=c:\program files\vmware\vmware view\client\bin\wswc.exe | {E176303A-EC86-472A-B381-D1D2E6222CB2} -> dir=in | action=allow | name=microsoft lync 2010 | app=c:\program files (x86)\microsoft lync\communicator.exe | {E38141B6-AC51-462D-94D6-12F99FEBD046} -> profile=domain | protocol=17 | dir=in | action=allow | name=vmware remote mks | app=c:\program files\vmware\vmware view\client\bin\vmware-remotemks.exe | {E6B00258-285A-4CBF-8783-D2BBAB9B3253} -> profile=domain | protocol=6 | dir=in | action=allow | name=xagent - ssh agent for xshell | app=c:\program files (x86)\netsarang\xshell 4\xagent.exe | {E847104A-D2D6-4F7D-9A1E-7DB9CEA78307} -> profile=domain | protocol=6 | dir=in | action=allow | name=snac64 service | app=c:\program files (x86)\symantec\symantec endpoint protection\snac64.exe | {E89FD798-E6AE-4353-8266-E2C06BBB3F4A} -> profile=public | protocol=6 | dir=in | action=allow | name=hp ddm inventory agent | app=c:\program files (x86)\hewlett-packard\discovery agent\bin32\discagnt.exe | {EC58F6E1-6B34-4D39-AE26-F0B6911EC116} -> profile=private | protocol=6 | dir=in | action=allow | name=vmware remote mks | app=c:\program files\vmware\vmware view\client\bin\vmware-remotemks.exe | {EDB6805C-AE4B-4B6B-922C-C0C95E94FBEA} -> profile=domain | protocol=6 | dir=in | action=allow | name=smc service | app=c:\program files (x86)\symantec\symantec endpoint protection\smc.exe | {FAE7769A-DCA6-4DB7-A3E0-AE52DFE0B676} -> profile=private | protocol=6 | dir=in | action=allow | name=microsoft onenote | app=c:\program files (x86)\microsoft office\office14\onenote.exe | {FC624A83-8E15-496A-BF95-6F585F7035DE} -> profile=domain | protocol=6 | dir=in | action=allow | name=vmware remote mks | app=c:\program files\vmware\vmware view\client\bin\vmware-remotemks.exe | < Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> "C:\Program Files (x86)\IEPro\MiniDM.exe" -> C:\Program Files (x86)\IEPro\MiniDM.exe [C:\Program Files (x86)\IEPro\MiniDM.exe:*:Enabled:MiniDM] -> [2010/06/01 23:30:06 | 000,715,984 | ---- | M] (IE7Pro.com) < SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> < CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom -> "AutoRun" -> 1 -> "DisplayName" -> CD-ROM Driver -> "ImagePath" -> C:\Windows\SysNative\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> [2010/11/20 20:23:47 | 000,147,456 | ---- | M] (Microsoft Corporation) < MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> < Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command -> 64bit-comfile [open] -> "%1" %* 64bit-exefile [open] -> "%1" %* comfile [open] -> "%1" %* -> exefile [open] -> "%1" %* -> < 64bit-File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\ -> .com [@ = ComFile] -> "%1" %* -> .exe [@ = exefile] -> "%1" %* -> < File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\ -> .com [@ = ComFile] -> "%1" %* -> .exe [@ = exefile] -> "%1" %* -> [Registry - Additional Scans - Safe List] < Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command -> 64bit-batfile [open] -> "%1" %* 64bit-cmdfile [open] -> "%1" %* 64bit-comfile [open] -> "%1" %* 64bit-exefile [open] -> "%1" %* 64bit-htmlfile [print] -> rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" -> [2009/07/13 18:39:31 | 000,045,568 | ---- | M] (Microsoft Corporation) 64bit-inffile [install] -> %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 -> [2009/07/13 18:39:31 | 000,045,568 | ---- | M] (Microsoft Corporation) 64bit-InternetShortcut [open] -> "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l -> [2009/07/13 18:39:31 | 000,045,568 | ---- | M] (Microsoft Corporation) 64bit-InternetShortcut [print] -> "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" -> [2009/07/13 18:39:31 | 000,045,568 | ---- | M] (Microsoft Corporation) 64bit-piffile [open] -> "%1" %* 64bit-scrfile [config] -> "%1" 64bit-scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l 64bit-scrfile [open] -> "%1" /S 64bit-Unknown [openas] -> %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 64bit-Directory [AddToPlaylistVLC] -> "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" -> [2011/07/14 05:21:10 | 000,108,032 | ---- | M] () 64bit-Directory [cmd] -> cmd.exe /s /k pushd "%V" -> [2010/11/20 20:23:55 | 000,345,088 | ---- | M] (Microsoft Corporation) 64bit-Directory [find] -> %SystemRoot%\Explorer.exe -> [2010/11/20 20:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) 64bit-Directory [PlayWithVLC] -> "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" -> [2011/07/14 05:21:10 | 000,108,032 | ---- | M] () 64bit-Folder [open] -> %SystemRoot%\Explorer.exe -> [2010/11/20 20:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) 64bit-Drive [find] -> %SystemRoot%\Explorer.exe -> [2010/11/20 20:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) batfile [open] -> "%1" %* -> cmdfile [open] -> "%1" %* -> comfile [open] -> "%1" %* -> cplfile [cplopen] -> %SystemRoot%\System32\control.exe "%1",%* -> [2009/07/13 18:14:15 | 000,113,152 | ---- | M] (Microsoft Corporation) exefile [open] -> "%1" %* -> piffile [open] -> "%1" %* -> scrfile [config] -> "%1" -> scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l -> scrfile [open] -> "%1" /S -> Unknown [openas] -> %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 -> Directory [AddToPlaylistVLC] -> "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" -> [2011/07/14 05:21:10 | 000,108,032 | ---- | M] () Directory [cmd] -> cmd.exe /s /k pushd "%V" -> [2010/11/20 20:24:03 | 000,302,592 | ---- | M] (Microsoft Corporation) Directory [find] -> %SystemRoot%\Explorer.exe -> [2010/11/20 20:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) Directory [PlayWithVLC] -> "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" -> [2011/07/14 05:21:10 | 000,108,032 | ---- | M] () Folder [open] -> %SystemRoot%\Explorer.exe -> [2010/11/20 20:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) Drive [find] -> %SystemRoot%\Explorer.exe -> [2010/11/20 20:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) < EventViewer Logs - Last 10 Errors > -> Event Information -> Description Application [ Error ] 6/5/2012 1:20:21 AM Computer Name = NAVEENKS04.corp.MYCOMPANY.com | Source = SescLU | ID = 13 -> Description = LiveUpdate returned a non-critical error. Available content updates may have failed to install. Application [ Error ] 6/5/2012 12:31:49 PM Computer Name = NAVEENKS04.corp.MYCOMPANY.com | Source = SideBySide | ID = 16842832 -> Description = Activation context generation failed for "c:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Application [ Error ] 6/6/2012 7:18:26 AM Computer Name = NAVEENKS04.corp.MYCOMPANY.com | Source = SescLU | ID = 13 -> Description = LiveUpdate returned a non-critical error. Available content updates may have failed to install. Application [ Error ] 6/7/2012 1:27:52 PM Computer Name = NAVEENKS04.corp.MYCOMPANY.com | Source = SideBySide | ID = 16842832 -> Description = Activation context generation failed for "c:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Application [ Error ] 6/9/2012 4:31:46 PM Computer Name = NAVEENKS04.corp.MYCOMPANY.com | Source = SescLU | ID = 13 -> Description = LiveUpdate returned a non-critical error. Available content updates may have failed to install. Application [ Error ] 6/13/2012 3:35:50 AM Computer Name = NAVEENKS04.corp.MYCOMPANY.com | Source = SideBySide | ID = 16842832 -> Description = Activation context generation failed for "c:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Application [ Error ] 6/15/2012 1:06:10 PM Computer Name = NAVEENKS04.corp.MYCOMPANY.com | Source = Microsoft Office 14 | ID = 2000 -> Description = Microsoft Outlook: Accepted Safe Mode action : Outlook failed to start correctly last time. Starting Outlook in safe mode will help you correct or isolate a startup problem in order to successfully start the program. Some functionality may be disabled in this mode. Do you want to start Outlook in safe mode?. Application [ Error ] 6/15/2012 9:54:38 PM Computer Name = NAVEENKS04.corp.MYCOMPANY.com | Source = Application Hang | ID = 1002 -> Description = The program WINWORD.EXE version 14.0.5123.5000 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 2c40 Start Time: 01cd4a5ef9be49de Termination Time: 429 Application Path: C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE Report Id: 161d500f-b756-11e1-b1a0-78dd08b52c64 Application [ Error ] 6/17/2012 4:44:40 AM Computer Name = NAVEENKS04.corp.MYCOMPANY.com | Source = WinMgmt | ID = 10 -> Description = Application [ Error ] 6/17/2012 6:00:22 AM Computer Name = NAVEENKS04.corp.MYCOMPANY.com | Source = WinMgmt | ID = 10 -> Description = SIMS Client [ Error ] 6/24/2012 2:57:14 AM Computer Name = NAVEENKS04.corp.MYCOMPANY.com | Source = SIMS Client | ID = 19000 -> Description = Failed to set security on service directory, could not prepare ACL. SIMS Client [ Error ] 6/24/2012 2:57:16 AM Computer Name = NAVEENKS04.corp.MYCOMPANY.com | Source = SIMS Client | ID = 19000 -> Description = Failed to set security on service directory, could not prepare ACL. SIMS Client [ Error ] 6/24/2012 2:57:18 AM Computer Name = NAVEENKS04.corp.MYCOMPANY.com | Source = SIMS Client | ID = 19000 -> Description = Failed to set security on service directory, could not prepare ACL. SIMS Client [ Error ] 6/24/2012 2:57:20 AM Computer Name = NAVEENKS04.corp.MYCOMPANY.com | Source = SIMS Client | ID = 19000 -> Description = Failed to set security on service directory, could not prepare ACL. SIMS Client [ Error ] 6/24/2012 2:57:22 AM Computer Name = NAVEENKS04.corp.MYCOMPANY.com | Source = SIMS Client | ID = 19000 -> Description = Failed to set security on service directory, could not prepare ACL. SIMS Client [ Error ] 6/24/2012 2:57:24 AM Computer Name = NAVEENKS04.corp.MYCOMPANY.com | Source = SIMS Client | ID = 19000 -> Description = Failed to set security on service directory, could not prepare ACL. SIMS Client [ Error ] 6/24/2012 2:57:26 AM Computer Name = NAVEENKS04.corp.MYCOMPANY.com | Source = SIMS Client | ID = 19000 -> Description = Failed to set security on service directory, could not prepare ACL. SIMS Client [ Error ] 6/24/2012 2:57:28 AM Computer Name = NAVEENKS04.corp.MYCOMPANY.com | Source = SIMS Client | ID = 19000 -> Description = Failed to set security on service directory, could not prepare ACL. SIMS Client [ Error ] 6/24/2012 2:57:30 AM Computer Name = NAVEENKS04.corp.MYCOMPANY.com | Source = SIMS Client | ID = 19000 -> Description = Failed to set security on service directory, could not prepare ACL. SIMS Client [ Error ] 6/24/2012 2:57:32 AM Computer Name = NAVEENKS04.corp.MYCOMPANY.com | Source = SIMS Client | ID = 19000 -> Description = Failed to set security on service directory, could not prepare ACL. System [ Error ] 6/24/2012 1:49:17 AM Computer Name = NAVEENKS04.corp.MYCOMPANY.com | Source = Microsoft-Windows-GroupPolicy | ID = 1129 -> Description = The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator. System [ Error ] 6/24/2012 1:49:46 AM Computer Name = NAVEENKS04.corp.MYCOMPANY.com | Source = Service Control Manager | ID = 7009 -> Description = A timeout was reached (30000 milliseconds) while waiting for the SMS Agent Host service to connect. System [ Error ] 6/24/2012 1:49:46 AM Computer Name = NAVEENKS04.corp.MYCOMPANY.com | Source = Service Control Manager | ID = 7000 -> Description = The SMS Agent Host service failed to start due to the following error: %%1053 System [ Error ] 6/24/2012 1:50:51 AM Computer Name = NAVEENKS04.corp.MYCOMPANY.com | Source = Service Control Manager | ID = 7026 -> Description = The following boot-start or system-start driver(s) failed to load: iastor SASDIFSV SASKUTIL System [ Error ] 6/24/2012 1:53:26 AM Computer Name = NAVEENKS04.corp.MYCOMPANY.com | Source = TermService | ID = 1067 -> Description = System [ Error ] 6/24/2012 2:32:22 AM Computer Name = NAVEENKS04.corp.MYCOMPANY.com | Source = Service Control Manager | ID = 7031 -> Description = The HP DDMI Agent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service. System [ Error ] 6/24/2012 2:35:58 AM Computer Name = NAVEENKS04.corp.MYCOMPANY.com | Source = Service Control Manager | ID = 7030 -> Description = The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. System [ Error ] 6/24/2012 2:38:15 AM Computer Name = NAVEENKS04.corp.MYCOMPANY.com | Source = Service Control Manager | ID = 7031 -> Description = The HP DDMI Agent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service. System [ Error ] 6/24/2012 2:38:55 AM Computer Name = NAVEENKS04.corp.MYCOMPANY.com | Source = Application Popup | ID = 1060 -> Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. System [ Error ] 6/24/2012 2:40:04 AM Computer Name = NAVEENKS04.corp.MYCOMPANY.com | Source = Service Control Manager | ID = 7030 -> Description = The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. [Files/Folders - Created Within 30 Days] SWREG.exe -> C:\Windows\SWREG.exe -> [2012/06/23 23:30:05 | 000,518,144 | ---- | C] (SteelWerX) SWSC.exe -> C:\Windows\SWSC.exe -> [2012/06/23 23:30:05 | 000,406,528 | ---- | C] (SteelWerX) NIRCMD.exe -> C:\Windows\NIRCMD.exe -> [2012/06/23 23:30:05 | 000,060,416 | ---- | C] (NirSoft) Qoobox -> C:\Qoobox -> [2012/06/23 23:29:49 | 000,000,000 | ---D | C] erdnt -> C:\Windows\erdnt -> [2012/06/23 23:29:23 | 000,000,000 | ---D | C] OTS.exe -> C:\Users\naveenks\Desktop\OTS.exe -> [2012/06/23 23:26:48 | 000,646,656 | ---- | C] (OldTimer Tools) ComboFix.exe -> C:\Users\naveenks\Desktop\ComboFix.exe -> [2012/06/23 23:13:21 | 004,566,424 | R--- | C] (Swearware) PKGSOFTWORKORDERREAD -> C:\Users\naveenks\Desktop\PKGSOFTWORKORDERREAD -> [2012/06/22 16:37:56 | 000,000,000 | ---D | C] RM_8.2.0.28-7702 -> C:\Users\naveenks\Desktop\RM_8.2.0.28-7702 -> [2012/06/22 13:07:44 | 000,000,000 | ---D | C] MYCOMPANY CRM -> C:\Users\naveenks\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MYCOMPANY CRM -> [2012/06/22 11:52:09 | 000,000,000 | ---D | C] TEMP -> C:\TEMP -> [2012/06/15 18:13:20 | 000,000,000 | ---D | C] CFE -> C:\Users\naveenks\Desktop\CFE -> [2012/06/13 11:55:51 | 000,000,000 | ---D | C] Stamps.com Internet Postage -> C:\Users\naveenks\AppData\Roaming\Stamps.com Internet Postage -> [2012/06/12 23:31:18 | 000,000,000 | ---D | C] Stamps.com Internet Postage -> C:\Program Files (x86)\Stamps.com Internet Postage -> [2012/06/12 23:29:50 | 000,000,000 | ---D | C] Seven Zip -> C:\Users\naveenks\AppData\Local\Seven Zip -> [2012/06/12 23:27:37 | 000,000,000 | ---D | C] MYCOMPANY -> C:\Users\naveenks\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MYCOMPANY -> [2012/06/04 14:21:36 | 000,000,000 | ---D | C] TopologyEditor8.2 -> C:\TopologyEditor8.2 -> [2012/06/04 12:19:42 | 000,000,000 | ---D | C] ESET -> C:\Program Files (x86)\ESET -> [2012/05/26 07:57:34 | 000,000,000 | ---D | C] Citrix -> C:\ProgramData\Citrix -> [2012/05/25 15:14:15 | 000,000,000 | ---D | C] ICAClient -> C:\Users\naveenks\AppData\Roaming\ICAClient -> [2012/05/25 15:13:54 | 000,000,000 | ---D | C] Citrix -> C:\Users\naveenks\AppData\Local\Citrix -> [2012/05/25 15:13:54 | 000,000,000 | ---D | C] Citrix -> C:\Program Files (x86)\Citrix -> [2012/05/25 15:13:46 | 000,000,000 | ---D | C] Microsoft -> C:\Program Files\Microsoft -> [2012/05/25 09:47:43 | 000,000,000 | ---D | C] [Files/Folders - Modified Within 30 Days] GoogleUpdateTaskUserS-1-5-21-143744227-174999600-642189945-171198UA.job -> C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-143744227-174999600-642189945-171198UA.job -> [2012/06/23 23:45:04 | 000,000,920 | ---- | M] () hosts -> C:\Windows\SysNative\drivers\etc\hosts -> [2012/06/23 23:40:01 | 000,000,027 | ---- | M] () OTS.exe -> C:\Users\naveenks\Desktop\OTS.exe -> [2012/06/23 23:26:50 | 000,646,656 | ---- | M] (OldTimer Tools) ComboFix.exe -> C:\Users\naveenks\Desktop\ComboFix.exe -> [2012/06/23 23:12:45 | 004,566,424 | R--- | M] (Swearware) 7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> [2012/06/23 22:57:56 | 000,026,112 | -H-- | M] () 7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> [2012/06/23 22:57:56 | 000,026,112 | -H-- | M] () bootstat.dat -> C:\Windows\bootstat.dat -> [2012/06/23 22:48:33 | 000,067,584 | --S- | M] () hiberfil.sys -> C:\hiberfil.sys -> [2012/06/23 22:48:19 | 3060,531,200 | -HS- | M] () SMSCFG.INI -> C:\Windows\SMSCFG.INI -> [2012/06/23 22:39:07 | 000,000,497 | ---- | M] () FNTCACHE.DAT -> C:\Windows\SysNative\FNTCACHE.DAT -> [2012/06/23 22:34:27 | 000,416,744 | ---- | M] () MBR.dat -> C:\Users\naveenks\Documents\MBR.dat -> [2012/06/23 19:55:41 | 000,000,512 | ---- | M] () GoogleUpdateTaskUserS-1-5-21-143744227-174999600-642189945-171198Core.job -> C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-143744227-174999600-642189945-171198Core.job -> [2012/06/23 17:07:03 | 000,000,868 | ---- | M] () RM_8.2.0.28-7702.zip -> C:\Users\naveenks\Desktop\RM_8.2.0.28-7702.zip -> [2012/06/22 13:08:06 | 000,115,335 | ---- | M] () MYCOMPANYCRM SmartClient.lnk -> C:\Users\naveenks\Desktop\MYCOMPANYCRM SmartClient.lnk -> [2012/06/22 11:52:09 | 000,002,001 | ---- | M] () cfgall.ini -> C:\Windows\cfgall.ini -> [2012/06/22 11:02:35 | 000,009,972 | ---- | M] () ntuser.pol -> C:\Users\naveenks\ntuser.pol -> [2012/06/22 11:01:39 | 000,013,514 | RHS- | M] () Default.rdp -> C:\Users\naveenks\Documents\Default.rdp -> [2012/06/22 06:53:20 | 000,002,044 | -H-- | M] () WinRAR.exe - Shortcut.lnk -> C:\Users\naveenks\Desktop\WinRAR.exe - Shortcut.lnk -> [2012/06/21 10:34:07 | 000,000,887 | ---- | M] () CFE_Env_Details -> C:\Users\naveenks\Desktop\CFE_Env_Details -> [2012/06/21 07:19:17 | 000,000,750 | ---- | M] () Contacts.csv -> C:\Users\naveenks\Desktop\Contacts.csv -> [2012/06/20 23:36:52 | 000,001,093 | ---- | M] () OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Users\naveenks\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk -> [2012/06/20 22:32:05 | 000,001,298 | ---- | M] () CFE_Env_Details.bak -> C:\Users\naveenks\Desktop\CFE_Env_Details.bak -> [2012/06/20 21:38:02 | 000,000,748 | ---- | M] () cfe_insert_stmt.sql -> C:\Users\naveenks\Desktop\cfe_insert_stmt.sql -> [2012/06/20 07:12:36 | 000,000,204 | ---- | M] () MM_8.1.2.45-7909.zip -> C:\Users\naveenks\Desktop\MM_8.1.2.45-7909.zip -> [2012/06/19 12:08:42 | 006,414,755 | ---- | M] () PerfStringBackup.INI -> C:\Windows\SysNative\PerfStringBackup.INI -> [2012/06/18 18:02:38 | 000,878,558 | ---- | M] () perfh009.dat -> C:\Windows\SysNative\perfh009.dat -> [2012/06/18 18:02:38 | 000,722,770 | ---- | M] () perfc009.dat -> C:\Windows\SysNative\perfc009.dat -> [2012/06/18 18:02:38 | 000,142,100 | ---- | M] () Resmon.ResmonCfg -> C:\Users\naveenks\AppData\Local\Resmon.ResmonCfg -> [2012/06/17 02:49:29 | 000,007,603 | ---- | M] () f9t.dat -> C:\Windows\SysWow64\f9t.dat -> [2012/06/12 23:32:02 | 000,000,036 | -H-- | M] () Metadata_mgr_cases.csv -> C:\Users\naveenks\Desktop\Metadata_mgr_cases.csv -> [2012/06/08 11:31:12 | 000,031,520 | ---- | M] () MM_cases_list.csv -> C:\Users\naveenks\Desktop\MM_cases_list.csv -> [2012/06/08 11:28:25 | 000,031,520 | ---- | M] () hosts.bak -> C:\Windows\SysNative\drivers\etc\hosts.bak -> [2012/05/31 13:28:00 | 000,013,187 | ---- | M] () [Files - No Company Name] PEV.exe -> C:\Windows\PEV.exe -> [2012/06/23 23:30:05 | 000,256,000 | ---- | C] () MBR.exe -> C:\Windows\MBR.exe -> [2012/06/23 23:30:05 | 000,208,896 | ---- | C] () sed.exe -> C:\Windows\sed.exe -> [2012/06/23 23:30:05 | 000,098,816 | ---- | C] () grep.exe -> C:\Windows\grep.exe -> [2012/06/23 23:30:05 | 000,080,412 | ---- | C] () zip.exe -> C:\Windows\zip.exe -> [2012/06/23 23:30:05 | 000,068,096 | ---- | C] () FNTCACHE.DAT -> C:\Windows\SysNative\FNTCACHE.DAT -> [2012/06/23 22:34:13 | 000,416,744 | ---- | C] () MBR.dat -> C:\Users\naveenks\Documents\MBR.dat -> [2012/06/23 19:55:41 | 000,000,512 | ---- | C] () RM_8.2.0.28-7702.zip -> C:\Users\naveenks\Desktop\RM_8.2.0.28-7702.zip -> [2012/06/22 12:13:20 | 000,115,335 | ---- | C] () WinRAR.exe - Shortcut.lnk -> C:\Users\naveenks\Desktop\WinRAR.exe - Shortcut.lnk -> [2012/06/21 10:34:07 | 000,000,887 | ---- | C] () Contacts.csv -> C:\Users\naveenks\Desktop\Contacts.csv -> [2012/06/20 23:26:25 | 000,001,093 | ---- | C] () CFE_Env_Details -> C:\Users\naveenks\Desktop\CFE_Env_Details -> [2012/06/20 13:25:13 | 000,000,750 | ---- | C] () CFE_Env_Details.bak -> C:\Users\naveenks\Desktop\CFE_Env_Details.bak -> [2012/06/20 13:25:13 | 000,000,748 | ---- | C] () cfe_insert_stmt.sql -> C:\Users\naveenks\Desktop\cfe_insert_stmt.sql -> [2012/06/20 07:12:36 | 000,000,204 | ---- | C] () MM_8.1.2.45-7909.zip -> C:\Users\naveenks\Desktop\MM_8.1.2.45-7909.zip -> [2012/06/19 12:08:42 | 006,414,755 | ---- | C] () f9t.dat -> C:\Windows\SysWow64\f9t.dat -> [2012/06/12 23:29:50 | 000,000,036 | -H-- | C] () MM_cases_list.csv -> C:\Users\naveenks\Desktop\MM_cases_list.csv -> [2012/06/08 11:22:55 | 000,031,520 | ---- | C] () Metadata_mgr_cases.csv -> C:\Users\naveenks\Desktop\Metadata_mgr_cases.csv -> [2012/06/08 11:17:47 | 000,031,520 | ---- | C] () Resmon.ResmonCfg -> C:\Users\naveenks\AppData\Local\Resmon.ResmonCfg -> [2012/05/23 16:53:17 | 000,007,603 | ---- | C] () keyfile3.drm -> C:\Users\naveenks\AppData\Local\keyfile3.drm -> [2012/02/28 10:16:38 | 000,004,096 | -H-- | C] () PUTTY.RND -> C:\Users\naveenks\AppData\Local\PUTTY.RND -> [2012/01/13 20:18:48 | 000,000,600 | ---- | C] () CcmFramework.ini -> C:\Windows\SysWow64\CcmFramework.ini -> [2011/12/21 10:05:57 | 000,004,764 | ---- | C] () ovedagentinstaller.exe -> C:\Windows\ovedagentinstaller.exe -> [2011/12/20 10:59:15 | 000,180,224 | ---- | C] () cfgall.ini -> C:\Windows\cfgall.ini -> [2011/12/20 10:33:33 | 000,009,972 | ---- | C] () Rerun_PCMP.EXE -> C:\Windows\Rerun_PCMP.EXE -> [2011/12/19 14:30:49 | 000,129,989 | ---- | C] () ntuser.pol -> C:\ProgramData\ntuser.pol -> [2011/12/19 11:15:12 | 000,120,505 | RHS- | C] () PerfStringBackup.INI -> C:\Windows\SysWow64\PerfStringBackup.INI -> [2011/10/03 11:44:57 | 000,858,404 | ---- | C] () SMSCFG.INI -> C:\Windows\SMSCFG.INI -> [2011/10/03 11:42:42 | 000,000,497 | ---- | C] () SynTPEnhPS.dll -> C:\Windows\SysWow64\SynTPEnhPS.dll -> [2011/04/26 12:01:29 | 000,066,856 | ---- | C] () igkrng575.bin -> C:\Windows\SysWow64\igkrng575.bin -> [2011/02/13 07:31:30 | 000,870,560 | ---- | C] () iglhsip32.dll -> C:\Windows\SysWow64\iglhsip32.dll -> [2011/02/13 07:31:30 | 000,208,896 | ---- | C] () iglhcp32.dll -> C:\Windows\SysWow64\iglhcp32.dll -> [2011/02/13 07:31:30 | 000,143,360 | ---- | C] () igcompkrng575.bin -> C:\Windows\SysWow64\igcompkrng575.bin -> [2011/02/13 07:31:29 | 000,127,868 | ---- | C] () igfcg575m.bin -> C:\Windows\SysWow64\igfcg575m.bin -> [2011/02/13 07:31:29 | 000,104,796 | ---- | C] () [File - Lop Check] MYCOMPANY Software Catalog -> C:\Users\BOPCADMIN\AppData\Roaming\MYCOMPANY Software Catalog -> [2012/04/06 18:18:56 | 000,000,000 | ---D | M] Babylon -> C:\Users\BOPCADMIN\AppData\Roaming\Babylon -> [2011/12/23 00:03:54 | 000,000,000 | ---D | M] MYCOMPANY Software Catalog -> C:\Users\naveenks\AppData\Roaming\MYCOMPANY Software Catalog -> [2011/12/19 15:12:34 | 000,000,000 | ---D | M] ATT Connect -> C:\Users\naveenks\AppData\Roaming\ATT Connect -> [2012/05/04 08:29:00 | 000,000,000 | ---D | M] Babylon -> C:\Users\naveenks\AppData\Roaming\Babylon -> [2012/05/22 17:24:31 | 000,000,000 | ---D | M] com.oxygenxml -> C:\Users\naveenks\AppData\Roaming\com.oxygenxml -> [2012/04/07 09:17:36 | 000,000,000 | ---D | M] Cramer -> C:\Users\naveenks\AppData\Roaming\Cramer -> [2011/12/21 12:14:01 | 000,000,000 | ---D | M] DriverCure -> C:\Users\naveenks\AppData\Roaming\DriverCure -> [2012/03/16 10:40:06 | 000,000,000 | ---D | M] Easy Duplicate Finder -> C:\Users\naveenks\AppData\Roaming\Easy Duplicate Finder -> [2012/03/22 07:24:51 | 000,000,000 | ---D | M] FileZilla -> C:\Users\naveenks\AppData\Roaming\FileZilla -> [2012/06/15 18:52:14 | 000,000,000 | ---D | M] GrabPro -> C:\Users\naveenks\AppData\Roaming\GrabPro -> [2011/12/23 00:41:04 | 000,000,000 | ---D | M] ICAClient -> C:\Users\naveenks\AppData\Roaming\ICAClient -> [2012/05/25 15:32:18 | 000,000,000 | ---D | M] MiniDm -> C:\Users\naveenks\AppData\Roaming\MiniDm -> [2012/01/10 13:26:52 | 000,000,000 | ---D | M] NetSarang -> C:\Users\naveenks\AppData\Roaming\NetSarang -> [2012/01/13 20:05:00 | 000,000,000 | ---D | M] ParetoLogic -> C:\Users\naveenks\AppData\Roaming\ParetoLogic -> [2012/03/16 10:40:06 | 000,000,000 | ---D | M] SBC -> C:\Users\naveenks\AppData\Roaming\SBC -> [2012/04/06 11:18:34 | 000,000,000 | ---D | M] Scooter Software -> C:\Users\naveenks\AppData\Roaming\Scooter Software -> [2011/12/21 15:17:22 | 000,000,000 | ---D | M] SQL Developer -> C:\Users\naveenks\AppData\Roaming\SQL Developer -> [2012/03/22 10:43:41 | 000,000,000 | ---D | M] Stamps.com Internet Postage -> C:\Users\naveenks\AppData\Roaming\Stamps.com Internet Postage -> [2012/06/12 23:31:39 | 000,000,000 | ---D | M] Subversion -> C:\Users\naveenks\AppData\Roaming\Subversion -> [2012/01/19 15:51:19 | 000,000,000 | ---D | M] SCHEDLGU.TXT -> C:\Windows\Tasks\SCHEDLGU.TXT -> [2012/05/23 16:54:26 | 000,024,202 | ---- | M] () [File - Purity Scan] [Custom Scans] < netsvcs > < %SYSTEMDRIVE%\*.exe > < MD5 Scans Start> < %systemdrive%\AGP440.SYS /md5 /s > AGP440.sys : MD5=608C14DBA7299D8CB6ED035A68A15799 -> C:\Windows\SysNative\drivers\AGP440.sys -> [2009/07/13 18:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) AGP440.sys : MD5=608C14DBA7299D8CB6ED035A68A15799 -> C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys -> [2009/07/13 18:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) AGP440.sys : MD5=608C14DBA7299D8CB6ED035A68A15799 -> C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys -> [2009/07/13 18:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) < %systemdrive%\ATAPI.SYS /md5 /s > atapi.sys : MD5=02062C0B390B7729EDC9E69C680A6F3C -> C:\Windows\erdnt\cache64\atapi.sys -> [2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) atapi.sys : MD5=02062C0B390B7729EDC9E69C680A6F3C -> C:\Windows\SysNative\drivers\atapi.sys -> [2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) atapi.sys : MD5=02062C0B390B7729EDC9E69C680A6F3C -> C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys -> [2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) atapi.sys : MD5=02062C0B390B7729EDC9E69C680A6F3C -> C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys -> [2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) < %systemdrive%\CNGAUDIT.DLL /md5 /s > cngaudit.dll : MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -> C:\Windows\erdnt\cache86\cngaudit.dll -> [2009/07/13 18:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) cngaudit.dll : MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -> C:\Windows\SysWOW64\cngaudit.dll -> [2009/07/13 18:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) cngaudit.dll : MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -> C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll -> [2009/07/13 18:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) cngaudit.dll : MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -> C:\Windows\erdnt\cache64\cngaudit.dll -> [2009/07/13 18:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) cngaudit.dll : MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -> C:\Windows\SysNative\cngaudit.dll -> [2009/07/13 18:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) cngaudit.dll : MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -> C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll -> [2009/07/13 18:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) < %systemdrive%\EVENTLOG.DLL /md5 /s > EventLog.dll : MD5=DF564EEAD801D929CA33E109B7998134 -> C:\Oracle\product\11.2.0\dbhome_1\perl\site\lib\auto\Win32\EventLog\EventLog.dll -> [2010/01/15 05:15:50 | 000,041,984 | ---- | M] () < %systemdrive%\IASTOR.SYS /md5 /s > iaStor.sys : MD5=178BE05F5F9A58621F61BC3DB367C4C2 -> C:\DRIVERS\ACHI\iaStor.sys -> [2010/09/27 18:39:36 | 000,540,696 | ---- | M] (Intel Corporation) iaStor.sys : MD5=178BE05F5F9A58621F61BC3DB367C4C2 -> C:\Windows\SysWOW64\drivers\iaStor.sys -> [2010/09/27 18:39:36 | 000,540,696 | ---- | M] (Intel Corporation) < %systemdrive%\IASTORV.SYS /md5 /s > iaStorV.sys : MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -> C:\Windows\SysNative\drivers\iaStorV.sys -> [2010/11/20 20:23:47 | 000,410,496 | ---- | M] (Intel Corporation) iaStorV.sys : MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -> C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys -> [2010/11/20 20:23:47 | 000,410,496 | ---- | M] (Intel Corporation) iaStorV.sys : MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -> C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys -> [2010/11/20 20:23:47 | 000,410,496 | ---- | M] (Intel Corporation) < %systemdrive%\NETLOGON.DLL /md5 /s > netlogon.dll : MD5=AA339DD8BB128EF66660DFBBB59043D3 -> C:\Windows\erdnt\cache64\netlogon.dll -> [2010/11/20 20:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) netlogon.dll : MD5=AA339DD8BB128EF66660DFBBB59043D3 -> C:\Windows\SysNative\netlogon.dll -> [2010/11/20 20:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) netlogon.dll : MD5=AA339DD8BB128EF66660DFBBB59043D3 -> C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll -> [2010/11/20 20:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) netlogon.dll : MD5=C1809B9907ADEDAF16F50C894100883B -> C:\Windows\erdnt\cache86\netlogon.dll -> [2010/11/20 20:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) netlogon.dll : MD5=C1809B9907ADEDAF16F50C894100883B -> C:\Windows\SysWOW64\netlogon.dll -> [2010/11/20 20:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) netlogon.dll : MD5=C1809B9907ADEDAF16F50C894100883B -> C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll -> [2010/11/20 20:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) < %systemdrive%\NVSTOR.SYS /md5 /s > nvstor.sys : MD5=F7CD50FE7139F07E77DA8AC8033D1832 -> C:\Windows\SysNative\drivers\nvstor.sys -> [2010/11/20 20:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) nvstor.sys : MD5=F7CD50FE7139F07E77DA8AC8033D1832 -> C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys -> [2010/11/20 20:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) nvstor.sys : MD5=F7CD50FE7139F07E77DA8AC8033D1832 -> C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys -> [2010/11/20 20:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) < %systemdrive%\SCECLI.DLL /md5 /s > scecli.dll : MD5=8124944EC89D6A1815E4E53F5B96AAF4 -> C:\Windows\erdnt\cache86\scecli.dll -> [2010/11/20 20:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) scecli.dll : MD5=8124944EC89D6A1815E4E53F5B96AAF4 -> C:\Windows\SysWOW64\scecli.dll -> [2010/11/20 20:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) scecli.dll : MD5=8124944EC89D6A1815E4E53F5B96AAF4 -> C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll -> [2010/11/20 20:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) scecli.dll : MD5=ED78427259134C63ED69804D2132B86C -> C:\Windows\erdnt\cache64\scecli.dll -> [2010/11/20 20:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) scecli.dll : MD5=ED78427259134C63ED69804D2132B86C -> C:\Windows\SysNative\scecli.dll -> [2010/11/20 20:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) scecli.dll : MD5=ED78427259134C63ED69804D2132B86C -> C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll -> [2010/11/20 20:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) < MD5 Scans End> < %systemroot%\*. /mp /s > < c:\$recycle.bin\*.* /s > < End of report > [/code]