Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Malwarebytes can't removed PUM.Hijack.StartMenu [Closed]


  • This topic is locked This topic is locked

#1
jbhungvt

jbhungvt

    New Member

  • Member
  • Pip
  • 3 posts
Please help. Malwarebytes said it successfully removed the PUM.Hijack.StartMenu but when I rescan again, the same malware shows up again. I've done it 3 times now and it hadn't gone away yet.

thanks for any help

-------------------------------------------------

Malwarebytes Anti-Malware (PRO) 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.30.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
hxxxxx :: Hxxxxx [administrator]

Protection: Enabled

11/30/2012 1:33:52 PM
mbam-log-2012-11-30 (13-33-52).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 266302
Time elapsed: 1 hour(s), 7 minute(s), 48 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|StartMenuLogoff (PUM.Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

Advertisements


#2
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hello jbhungvt, :wave: Welcome to the forums!
:welcome:. My name is godawgs and I will be assisting you with your Virus / Malware issues.
We apologize for the delay in responding to your request for help. Here at GeeksToGo we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

I will start working on your Malware issues. This may, or may not, solve other issues you have with your machine. The fixes are specific to your problem and should only be used for this issue on this machine!

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.
If you have not, please adhere to the guidelines below and then carefully follow all future instructions:

You must reply to posts within four days. If you haven't replied within that time, the topic will be closed! If you need additional time to complete things, just let me know.
If you're not sure, or if something unexpected happens, Do NOT continue! Stop and ask!

This board can notify you when a new reply is added to a topic. Please read this topic to find out how to do that.

Please do not run any tools unless instructed to do so.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability. Do as the instructions ask, nothing extra. Do Not run things twice unless instructed.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • If I ask a Question just answer it, don't run anything unless directed to.
Please read every post completely before doing anything.
  • Pay special attention to the NOTE: lines, or anything in red. These entries identify an individual issue or important step in the cleanup process.
  • Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. Some of the steps I will be asking you to do may require you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
Logs from malware diagnostic or removal programs (OTL is one of them) can take some time to analyze.
  • I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forum, (sometimes :lol: )
  • Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
Lastly, Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. Some infections are so severe that we might encounter situations where the only recourse is to re-format and re-install your operating system. Don't worry, this only happens in severe cases, but, sadly, it does happen.
In light of this be prepared to back up your data. Have means of backing up your data available.

Let's get some scans and take a look.


Step-1.

Posted Image OTL
OTL is currently our primary tool for searching key areas of the registry and other system locations for the telltale signs of malware. It generates a comprehensive log, and offers an initial diagnosis.
  • Download OTL to the Desktop. It is important that it is download to the Desktop. (FireFox users should right click the download link and click "Save File As". On the window that comes up, make sure the download location is the Desktop and click the Save button.)
  • Double click on the Posted Image OTL icon to run it. Make sure all other windows are closed and let it run uninterrupted.
  • You will see a console like the one below:

    Posted Image
  • Check the box beside Scan All Users at the top of the console.
  • DO NOT check the box beside Include 64bit Scans
  • Make sure the Output box at the top is set to Standard Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so.
  • Let the scan run uninterrupted.
  • When the scan completes, it will open OTL.Txt on the desktop. Extras.Txt will be minimized. These are saved in the same location as OTL.
  • Please copy the contents of these files, one at a time, and paste them into your reply. To do that:
  • On the .txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
  • Right-click inside the forum post window then click Paste.This will paste the contents of the .txt file in the in the post window.

Step-2.

Run RogueKiller

  • Download RogueKiller and save it on your desktop.

    NOTE: If using IE8 or better Smartscreen Filter will need to be disabled
  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan
Posted Image
  • Wait for the end of the scan.
  • DO NOT Delete anything at this point.
  • The report has been created on the desktop.
Please post:

All RKreport.txt text files located on your desktop.
NOTE: If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again


Step-3.

Run aswMBR
  • Download aswMBR.exe to your desktop.
  • Double click the aswMBR.exe file to run it. (Windows /7 users: Right click the file and click Run as Administrator. If you get a UAC window, allow the file to run.
  • If it asks you if you want to download the latest virus definitions, click Yes
  • Click the "Scan" button to start the scan
    Posted Image
  • On completion of the scan click save log. Save it to your desktop and post in your next reply.
    Posted Image
NOTE: When you run aswMBR, if it is shutdown automatically, then it is most likely the infection detecting that aswMBR is running and terminating it. In this situation you should rename executable to iexplore.exe and try it again.


Step-4.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. The OTL.txt log
2. The Extras.txt log
3. The RKreport.txt log
4. The aswMBR log
  • 0

#3
jbhungvt

jbhungvt

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Hi,

thanks so much for getting back and helping. When I tried to download the Roguekiller, my Norton IS flagged that and removed the file. I don't know if it's a threat or not since Norton IS just removed it.
  • 0

#4
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
I can assure you that RogueKiller is not malicious. The malware tools often use some of the same files that malware writers use. Please disable Norton and then try to download RogueKiller and run it. If that doesn't work you will need to uninstall Norton. Save the activation key so you will have it when you get ready to reinstall.
  • 0

#5
jbhungvt

jbhungvt

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Hi godawgs,

I finally have some time to run the executeables and here are the logs/txts below. Thanks for your help so far.

OTL.txt log
OTL logfile created on: 12/6/2012 10:57:02 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = F:\Downloads\Malwarebytes Files
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.97 Gb Total Physical Memory | 1.55 Gb Available Physical Memory | 51.95% Memory free
5.83 Gb Paging File | 4.31 Gb Available in Paging File | 73.84% Paging File free
Paging file location(s): c:\pagefile.sys 3082 3082 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 7.29 Gb Free Space | 9.79% Space Free | Partition Type: NTFS
Drive F: | 931.48 Gb Total Space | 28.32 Gb Free Space | 3.04% Space Free | Partition Type: NTFS
Drive H: | 420.00 Gb Total Space | 250.42 Gb Free Space | 59.62% Space Free | Partition Type: NTFS
Drive S: | 66.05 Gb Total Space | 41.27 Gb Free Space | 62.47% Space Free | Partition Type: NTFS
Drive T: | 1080.00 Gb Total Space | 237.46 Gb Free Space | 21.99% Space Free | Partition Type: NTFS

Computer Name: HNGUYEN25-1 | User Name: hnguyen25 | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/12/03 21:21:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- F:\Downloads\Malwarebytes Files\OTL.exe
PRC - [2012/11/27 15:23:58 | 000,225,280 | ---- | M] (BMC Software) -- C:\Program Files\cscbPower\NPS\.marimba\cscbPower_nps\ch.93\data\sum.exe
PRC - [2012/10/24 13:53:23 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2012/10/12 13:34:06 | 000,933,888 | ---- | M] () -- C:\WINDOWS\system32\enstart.exe
PRC - [2012/09/29 18:54:26 | 000,981,656 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2012/09/29 18:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/09/29 18:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/09/29 18:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/10 07:27:59 | 000,036,957 | ---- | M] (BMC Software, Inc.) -- C:\Program Files\cscbPower\NPS\Tuner.exe
PRC - [2012/09/10 07:27:55 | 000,122,977 | ---- | M] (BMC Software, Inc.) -- C:\Program Files\cscbPower\NPS\lib\minituner.exe
PRC - [2012/08/31 08:23:29 | 000,079,232 | ---- | M] (IBM) -- C:\Program Files\Lotus\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.2.20111108-2230\win32\x86\notes2.exe
PRC - [2012/03/27 21:51:02 | 001,682,560 | ---- | M] (IBM Corp) -- C:\Program Files\Lotus\Notes\nlnotes.exe
PRC - [2012/03/26 09:52:42 | 003,444,736 | ---- | M] (IBM) -- C:\Program Files\Lotus\Notes\nsd.exe
PRC - [2011/11/18 06:20:24 | 000,058,760 | ---- | M] (IBM Corp) -- C:\Program Files\Lotus\Notes\ntmulti.exe
PRC - [2011/10/06 12:18:48 | 000,148,520 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
PRC - [2011/10/06 12:16:12 | 000,033,648 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
PRC - [2011/10/06 12:15:46 | 000,166,024 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2011/09/28 14:35:22 | 000,214,344 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\SupportSoft_Amer_CSCi_7\bin\tgsrvc.exe
PRC - [2011/09/28 14:35:12 | 000,218,440 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\SupportSoft_Amer_CSCi_7\bin\sprtsvc.exe
PRC - [2011/09/28 14:34:56 | 000,218,440 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\SupportSoft_Amer_CSCi_7\bin\sprtcmd.exe
PRC - [2011/09/14 19:08:00 | 000,209,760 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
PRC - [2011/08/25 17:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2011/08/07 19:14:40 | 000,391,752 | ---- | M] () -- C:\Program Files\CheckPoint\File Encryption\Program\pmestart.exe
PRC - [2011/08/07 19:14:34 | 000,602,184 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\File Encryption\Program\pmepol.exe
PRC - [2011/08/07 19:14:32 | 000,791,112 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\File Encryption\Program\pmelp.exe
PRC - [2011/08/07 19:14:30 | 000,673,352 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\File Encryption\Program\pmelog.exe
PRC - [2011/08/07 19:14:22 | 000,490,568 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\File Encryption\Program\pmefsvc.exe
PRC - [2011/06/14 11:02:12 | 000,860,496 | ---- | M] (Check Point Software Tech Ltd) -- C:\Program Files\Pointsec\Pointsec for PC\P95tray.exe
PRC - [2011/06/14 11:01:52 | 000,233,808 | ---- | M] (Check Point Software Tech Ltd) -- C:\WINDOWS\system32\pstartSr.exe
PRC - [2011/06/14 11:01:50 | 000,659,792 | ---- | M] (Check Point Software Tech Ltd) -- C:\WINDOWS\system32\Prot_srv.exe
PRC - [2011/05/05 14:07:26 | 000,732,344 | ---- | M] (Check Point Software Technologies Ltd.) -- C:\Program Files\CheckPoint\Tray\DNTray.exe
PRC - [2011/05/05 14:07:24 | 001,424,560 | ---- | M] (Check Point Software Technologies Ltd.) -- C:\Program Files\CheckPoint\Pointsec Protector Client\disknet.exe
PRC - [2011/01/12 15:05:00 | 000,185,664 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2011/01/12 15:05:00 | 000,161,088 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2011/01/12 15:05:00 | 000,120,128 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2011/01/12 15:05:00 | 000,075,072 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\McTray.exe
PRC - [2010/08/23 19:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2010/08/11 09:26:46 | 000,016,776 | ---- | M] (IBM Corp) -- C:\Program Files\Lotus\Notes\ntaskldr.exe
PRC - [2010/07/09 17:07:10 | 000,070,144 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Common Files\Check Point\UIFramework\cptray.exe
PRC - [2010/06/29 07:04:18 | 000,020,480 | ---- | M] (AG Interactive) -- C:\Program Files\AGI\core\4.2.0.10753\AGCoreService.exe
PRC - [2010/06/15 10:50:54 | 000,979,104 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Host Intrusion Prevention\FireTray.exe
PRC - [2010/06/15 10:50:48 | 001,498,224 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe
PRC - [2010/03/05 09:01:46 | 000,862,480 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2010/03/05 08:57:28 | 001,396,736 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
PRC - [2010/03/05 08:54:20 | 000,954,368 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
PRC - [2010/03/05 08:46:22 | 001,206,544 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
PRC - [2010/03/05 08:43:50 | 000,473,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2010/01/26 16:57:22 | 000,035,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Host Intrusion Prevention\HIPSCore\HIPSvc.exe
PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/09 08:49:42 | 000,066,176 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2007/03/08 07:16:48 | 000,073,776 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2006/09/06 10:39:10 | 000,091,688 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
PRC - [2006/04/18 18:55:00 | 000,217,088 | ---- | M] () -- C:\Program Files\UniKey\UniKeyNT.exe
PRC - [2005/11/01 14:04:02 | 000,258,103 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
PRC - [2005/09/15 17:57:42 | 000,110,592 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2005/06/06 20:26:22 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe


========== Modules (No Company Name) ==========

MOD - [2012/11/26 14:13:36 | 000,221,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\314f807b4f655af492182b597ea1e7a6\System.ServiceProcess.ni.dll
MOD - [2012/11/26 14:07:57 | 000,762,368 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\06cf816caaf03dc1d3f8945e335c5105\System.Runtime.Remoting.ni.dll
MOD - [2012/11/26 14:07:52 | 000,786,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\ae2ff153463bc98124e93c33296ec79c\System.EnterpriseServices.ni.dll
MOD - [2012/11/26 14:07:49 | 000,646,656 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\8531f40353107a46871aace28f057ec2\System.Transactions.ni.dll
MOD - [2012/11/26 11:35:47 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\31b7eef43a23e7c6e93594be583f3d08\System.ServiceProcess.ni.dll
MOD - [2012/11/26 11:35:47 | 000,141,312 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\0049820f680f609298f91b15f455a86d\System.Configuration.Install.ni.dll
MOD - [2012/11/26 11:35:11 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\41cac4885974d07de06f0b4fec9883f0\System.Configuration.ni.dll
MOD - [2012/11/26 10:15:57 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\d35b50eb6bb7b1bfb6592419d9feba47\System.Xml.ni.dll
MOD - [2012/11/26 10:10:48 | 007,977,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\90ad0c96693527ae685ff40019bb33b0\System.ni.dll
MOD - [2012/11/26 10:10:32 | 013,197,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\a8319839729e0e30785fcb36fb13b440\System.Windows.Forms.ni.dll
MOD - [2012/11/26 10:10:15 | 001,666,048 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\c87e56bad0d9eae13b89a0e2bb0efc1f\System.Drawing.ni.dll
MOD - [2012/11/26 10:09:41 | 005,618,176 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\586e41e15e1d44fe197b9d1cc5575f8c\System.Xml.ni.dll
MOD - [2012/11/26 10:09:33 | 000,980,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\c409feb9182d01c80872f2031d68053e\System.Configuration.ni.dll
MOD - [2012/11/26 10:09:21 | 006,798,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\9261a08aed6aa953fe0a4b90787657f1\System.Data.ni.dll
MOD - [2012/11/26 10:09:04 | 007,052,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\985109f2568f3251333dad29bc889421\System.Core.ni.dll
MOD - [2012/11/26 10:08:44 | 009,092,608 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\982a5b70d861cb34f85e041075d5112c\System.ni.dll
MOD - [2012/11/26 10:08:24 | 014,412,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\16126cae96ea2422253ae06eeb672abc\mscorlib.ni.dll
MOD - [2012/11/26 09:53:49 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\3add69b075f3da012fb97ce00cd795c0\mscorlib.ni.dll
MOD - [2012/11/26 09:49:51 | 003,194,880 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2012/11/26 09:49:44 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2012/11/26 09:49:41 | 000,425,984 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2012/11/26 09:49:05 | 000,630,784 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2012/11/26 09:49:03 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2012/11/26 09:48:53 | 000,258,048 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
MOD - [2012/11/26 09:48:52 | 000,258,048 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
MOD - [2012/11/26 09:48:50 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2012/11/26 09:48:41 | 002,048,000 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2012/11/26 09:48:22 | 000,114,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
MOD - [2012/11/26 09:47:18 | 005,025,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2012/11/26 09:47:14 | 000,839,680 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
MOD - [2012/11/26 09:46:46 | 005,246,976 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
MOD - [2012/10/12 13:34:06 | 000,933,888 | ---- | M] () -- C:\WINDOWS\system32\enstart.exe
MOD - [2012/09/10 09:48:35 | 000,098,304 | ---- | M] () -- C:\lotus\notes\data\workspace\.config\org.eclipse.osgi\bundles\639\1\.cp\DTSearch.dll
MOD - [2012/09/10 09:47:54 | 000,065,536 | ---- | M] () -- C:\lotus\notes\data\workspace\.config\org.eclipse.osgi\bundles\60\1\.cp\swtIbmWrapper.dll
MOD - [2012/08/31 08:23:32 | 000,049,152 | ---- | M] () -- C:\Program Files\Lotus\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.ui.browser.launcher_6.2.2.20111108-2230\os\win32\x86\browserlauncher.dll
MOD - [2012/08/31 08:23:30 | 000,208,896 | ---- | M] () -- C:\Program Files\Lotus\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.os.win32_6.2.2.20111108-2230\os\win32\x86\os.dll
MOD - [2012/08/31 08:23:29 | 000,081,920 | ---- | M] () -- C:\Program Files\Lotus\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.2.20111108-2230\win32\x86\eclipse_1118.dll
MOD - [2012/03/26 09:51:12 | 000,003,584 | ---- | M] () -- C:\Program Files\Lotus\Notes\ndgts.dll
MOD - [2012/03/26 09:50:02 | 020,983,808 | ---- | M] () -- C:\Program Files\Lotus\Notes\nnotesws.dll
MOD - [2011/10/05 03:52:30 | 000,756,048 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/08/07 19:14:40 | 000,391,752 | ---- | M] () -- C:\Program Files\CheckPoint\File Encryption\Program\pmestart.exe
MOD - [2011/06/30 08:47:46 | 000,106,496 | ---- | M] () -- C:\Program Files\Lotus\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.swt.browser.dom.ie_6.2.2.20100729-1241\os\win32\x86\comex.dll
MOD - [2011/06/14 10:10:44 | 000,135,168 | ---- | M] () -- C:\WINDOWS\system32\LogonAgentAPI.dll
MOD - [2011/05/05 14:07:32 | 000,150,600 | ---- | M] () -- C:\Program Files\CheckPoint\Tray\libexpat.dll
MOD - [2011/05/05 14:07:32 | 000,150,600 | ---- | M] () -- C:\Program Files\CheckPoint\Pointsec Protector Client\libexpat.dll
MOD - [2011/03/29 07:32:48 | 000,409,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll
MOD - [2011/03/29 07:32:47 | 000,476,520 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
MOD - [2011/03/29 07:32:46 | 000,214,376 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.QuickBaseClient.XmlSerializers\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.QuickBaseClient.XmlSerializers.dll
MOD - [2011/03/29 07:32:46 | 000,122,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Metrix\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Metrix.dll
MOD - [2011/03/29 07:32:46 | 000,079,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Core\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Core.dll
MOD - [2011/03/29 07:32:46 | 000,049,000 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.QuickBaseClient\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.QuickBaseClient.dll
MOD - [2011/03/29 07:32:44 | 000,421,224 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll
MOD - [2011/03/29 07:32:44 | 000,046,952 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll
MOD - [2011/03/29 07:32:44 | 000,023,912 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.dll
MOD - [2011/03/29 07:32:44 | 000,018,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll
MOD - [2011/03/29 07:32:44 | 000,012,136 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract.dll
MOD - [2011/03/29 07:32:43 | 000,269,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\3.1.26.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll
MOD - [2011/03/29 07:32:43 | 000,206,184 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core.XmlSerializers\3.1.26.0__540d4816ead86321\Intuit.Spc.Esd.Core.XmlSerializers.dll
MOD - [2011/03/29 07:32:42 | 000,121,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll
MOD - [2011/03/29 07:32:42 | 000,120,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll
MOD - [2011/03/29 07:32:42 | 000,070,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll
MOD - [2011/01/12 15:05:00 | 000,065,536 | ---- | M] () -- C:\Program Files\McAfee\Common Framework\boost_thread-vc80-mt-1_32.dll
MOD - [2010/06/17 11:13:32 | 000,970,752 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
MOD - [2010/03/27 14:35:35 | 000,854,016 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll
MOD - [2010/03/27 14:35:35 | 000,174,080 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Data.SQLite.Linq\2.0.38.0__db937bc2d44ff139\System.Data.SQLite.Linq.dll
MOD - [2009/05/20 11:10:35 | 002,879,488 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Data.Entity\3.5.0.0__b77a5c561934e089\System.Data.Entity.dll
MOD - [2009/05/20 11:10:34 | 000,667,648 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll
MOD - [2009/04/08 12:53:10 | 000,270,336 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\log4net\1.2.10.0__1b44e1d426115821\log4net.dll
MOD - [2008/06/25 10:18:18 | 000,098,304 | ---- | M] () -- C:\Program Files\Lotus\Notes\zlib1.dll
MOD - [2008/06/25 10:18:16 | 000,167,936 | ---- | M] () -- C:\Program Files\Lotus\Notes\libpng13.dll
MOD - [2007/04/18 18:30:46 | 000,471,040 | ---- | M] () -- C:\Program Files\McAfee\Common Framework\ccme_base.dll
MOD - [2007/04/18 18:30:46 | 000,393,216 | ---- | M] () -- C:\Program Files\McAfee\Common Framework\cryptocme2.dll
MOD - [2007/01/25 09:25:52 | 000,069,720 | ---- | M] () -- C:\Program Files\Lenovo\HOTKEY\HKVOLKEY.dll
MOD - [2006/12/14 05:06:42 | 000,028,672 | ---- | M] () -- C:\Program Files\Lenovo\HOTKEY\tphklock.dll
MOD - [2006/11/10 07:26:02 | 000,030,256 | ---- | M] () -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.dll
MOD - [2006/09/06 10:37:30 | 000,034,344 | ---- | M] () -- C:\Program Files\Lenovo\HOTKEY\notifyf2.dll
MOD - [2006/04/18 18:55:00 | 000,217,088 | ---- | M] () -- C:\Program Files\UniKey\UniKeyNT.exe
MOD - [2006/04/18 18:53:51 | 000,188,416 | ---- | M] () -- C:\Program Files\UniKey\UKHook40.dll
MOD - [2005/06/06 20:26:22 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe
MOD - [2002/11/26 13:43:18 | 000,106,496 | ---- | M] () -- C:\WINDOWS\system32\BrMuSNMP.dll
MOD - [2002/05/14 18:22:34 | 000,122,880 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\SYSMGT\TNGSD\BIN\SDSERV.EXE -- (SDService)
SRV - [2012/12/05 13:53:21 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/11/19 09:10:52 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/10/24 13:53:23 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/10/12 13:34:06 | 000,933,888 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\enstart.exe -- (enstart)
SRV - [2012/09/29 18:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/29 18:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/09/10 07:27:59 | 000,036,957 | ---- | M] (BMC Software, Inc.) [Auto | Running] -- C:\Program Files\cscbPower\NPS\Tuner.exe -- (cscbPowernps)
SRV - [2012/03/26 09:52:42 | 003,444,736 | ---- | M] (IBM) [Auto | Running] -- C:\Program Files\Lotus\Notes\nsd.exe -- (Lotus Notes Diagnostics)
SRV - [2011/11/18 06:20:24 | 000,058,760 | ---- | M] (IBM Corp) [Auto | Running] -- C:\Program Files\Lotus\Notes\ntmulti.exe -- (Multi-user Cleanup Service)
SRV - [2011/10/06 12:18:48 | 000,148,520 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2011/10/06 12:15:46 | 000,166,024 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011/09/28 14:35:22 | 000,214,344 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\SupportSoft_Amer_CSCi_7\bin\tgsrvc.exe -- (tgsrvc_supportsoft_amer_csci_7)
SRV - [2011/09/28 14:35:12 | 000,218,440 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\SupportSoft_Amer_CSCi_7\bin\sprtsvc.exe -- (sprtsvc_supportsoft_amer_csci_7)
SRV - [2011/09/14 19:08:00 | 000,209,760 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe -- (McTaskManager)
SRV - [2011/08/25 17:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2011/08/07 19:14:34 | 000,602,184 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\File Encryption\Program\pmepol.exe -- (File Encryption Policy Service)
SRV - [2011/08/07 19:14:30 | 000,673,352 | ---- | M] (Check Point Software Technologies) [On_Demand | Running] -- C:\Program Files\CheckPoint\File Encryption\Program\pmelog.exe -- (File Encryption Logging Service)
SRV - [2011/08/07 19:14:22 | 000,490,568 | ---- | M] (Check Point Software Technologies) [On_Demand | Running] -- C:\Program Files\CheckPoint\File Encryption\Program\pmefsvc.exe -- (File Encryption Service)
SRV - [2011/06/14 11:01:52 | 000,233,808 | ---- | M] (Check Point Software Tech Ltd) [Auto | Running] -- C:\WINDOWS\system32\pstartSr.exe -- (Pointsec_start)
SRV - [2011/06/14 11:01:50 | 000,659,792 | ---- | M] (Check Point Software Tech Ltd) [Auto | Running] -- C:\WINDOWS\system32\Prot_srv.exe -- (Pointsec)
SRV - [2011/05/05 14:07:24 | 001,424,560 | ---- | M] (Check Point Software Technologies Ltd.) [Auto | Running] -- C:\Program Files\CheckPoint\Pointsec Protector Client\disknet.exe -- (DisknetClient)
SRV - [2011/01/12 15:05:00 | 000,120,128 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2010/08/23 19:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/06/29 07:04:18 | 000,020,480 | ---- | M] (AG Interactive) [Auto | Running] -- C:\Program Files\AGI\core\4.2.0.10753\AGCoreService.exe -- (AGCoreService)
SRV - [2010/06/15 10:50:48 | 001,498,224 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe -- (enterceptAgent)
SRV - [2010/03/05 09:01:46 | 000,862,480 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2010/03/05 08:54:20 | 000,954,368 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor)
SRV - [2010/03/05 08:43:50 | 000,473,360 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2010/01/26 16:57:22 | 000,035,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Host Intrusion Prevention\HIPSCore\HIPSvc.exe -- (hips)
SRV - [2008/05/02 01:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2007/10/15 13:56:54 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2005/11/01 14:04:02 | 000,258,103 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2005/06/06 20:26:22 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\TpKmpSvc.exe -- (TpKmpSVC)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Program Files\VMware\VMware Tools\Drivers\memctl\vmmemctl.sys -- (VMMEMCTL)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys -- (mferkdk)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (mfeavfk01)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipsecw2k.sys -- (IPSECSHM)
DRV - File not found [Kernel | Auto | Stopped] -- system32\DRIVERS\ipsecw2k.sys -- (IPSECEXT)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\BW2NDIS5.sys -- (BW2NDIS5)
DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\BlackDrv.sys -- (black)
DRV - [2012/10/12 13:34:08 | 000,065,280 | ---- | M] (Guidance Software Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\enstart_.sys -- (enstart_)
DRV - [2012/09/29 18:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/03/09 09:12:36 | 000,121,208 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2011/10/06 12:18:28 | 000,089,528 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2011/10/06 12:18:02 | 000,087,392 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2011/10/06 12:17:32 | 000,463,912 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2011/10/06 12:16:58 | 000,059,192 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2011/10/06 12:16:48 | 000,180,328 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2011/10/06 12:16:28 | 000,120,992 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2011/08/07 19:11:38 | 000,126,336 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\psfilenc.sys -- (File Encryption Driver)
DRV - [2011/08/07 19:11:26 | 000,111,744 | ---- | M] (Pointsec Mobile Technologies AB) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\psfilter.sys -- (File Encryption Filter Driver)
DRV - [2011/08/07 19:11:26 | 000,035,712 | ---- | M] (Pointsec Mobile Technologies AB) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\psrec.sys -- (File Encryption Recognizer Driver)
DRV - [2011/08/07 18:43:06 | 000,097,760 | ---- | M] (F-Secure Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fsclm.sys -- (FSCLM Driver)
DRV - [2011/08/02 16:38:44 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\netaapl.sys -- (Netaapl)
DRV - [2011/06/14 11:00:24 | 000,223,440 | ---- | M] (Check Point Software Tech Ltd) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\prot_2k.sys -- (prot_2k)
DRV - [2011/05/05 14:08:16 | 000,038,992 | ---- | M] (Check Point Software Technologies Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\DNPFW.sys -- (DNPFW)
DRV - [2011/05/05 14:06:52 | 000,058,320 | ---- | M] (Check Point Software Technologies Ltd.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\psg.sys -- (PSG)
DRV - [2011/05/05 14:06:48 | 000,027,856 | ---- | M] (Check Point Software Technologies Ltd.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\rmm.sys -- (rmm)
DRV - [2011/05/05 14:06:42 | 000,037,328 | ---- | M] (Check Point Software Technologies Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kaeon.sys -- (KAEON)
DRV - [2011/05/05 14:06:38 | 000,065,232 | ---- | M] (Check Point Software Technologies Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\dvrem.sys -- (dvrem)
DRV - [2011/02/04 19:07:00 | 000,065,960 | ---- | M] (McAfee, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2011/01/11 15:14:36 | 000,046,592 | ---- | M] (Reflex Magnetics Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\rxaes100.sys -- (rxAES100)
DRV - [2010/12/21 00:55:02 | 000,121,576 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2010/12/21 00:55:02 | 000,096,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadbus.sys -- (ssadbus)
DRV - [2010/12/21 00:55:02 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadadb.sys -- (androidusb)
DRV - [2010/12/21 00:55:02 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV - [2010/09/08 07:44:32 | 000,697,328 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2010/06/15 10:49:08 | 000,030,824 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\firelm01.sys -- (firelm01)
DRV - [2010/06/15 10:49:02 | 000,145,616 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\FireTDI.sys -- (FireTDI)
DRV - [2010/06/15 10:48:58 | 000,137,536 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\FirePM.sys -- (FirePM)
DRV - [2010/03/17 21:15:18 | 006,601,216 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32)
DRV - [2010/01/26 16:57:02 | 000,035,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HIPQK.sys -- (HIPQK)
DRV - [2010/01/26 16:56:48 | 000,038,680 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HIPPSK.sys -- (HIPPSK)
DRV - [2010/01/26 16:56:32 | 000,107,960 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HIPK.sys -- (HIPK)
DRV - [2009/12/18 09:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2009/08/10 00:46:38 | 000,013,952 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2008/10/17 14:26:24 | 000,044,680 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\firehk.sys -- (FirehkMP)
DRV - [2008/10/17 14:26:24 | 000,044,680 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\firehk.sys -- (Firehk)
DRV - [2008/04/13 23:23:10 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/03/14 16:28:26 | 000,046,592 | ---- | M] (d2pro.com) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\D2PROG.sys -- (D2PROG)
DRV - [2008/02/29 02:13:46 | 000,028,944 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2008/02/29 02:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/02/29 02:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/06/18 19:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2007/04/30 05:37:20 | 002,206,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32)
DRV - [2007/02/04 22:43:14 | 000,022,528 | R--- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vmxnet.sys -- (vmxnet)
DRV - [2007/02/04 22:43:14 | 000,015,744 | R--- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vmx_svga.sys -- (vmx_svga)
DRV - [2007/02/04 22:43:10 | 000,010,880 | R--- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\vmscsi.sys -- (vmscsi)
DRV - [2007/02/04 22:43:10 | 000,004,608 | R--- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vmmouse.sys -- (vmmouse)
DRV - [2006/12/22 05:56:00 | 000,988,800 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006/12/22 05:56:00 | 000,209,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2006/12/22 05:55:00 | 000,730,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/11/30 00:51:00 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SMAPINT.SYS -- (Smapint)
DRV - [2005/11/30 00:51:00 | 000,009,343 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS -- (TDSMAPI)
DRV - [2005/11/01 13:55:22 | 000,401,664 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2005/11/01 13:53:14 | 001,342,122 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2005/11/01 13:51:34 | 000,030,363 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2005/11/01 13:51:06 | 000,056,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2005/11/01 13:48:00 | 000,148,040 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2004/07/19 23:41:48 | 000,016,512 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aspi32.sys -- (ASPI32)
DRV - [2004/04/16 09:35:18 | 000,009,817 | ---- | M] (Nortel Networks) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\eacfilt.sys -- (Eacfilt)
DRV - [2003/06/19 16:40:54 | 000,024,344 | ---- | M] (Internet Security Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RapNet.sys -- (RapNet)
DRV - [2003/06/19 16:40:42 | 000,036,676 | ---- | M] (Internet Security Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RapFile.sys -- (RapFile)
DRV - [2002/08/29 07:29:12 | 000,036,096 | R--- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\symmpi.sys -- (Symmpi)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Reg Error: Value error.
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}: "URL" = http://search.imgag....q={searchTerms}


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-430653855-1147806647-1590194639-18950\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKU\S-1-5-21-430653855-1147806647-1590194639-18950\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-430653855-1147806647-1590194639-18950\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-430653855-1147806647-1590194639-18950\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-430653855-1147806647-1590194639-18950\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-430653855-1147806647-1590194639-18950\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://gp.amer.csc....//etes.csc.com/
IE - HKU\S-1-5-21-430653855-1147806647-1590194639-18950\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-430653855-1147806647-1590194639-18950\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-430653855-1147806647-1590194639-18950\..\SearchScopes,DefaultScope = {0A2D6CA2-A254-4FC2-962D-512C87320D6D}
IE - HKU\S-1-5-21-430653855-1147806647-1590194639-18950\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-430653855-1147806647-1590194639-18950\..\SearchScopes\{0A2D6CA2-A254-4FC2-962D-512C87320D6D}: "URL" = http://www.google.co...age={startPage}
IE - HKU\S-1-5-21-430653855-1147806647-1590194639-18950\..\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}: "URL" = http://search.imgag....q={searchTerms}
IE - HKU\S-1-5-21-430653855-1147806647-1590194639-18950\..\SearchScopes\{3CC29C37-52E2-4D46-8DC5-04853399071E}: "URL" = http://search.yahoo....f-8&fr=chr-yie8
IE - HKU\S-1-5-21-430653855-1147806647-1590194639-18950\..\SearchScopes\{5CDB7BB1-F10D-4222-9CAC-A1FCC7CD3BCD}: "URL" = http://www.flickr.co...q={searchTerms}
IE - HKU\S-1-5-21-430653855-1147806647-1590194639-18950\..\SearchScopes\{6DA01EA2-BA80-418E-8C0D-FF620763D3A8}: "URL" = http://delicious.com...p={searchTerms}
IE - HKU\S-1-5-21-430653855-1147806647-1590194639-18950\..\SearchScopes\{B3262A1C-97B2-4F73-B17F-17FB80A502E0}: "URL" = http://rover.ebay.co...e={searchTerms}
IE - HKU\S-1-5-21-430653855-1147806647-1590194639-18950\..\SearchScopes\{CC618F09-817A-42C9-8FC3-B28FB4AB0D55}: "URL" = http://www.bing.com/...ge}&FORM=IE8SRC
IE - HKU\S-1-5-21-430653855-1147806647-1590194639-18950\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-430653855-1147806647-1590194639-18950\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://us.mg2.mail.y...=dc2nfjkufk2f1"
FF - prefs.js..extensions.enabledAddons: abb%40amazon.com:3.0.20121129
FF - prefs.js..extensions.enabledAddons: amznUWL2%40amazon.com:1.10
FF - prefs.js..extensions.enabledAddons: firetracktor%40thetracktor.com:1.0.7
FF - prefs.js..extensions.enabledAddons: foxmarks%40kei.com:4.1.3
FF - prefs.js..extensions.enabledAddons: howtovideosidebar%40wonderhowto.com:1.1
FF - prefs.js..extensions.enabledAddons: sidecar%40amazon.com:0.7.3.4
FF - prefs.js..extensions.enabledAddons: %7B195A3098-0BD5-4e90-AE22-BA1C540AFD1E%7D:4.0.4
FF - prefs.js..extensions.enabledAddons: %7B635abd67-4fe9-1b23-4f01-e679fa7484c1%7D:2.5.1.20121011034613
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0035-ABCDEFFEDCBA%7D:6.0.35
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:3.9.9
FF - prefs.js..extensions.enabledItems: [email protected]:0.7.2.6
FF - prefs.js..extensions.enabledItems: {40a1f5d7-afc2-498f-b264-02668d616ff6}:1.1
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.3.3.20101115011850
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.6
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017300.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2012/11/27 15:21:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/12/05 13:53:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/12/05 13:52:47 | 000,000,000 | ---D | M]

[2008/08/28 09:28:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\hnguyen25\Application Data\Mozilla\Extensions
[2012/12/03 15:53:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\hnguyen25\Application Data\Mozilla\Firefox\Profiles\czmyg77p.default\extensions
[2012/11/30 14:30:01 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Documents and Settings\hnguyen25\Application Data\Mozilla\Firefox\Profiles\czmyg77p.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010/05/25 07:38:08 | 000,000,000 | ---D | M] (Mega Manager Integration) -- C:\Documents and Settings\hnguyen25\Application Data\Mozilla\Firefox\Profiles\czmyg77p.default\extensions\{40a1f5d7-afc2-498f-b264-02668d616ff6}
[2012/10/15 07:34:57 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\hnguyen25\Application Data\Mozilla\Firefox\Profiles\czmyg77p.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/10/02 12:13:29 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Documents and Settings\hnguyen25\Application Data\Mozilla\Firefox\Profiles\czmyg77p.default\extensions\[email protected]
[2011/03/21 08:28:49 | 000,000,000 | ---D | M] (How-To Video Sidebar) -- C:\Documents and Settings\hnguyen25\Application Data\Mozilla\Firefox\Profiles\czmyg77p.default\extensions\[email protected]
[2012/10/15 07:34:47 | 000,000,000 | ---D | M] ("AmazonAssist") -- C:\Documents and Settings\hnguyen25\Application Data\Mozilla\Firefox\Profiles\czmyg77p.default\extensions\[email protected]
[2012/12/03 15:53:17 | 000,491,479 | ---- | M] () (No name found) -- C:\Documents and Settings\hnguyen25\Application Data\Mozilla\Firefox\Profiles\czmyg77p.default\extensions\[email protected]
[2012/09/19 08:32:46 | 000,243,287 | ---- | M] () (No name found) -- C:\Documents and Settings\hnguyen25\Application Data\Mozilla\Firefox\Profiles\czmyg77p.default\extensions\[email protected]
[2011/06/30 08:37:22 | 000,024,752 | ---- | M] () (No name found) -- C:\Documents and Settings\hnguyen25\Application Data\Mozilla\Firefox\Profiles\czmyg77p.default\extensions\[email protected]
[2011/10/11 09:43:55 | 000,001,109 | ---- | M] () -- C:\Documents and Settings\hnguyen25\Application Data\Mozilla\Firefox\Profiles\czmyg77p.default\searchplugins\amazon-web-search.xml
[2009/06/03 09:24:02 | 000,002,164 | ---- | M] () -- C:\Documents and Settings\hnguyen25\Application Data\Mozilla\Firefox\Profiles\czmyg77p.default\searchplugins\bing.xml
[2012/12/05 13:52:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/12/05 13:52:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/12/05 13:53:22 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/01/13 14:54:35 | 000,044,360 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\mozilla firefox\plugins\atgpcdec.dll
[2012/01/13 14:54:37 | 000,107,928 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\mozilla firefox\plugins\atgpcext.dll
[2008/09/18 13:16:53 | 000,046,408 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\atmccli.dll
[2008/09/18 13:16:57 | 000,098,712 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\mozilla firefox\plugins\ieatgpc.dll
[2007/09/06 12:53:00 | 000,400,384 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npagent.dll
[2008/09/18 13:16:41 | 000,060,824 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\mozilla firefox\plugins\npatgpc.dll
[2012/08/29 07:13:32 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/10/22 12:14:02 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.95\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.95\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
CHR - plugin: Driver Agent Plug-in (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npagent.dll
CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npatgpc.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin8.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:\Program Files\Yahoo!\Common\npyaxmpb.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2005/11/11 10:32:32 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (CitiUSBrowserHelper Class) - {387EDF53-1CF2-4523-BC2F-13462651BE8C} - C:\WINDOWS\system32\BhoCitUS.dll (Orbiscom Ltd. All rights reserved.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120717190105.dll (McAfee, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-430653855-1147806647-1590194639-18950\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Check Point Endpoint Tray Application] C:\Program Files\Common Files\Check Point\UIFramework\cptray.exe (Check Point Software Technologies LTD)
O4 - HKLM..\Run: [DN4TRAY] C:\Program Files\CheckPoint\Tray\DNTray.exe (Check Point Software Technologies Ltd.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel® Corporation)
O4 - HKLM..\Run: [McAfee Host Intrusion Prevention Tray] C:\Program Files\McAfee\Host Intrusion Prevention\FireTray.exe (McAfee, Inc.)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [Pointsec Tray] C:\Program Files\Pointsec\Pointsec for PC\P95tray.exe (Check Point Software Tech Ltd)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [SupportSoft_Amer_CSCi_7] C:\Program Files\SupportSoft_Amer_CSCi_7\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe (Lenovo)
O4 - HKLM..\RunOnce: [WSUSConfig] C:\Program Files\WSUS Client\WSUSClient.exe (CSC)
O4 - HKU\.DEFAULT..\RunOnce: [TSClientAXDisabler] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [TSClientMSIUninstaller] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [TSClientAXDisabler] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [TSClientMSIUninstaller] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\hnguyen25\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\hnguyen25\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\New Windows present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Security present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\SQM present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWebServices = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMSAppLogo5ChannelNotify = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonType = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 1
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 1
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-430653855-1147806647-1590194639-18950\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-430653855-1147806647-1590194639-18950\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-430653855-1147806647-1590194639-18950\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-21-430653855-1147806647-1590194639-18950\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: GreyMSIAds = 1
O7 - HKU\S-1-5-21-430653855-1147806647-1590194639-18950\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 1
O7 - HKU\S-1-5-21-430653855-1147806647-1590194639-18950\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Intellimenus = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: csc.com ([]* in Local intranet)
O15 - HKLM\..Trusted Domains: CSCCHNSRS01.CSC.COM ([]* in Trusted sites)
O15 - HKU\S-1-5-21-430653855-1147806647-1590194639-18950\..Trusted Domains: csc.com ([]* in Local intranet)
O15 - HKU\S-1-5-21-430653855-1147806647-1590194639-18950\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKU\S-1-5-21-430653855-1147806647-1590194639-18950\..Trusted Domains: skillport.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-430653855-1147806647-1590194639-18950\..Trusted Domains: skillwsa.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-430653855-1147806647-1590194639-18950\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} https://amer-ml23.am...om/iNotes6W.cab (iNotes6 Class)
O16 - DPF: {5BDBA960-6534-11D3-97C7-00500422B550} https://amer-ml23.am.../dolcontrol.cab (LotusDRSControl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1197667370378 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} https://amer-ml23.am...c.com/dwa8W.cab (Domino Web Access 8 Control)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://csc.webex.co...bex/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://lmpassage3.e...SetupClient.cab (JuniperSetupClientControl Class)
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} http://dlm.tools.aka...vex-2.2.1.6.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 20.137.3.53 20.137.163.53
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = cscfed.root.ad
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8E04E9D8-4906-44BB-A70A-B030E980A01E}: DhcpNameServer = 20.137.3.53 20.137.163.53
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - ("C:\Program Files\CheckPoint\File Encryption\Program\pmestart.exe") - C:\Program Files\CheckPoint\File Encryption\Program\pmestart.exe ()
O20 - HKLM Winlogon: GinaDLL - (pssogina.dll) - C:\WINDOWS\System32\PssoGina.dll (Check Point Software Tech Ltd)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\tpfnf2: DllName - (C:\Program Files\Lenovo\HOTKEY\notifyf2.dll) - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll ()
O20 - Winlogon\Notify\tphotkey: DllName - (C:\Program Files\Lenovo\HOTKEY\tphklock.dll) - C:\Program Files\Lenovo\HOTKEY\tphklock.dll ()
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/07/24 04:36:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{51ebe5b2-9962-11dc-8c87-444553544200}\Shell - "" = AutoRun
O33 - MountPoints2\{51ebe5b2-9962-11dc-8c87-444553544200}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{51ebe5b2-9962-11dc-8c87-444553544200}\Shell\AutoRun\command - "" = E:\LaunchU3.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/12/06 10:18:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WSUS Client
[2012/12/05 13:52:37 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/12/04 15:20:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2012/12/03 08:32:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2012/12/03 08:30:41 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/12/03 08:30:33 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/12/03 08:30:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012/12/03 08:14:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2012/12/03 08:07:02 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/11/27 15:28:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hnguyen25\Application Data\smkits
[2012/11/27 15:19:18 | 000,040,328 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\HIPIS0e011b5.dll
[2012/11/16 08:45:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2012/11/16 08:43:29 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012/11/16 08:06:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2012/11/09 15:11:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TSofts
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\hnguyen25\My Documents\*.tmp files -> C:\Documents and Settings\hnguyen25\My Documents\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\hnguyen25\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\hnguyen25\Local Settings\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/12/06 11:28:01 | 000,000,892 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/12/06 11:10:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/12/06 10:48:15 | 000,005,128 | RHS- | M] () -- C:\Documents and Settings\hnguyen25\ntuser.pol
[2012/12/06 10:27:19 | 000,048,452 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2012/12/05 18:28:01 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/05 08:46:26 | 000,002,491 | ---- | M] () -- C:\Documents and Settings\hnguyen25\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2007.lnk
[2012/12/03 15:25:56 | 000,001,048 | ---- | M] () -- C:\Documents and Settings\hnguyen25\Start Menu\Programs\Startup\Dropbox.lnk
[2012/12/03 08:32:33 | 000,001,550 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/12/03 08:18:27 | 000,002,205 | ---- | M] () -- C:\Documents and Settings\hnguyen25\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2012/12/01 14:17:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/11/29 21:31:16 | 000,001,821 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012/11/28 13:07:09 | 000,002,062 | ---- | M] () -- C:\Documents and Settings\hnguyen25\Desktop\TKaraokePro.lnk
[2012/11/27 15:24:42 | 000,506,198 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/11/27 15:24:42 | 000,088,056 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/11/27 15:24:10 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/11/27 15:19:21 | 000,126,945 | ---- | M] () -- C:\WINDOWS\System32\api_hook_list.dat
[2012/11/27 15:18:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/11/26 15:07:32 | 000,352,176 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/11/26 11:53:09 | 000,001,545 | ---- | M] () -- C:\WINDOWS\UN_CSC-ENG-NightWatchman-6.0-GBL-R1.MIF
[2012/11/21 12:01:50 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/11/21 11:09:56 | 000,041,984 | ---- | M] () -- C:\Documents and Settings\hnguyen25\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/11/19 09:10:51 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/11/19 09:10:51 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/11/16 08:45:20 | 000,001,612 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2012/11/09 15:11:03 | 000,001,946 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TKT.lnk
[2012/11/09 15:05:23 | 000,002,050 | ---- | M] () -- C:\Documents and Settings\hnguyen25\Desktop\TKaraoke.lnk
[2012/11/09 04:21:28 | 000,143,040 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\KevlarSigs.dll
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\hnguyen25\My Documents\*.tmp files -> C:\Documents and Settings\hnguyen25\My Documents\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\hnguyen25\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\hnguyen25\Local Settings\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/12/03 15:25:56 | 000,001,048 | ---- | C] () -- C:\Documents and Settings\hnguyen25\Start Menu\Programs\Startup\Dropbox.lnk
[2012/12/03 08:32:33 | 000,001,550 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/11/28 13:07:09 | 000,002,062 | ---- | C] () -- C:\Documents and Settings\hnguyen25\Desktop\TKaraokePro.lnk
[2012/11/27 15:19:21 | 000,126,945 | ---- | C] () -- C:\WINDOWS\System32\api_hook_list.dat
[2012/11/26 11:52:08 | 000,001,545 | ---- | C] () -- C:\WINDOWS\UN_CSC-ENG-NightWatchman-6.0-GBL-R1.MIF
[2012/11/16 08:49:34 | 000,202,208 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/11/16 08:45:19 | 000,001,612 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2012/11/09 15:11:03 | 000,001,946 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TKT.lnk
[2012/03/06 14:21:09 | 003,091,964 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-430653855-1147806647-1590194639-18950-0.dat
[2012/03/06 10:24:58 | 000,000,590 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
[2012/02/22 08:01:04 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/10 13:04:19 | 000,355,266 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/02/10 08:07:01 | 000,001,324 | ---- | C] () -- C:\Documents and Settings\hnguyen25\Local Settings\Application Data\d3d9caps.dat
[2011/09/12 12:08:50 | 000,000,026 | ---- | C] () -- C:\WINDOWS\jatennis.ini
[2011/08/06 10:41:16 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\hnguyen25\BRN_8E0564
[2011/06/14 11:01:56 | 000,143,696 | ---- | C] () -- C:\WINDOWS\System32\NovPwd32.dll
[2011/06/14 10:10:44 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\LogonAgentAPI.dll
[2011/03/09 19:15:42 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\hnguyen25\Application Data\$_hpcst$.hpc
[2009/12/14 10:12:05 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\hnguyen25\Application Data\setup_ldm.iss
[2008/01/14 09:00:25 | 000,041,984 | ---- | C] () -- C:\Documents and Settings\hnguyen25\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/10/24 14:04:27 | 000,000,125 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2007/10/23 09:18:55 | 000,005,128 | RHS- | C] () -- C:\Documents and Settings\hnguyen25\ntuser.pol
[2007/07/24 04:54:59 | 000,048,452 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol

========== ZeroAccess Check ==========

[2007/07/24 04:37:10 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 04:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 04:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2010/02/18 08:42:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\AceBIT
[2010/02/18 08:44:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Desktop Search
[2010/02/18 08:41:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Search
[2012/12/03 08:32:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2011/11/19 05:45:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\1E
[2008/12/16 16:27:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AceBIT
[2011/01/19 11:57:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\agi
[2012/11/01 12:22:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
[2012/04/11 12:27:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Easy Duplicate Finder
[2007/11/16 18:46:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
[2012/02/09 13:31:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2011/04/11 12:39:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IBMERS
[2010/04/07 09:40:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2009/12/31 10:57:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Latshaw Systems
[2012/03/29 08:08:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MyPoiWorld
[2008/09/30 14:42:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NETg
[2011/12/14 13:43:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pointsec
[2011/03/21 14:08:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2008/02/08 09:17:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2007/10/24 14:04:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2012/02/02 08:41:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2010/06/02 13:34:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Transparent
[2010/10/04 13:06:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Xerox
[2011/11/01 12:11:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\xml_param
[2011/10/19 11:30:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YouTube Downloader
[2010/04/28 07:44:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/11/09 08:27:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/07/27 08:47:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011/06/30 08:39:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\AceBIT
[2012/06/25 10:18:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\drowland2\Application Data\AceBIT
[2012/06/25 08:46:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\drowland2\Application Data\Garmin
[2008/12/16 16:27:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hnguyen25\Application Data\AceBIT
[2011/01/20 12:29:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hnguyen25\Application Data\AGI
[2012/03/30 10:20:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hnguyen25\Application Data\Amazon
[2010/10/27 07:55:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hnguyen25\Application Data\att connect
[2011/10/19 12:51:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hnguyen25\Application Data\Audacity
[2008/01/03 15:51:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hnguyen25\Application Data\Auslogics
[2012/01/06 15:49:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hnguyen25\Application Data\calibre
[2012/03/16 06:43:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hnguyen25\Application Data\Digiarty
[2012/12/03 15:35:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hnguyen25\Application Data\Dropbox
[2012/04/12 09:07:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hnguyen25\Application Data\Easy Duplicate Finder
[2008/03/10 15:19:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hnguyen25\Application Data\Ethereal
[2012/02/09 13:30:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hnguyen25\Application Data\GARMIN
[2011/04/11 12:39:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hnguyen25\Application Data\IBMERS
[2012/06/25 08:52:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hnguyen25\Application Data\JA-Tennis
[2012/02/22 10:13:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hnguyen25\Application Data\Juniper Networks
[2008/01/03 15:40:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hnguyen25\Application Data\Launchy
[2011/07/28 07:19:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hnguyen25\Application Data\Octoshape
[2012/05/09 07:40:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hnguyen25\Application Data\Oracle
[2012/11/27 15:28:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hnguyen25\Application Data\smkits
[2008/07/21 16:09:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hnguyen25\Application Data\Staples Easy Button
[2010/04/13 09:02:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hnguyen25\Application Data\SystemRequirementsLab
[2012/05/25 07:07:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hnguyen25\Application Data\webex
[2011/01/19 11:58:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hnguyen25\Application Data\Webshots
[2010/01/14 12:57:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hnguyen25\Application Data\Windows Desktop Search
[2010/01/14 13:35:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hnguyen25\Application Data\Windows Search
[2010/09/30 11:18:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hnguyen25\Application Data\Wireshark
[2010/10/04 13:06:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hnguyen25\Application Data\Xerox
[2010/01/06 14:08:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hnguyen25\Application Data\ZumoDrive
[2009/09/25 07:08:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\AceBIT
[2010/07/21 03:15:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Xerox

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\hnguyen25\Desktop\pass2140fo.bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\hnguyen25\Desktop\pass2114kg.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\hnguyen25\Desktop\Downtown DC Map.bmp:Roxio EMC Stream

< End of report >
------------------------------------------------------

Extras.txt log
OTL Extras logfile created on: 12/6/2012 10:57:02 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = F:\Downloads\Malwarebytes Files
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.97 Gb Total Physical Memory | 1.55 Gb Available Physical Memory | 51.95% Memory free
5.83 Gb Paging File | 4.31 Gb Available in Paging File | 73.84% Paging File free
Paging file location(s): c:\pagefile.sys 3082 3082 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 7.29 Gb Free Space | 9.79% Space Free | Partition Type: NTFS
Drive F: | 931.48 Gb Total Space | 28.32 Gb Free Space | 3.04% Space Free | Partition Type: NTFS
Drive H: | 420.00 Gb Total Space | 250.42 Gb Free Space | 59.62% Space Free | Partition Type: NTFS
Drive S: | 66.05 Gb Total Space | 41.27 Gb Free Space | 62.47% Space Free | Partition Type: NTFS
Drive T: | 1080.00 Gb Total Space | 237.46 Gb Free Space | 21.99% Space Free | Partition Type: NTFS

Computer Name: HNGUYEN25-1 | User Name: hnguyen25 | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.js [@ = JSFile] -- C:\WINDOWS\System32\CScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\CScript.exe (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\CScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\CScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\CScript.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-430653855-1147806647-1590194639-18950\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
jsfile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications]
"Enabled" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List]
"C:\sysmgt\tngsd\bin\triggag.exe:*:enabled:USD-Trigger" = C:\sysmgt\tngsd\bin\triggag.exe:*:enabled:USD-Trigger
"C:\sysmgt\tngsd\bin\tngdts.exe:*:enabled:USD-tngdts" = C:\sysmgt\tngsd\bin\tngdts.exe:*:enabled:USD-tngdts
"C:\sysmgt\tngam\agents\umcliwnt.exe:*:enabled:UAM32-Agent" = C:\sysmgt\tngam\agents\umcliwnt.exe:*:enabled:UAM32-Agent

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts]
"Enabled" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List]
"799:TCP:*:enabled:URC-799" = 799:TCP:*:enabled:URC-799
"800:UDP:*:enabled:URC-800" = 800:UDP:*:enabled:URC-800
"801:UDP:*:enabled:URC-801" = 801:UDP:*:enabled:URC-801
"4721:TCP:*:enabled:DTS-4721" = 4721:TCP:*:enabled:DTS-4721
"4725:UDP:*:enabled:DTS-4725" = 4725:UDP:*:enabled:DTS-4725
"8222:TCP:*:enabled:DTS-8222" = 8222:TCP:*:enabled:DTS-8222
"8223:TCP:*:enabled:DTS-8223" = 8223:TCP:*:enabled:DTS-8223
"8224:TCP:*:enabled:DTS-8224" = 8224:TCP:*:enabled:DTS-8224
"8225:TCP:*:enabled:DTS-8225" = 8225:TCP:*:enabled:DTS-8225
"8226:TCP:*:enabled:DTS-8226" = 8226:TCP:*:enabled:DTS-8226
"8230:TCP:*:enabled:DTS-8230" = 8230:TCP:*:enabled:DTS-8230
"8231:TCP:*:enabled:DTS-8231" = 8231:TCP:*:enabled:DTS-8231
"8232:TCP:*:enabled:DTS-8232" = 8232:TCP:*:enabled:DTS-8232
"8233:TCP:*:enabled:DTS-8233" = 8233:TCP:*:enabled:DTS-8233
"8234:TCP:*:enabled:DTS-8234" = 8234:TCP:*:enabled:DTS-8234
"8235:TCP:*:enabled:DTS-8235" = 8235:TCP:*:enabled:DTS-8235
"8236:TCP:*:enabled:DTS-8236" = 8236:TCP:*:enabled:DTS-8236
"8237:TCP:*:enabled:DTS-8237" = 8237:TCP:*:enabled:DTS-8237
"8238:TCP:*:enabled:DTS-8238" = 8238:TCP:*:enabled:DTS-8238
"8239:TCP:*:enabled:DTS-8239" = 8239:TCP:*:enabled:DTS-8239

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\FileAndPrint]
"Enabled" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\AuthorizedApplications]
"Enabled" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\AuthorizedApplications\List]
"C:\sysmgt\tngsd\bin\triggag.exe:*:enabled:USD-Trigger" = C:\sysmgt\tngsd\bin\triggag.exe:*:enabled:USD-Trigger
"C:\sysmgt\tngsd\bin\tngdts.exe:*:enabled:USD-tngdts" = C:\sysmgt\tngsd\bin\tngdts.exe:*:enabled:USD-tngdts
"C:\sysmgt\tngam\agents\umcliwnt.exe:*:enabled:UAM32-Agent" = C:\sysmgt\tngam\agents\umcliwnt.exe:*:enabled:UAM32-Agent

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\GloballyOpenPorts]
"Enabled" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\GloballyOpenPorts\List]
"799:TCP:*:enabled:URC-799" = 799:TCP:*:enabled:URC-799
"800:UDP:*:enabled:URC-800" = 800:UDP:*:enabled:URC-800
"801:UDP:*:enabled:URC-801" = 801:UDP:*:enabled:URC-801
"4721:TCP:*:enabled:DTS-4721" = 4721:TCP:*:enabled:DTS-4721
"4725:UDP:*:enabled:DTS-4725" = 4725:UDP:*:enabled:DTS-4725
"8222:TCP:*:enabled:DTS-8222" = 8222:TCP:*:enabled:DTS-8222
"8223:TCP:*:enabled:DTS-8223" = 8223:TCP:*:enabled:DTS-8223
"8224:TCP:*:enabled:DTS-8224" = 8224:TCP:*:enabled:DTS-8224
"8225:TCP:*:enabled:DTS-8225" = 8225:TCP:*:enabled:DTS-8225
"8226:TCP:*:enabled:DTS-8226" = 8226:TCP:*:enabled:DTS-8226
"8230:TCP:*:enabled:DTS-8230" = 8230:TCP:*:enabled:DTS-8230
"8231:TCP:*:enabled:DTS-8231" = 8231:TCP:*:enabled:DTS-8231
"8232:TCP:*:enabled:DTS-8232" = 8232:TCP:*:enabled:DTS-8232
"8233:TCP:*:enabled:DTS-8233" = 8233:TCP:*:enabled:DTS-8233
"8234:TCP:*:enabled:DTS-8234" = 8234:TCP:*:enabled:DTS-8234
"8235:TCP:*:enabled:DTS-8235" = 8235:TCP:*:enabled:DTS-8235
"8236:TCP:*:enabled:DTS-8236" = 8236:TCP:*:enabled:DTS-8236
"8237:TCP:*:enabled:DTS-8237" = 8237:TCP:*:enabled:DTS-8237
"8238:TCP:*:enabled:DTS-8238" = 8238:TCP:*:enabled:DTS-8238
"8239:TCP:*:enabled:DTS-8239" = 8239:TCP:*:enabled:DTS-8239

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services\FileAndPrint]
"Enabled" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe" = C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service -- (McAfee, Inc.)
"C:\Documents and Settings\hnguyen25\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\hnguyen25\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe" = C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service -- (McAfee, Inc.)
"C:\Program Files\lotus\notes\notes.exe" = C:\Program Files\lotus\notes\notes.exe:*:Enabled:Lotus Notes 8 -- (IBM Corp)
"C:\Program Files\lotus\notes\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.2.20100729-1241\win32\x86\notes2.exe" = C:\Program Files\lotus\notes\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.2.20100729-1241\win32\x86\notes2.exe:*:Disabled:Lotus Notes -- (IBM)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01949445-CB7F-436B-8ECC-771BE6184BBC}" = AT&T Connect Participant Application v8.8.53
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
"{06b2b7ed-809a-44e6-8538-ca0f5b74ecc4}.sdb" = CVE-2012-1889
"{07C69B3A-62B3-41BF-82EE-B3A87BD6EA0C}" = Lotus Notes 8.5.2
"{0BBEB561-4BB5-4083-B023-756BA1D75400}" = TKaraokePro
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0E13CAA3-B5FC-48C0-AA4A-26F5CD0C371C}" = Garmin Lifetime Updater
"{1268C5D4-9B98-4458-8AFF-504E3052A38B}" = CSC-ENG-RRS_Agent_Uninstaller-1.0-GBL-R1
"{1297C681-92D7-40EF-93BF-03F66EC5105C}" = ThinkPad EasyEject Utility
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 3.4
"{1FE80E58-0774-4EC3-B6BA-68876B88D4B9}" = TurboTax 2011 wvaiper
"{2111B23F-7FDA-4A41-8309-E5A1663CA296}" = ThinkPad Keyboard Customizer Utility
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java™ 6 Update 35
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{2857dbef-0b50-361c-8690-7d505747009f}" = Webshots Desktop
"{29447369-6968-4e86-a208-603f6f0771a6}.sdb" = CVE-2012-1889
"{2AAB21C2-4CDA-4189-A0EC-5ED666113F84}" = McAfee Agent
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{31B33270-24D7-4307-84F2-A3288636B83A}" = Check Point Endpoint Security - Full Disk Encryption
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{366FFC89-C800-4366-B903-B9C4314109A5}" = Garmin WebUpdater
"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
"{56A44B23-FEB1-40B6-9B58-D3845399AA92}" = TKaraoke
"{58FA5D40-E35A-47ED-8AFA-68CCC758559E}" = Garmin MapSource
"{59997DD7-9434-4D44-8DFA-26EB87DD96A1}" = WISE-FTP 6
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{6BF89F80-9696-4F3A-A61B-B02E1CECBA02}" = Check Point Endpoint Security - Media Encryption Client
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7177EE4E-3D1D-4F45-85B5-B93DC758BA0B}" = OLYMPUS Viewer 2
"{71C30359-5CCD-40AC-AF75-9B3377B0EBF9}" = SAFE Servlet
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78E83B4F-7230-4F0B-B1AD-8DDF05473D6F}" = Intel® PROSet/Wireless WiFi Software
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{804C5241-700D-47E8-98C9-1B82ADC38C1D}" = CSC-ENG-McAfeeReBaseline-1.0.GBL-R1
"{80A2A967-C1B7-412D-B2B2-C4A33209C205}" = Garmin POI Loader
"{84CC9583-C2D6-42E6-A373-6FDDDA6A8BA6}" = Garmin Communicator Plugin
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6E96B4-89FE-4C23-A1FF-0E46960ED40C}" = CSC-ENG-G726_Audio_Codec-1.1.0.1-GBL-R1
"{8C9DCE36-A270-4740-8084-A27B48C2F83E}" = MX-850 Editor
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{AD4C2EB8-60E8-4D7E-A41B-64D8AA782517}" =
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{903B0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Project Professional 2003
"{90510409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{98823CC0-51DA-565C-FF90-DCC72D47BD24}" = Amazon Music Importer
"{9A18B977-79CD-9D6A-3C8B-001DA272B262}" = cscbPower_nps
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B92B20A-6A19-428F-8BD0-52DF859B1C61}" = Adobe Shockwave Player 11.6
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{A68C62E8-B243-4777-89BB-12173DFA1D45}" = OLYMPUS Digital Camera Updater
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAC5BE3A-4B82-4876-B506-CEF58A40AF71}" = Universal PST
"{AC76BA86-1033-0000-BA7E-000000000003}" = Adobe Acrobat 8 Standard
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B332732A-4958-41DD-B439-DDA2D32753C5}" = McAfee Host Intrusion Prevention
"{BB830F9E-53B3-492F-B39C-2DF615D1C9E1}" = TurboTax 2010 wvaiper
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2CDE75C-CA51-4335-9C13-84C00E6093A5}" = Windows Media Player Enterprise Deployment
"{C47EA501-6144-4E1B-AD10-C0C79BB238DE}" = Check Point File Encryption
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{CA3DB7A0-9EC6-45B1-9778-C7E243EDB049}" = SupportSoft_Amer_CSCi_7_User_Agent_v22
"{CAF5B770-082F-40C4-853D-3973BB81BDAA}" = TurboTax 2011 WinPerTaxSupport
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC8C933F-3026-4BB4-BA49-F6F8411A8DFD}" = CSC-ENG-Fiberlink_Removal-1.0-GBL-R1
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE15D1B6-19B6-4D4D-8F43-CF5D2C3356FF}" = McAfee VirusScan Enterprise
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D277A40A-7AAE-472F-BC75-58C59FD9FD00}" = TKT
"{D83BD5E2-5AF4-49F6-B5C1-484A9760E73D}" = Brother MFL-Pro Suite
"{E30E7561-A466-4393-B8BF-FD93E733EF3C}" = Microsoft Office Live Meeting 2007
"{E463E171-4082-4744-A466-F7CBE8502789}" = TurboTax 2011 WinPerReleaseEngine
"{E9406582-E685-422F-9CDD-DDE1081FB84C}" = CSC-ENG-EnCaseEnterpriseServlet-6.15-GBL-R1
"{EB08D51E-BA72-46FA-94B2-CBA9CF8973D8}" = Adobe Flash Player 11 ActiveX
"{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}" = TurboTax 2011 wrapper
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{f300e352-12de-4e7f-ace3-a376874402b6}.sdb" = CVE-2012-1889
"{F7FC9307-374E-4017-8E9D-DE1154780480}" = System Requirements Lab for Intel
"{F88A5DAF-F376-4C6F-898A-FF57E45A340E}" = CSC-ENG-FDCC_XP-1.0-GBL-R1
"{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}" = TurboTax 2011 WinPerFedFormset
"{FC081D4D-DF1B-4CF1-B530-027E4118D846}" = ThinkPad Configuration
"{FC274982-5AAD-4C20-848D-4424A5043009}_is1" = WinUtilities 9.37 Pro (GOTD)
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"7-Zip" = 7-Zip 4.65
"ActiveTouchMeetingClient" = WebEx
"Adobe Acrobat 8 Standard" = Adobe Acrobat 8.3.1 Standard
"Adobe Acrobat 8 Standard_831" = Adobe Acrobat 8.3.1 - CPSID_83708
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon Kindle" = Amazon Kindle
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.17
"AnyDVD" = AnyDVD
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"CloneDVD2" = CloneDVD2
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588" = ThinkPad Modem
"com.amazon.music.uploader" = Amazon Music Importer
"CSC-ENG-AmerCSCi7Agent-22-GBL-R2" = CSC-ENG-AmerCSCi7Agent-22-GBL-R2
"CSC-ENG-AmerCSCi7AgentPatch1-22-GBL-R2" = CSC-ENG-AmerCSCi7AgentPatch1-22-GBL-R2
"CSC-ENG-SetMailtoLotusNotes-1.0-GBL-R1" = CSC-ENG-SetMailtoLotusNotes-1.0-GBL-R1
"Diffractor" = Diffractor (remove only)
"DVD Decrypter" = DVD Decrypter (Remove Only)
"E77704EF5E71F4F18CADFBFA68595AFE036D5D97" = Windows Driver Package - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0)
"Easy Duplicate Finder_is1" = Easy Duplicate Finder v. 3.2
"FFmpeg for Audacity_is1" = FFmpeg v0.6.2 for Audacity
"Google Chrome" = Google Chrome
"HDMI" = Intel® Graphics Media Accelerator Driver
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{6BF89F80-9696-4F3A-A61B-B02E1CECBA02}" = Check Point Endpoint Security - Media Encryption Client v4.97
"Juniper_Setup_Client Activex Control" = Juniper Networks Setup Client Activex Control
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"mmuipackage" = Messenger MUI Package
"Mozilla Firefox 17.0.1 (x86 en-US)" = Mozilla Firefox 17.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MPEG Encoder 3" = MPEG Encoder 3
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"OnScreenDisplay" = On Screen Display
"Picasa 3" = Picasa 3
"Power Management Driver" = ThinkPad Power Management Driver
"ProInst" = Intel PROSet Wireless
"PROPLUS" = Microsoft Office Professional Plus 2007
"PROSet" = Intel® PRO Network Connections Drivers
"ReNamer_is1" = ReNamer
"Sametime Client v3.1" = Sametime Client v3.1
"Sonic PDF Creator_is1" = Sonic PDF Creator v3.0
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"TurboTax 2010" = TurboTax 2010
"TurboTax 2011" = TurboTax 2011
"UniKey" = UniKey 4.0 NT
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 2.0.4
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WinX DVD Ripper Platinum Streamer Edition_is1" = WinX DVD Ripper Platinum Streamer Edition 6.8.2
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wondershare DVD Ripper Platinum_is1" = Wondershare DVD Ripper Platinum(Build 4.7.1.2)
"WSUS Client Configuration" = WSUS Client Configuration Tool
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"X-Lite 1.5_is1" = X-Lite 3.0
"xplorer2l" = xplorer˛ lite

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-430653855-1147806647-1590194639-18950\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Juniper_Setup_Client" = Juniper Networks, Inc. Setup Client

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 11/26/2012 4:23:40 PM | Computer Name = HNGUYEN25-1 | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 2592 (0xa20) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.4.0.375
/ 5400.1158 Object being scanned = \Device\HarddiskVolume1\Program Files\SlySoft\AnyDVD\AnyDVD.exe

by C:\WINDOWS\Explorer.EXE 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0)

5006(0)(0) 5004(0)(0)

Error - 11/27/2012 2:48:30 PM | Computer Name = HNGUYEN25-1 | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 12.0.6662.5003, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/27/2012 4:19:44 PM | Computer Name = HNGUYEN25-1 | Source = Windows Search Service | ID = 3030
Description = The gatherer service cannot be initialized. Details: The Temp folder
is on a drive that is full or is inaccessible. Free up space on the drive or verify
that you have write permission on the Temp folder. (0x80070660)

Error - 11/27/2012 4:19:46 PM | Computer Name = HNGUYEN25-1 | Source = Windows Search Service | ID = 1006
Description = The Windows Search Service has failed to create the SystemIndex search
index. Internal error <1, 0x80070003, Failed to create application directory: G:\Search\Data\Applications\>.


Error - 11/29/2012 12:09:17 AM | Computer Name = HNGUYEN25-1 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 11/29/2012 12:20:42 AM | Computer Name = HNGUYEN25-1 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 11/29/2012 12:21:53 AM | Computer Name = HNGUYEN25-1 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for CSCFED\hnguyen25 failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 12/3/2012 4:01:42 PM | Computer Name = HNGUYEN25-1 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/3/2012 4:31:22 PM | Computer Name = HNGUYEN25-1 | Source = Application Hang | ID = 1002
Description = Hanging application SoftwareUpdate.exe, version 2.1.3.127, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/3/2012 4:31:33 PM | Computer Name = HNGUYEN25-1 | Source = Application Hang | ID = 1001
Description = Fault bucket -1819360953.

[ OSession Events ]
Error - 11/4/2011 9:38:51 AM | Computer Name = HNGUYEN25-1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 82588
seconds with 540 seconds of active time. This session ended with a crash.

Error - 2/13/2012 1:02:45 PM | Computer Name = HNGUYEN25-1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 245505
seconds with 600 seconds of active time. This session ended with a crash.

Error - 3/30/2012 1:09:47 PM | Computer Name = HNGUYEN25-1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 101565
seconds with 5040 seconds of active time. This session ended with a crash.

Error - 5/2/2012 10:21:49 AM | Computer Name = HNGUYEN25-1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 157676
seconds with 1980 seconds of active time. This session ended with a crash.

Error - 5/7/2012 11:10:20 AM | Computer Name = HNGUYEN25-1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 5980
seconds with 2400 seconds of active time. This session ended with a crash.

Error - 6/7/2012 11:25:43 AM | Computer Name = HNGUYEN25-1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 502808
seconds with 1740 seconds of active time. This session ended with a crash.

Error - 10/2/2012 12:59:44 PM | Computer Name = HNGUYEN25-1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 12571
seconds with 1560 seconds of active time. This session ended with a crash.

Error - 11/15/2012 1:53:03 PM | Computer Name = HNGUYEN25-1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 93563
seconds with 1680 seconds of active time. This session ended with a crash.

Error - 11/15/2012 1:53:32 PM | Computer Name = HNGUYEN25-1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 8
seconds with 0 seconds of active time. This session ended with a crash.

Error - 11/15/2012 1:54:00 PM | Computer Name = HNGUYEN25-1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 40
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 11/27/2012 4:20:10 PM | Computer Name = HNGUYEN25-1 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 11/27/2012 4:35:11 PM | Computer Name = HNGUYEN25-1 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 29 minutes. NtpClient has no source of accurate
time.

Error - 11/27/2012 4:41:34 PM | Computer Name = HNGUYEN25-1 | Source = DCOM | ID = 10010
Description = The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register
with DCOM within the required timeout.

Error - 11/27/2012 5:05:12 PM | Computer Name = HNGUYEN25-1 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 59 minutes. NtpClient has no source of accurate
time.

Error - 11/27/2012 6:05:12 PM | Computer Name = HNGUYEN25-1 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 119 minutes. NtpClient has no source of accurate
time.

Error - 11/27/2012 8:05:12 PM | Computer Name = HNGUYEN25-1 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 239 minutes. NtpClient has no source of accurate
time.

Error - 11/28/2012 12:05:13 AM | Computer Name = HNGUYEN25-1 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 479 minutes. NtpClient has no source of accurate
time.

Error - 11/28/2012 8:05:14 AM | Computer Name = HNGUYEN25-1 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 959 minutes. NtpClient has no source of accurate
time.

Error - 11/29/2012 12:05:17 AM | Computer Name = HNGUYEN25-1 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 959 minutes. NtpClient has no source of accurate
time.

Error - 11/29/2012 4:24:29 PM | Computer Name = HNGUYEN25-1 | Source = DCOM | ID = 10010
Description = The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register
with DCOM within the required timeout.


< End of report >
-------------------------------------------------

RKreport.txt log
RogueKiller V8.3.1 [Dec 2 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : hnguyen25 [Admin rights]
Mode : Scan -- Date : 12/06/2012 12:32:15

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[TASK][SUSP PATH] Saturday.job : C:\WINDOWS\system32\ntbackup.exe backup "@C:\Documents and Settings\hnguyen25\Local Settings\Application Data\Microsoft\Windows NT\NTBackup\data\Saturday.bks" /n "Work PC Backup.bkf created 12/8/2009 at 8:17 AM" /d "Set created 12/8/2009 at 8:17 AM" /v:yes /r:no /rs:no /hc:off /m differentia -> FOUND
[TASK][SUSP PATH] Incremental.job : C:\WINDOWS\system32\ntbackup.exe backup "@C:\Documents and Settings\hnguyen25\Local Settings\Application Data\Microsoft\Windows NT\NTBackup\data\Incremental.bks" /n "Work PC Backup.bkf created 12/8/2009 at 8:29 AM" /d "Set created 12/8/2009 at 8:29 AM" /v:yes /r:no /rs:no /hc:off /m incremen -> FOUND
[HJ] HKLM\[...]\SystemRestore : DisableSR (1) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: HITACHI HTS541680J9SA00 +++++
--- User ---
[MBR] ebfbcdc76840e2f1d8750556eccf755d
[BSP] b8f37b83bf744c0808f64dd7703c6f3b : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76317 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: WD My Passport 0740 USB Device +++++
--- User ---
[MBR] 10e93ad5e841512afefef1b41a97e15d
[BSP] a2afca834be8506a95112da9d22fbe5f : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953836 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1]_S_12062012_02d1232.txt >>
RKreport[1]_S_12062012_02d1232.txt
------------------------------------------

aswMBR log
aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-12-06 12:43:47
-----------------------------
12:43:47.068 OS Version: Windows 5.1.2600 Service Pack 3
12:43:47.068 Number of processors: 2 586 0xF0B
12:43:47.068 ComputerName: HNGUYEN25-1 UserName: hnguyen25
12:43:49.082 Initialize success
12:45:48.562 AVAST engine defs: 12120601
12:46:33.088 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
12:46:33.088 Disk 0 Vendor: HITACHI_ SB2I Size: 76319MB BusType: 3
12:46:33.119 Disk 0 MBR read successfully
12:46:33.119 Disk 0 MBR scan
12:46:33.197 Disk 0 Windows XP default MBR code
12:46:33.197 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76317 MB offset 63
12:46:33.213 Disk 0 scanning sectors +156299264
12:46:33.260 Disk 0 scanning C:\WINDOWS\system32\drivers
12:46:33.260 Service scanning
12:47:22.688 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
12:47:33.507 Modules scanning
12:47:34.132 Disk 0 trace - called modules:
12:47:34.148 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys spbk.sys
12:47:34.163 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b291ab8]
12:47:34.163 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\000000b5[0x8b428c80]
12:47:34.179 5 ACPI.sys[f749d620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8b34e030]
12:47:34.756 AVAST engine scan C:\WINDOWS
12:47:34.975 AVAST engine scan C:\WINDOWS\system32
12:47:35.272 AVAST engine scan C:\WINDOWS\system32\drivers
12:47:35.490 AVAST engine scan C:\Documents and Settings\hnguyen25
12:47:35.771 AVAST engine scan C:\Documents and Settings\All Users
12:47:35.771 Scan finished successfully
12:49:40.200 Disk 0 MBR has been saved successfully to "F:\Downloads\Malwarebytes Files\aswMBR TXTs\MBR.dat"
12:49:40.216 The log file has been saved successfully to "F:\Downloads\Malwarebytes Files\aswMBR TXTs\aswMBR.txt"
  • 0

#6
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi jbhungvt,

I'm afraid we're gonna need to re-do the scans. The tool needs to be downloaded and run from the Desktop of the drive with the Windows operating system on it. In this case the C: drive.

And the tools must be run from a user account with Administrator privileges. The OTL log header shows that OTL was run from the F:\Downloads\Malwarebytes Files folder. It also shows that you were not logged into an administrator account.

OTL logfile created on: 12/6/2012 10:57:02 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = F:\Downloads\Malwarebytes Files
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.97 Gb Total Physical Memory | 1.55 Gb Available Physical Memory | 51.95% Memory free
5.83 Gb Paging File | 4.31 Gb Available in Paging File | 73.84% Paging File free
Paging file location(s): c:\pagefile.sys 3082 3082 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 7.29 Gb Free Space | 9.79% Space Free | Partition Type: NTFS
Drive F: | 931.48 Gb Total Space | 28.32 Gb Free Space | 3.04% Space Free | Partition Type: NTFS
Drive H: | 420.00 Gb Total Space | 250.42 Gb Free Space | 59.62% Space Free | Partition Type: NTFS
Drive S: | 66.05 Gb Total Space | 41.27 Gb Free Space | 62.47% Space Free | Partition Type: NTFS
Drive T: | 1080.00 Gb Total Space | 237.46 Gb Free Space | 21.99% Space Free | Partition Type: NTFS

Computer Name: HNGUYEN25-1 | User Name: hnguyen25 | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days



Hard-Drive Free Space Advice:

The log also shows the free space on the C:\ drive down to 9.79%

This is considered dangerously low. A Hard-Drive requires a bare minimum of 15% available free space to be able to function correctly, but at least 25% is better in my humble opinion.

I advise you to uninstall some software you do not need and / or move any documents/files/pictures etc to a form of removable media. This is just my advice as the lack of current Hard-Drive space may prevent the scans and fixes from running properly. In time it will impact overall system performance. Plus eventually any type of system maintenance will prove to be problematic.

The RogueKiller scan shows it was run from the same user account but with Admin privileges:

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : hnguyen25 [Admin rights]
Mode : Scan -- Date : 12/06/2012 12:32:15

So I'm not sure what is happening here. It could just be the drive and folder that the scans were run from.
You are going to need to free up some space on the C:\ drive. Then go to the F:\Downloads\Malwarebytes Files folder and run OTL. Click the CleanUp button. This will remove OTL and all files created.
Delete the RogueKiller.exe file and the RKreport[R1].txt file.
Delete the aswMBR.exe file and the aswMBR.txt file.

Then go back to post #2, re-read the initial guidelines and download the files to the desktop of the C:\ drive and run them from there.
  • 0

#7
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP