Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Blue screen - DRIVER_IRQL_NOT_LESS_OR_EQUAL


  • This topic is locked This topic is locked
3 replies to this topic

#1 Robert_P

Robert_P

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:36 AM

Posted 15 January 2012 - 11:21 AM

I have a laptop dell latitude E4300 running win xp.
I am using excel to query SQL database. Each time I use refresh data, after a few seconds I get the blue screen.

This behavior does not happen when running on a remote desktop.

Currently working from Home using VPN. behavior is the same either working from Office or Home with VPN.

Recently upgrade to Office 2010 but behavior still the same as when I was running office 2007.


I ran OTL according to the following:
  • Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

Following are the OTL.TXT and Extras.TXT.

Thank you in advance for your support.
Robert



OTL logfile created on: 1/15/2012 11:11:57 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\usd18411\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.45 Gb Total Physical Memory | 1.80 Gb Available Physical Memory | 52.01% Memory free
5.29 Gb Paging File | 3.65 Gb Available in Paging File | 68.94% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 67.23 Gb Free Space | 45.10% Space Free | Partition Type: NTFS

Computer Name: USDATLPC64NB102 | User Name: usd18411 | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\usd18411\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe (McAfee, Inc.)
PRC - C:\Documents and Settings\usd18411\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
PRC - C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\Program Files\Arcot Systems\jre\jre1.6\bin\javaw.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\naPrdMgr.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\McTray.exe (McAfee, Inc.)
PRC - C:\Program Files\Iron Mountain\Connected BackupPC\AgentService.exe (Iron Mountain Incorporated)
PRC - C:\Program Files\Iron Mountain\Connected BackupPC\Agent.exe (Iron Mountain Incorporated)
PRC - C:\Program Files\Qlock\qlock.exe ()
PRC - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe (McAfee, Inc.)
PRC - C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
PRC - C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe (McAfee, Inc.)
PRC - C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
PRC - C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
PRC - C:\Program Files\Reliance Netconnect - Broadband+\bin\MonServiceUDisk.exe ()
PRC - C:\Program Files\Citrix\ICA Client\wfcrun32.exe (Citrix Systems, Inc.)
PRC - C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
PRC - C:\WINDOWS\system32\ngmonitor.exe (Aventail Corporation)
PRC - C:\WINDOWS\system32\ngvpnmgr.exe (Aventail Corporation)
PRC - C:\Program Files\Interactive Intelligence\InteractionScreenRecorderClient\I3RestarterA.exe (Interactive Intelligence, Inc.)
PRC - C:\Program Files\Interactive Intelligence\InteractionScreenRecorderClient\ScreenCaptureClientU.exe (Interactive Intelligence, Inc.)
PRC - C:\Program Files\Interactive Intelligence\ININ Trace Initialization\i3trace_initializer-w32r-1-1.exe (Interactive Intelligence, Inc.)
PRC - C:\Program Files\SAP\SapSetup\Setup\Updater\NwSapAutoWorkstationUpdateService.exe (SAP AG)
PRC - C:\Program Files\Interactive Intelligence\Interactive Update\ININ.UpdateClientService.exe (Interactive Intelligence, Inc.)
PRC - C:\WINDOWS\system32\CCM\CcmExec.exe (Microsoft Corporation)
PRC - C:\Program Files\Philips\InCenter Offline Service\Philips.InCenter.Offline.Service.exe (Philips)
PRC - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
PRC - C:\Program Files\Utimaco\SafeGuard Easy\ecview.exe (Utimaco Safeware AG)
PRC - C:\Program Files\Utimaco\SafeGuard Easy\WksCfgSrv.exe (Utimaco Safeware AG)
PRC - C:\Program Files\Utimaco\SafeGuard Easy\SgeCtl.exe (Utimaco Safeware AG)
PRC - C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe (Dell Inc.)
PRC - C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe (Dell Inc.)
PRC - C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe (Dell Inc.)
PRC - C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe (Dell, Inc.)
PRC - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe (Broadcom Corporation)
PRC - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe (Broadcom Corporation)
PRC - C:\Program Files\Dell\Latitude ON Reader Data\BIOSEvent.exe ()
PRC - c:\WINDOWS\DRV\A\a\stacsv.exe (IDT, Inc.)
PRC - C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
PRC - C:\WINDOWS\system32\AESTFltr.exe (Andrea Electronics Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Microsoft EFS Assistant\EFSAssistant.exe (Microsoft Corporation)
PRC - C:\Program Files\CyberArmor\pcshelp.exe (InfoExpress)
PRC - C:\Program Files\CyberArmor\pcs.exe (InfoExpress)
PRC - C:\Program Files\CyberArmor\casvc.exe (InfoExpress)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)
PRC - C:\WINDOWS\system32\gslsrvn.exe ()
PRC - C:\WINDOWS\system32\crppsrvn.exe ()


========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\05c29118462056cf810df0b6aa660d05\System.WorkflowServices.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\ae749b024162e9ac79110c633b5ce6be\System.ServiceModel.Web.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\2dac4fc006596760cd4988d0bfd52ff0\System.ServiceModel.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\23eb4618c9d171be9fb551a13a475a32\System.IdentityModel.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\f63ae1310e004777e880f28377bcddd2\System.Web.Services.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\62e34cfb5a8b233667c7c5a47a32ad93\System.Web.ni.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_8a0c9b39\mscorlib.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_11f4a49c\system.xml.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_587b817e\system.windows.forms.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_dadddd1a\system.dll ()
MOD - c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll ()
MOD - c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll ()
MOD - C:\Documents and Settings\usd18411\Local Settings\Application Data\Google\Chrome\Application\16.0.912.75\ppgooglenaclpluginchrome.dll ()
MOD - C:\Documents and Settings\usd18411\Local Settings\Application Data\Google\Chrome\Application\16.0.912.75\pdf.dll ()
MOD - C:\Documents and Settings\usd18411\Local Settings\Application Data\Google\Chrome\Application\16.0.912.75\avutil-51.dll ()
MOD - C:\Documents and Settings\usd18411\Local Settings\Application Data\Google\Chrome\Application\16.0.912.75\avformat-53.dll ()
MOD - C:\Documents and Settings\usd18411\Local Settings\Application Data\Google\Chrome\Application\16.0.912.75\avcodec-53.dll ()
MOD - C:\Documents and Settings\usd18411\Local Settings\Application Data\Google\Chrome\Application\16.0.912.75\gcswf32.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\474a341340f687bcbd7777f2820a8c7a\SMDiagnostics.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\afd6134c090faf8c29cd64d4835142b2\System.Runtime.Serialization.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\8ad32b72258899177c07dc5912b5b748\Microsoft.JScript.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\90b90e700e59d73d6d692cf74e1ba16e\System.Management.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\8efcd633af87989355382b5039f1b7df\System.Transactions.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\81096bfe85eb0da5f05e8a127ffa43b2\System.Runtime.Serialization.Formatters.Soap.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll ()
MOD - C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll ()
MOD - c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll ()
MOD - C:\Program Files\McAfee\Common Framework\boost_thread-vc80-mt-1_32.dll ()
MOD - C:\Program Files\Qlock\qlock.exe ()
MOD - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()
MOD - C:\Program Files\Reliance Netconnect - Broadband+\bin\MonServiceUDisk.exe ()
MOD - C:\Program Files\Interactive Intelligence\Interactive Update\ININ.IUpdate.MSIUIHandlerU.dll ()
MOD - C:\Program Files\Interactive Intelligence\Interactive Update\Web\bin\ace-w32r-1-1.dll ()
MOD - C:\Program Files\Interactive Intelligence\InteractionScreenRecorderClient\ace-w32r-1-1.dll ()
MOD - C:\Program Files\Interactive Intelligence\ININ Trace Initialization\ace-w32r-1-1.dll ()
MOD - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcroTray.DEU ()
MOD - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcroTray.FRA ()
MOD - C:\Program Files\Utimaco\SafeGuard Easy\SgUicl.msg ()
MOD - C:\Program Files\Utimaco\SafeGuard Easy\WksCfgSrvps.dll ()
MOD - C:\Program Files\Utimaco\SafeGuard Easy\SgeCtlps.Dll ()
MOD - C:\Program Files\Utimaco\SafeGuard Easy\SecClassFactoryPs.dll ()
MOD - C:\Program Files\Utimaco\SafeGuard Easy\SGE_INFO0409.dll ()
MOD - C:\Program Files\Utimaco\SafeGuard Easy\SGE_ERR0409.dll ()
MOD - C:\Program Files\Utimaco\SafeGuard Easy\SGE_MSG0409.dll ()
MOD - C:\Program Files\Dell\Dell ControlPoint\Dell.DcpPlugin.dll ()
MOD - C:\Program Files\Dell\Dell ControlPoint\SmithMicro.Common.dll ()
MOD - C:\Program Files\Dell\Latitude ON Reader Data\BIOSEvent.exe ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\Program Files\McAfee\Common Framework\ccme_base.dll ()
MOD - C:\Program Files\McAfee\Common Framework\cryptocme2.dll ()
MOD - C:\WINDOWS\system32\vsctool.dll ()
MOD - C:\WINDOWS\system32\gslsrvn.exe ()
MOD - C:\WINDOWS\system32\crppsrvn.exe ()
MOD - C:\WINDOWS\system32\craservn.dll ()
MOD - C:\WINDOWS\system32\cmbase2n.dll ()
MOD - C:\WINDOWS\system32\cmbasen.dll ()
MOD - C:\WINDOWS\system32\uswerrln.dll ()


========== Win32 Services (SafeList) ==========

SRV - (Interactive Update Client) -- File not found
SRV - (mfevtp) -- C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (Philips NTSMF) -- C:\Program Files\Philips\Philips NTSMF Agent\miragent.exe ()
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (McAfeeFramework) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
SRV - (AgentService) -- C:\Program Files\Iron Mountain\Connected BackupPC\AgentService.exe (Iron Mountain Incorporated)
SRV - (McTaskManager) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (enterceptAgent) -- C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe (McAfee, Inc.)
SRV - (PMBDeviceInfoProvider) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SRV - (UDisk Monitor) -- C:\Program Files\Reliance Netconnect - Broadband+\bin\MonServiceUDisk.exe ()
SRV - (NgVpnMgr) -- C:\WINDOWS\system32\ngvpnmgr.exe (Aventail Corporation)
SRV - (ININ Tracing) -- C:\Program Files\Interactive Intelligence\ININ Trace Initialization\i3trace_initializer-w32r-1-1.exe (Interactive Intelligence, Inc.)
SRV - (NWSAPAutoWorkstationUpdateSvc) -- C:\Program Files\SAP\SapSetup\Setup\Updater\NwSapAutoWorkstationUpdateService.exe (SAP AG)
SRV - (ISTSC) -- C:\Program Files\Philips\IST\ISTSC.exe ()
SRV - (CcmExec) -- C:\WINDOWS\system32\CCM\CcmExec.exe (Microsoft Corporation)
SRV - (smstsmgr) -- C:\WINDOWS\System32\CCM\TSManager.exe (Microsoft Corporation)
SRV - (OfflineService) -- C:\Program Files\Philips\InCenter Offline Service\Philips.InCenter.Offline.Service.exe (Philips)
SRV - (iPassConnectEngine) -- C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe (iPass, Inc.)
SRV - (iPassPeriodicUpdateApp) -- C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe (iPass, Inc.)
SRV - (iPassPeriodicUpdateService) -- C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe (iPass, Inc.)
SRV - (WksCfgSrv) -- C:\Program Files\Utimaco\SafeGuard Easy\WksCfgSrv.exe (Utimaco Safeware AG)
SRV - (SgeCtl) -- C:\Program Files\Utimaco\SafeGuard Easy\SgeCtl.exe (Utimaco Safeware AG)
SRV - (dcpsysmgrsvc) -- C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe (Dell Inc.)
SRV - (buttonsvc32) -- C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe (Dell Inc.)
SRV - (Credential Vault Host Control Service) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe (Broadcom Corporation)
SRV - (Credential Vault Host Storage) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe (Broadcom Corporation)
SRV - (STacSV) -- c:\WINDOWS\DRV\A\a\stacsv.exe (IDT, Inc.)
SRV - (CyberArmorRunService) -- C:\Program Files\CyberArmor\casvc.exe (InfoExpress)
SRV - (msvsmon80) -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe (Microsoft Corporation)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (GSLSRV) -- C:\WINDOWS\system32\gslsrvn.exe ()
SRV - (CRPPSRV) -- C:\WINDOWS\system32\crppsrvn.exe ()


========== Driver Services (SafeList) ==========

DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfetdi2k) -- C:\WINDOWS\system32\drivers\mfetdi2k.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\WINDOWS\system32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (FireNfcp) -- C:\WINDOWS\system32\drivers\FireNfcp.sys (McAfee, Inc.)
DRV - (Mandiant_Tools) -- C:\Documents and Settings\All Users\Application Data\Philips\Philips NTSMF Agent\mktools.sys ()
DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (LEqdUsb) -- C:\WINDOWS\system32\drivers\LEqdUsb.sys (Logitech, Inc.)
DRV - (LHidEqd) -- C:\WINDOWS\system32\drivers\LHidEqd.sys (Logitech, Inc.)
DRV - (LBeepKE) -- C:\WINDOWS\system32\drivers\LBeepKE.sys (Logitech, Inc.)
DRV - (iPassP) iPass Protocol (IEEE 802.1x) -- C:\WINDOWS\system32\drivers\iPassP.sys (Cisco Systems, Inc.)
DRV - (LV_Tracker) -- C:\WINDOWS\system32\drivers\LV_Tracker.sys ()
DRV - (HipShieldK) -- C:\WINDOWS\system32\drivers\HipShieldK.sys (McAfee, Inc.)
DRV - (mfefirek) -- C:\WINDOWS\system32\drivers\mfefirek.sys (McAfee, Inc.)
DRV - (mfendiskmp) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
DRV - (mfendisk) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
DRV - (NgVpn) -- C:\WINDOWS\system32\drivers\ngvpn.sys (Aventail Corporation)
DRV - (NgLog) -- C:\WINDOWS\system32\drivers\nglog.sys (Aventail Corporation)
DRV - (NgWfp) -- C:\WINDOWS\system32\drivers\ngwfp.sys (Aventail Corporation)
DRV - (NgFilter) -- C:\WINDOWS\system32\drivers\ngfilter.sys (Aventail Corporation)
DRV - (ctxusbm) -- C:\WINDOWS\system32\drivers\ctxusbm.sys (Citrix Systems, Inc.)
DRV - (ztemtusbser) -- C:\WINDOWS\system32\drivers\CT_ZTEMT_U_USBSER.sys (ZTEMT Incorporated)
DRV - (ISTTDI) -- C:\Program Files\Philips\IST\i386\ISTTDI.sys (Philips Medical Systems.)
DRV - (ISTFSF) -- C:\Program Files\Philips\IST\i386\ISTFSF.sys (Philips Medical Systems.)
DRV - (prepdrvr) -- C:\WINDOWS\system32\CCM\PrepDrv.sys (Microsoft Corporation)
DRV - (e1yexpress) Intel® -- C:\WINDOWS\system32\drivers\e1y5132.sys (Intel Corporation)
DRV - (AES-256) -- C:\WINDOWS\SYSTEM32\DRIVERS\AES256.SYS (Utimaco Safeware AG)
DRV - (AES-128) -- C:\WINDOWS\SYSTEM32\DRIVERS\AES128.SYS (Utimaco Safeware AG)
DRV - (SgeFlt) -- C:\WINDOWS\SYSTEM32\DRIVERS\SGEFLT.SYS (Utimaco Safeware AG)
DRV - (smsmdd) -- C:\WINDOWS\system32\drivers\smsmdm.sys (Microsoft Corporation)
DRV - (cvusbdrv) -- C:\WINDOWS\system32\drivers\cvusbdrv.sys (Broadcom Corporation)
DRV - (IntcHdmiAddService) Intel® -- C:\WINDOWS\system32\drivers\IntcHdmi.sys (Intel® Corporation)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (NETw5x32) Intel® -- C:\WINDOWS\system32\drivers\NETw5x32.sys (Intel Corporation)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (IDT, Inc.)
DRV - (AESTAud) -- C:\WINDOWS\system32\drivers\AESTAud.sys (Andrea Electronics Corporation)
DRV - (RMCAST) -- C:\WINDOWS\system32\drivers\RMCast.sys (Microsoft Corporation)
DRV - (MQAC) -- C:\WINDOWS\system32\drivers\mqac.sys (Microsoft Corporation)
DRV - (PBADRV) -- C:\WINDOWS\system32\DRIVERS\PBADRV.sys (Dell Inc)
DRV - (vidmirror) -- C:\WINDOWS\system32\drivers\vidmirror.sys (Avalon Software)
DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)
DRV - (vmm) -- C:\WINDOWS\system32\drivers\VMM.sys (Microsoft Corporation)
DRV - (VPCNetS2) -- C:\WINDOWS\system32\drivers\VMNetSrv.sys (Microsoft Corporation)
DRV - (Viexpf2k) -- C:\WINDOWS\system32\drivers\viexpf2k.sys ()
DRV - (Viexca2k) -- C:\WINDOWS\system32\drivers\viexca2k.sys (InfoExpress)
DRV - (USBCCID) -- C:\WINDOWS\system32\drivers\usbccid.sys (Microsoft Corporation)
DRV - (Sentinel) -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS (Rainbow Technologies, Inc.)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://pww.healthcare.philips.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://pww.healthcare.philips.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?babsrc=HP_ss&affID=101067&mntrId=a0778738000000000000005345000000
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = file:///Documents and Settings\usd18411\Application Data\Aventail\AOK IRAS-NG AMEC.pac

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\usd18411\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\usd18411\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2011/06/15 11:48:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2012/01/06 14:44:59 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\usd18411\Local Settings\Application Data\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\usd18411\Local Settings\Application Data\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\usd18411\Local Settings\Application Data\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Documents and Settings\usd18411\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.8013_0\npSkypeChromePlugin.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\usd18411\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Angry Birds = C:\Documents and Settings\usd18411\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\
CHR - Extension: Cargly = C:\Documents and Settings\usd18411\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aofoinpakbknmlddhnclgllplgppdade\1.3_0\
CHR - Extension: Brushed = C:\Documents and Settings\usd18411\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bfjgbcjfpbbfepcccpaffkjofcmglifg\1.0_0\
CHR - Extension: Weather Window by WeatherBug = C:\Documents and Settings\usd18411\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ihdkejbciahopmbagpnjmmkkdpfpaaak\1.0.12_0\
CHR - Extension: Skype Click to Call = C:\Documents and Settings\usd18411\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
CHR - Extension: Plants vs Zombies = C:\Documents and Settings\usd18411\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina\1.0.5_0\

O1 HOSTS File: ([2011/08/10 11:18:45 | 000,000,763 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 192.168.1.64 HP0018715FDB27
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120109085548.dll (McAfee, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation)
O4 - HKLM..\Run: [AgentUiRunKey] C:\Program Files\Iron Mountain\Connected BackupPC\Agent.exe (Iron Mountain Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [BIOSEvent] C:\Program Files\Dell\Latitude ON Reader Data\BIOSEvent.exe ()
O4 - HKLM..\Run: [CLIVFR] C:\Program Files\Dell\Latitude ON Reader Data\CLIVFR.exe (CyberLink)
O4 - HKLM..\Run: [Communicator] C:\Program Files\Microsoft Office Communicator\communicator.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ConfigVM] C:\Program Files\Microsoft Virtual PC\ConfigVM.vbs ()
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [CyberArmorHelper] C:\Program Files\CyberArmor\pcshelp.exe (InfoExpress)
O4 - HKLM..\Run: [DellControlPoint] C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe (Dell, Inc.)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [McAfee Host Intrusion Prevention Tray] C:\Program Files\McAfee\Host Intrusion Prevention\FireTray.exe (McAfee, Inc.)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MsmqIntCert] C:\WINDOWS\System32\mqrt.dll (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SgeEcView] C:\Program Files\Utimaco\SafeGuard Easy\Ecview.exe (Utimaco Safeware AG)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\usd18411\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
O4 - HKCU..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Dell ControlPoint System Manager.lnk = C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe (Dell Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\usd18411\Start Menu\Programs\Startup\Microsoft SharePoint Workspace.lnk = C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\usd18411\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\usd18411\Start Menu\Programs\Startup\qlock.lnk = C:\Program Files\Qlock\qlock.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 1 = "c:\Program Files\Microsoft EFS Assistant\EFSAssistant.exe" (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\New Windows present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Security present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: compucom.com ([source] http in Trusted sites)
O15 - HKCU\..Trusted Domains: compucom.com ([source] https in Trusted sites)
O15 - HKCU\..Trusted Domains: compucom.com ([sourceqc] http in Trusted sites)
O15 - HKCU\..Trusted Domains: compucom.com ([sourceqc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: philips.com ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: philips.com ([vds] https in Trusted sites)
O15 - HKCU\..Trusted Domains: socialcast.com ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: taleo.net ([]* in Local intranet)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1324301780296 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: Shopping.Probe http://pww.oneshop.philips.com/Shopping/Shopping.Probe.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = code1.emi.philips.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{39206521-AC95-4C3F-B890-7FEDF7C84FDF}: NameServer = 130.140.80.70 130.140.80.6
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{80EF4423-CCE8-4935-BA81-CB33F882634E}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP, Walldorf)
O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP, Walldorf)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (cahooknt.dll) -C:\WINDOWS\System32\cahooknt.dll (InfoExpress)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Program Files\Interactive Intelligence\InteractionScreenRecorderClient\ScreenCaptureClientU.exe) -C:\Program Files\Interactive Intelligence\InteractionScreenRecorderClient\ScreenCaptureClientU.exe (Interactive Intelligence, Inc.)
O20 - HKLM Winlogon: GinaDLL - (MSGINA.DLL) -C:\WINDOWS\System32\msgina.dll (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) -C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) -C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") -C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - (%SystemRoot%\System32\dimsntfy.dll) - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - (WgaLogon.dll) - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) -C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) -C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) -C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) -C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) -C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) -C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) -C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) -C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) -C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/06/15 14:20:31 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{491ab402-fdf7-11e0-91f6-002170e6e71e}\Shell - "" = AutoRun
O33 - MountPoints2\{491ab402-fdf7-11e0-91f6-002170e6e71e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{491ab402-fdf7-11e0-91f6-002170e6e71e}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 7 Days ==========

[2012/01/15 10:43:05 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\usd18411\Desktop\OTL.exe
[2012/01/15 10:24:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2012/01/14 12:27:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SharePoint
[2012/01/14 12:26:01 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2012/01/14 12:25:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2012/01/14 12:25:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2012/01/09 17:32:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2012/01/09 17:31:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/01/09 17:30:14 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012/01/09 17:30:14 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012/01/09 17:30:14 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012/01/09 08:55:47 | 000,009,344 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeclnk.sys
[2012/01/09 08:55:46 | 000,085,152 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdet.sys
[2012/01/09 08:55:46 | 000,058,456 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2012/01/09 08:55:40 | 000,074,848 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\MfeOtlkAddin.dll
[2012/01/09 08:55:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[1998/08/24 08:31:44 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\IMPLODE.DLL
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 7 Days ==========

[2012/01/15 10:43:11 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\usd18411\Desktop\OTL.exe
[2012/01/15 10:37:14 | 000,000,990 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2052111302-790525478-839522115-545043UA.job
[2012/01/15 10:16:55 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/15 10:16:44 | 000,000,496 | ---- | M] () -- C:\WINDOWS\SMSCFG.ini
[2012/01/15 10:15:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/15 10:15:01 | 3707,658,240 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/14 21:30:07 | 001,369,600 | ---- | M] () -- C:\Documents and Settings\usd18411\Desktop\OneContact Master Project Schedule.mpp
[2012/01/14 16:01:08 | 000,000,781 | ---- | M] () -- C:\Documents and Settings\usd18411\Start Menu\Programs\Startup\Microsoft SharePoint Workspace.lnk
[2012/01/14 15:36:44 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\usd18411\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2012/01/14 15:14:36 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\usd18411\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2012/01/14 13:22:58 | 000,275,760 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/01/14 11:08:36 | 000,022,258 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2012/01/13 23:37:00 | 000,000,938 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2052111302-790525478-839522115-545043Core.job
[2012/01/13 16:34:08 | 000,543,270 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/13 16:34:08 | 000,101,902 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/13 16:31:17 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/01/10 10:57:17 | 054,665,216 | ---- | M] () -- C:\Documents and Settings\usd18411\Desktop\CCC Production Erlang Analysis.mdb
[2012/01/10 10:55:48 | 006,785,622 | ---- | M] () -- C:\Documents and Settings\usd18411\Desktop\CCC Production Erlang Analysis.zip
[2012/01/09 15:48:07 | 000,016,400 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\drivers\LNonPnP.sys
[2012/01/09 13:54:03 | 000,006,144 | -H-- | M] () -- C:\WINDOWS\explorer.suo
[2012/01/09 13:54:03 | 000,000,203 | ---- | M] () -- C:\WINDOWS\explorer.sln
[2012/01/09 08:55:16 | 000,436,728 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys
[2012/01/09 08:55:16 | 000,145,936 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\mfevtps.exe
[2012/01/09 08:55:16 | 000,088,544 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfetdi2k.sys
[2012/01/09 08:55:16 | 000,085,152 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdet.sys
[2012/01/09 08:55:16 | 000,074,848 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\MfeOtlkAddin.dll
[2012/01/09 08:55:16 | 000,022,816 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\MFEOtlk.dll
[2012/01/09 08:55:15 | 000,171,296 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2012/01/09 08:55:15 | 000,116,104 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeapfk.sys
[2012/01/09 08:55:15 | 000,058,456 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2012/01/09 08:55:15 | 000,009,344 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeclnk.sys
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/14 21:30:06 | 001,369,600 | ---- | C] () -- C:\Documents and Settings\usd18411\Desktop\OneContact Master Project Schedule.mpp
[2012/01/14 16:01:08 | 000,000,781 | ---- | C] () -- C:\Documents and Settings\usd18411\Start Menu\Programs\Startup\Microsoft SharePoint Workspace.lnk
[2012/01/14 15:36:43 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\usd18411\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2012/01/14 15:14:36 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\usd18411\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2012/01/10 10:55:48 | 006,785,622 | ---- | C] () -- C:\Documents and Settings\usd18411\Desktop\CCC Production Erlang Analysis.zip
[2012/01/09 13:54:03 | 000,006,144 | -H-- | C] () -- C:\WINDOWS\explorer.suo
[2012/01/09 13:54:03 | 000,000,203 | ---- | C] () -- C:\WINDOWS\explorer.sln
[2011/11/07 05:10:24 | 000,004,764 | ---- | C] () -- C:\WINDOWS\System32\CcmFramework.ini
[2011/11/07 05:09:13 | 000,000,496 | ---- | C] () -- C:\WINDOWS\SMSCFG.ini
[2011/09/20 11:25:05 | 000,017,920 | ---- | C] () -- C:\Documents and Settings\usd18411\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/10 11:18:35 | 000,003,399 | R--- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2011/08/10 11:18:35 | 000,000,146 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2011/08/10 11:16:39 | 000,000,699 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2011/08/10 09:30:56 | 000,069,372 | ---- | C] () -- C:\WINDOWS\hpoins05.dat
[2011/08/10 09:30:56 | 000,019,696 | ---- | C] () -- C:\WINDOWS\hpomdl05.dat
[2011/07/05 18:49:08 | 000,004,096 | -H-- | C] () -- C:\Documents and Settings\usd18411\Local Settings\Application Data\keyfile3.drm
[2011/06/25 18:34:20 | 000,191,600 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/06/25 09:48:13 | 000,000,272 | ---- | C] () -- C:\Documents and Settings\usd18411\Application Data\.backup.dm
[2011/06/24 06:41:37 | 000,000,036 | ---- | C] () -- C:\WINDOWS\webica.ini
[2011/06/16 08:08:57 | 000,000,162 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/06/16 08:04:32 | 000,150,016 | ---- | C] () -- C:\WINDOWS\System32\fc_crypt.dll
[2011/06/16 08:04:24 | 000,008,847 | ---- | C] () -- C:\WINDOWS\saplogon2.ini
[2011/06/16 08:04:24 | 000,000,031 | ---- | C] () -- C:\WINDOWS\CS_R3_Comm.ini
[2011/06/16 08:04:23 | 000,006,656 | ---- | C] () -- C:\WINDOWS\pathman.exe
[2011/06/16 08:04:20 | 000,008,192 | ---- | C] () -- C:\WINDOWS\IfMember.exe
[2011/06/15 15:11:38 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4980.dll
[2011/06/15 15:11:37 | 002,026,604 | ---- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2011/06/15 15:11:30 | 000,442,964 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2011/06/15 15:09:19 | 000,409,163 | ---- | C] () -- C:\WINDOWS\System32\ADDRMSec.EXE
[2011/06/15 15:09:19 | 000,155,720 | ---- | C] () -- C:\WINDOWS\System32\CDR.EXE
[2011/06/15 15:09:19 | 000,026,013 | ---- | C] () -- C:\WINDOWS\System32\SLEEP.EXE
[2011/06/15 15:09:19 | 000,002,122 | ---- | C] () -- C:\WINDOWS\System32\GGs.ini
[2011/06/15 15:09:19 | 000,000,378 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2011/06/15 15:08:20 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2011/06/15 15:07:53 | 000,543,270 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/15 15:07:53 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2011/06/15 15:07:52 | 000,101,902 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/15 15:07:52 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2011/06/15 15:07:45 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2011/06/15 15:07:44 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2011/06/15 15:07:33 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2011/06/15 15:06:55 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2011/06/15 15:06:54 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2011/06/15 15:05:52 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2011/06/15 15:05:38 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2011/06/15 14:29:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/06/15 14:28:15 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2011/06/15 14:20:49 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/15 14:19:19 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/06/15 14:05:50 | 000,018,192 | ---- | C] () -- C:\WINDOWS\saplogon.ini
[2011/06/15 13:52:15 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\usd18411\Local Settings\Application Data\fusioncache.dat
[2011/06/15 12:47:23 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\h5menu32.dll
[2011/06/15 12:47:23 | 000,095,744 | ---- | C] () -- C:\WINDOWS\System32\h5rtf32.dll
[2011/06/15 12:47:23 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\h5tool32.dll
[2011/06/15 12:47:22 | 001,064,960 | ---- | C] () -- C:\WINDOWS\System32\h5krnl32.dll
[2011/06/15 12:47:22 | 000,188,928 | ---- | C] () -- C:\WINDOWS\System32\h5icon32.dll
[2011/06/15 12:36:04 | 000,356,352 | ---- | C] () -- C:\WINDOWS\System32\iPassI5Installer.exe
[2011/06/15 12:35:24 | 000,424,463 | ---- | C] () -- C:\WINDOWS\System32\drivers\viexpf2k.sys
[2011/06/15 12:35:24 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\vsctool.dll
[2011/06/15 12:34:09 | 000,000,462 | ---- | C] () -- C:\WINDOWS\SMSCFG.ini.s23
[2011/06/15 11:32:56 | 000,157,008 | ---- | C] () -- C:\WINDOWS\System32\brcmbsp.dll
[2011/06/15 11:32:51 | 000,080,368 | ---- | C] () -- C:\WINDOWS\System32\pbadrvdll.dll
[2011/06/15 07:16:02 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/06/15 07:15:16 | 000,275,760 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/03 14:21:14 | 000,045,384 | ---- | C] () -- C:\WINDOWS\System32\drivers\LV_Tracker.sys
[2010/08/10 09:47:36 | 000,000,295 | ---- | C] () -- C:\WINDOWS\saproute.ini
[2010/04/22 08:57:18 | 000,127,104 | ---- | C] () -- C:\WINDOWS\ngmsi.dll
[2010/04/22 08:56:30 | 000,014,976 | ---- | C] () -- C:\WINDOWS\ngutil.exe
[2010/04/16 05:21:04 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\vidmirrorumda.dll
[2010/03/30 06:05:18 | 000,000,699 | ---- | C] () -- C:\WINDOWS\System32\cardmann.ini
[2010/02/18 05:13:00 | 000,014,408 | ---- | C] () -- C:\WINDOWS\System32\PMSSecGR.dll
[2010/02/18 05:12:46 | 000,035,400 | ---- | C] () -- C:\WINDOWS\System32\ISTAM.dll
[2008/12/11 13:19:40 | 000,020,575 | ---- | C] () -- C:\WINDOWS\System32\Sgegina040C.Dll
[2008/12/11 13:19:36 | 000,020,575 | ---- | C] () -- C:\WINDOWS\System32\SgeGina0407.Dll
[2008/05/26 20:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 20:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/09/27 09:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 09:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 09:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/08/16 11:33:38 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\loaddlln.dll
[2006/06/30 14:58:44 | 000,176,128 | R--- | C] () -- C:\WINDOWS\System32\bioapi_mds300.dll
[2006/06/30 14:58:44 | 000,126,976 | R--- | C] () -- C:\WINDOWS\System32\bioapi100.dll
[2003/09/10 14:25:32 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\cmapiin.dll
[2003/09/10 12:02:02 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\ssgmion.dll
[2003/09/10 12:01:46 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\ssgtcon.dll
[2003/09/10 12:01:40 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\ssgsetn.dll
[2003/09/10 12:01:34 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\ssgsamn.dll
[2003/09/10 12:01:28 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\ssgdefn.dll
[2003/09/10 12:01:24 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ssgdlln.dll
[2003/09/10 12:00:18 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\pkcs201n.dll
[2003/09/10 12:00:12 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\pkcssrcn.dll
[2003/09/10 12:00:04 | 000,339,968 | ---- | C] () -- C:\WINDOWS\System32\pkcsbasn.dll
[2003/09/10 11:59:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\gslsrvn.exe
[2003/09/10 11:59:26 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\gscripln.dll
[2003/09/10 11:59:22 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\aptcosn.dll
[2003/09/10 11:59:18 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\ostcosn.dll
[2003/09/10 11:59:10 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\cltcosn.dll
[2003/09/10 11:59:06 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\apsetcon.dll
[2003/09/10 11:59:02 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\ossetcon.dll
[2003/09/10 11:58:54 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\clsetcon.dll
[2003/09/10 11:58:46 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\apsamosn.dll
[2003/09/10 11:58:40 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ossamosn.dll
[2003/09/10 11:58:30 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\clsamosn.dll
[2003/09/10 11:58:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\apmiocon.dll
[2003/09/10 11:58:22 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\osmiocon.dll
[2003/09/10 11:58:16 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\clmiocon.dll
[2003/09/10 11:58:00 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\srcrspn.dll
[2003/09/10 11:57:56 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\asc1layn.dll
[2003/09/10 11:57:48 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\srcxcln.dll
[2003/09/10 11:57:44 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\srcrdrcn.dll
[2003/09/10 11:57:34 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\srcbasen.dll
[2003/09/10 11:57:30 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\gsrcn.dll
[2003/09/10 11:57:24 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\srcrdrhn.dll
[2003/09/10 11:57:20 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\grsan.dll
[2003/09/10 11:57:16 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\gdesn.dll
[2003/09/10 11:57:10 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\gslbasen.dll
[2003/09/10 11:57:04 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\crppcltn.dll
[2003/09/10 11:56:56 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\crppsrvn.exe
[2003/09/10 11:56:50 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\crpcscn.dll
[2003/09/10 11:56:24 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\craservn.dll
[2003/09/10 11:56:06 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\cmbase2n.dll
[2003/09/10 11:55:54 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\cmbasen.dll
[2003/09/07 23:34:24 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\PMSCup.dll
[2002/12/18 11:29:46 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\uswerrln.dll
[1999/11/29 18:00:46 | 000,082,944 | ---- | C] () -- C:\WINDOWS\System32\cmasn0n.dll
[1999/11/29 17:16:12 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\cmoss0n.dll

========== LOP Check ==========

[2011/06/15 13:34:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\1E
[2011/06/15 20:58:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Aventail
[2011/12/21 17:20:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2011/07/20 08:14:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2011/06/16 14:21:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ClubSanDisk
[2011/06/15 15:26:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Email Backup Optimization
[2011/06/15 11:53:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GroupPolicy
[2011/06/25 09:45:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iPass
[2011/12/17 13:18:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\KSOL
[2011/06/15 13:26:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MEBEDO
[2011/06/17 12:57:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Philips
[2011/06/16 14:56:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2011/06/15 11:54:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Screentime
[2011/06/17 10:16:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2011/06/15 12:42:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2011/06/15 12:32:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2011/09/12 09:19:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\usd18411\Application Data\Arkadin
[2011/12/16 13:59:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\usd18411\Application Data\Aventail
[2011/12/21 17:20:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\usd18411\Application Data\Babylon
[2011/09/20 15:25:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\usd18411\Application Data\Bandoo
[2011/07/24 13:31:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\usd18411\Application Data\com.pandora.desktop.FB9956FD96E03239939108614098AD95535EE674.1
[2011/07/20 08:14:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\usd18411\Application Data\ICAClient
[2011/09/25 18:22:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\usd18411\Application Data\Interactive Intelligence
[2011/06/17 07:59:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\usd18411\Application Data\KSOL
[2011/12/03 00:04:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\usd18411\Application Data\Leadertech
[2011/07/20 16:55:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\usd18411\Application Data\PhCST
[2011/09/01 15:18:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\usd18411\Application Data\Qlock
[2011/06/16 14:58:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\usd18411\Application Data\RoboForm
[2011/08/29 19:27:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\usd18411\Application Data\SAP
[2011/09/16 20:16:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\usd18411\Application Data\TeamViewer
[2011/06/16 11:09:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\usd18411\Application Data\Windows Desktop Search
[2011/06/25 16:44:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\usd18411\Application Data\Windows Search
[2011/06/17 12:55:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\usd18411\Application Data\Xerox
[2011/12/10 08:37:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\usd18411\Application Data\ZTEEVDO

========== Purity Check ==========



< End of report >
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

OTL Extras logfile created on: 1/15/2012 11:11:57 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\usd18411\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.45 Gb Total Physical Memory | 1.80 Gb Available Physical Memory | 52.01% Memory free
5.29 Gb Paging File | 3.65 Gb Available in Paging File | 68.94% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 67.23 Gb Free Space | 45.10% Space Free | Partition Type: NTFS

Computer Name: USDATLPC64NB102 | User Name: usd18411 | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe" = C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service -- (McAfee, Inc.)
"C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe" = C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:*:Enabled:Microsoft Office Live Meeting 2007 -- (Microsoft Corporation)
"C:\Program Files\1E\WakeUp\Agent\WakeUpAgt.exe" = C:\Program Files\1E\WakeUp\Agent\WakeUpAgt.exe:*:Enabled:WakeUp Agent
"C:\WINDOWS\system32\mqsvc.exe" = C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office Communicator\communicator.exe" = C:\Program Files\Microsoft Office Communicator\communicator.exe:*:Enabled:Office Communicator -- (Microsoft Corporation)
"C:\Program Files\Philips\IST\ICS.exe" = C:\Program Files\Philips\IST\ICS.exe:*:Enabled:IST Certificate Service -- (Philips Medical Systems)
"C:\Program Files\Iron Mountain\Connected BackupPC\Agent.exe" = C:\Program Files\Iron Mountain\Connected BackupPC\Agent.exe:*:Enabled:Connected Backup Agent -- (Iron Mountain Incorporated)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:HP Digital Imaging Monitor -- (Hewlett-Packard Co.)
"C:\Program Files\Interactive Intelligence\ICUserApps\InteractionClient.exe" = C:\Program Files\Interactive Intelligence\ICUserApps\InteractionClient.exe:*:Enabled:InteractionClient -- (Interactive Intelligence, Inc.)
"C:\WINDOWS\system32\wbem\unsecapp.exe" = C:\WINDOWS\system32\wbem\unsecapp.exe:*:Enabled:WMI -- (Microsoft Corporation)
"C:\Program Files\Philips\Philips NTSMF Agent\miragent.exe" = C:\Program Files\Philips\Philips NTSMF Agent\miragent.exe:*:Enabled:Philips NTSMF -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe" = C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:*:Enabled:Microsoft Office Live Meeting 2007 -- (Microsoft Corporation)
"C:\WINDOWS\system32\mqsvc.exe" = C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing -- (Microsoft Corporation)
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe" = C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service -- (McAfee, Inc.)
"C:\Program Files\Philips\IST\ICS.exe" = C:\Program Files\Philips\IST\ICS.exe:*:Enabled:IST Certificate Service -- (Philips Medical Systems)
"C:\Program Files\Interactive Intelligence\ICUserApps\InteractionClient.exe" = C:\Program Files\Interactive Intelligence\ICUserApps\InteractionClient.exe:*:Enabled:InteractionClient -- (Interactive Intelligence, Inc.)
"D:\Setup\HPZnet01.exe" = D:\Setup\HPZnet01.exe:*:Enabled:Install Consumer Experience Network Plug in
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:HP Digital Imaging Monitor -- (Hewlett-Packard Co.)
"C:\Program Files\TeamViewer\Version6\TeamViewer.exe" = C:\Program Files\TeamViewer\Version6\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe" = C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\WINDOWS\system32\wbem\unsecapp.exe" = C:\WINDOWS\system32\wbem\unsecapp.exe:*:Enabled:WMI -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office Communicator\communicator.exe" = C:\Program Files\Microsoft Office Communicator\communicator.exe:*:Enabled:Microsoft Office Communicator 2007 R2 -- (Microsoft Corporation)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Philips\Philips NTSMF Agent\miragent.exe" = C:\Program Files\Philips\Philips NTSMF Agent\miragent.exe:*:Enabled:Philips NTSMF -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04476ED2-76CE-42D1-890F-C9E3B3BB845B}" = IC Business Manager
"{066D25F6-8B8B-433C-88B4-EDF41D604E7E}" = Broadcom USH Host Components
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE 10.3
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B43A744-B1B8-4089-9BD1-9D41C7EC0AA3}" = Microsoft SQL Server 2005 Books Online (English)
"{0D1CBBB9-F4A8-45B6-95E7-202BA61D7AF4}" = Microsoft Office Communicator 2007 R2
"{0DC86BEC-5CE3-413A-BB61-C40A3D186B24}" = Scan
"{0EA8D986-1183-45B5-9E47-B6603EBE2733}" = TestEquipmentServer 6F08
"{14BEB6DF-A499-4A38-8E06-E173BCD5C087}" = ScannerCopy
"{17293791-C82E-476C-9997-9A0FF234A19B}" = HP Product Assistant
"{181821B7-82AA-44DA-9DAF-EF254CCB670A}" = Fax
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1DD463C0-A50A-4394-B7E4-5895C02F9E0D}" = Microsoft SQL Server 2005 Tools
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}" = TrayApp
"{22FC7536-BE5C-4E88-8069-C24689D34EC5}" = Snagit 10.0.1
"{2323D99B-9ACF-47C5-ACDE-8CE46F111D80}" = Polaris_30989
"{2609EDF1-34C4-4B03-B634-55F3B3BC4931}" = Configuration Manager Client
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java™ 6 Update 30
"{2781AD0E-1C5C-4056-9820-3EB86D5E19C1}" = Philips MY IT Training
"{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}" = Unload
"{2F66C75D-C458-47B1-A5E8-90CD3AD4B581}" = Google Translate
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3397D45E-C170-47D6-BF77-27D4E6891FFC}" = Philips IST 2.3.1.0218
"{342C7C88-D335-4bc2-8CF1-281857629CE2}" = HP PSC & OfficeJet 4.7
"{34769410-B57B-4D17-81A7-F339CADEF041}" = Philips NTSMF Agent
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{37C39957-B0B3-40DC-8BA4-2363241159ED}" = LightScribe 1.4.44.1
"{391E18CE-7D3B-45E9-A8F0-34E77F14F47A}" = ProductContext
"{393E4C89-67E9-43BF-AD29-94D19F7624F7}" = Connected Backup/PC Agent
"{397F4DE2-3C5A-415C-9A36-1D8C2B30B92D}" = McAfee Agent
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{40AD7A43-5ADB-4DD3-83C6-9F0ADC233242}" = SuppressAutodiscoverOutlook
"{413CEBC4-ABA1-4AC4-ADFB-69FA195F09AB}" = 7300_Help
"{442BE28B-782B-4DC0-B490-E70A403B1C69}" = Readme
"{44D66AD9-AE19-4AFD-BE7E-A1B44C856697}" = MSXML4.0 redistributable
"{4935E86C-C82B-47CE-BE44-38368939CC2F}" = Philips DICOM Viewer R2.6
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{506E853B-8FBF-4F28-86EB-E931ABD0C056}" = Dell Latitude ON Reader
"{5081528F-5DD5-49BA-8213-9A6A13502497}" = Sentinel System Driver
"{50ACF4F1-D38A-4DCE-8147-0F574CDEF45B}" = Citrix online plug-in (USB)
"{53746797-7B41-446C-A90C-0D129A5CDD81}" = Interaction Administrator - Philips Test Enviroment
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5530FDAA-4F3C-4426-A208-CFBAEC6FAA14}" = Interaction Administrator
"{55F9A827-F030-48C1-9BAC-DE650C63E78E}" = SafeGuard Smartcard Provider 4.21.1
"{5B35691C-AB7B-4522-805A-B7FC6C96D2F0}" = Interaction Supervisor - Philips Test Enviroment
"{62BFB4C2-8C4E-4D91-BD7D-81C06EAAC3C0}" = Windows Rights Management Client with Service Pack 2
"{64FC0C98-B035-4530-B15D-3D30610B6DF1}" = HP Software Update
"{655CB07D-C944-40BE-B93F-55957CAC7625}" = AiO_Scan
"{65B5521D-79CD-40D0-BA65-1D19E7E417B2}" = Security Toolbox 2.2.6
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{66A23E28-68BC-418B-877C-0AA1E4517F9A}" = Project Reader
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{68963635-14A4-48D9-B431-DF3A74D1AAE1}" = Destinations
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B005DF6-6B6E-4551-B632-B0001DF50499}" = McAfee Host Intrusion Prevention
"{6B005DF6-6B6E-4551-B632-B0001DF50499}_Uninst" = McAfee Host Intrusion Prevention
"{6C64AB8C-F78B-45C0-98E3-6DE9702E0225}" = Microsoft Office Live Meeting 2007
"{700A6597-3CE6-49C1-AA75-846B24CDA66D}" = BufferChm
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{712FC1EF-6E6A-4440-B6D2-A473207E3E35}" = AmdocsCRM7.5.0.10 Client for Microsoft SQL Server
"{721ABC3B-5F12-4332-9C0C-C11424EF666C}" = WIMGAPI
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{786CD34A-4ED9-4113-B9B9-7DC368BEC076}" = Philips Themes
"{790EDECA-EFF1-4EA7-AE9D-0024E52FD504}" = Philips Corporate Stationery Templates
"{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}" = HPSystemDiagnostics
"{7EFC27F7-1BAC-4E75-AE55-EB6753E3AC49}" = Green Email Signature
"{85BCA736-A0F4-448E-9BC1-6EA08693E10B}" = HP Image Zone Express
"{85CFD253-38AE-4DB1-ACB7-F0F4C791990D}" = AiOSoftware
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A7CAA24-7B23-410B-A7C3-F994B0944160}" = Microsoft Virtual PC 2007
"{8C62A94B-4AB6-485F-A111-93056684D340}" = SQLXML4
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0053-0000-0000-0000000FF1CE}" = Microsoft Office Visio Standard 2007
"{90120000-0053-0000-0000-0000000FF1CE}_VISSTD_{0FD405D3-CAF8-4CA6-8BFD-911D2F8A6585}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-0053-0000-0000-0000000FF1CE}_VISSTD_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
"{90120000-0054-0409-0000-0000000FF1CE}_VISSTD_{519D9F45-CBF4-4E57-B419-11F196CCA8AE}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2A99D4C7-46A8-4985-8152-EF9DD022B96D}" =
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PRJPRO_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PRJPRO_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PRJPRO_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PRJPRO_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PRJPRO_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PRJPRO_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{93C545C0-0E66-4813-BFF1-55B464580909}" = Microsoft EFS Assistant
"{941D95BF-F80C-4E45-8E9C-485B44807603}" = MANDIANT Intelligent Response Agent
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0052-0409-0000-0000000FF1CE}" = Microsoft Visio Viewer 2010
"{96327C3C-96BE-4C7A-A6F7-A71635E5949A}" = Microsoft SQL Server 2005 Backward compatibility
"{987CAEDE-EB67-4D5A-B0C0-AE0640A17B5F}" = Microsoft Conferencing Add-in for Microsoft Office Outlook
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9EF5B77F-703E-4953-9DA9-186E28A62568}" = 7300Trb
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A0E54EC6-EA51-4088-A6EE-BEF1D1D128AB}" = Lotus Notes 7.0.2
"{A2A78788-2792-49BF-AF22-5E9296E568F3}" = Aventail Connect
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A47A9101-6EB5-4314-BDA1-297880FBB908}" = Microsoft redistributable runtime DLLs VS2008 SP1(x86)
"{A8C49EE4-BA9A-43F8-97B1-DBC98EC9B8D9}" = Interaction Screen Recorder Capture Client
"{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AB6FFA58-F491-11D3-8951-000000015799}" = iPassConnect
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}_950" = Adobe Acrobat 9.5.0 - CPSID_83708
"{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{ADBFF96D-EE54-46EA-A835-899955CDCFD8}" = 7300
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{AF7E4468-E364-4991-BC2A-6E8293E1055B}" = BioAPI Framework
"{B117DAE4-1940-4320-8788-811E9D4FE529}" = SafeGuard® Easy Client 4.50.3
"{B124E6D3-91B4-4E3C-AD03-BA959B223537}" = Citrix online plug-in (Web)
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B911B811-BA3E-46D4-90F8-6F3338359651}" = Director
"{BC9F32EE-D1FA-4EDB-8A18-B9FE7D808739}" = InCenter Offline Service
"{BF251EAF-8697-4E89-BF09-C998F97BBC40}" = Microsoft SQL Server Native Client
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C25EF637-BE7A-4761-9B45-9069989C319F}" = Microsoft Visual Studio 2005 Premier Partner Edition - ENU
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 SP1 with KB886903 Hotfix
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{CDFCF124-115F-4976-8BF4-08C89187A146}" = WebReg
"{CE15D1B6-19B6-4D4D-8F43-CF5D2C3356FF}" = McAfee VirusScan Enterprise
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEC7A786-A9C8-4EF7-BB59-6518E3B3C878}" = vcredist_x86
"{CECB4E40-6ECB-4F01-AB74-CDB9D8267F6F}" = iPassConnect
"{D899C197-F8C1-4773-9EC4-6C1FBADB9B29}" = Citrix online plug-in (HDX)
"{D8D4ED7E-954C-449D-B21D-6F97036DF0E9}" = Citrix online plug-in (DV)
"{E24A0015-C73F-4B57-B8DF-5EB84D2E9685}" = Adobe Flash Player 10 ActiveX
"{E3E3C2C5-B78F-560D-01C0-A9F11945D17B}" = Pandora
"{E82554FE-65A8-404A-B227-A9EA00869C51}" = Clarify Integration
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility SP2
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE 10.3
"{F5236011-C8FB-4F06-BFF7-E1A30D33BCAF}" = Interaction Center User Applications
"{F74B95DF-A68C-4A99-98AA-E98698341F21}" = Dell ControlPoint System Manager
"{FC045D5D-6D96-40C1-AD9E-B4361D73061B}" = Outlook Week Numbers Patch
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF1DDCF4-3A28-4F7F-96D8-E3F4BD1C1702}" = Dell Security Device Driver Pack
"{FF2A5498-4EFE-430F-A138-7EB365DBEBAD}" = Adobe Shockwave Player 11.6
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"9D57DE505B6D8C710EF3B74BE638DBB936EED8A3" = Windows Driver Package - Dell Inc. PBADRV System (01/07/2008 1.0.1.5)
"Adobe AIR" = Adobe AIR
"Arcot VPN Client 1.0.1.4" = Arcot VPN Client 1.0.1.4
"Arkadin Outlook AddOn_is1" = Arkadin Outlook AddOn 3.0.3.1
"Audacity_is1" = Audacity 1.2.6
"CitrixOnlinePluginPackWeb" = Citrix online plug-in - web
"com.pandora.desktop.FB9956FD96E03239939108614098AD95535EE674.1" = Pandora
"CyberArmor" = CyberArmor
"GPL Ghostscript Lite_is1" = GPL Ghostscript Lite 8.64
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP Photo & Imaging" = HP Image Zone 4.7
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"McafeeWhitelisting" = McAfee WhiteListing
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Office14.PRJPRO" = Microsoft Project Professional 2010
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"PDF Writer - bioPDF_is1" = PDF Writer - bioPDF 7.0.0.928
"Philips Screensaver v2" = Philips Screensaver v2
"Qlock" = Qlock Pro
"RDC" = RDC
"SAP Links" = SAP Links 2.0.16
"SAP_EasyDMS_Unicode" = SAP Easy Document Management System (UNICODE)
"SAP_ECL" = ECL Viewer
"SAP_JNet" = SAP JNet
"SAP_WUS" = SAPSetup Automatic Workstation Update Service
"SAPBI" = SAP Business Explorer
"SAPGUI710" = SAP GUI for Windows 7.20
"sp6" = Logitech SetPoint 6.32
"TeamViewer 6" = TeamViewer 6
"VISSTD" = Microsoft Office Visio Standard 2007
"VLC media player" = VLC media player 1.1.11
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZTEWireless-101_is1" = Reliance Netconnect - Broadband+

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/14/2012 10:40:58 PM | Computer Name = USDATLPC64NB102 | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Application, SystemIndex
Catalog

Error - 1/15/2012 11:06:08 AM | Computer Name = USDATLPC64NB102 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 1/15/2012 11:06:12 AM | Computer Name = USDATLPC64NB102 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 1/15/2012 11:06:17 AM | Computer Name = USDATLPC64NB102 | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Application, SystemIndex
Catalog

Error - 1/15/2012 11:08:10 AM | Computer Name = USDATLPC64NB102 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 1/15/2012 11:09:20 AM | Computer Name = USDATLPC64NB102 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for CODE1\usd18411 failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 1/15/2012 11:16:13 AM | Computer Name = USDATLPC64NB102 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 1/15/2012 11:16:14 AM | Computer Name = USDATLPC64NB102 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 1/15/2012 11:16:38 AM | Computer Name = USDATLPC64NB102 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 1/15/2012 11:17:51 AM | Computer Name = USDATLPC64NB102 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for CODE1\usd18411 failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

[ OSession Events ]
Error - 9/18/2011 4:48:44 PM | Computer Name = USDATLPC64NB102 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 217
seconds with 0 seconds of active time. This session ended with a crash.

Error - 9/19/2011 3:36:19 PM | Computer Name = USDATLPC64NB102 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 10, Application Name: Microsoft Office Visio, Application Version:
12.0.6556.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 291
seconds with 240 seconds of active time. This session ended with a crash.

Error - 10/2/2011 8:55:19 PM | Computer Name = USDATLPC64NB102 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4323
seconds with 3420 seconds of active time. This session ended with a crash.

Error - 10/10/2011 8:46:17 PM | Computer Name = USDATLPC64NB102 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 49170
seconds with 11760 seconds of active time. This session ended with a crash.

Error - 10/15/2011 2:21:06 AM | Computer Name = USDATLPC64NB102 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 802
seconds with 120 seconds of active time. This session ended with a crash.

Error - 10/20/2011 3:21:03 AM | Computer Name = USDATLPC64NB102 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9895
seconds with 1440 seconds of active time. This session ended with a crash.

Error - 10/20/2011 9:55:09 AM | Computer Name = USDATLPC64NB102 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 10, Application Name: Microsoft Office Visio, Application Version:
12.0.6556.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

Error - 11/21/2011 9:54:31 PM | Computer Name = USDATLPC64NB102 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 1290
seconds with 900 seconds of active time. This session ended with a crash.

Error - 11/30/2011 6:10:59 AM | Computer Name = USDATLPC64NB102 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 408
seconds with 0 seconds of active time. This session ended with a crash.

Error - 12/11/2011 1:09:58 AM | Computer Name = USDATLPC64NB102 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4155
seconds with 1980 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 1/15/2012 11:05:28 AM | Computer Name = USDATLPC64NB102 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 1/15/2012 11:08:19 AM | Computer Name = USDATLPC64NB102 | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Launch
permission for the COM Server application with CLSID {24FF4FDC-1D9F-4195-8C79-0DA39248FF48}

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
modified using the Component Services administrative tool.

Error - 1/15/2012 11:15:08 AM | Computer Name = USDATLPC64NB102 | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain CODE1 due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.

Error - 1/15/2012 11:15:14 AM | Computer Name = USDATLPC64NB102 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.

Error - 1/15/2012 11:15:14 AM | Computer Name = USDATLPC64NB102 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.

Error - 1/15/2012 11:15:17 AM | Computer Name = USDATLPC64NB102 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 1/15/2012 11:18:51 AM | Computer Name = USDATLPC64NB102 | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Launch
permission for the COM Server application with CLSID {24FF4FDC-1D9F-4195-8C79-0DA39248FF48}

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
modified using the Component Services administrative tool.

Error - 1/15/2012 11:20:19 AM | Computer Name = USDATLPC64NB102 | Source = System Error | ID = 1003
Description = Error code 100000d1, parameter1 9af53000, parameter2 00000002, parameter3
00000000, parameter4 9a7e32ec.

Error - 1/15/2012 11:30:20 AM | Computer Name = USDATLPC64NB102 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 29 minutes. NtpClient has no source of accurate
time.

Error - 1/15/2012 12:00:22 PM | Computer Name = USDATLPC64NB102 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 59 minutes. NtpClient has no source of accurate
time.


< End of report >

Attached Files


Edited by hamluis, 15 January 2012 - 11:58 AM.
Moved from XP to Malware Removal Logs.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:36 AM

Posted 21 January 2012 - 11:25 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/438236 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:07:36 PM

Posted 23 January 2012 - 11:52 AM

Hello Robert_P and welcome to BC.

Sorry about the delay, please post the requested logs by HelpBot when ready so we can start the cleaning process. Thank you.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#4 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:07:36 PM

Posted 29 January 2012 - 08:09 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users