OTL logfile created on: 2013-04-25 11:07:45 - Run 2 OTL by OldTimer - Version Folder = D:\userdata\wro01692\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000415 | Country: Poland | Language: PLK | Date Format: yyyy-MM-dd 3,95 Gb Total Physical Memory | 2,02 Gb Available Physical Memory | 51,04% Memory free 7,90 Gb Paging File | 5,72 Gb Available in Paging File | 72,36% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86) Drive C: | 75,00 Gb Total Space | 40,08 Gb Free Space | 53,44% Space Free | Partition Type: NTFS Drive D: | 74,05 Gb Total Space | 50,23 Gb Free Space | 67,83% Space Free | Partition Type: NTFS Drive E: | 6,38 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive H: | 3750,00 Gb Total Space | 1020,02 Gb Free Space | 27,20% Space Free | Partition Type: NTFS Drive M: | 78,13 Gb Total Space | 48,83 Gb Free Space | 62,50% Space Free | Partition Type: MVFS Drive S: | 130,07 Gb Total Space | 126,06 Gb Free Space | 96,91% Space Free | Partition Type: NTFS Computer Name: 3FJF74J | User Name: wro01692 | NOT logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2013-04-22 10:00:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\userdata\WRO01692\Desktop\OTL.exe PRC - [2013-03-15 18:32:36 | 000,601,976 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-Agent.exe PRC - [2013-03-15 18:31:48 | 000,384,888 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe PRC - [2013-03-15 18:31:28 | 000,393,080 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-Service.exe PRC - [2013-03-15 18:31:24 | 000,366,456 | ---- | M] (BlueStack Systems) -- C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe PRC - [2013-03-15 18:31:16 | 000,260,472 | ---- | M] (BlueStack Systems) -- C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe PRC - [2013-03-15 18:31:12 | 000,376,696 | ---- | M] (BlueStack Systems) -- C:\Program Files (x86)\BlueStacks\HD-Network.exe PRC - [2013-01-26 08:08:30 | 004,480,768 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\wro01692\AppData\Local\Akamai\netsession_win.exe PRC - [2012-12-20 19:44:32 | 000,844,296 | ---- | M] (Samsung) -- D:\Private\Samsung\Kies\Kies\External\FirmwareUpdate\KiesPDLR.exe PRC - [2012-12-20 19:44:28 | 000,310,280 | ---- | M] (Samsung Electronics Co., Ltd.) -- D:\Private\Samsung\Kies\Kies\KiesTrayAgent.exe PRC - [2012-12-20 19:44:26 | 001,476,104 | ---- | M] (Samsung) -- D:\Private\Samsung\Kies\Kies\Kies.exe PRC - [2012-12-18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012-09-28 20:44:54 | 012,105,344 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Lync\communicator.exe PRC - [2012-08-25 00:30:36 | 000,028,672 | ---- | M] (IBM Corporation) -- C:\Windows\SysWOW64\cccredmgr.exe PRC - [2012-08-21 16:58:22 | 000,328,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe PRC - [2012-08-16 01:33:38 | 000,037,888 | ---- | M] (IBM Corporation) -- C:\Program Files (x86)\IBM\RationalSDLC\ClearCase\bin\lockmgr.exe PRC - [2012-03-24 19:42:16 | 000,647,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Lync\UcMapi.exe PRC - [2011-12-22 12:37:54 | 000,862,144 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe PRC - [2011-12-22 12:30:40 | 000,092,096 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\ssonsvr.exe PRC - [2011-12-19 15:57:48 | 001,136,512 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe PRC - [2011-11-16 08:13:56 | 000,613,232 | ---- | M] (Open Text Corporation) -- C:\Program Files (x86)\OpenText\Enterprise Connect\UCDAVProxy.exe PRC - [2011-11-16 08:13:56 | 000,042,872 | ---- | M] (Open Text Corporation) -- C:\Program Files (x86)\OpenText\Enterprise Connect\UCDAVService.exe PRC - [2011-08-03 11:56:44 | 000,312,120 | ---- | M] (WebEx) -- C:\Program Files (x86)\WebEx\Connect\wbxcOIEx.exe PRC - [2011-08-03 11:55:54 | 001,937,208 | ---- | M] (Cisco WebEx) -- C:\Program Files (x86)\WebEx\Connect\connect.exe PRC - [2011-08-03 11:55:32 | 000,859,448 | ---- | M] (WebEx Communications Inc.) -- C:\Program Files (x86)\WebEx\Connect\apUpdate.exe PRC - [2010-08-05 11:18:30 | 000,858,792 | ---- | M] (Check Point Software Tech Ltd) -- C:\Program Files (x86)\Pointsec\Pointsec for PC\P95tray.exe PRC - [2010-08-05 11:18:18 | 000,653,992 | ---- | M] (Check Point Software Tech Ltd) -- C:\Windows\SysWOW64\Prot_srv.exe PRC - [2010-08-05 11:18:18 | 000,232,104 | ---- | M] (Check Point Software Tech Ltd) -- C:\Windows\SysWOW64\pstartSr.exe PRC - [2010-08-05 11:17:14 | 000,412,328 | ---- | M] () -- C:\Program Files (x86)\Pointsec\Pointsec for PC\fde_da_ew.exe PRC - [2010-06-02 15:05:00 | 000,070,144 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\Common Files\Check Point\UIFramework\cptray.exe PRC - [2009-12-10 14:09:12 | 001,834,784 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell ControlPoint\System Manager\PanelHelper32.exe PRC - [2009-09-18 05:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\CCM\CcmExec.exe PRC - [2009-08-17 22:09:54 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe PRC - [2009-04-03 12:44:08 | 000,435,584 | ---- | M] (Trend Micro Inc.) -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\CNTAoSMgr.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2013-04-10 13:57:48 | 000,649,728 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\HD-Agent\1c29dcb72b067f11c15e8ad68b2e1040\HD-Agent.ni.exe MOD - [2013-04-10 13:57:33 | 000,155,136 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\JSON\b744621b480c70d708a0a55b975bd90c\JSON.ni.dll MOD - [2013-02-26 14:40:30 | 011,833,344 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll MOD - [2013-02-26 14:40:15 | 012,435,968 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\a59cf850ee6b2a003167700b648ba9c7\System.Windows.Forms.ni.dll MOD - [2013-02-25 14:21:24 | 000,221,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\40ec6eb5a95de56636ea90f638d1eb2c\System.ServiceProcess.ni.dll MOD - [2013-02-25 14:21:23 | 012,082,688 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Web\d4593afc94701312b24fa76ec4d9b871\System.Web.ni.dll MOD - [2013-02-25 12:54:23 | 013,199,360 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\0783e0b01fd91c2c42abe0cb3e5d0c19\System.Windows.Forms.ni.dll MOD - [2013-02-13 17:17:42 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\f62409df88e3dde635df0808c7177097\System.Runtime.Remoting.ni.dll MOD - [2013-02-13 15:02:01 | 001,812,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\2297aa4cb17f43a679db50ea05b2b811\System.Xaml.ni.dll MOD - [2013-02-13 13:49:15 | 018,022,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\c627e9b7f10b01db43645284e601f255\PresentationFramework.ni.dll MOD - [2013-02-13 13:48:55 | 011,522,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\6e5a88684e45c45cddf654a902b9c789\PresentationCore.ni.dll MOD - [2013-02-13 13:48:53 | 001,667,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\293b5e60e01e652ae1bf4096bc6e9f9e\System.Drawing.ni.dll MOD - [2013-02-13 13:48:42 | 003,883,008 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\54fef0787e00fc172cf386ba94bb7f10\WindowsBase.ni.dll MOD - [2013-02-13 13:48:38 | 007,070,208 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\5434074a2458956c9a421cf3a8aab676\System.Core.ni.dll MOD - [2013-02-13 13:48:32 | 005,617,664 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\353fd535963fff2f9086c2f655a47ace\System.Xml.ni.dll MOD - [2013-02-13 13:48:28 | 000,982,528 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\7600fa0122191abced58b5e98303dfb3\System.Configuration.ni.dll MOD - [2013-02-13 13:48:27 | 009,095,168 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\73507c607e4c46f5e04122de0cc5f3fd\System.ni.dll MOD - [2013-02-13 13:48:20 | 014,417,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\3ef97e67e8d2c09fd2495ed952e1afbc\mscorlib.ni.dll MOD - [2013-01-25 10:42:40 | 001,592,832 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013-01-25 10:42:11 | 005,453,312 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013-01-25 10:42:06 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll MOD - [2013-01-25 10:42:05 | 007,989,760 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013-01-25 10:41:42 | 011,493,376 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2011-08-03 11:55:04 | 000,567,808 | ---- | M] () -- C:\Program Files (x86)\WebEx\Connect\sqlite3.dll MOD - [2011-08-03 11:55:04 | 000,219,136 | ---- | M] () -- C:\Program Files (x86)\WebEx\Connect\skinengine.dll MOD - [2011-08-03 11:55:04 | 000,020,992 | ---- | M] () -- C:\Program Files (x86)\WebEx\Connect\threadipc.dll MOD - [2011-08-03 11:55:02 | 000,921,088 | ---- | M] () -- C:\Program Files (x86)\WebEx\Connect\libetpan.dll MOD - [2011-08-03 11:55:02 | 000,766,960 | ---- | M] () -- C:\Program Files (x86)\WebEx\Connect\libexpatw.dll MOD - [2011-08-03 11:55:02 | 000,705,024 | ---- | M] () -- C:\Program Files (x86)\WebEx\Connect\at_dll.dll MOD - [2011-08-03 11:55:02 | 000,546,304 | ---- | M] () -- C:\Program Files (x86)\WebEx\Connect\personalmgr.dll MOD - [2011-08-03 11:55:02 | 000,507,904 | ---- | M] () -- C:\Program Files (x86)\WebEx\Connect\WapiClient.dll MOD - [2011-08-03 11:55:02 | 000,420,352 | ---- | M] () -- C:\Program Files (x86)\WebEx\Connect\XmppMgr.dll MOD - [2011-08-03 11:55:02 | 000,415,232 | ---- | M] () -- C:\Program Files (x86)\WebEx\Connect\conComUI.dll MOD - [2011-08-03 11:55:02 | 000,334,336 | ---- | M] () -- C:\Program Files (x86)\WebEx\Connect\apComRes.dll MOD - [2011-08-03 11:55:02 | 000,270,336 | ---- | M] () -- C:\Program Files (x86)\WebEx\Connect\conCommClient.dll MOD - [2011-08-03 11:55:02 | 000,226,816 | ---- | M] () -- C:\Program Files (x86)\WebEx\Connect\WidgetProxy.dll MOD - [2011-08-03 11:55:02 | 000,111,104 | ---- | M] () -- C:\Program Files (x86)\WebEx\Connect\apCsSe.dll MOD - [2011-08-03 11:55:02 | 000,110,592 | ---- | M] () -- C:\Program Files (x86)\WebEx\Connect\conhelp.dll MOD - [2011-08-03 11:55:02 | 000,107,520 | ---- | M] () -- C:\Program Files (x86)\WebEx\Connect\apXMLMeeting.dll MOD - [2011-08-03 11:55:02 | 000,096,256 | ---- | M] () -- C:\Program Files (x86)\WebEx\Connect\apSSLGse.dll MOD - [2011-08-03 11:55:02 | 000,058,368 | ---- | M] () -- C:\Program Files (x86)\WebEx\Connect\apReportDll.dll MOD - [2011-08-03 11:55:02 | 000,055,808 | ---- | M] () -- C:\Program Files (x86)\WebEx\Connect\ipc.dll MOD - [2011-08-03 11:55:00 | 000,725,504 | ---- | M] () -- C:\Program Files (x86)\WebEx\Connect\TriAVView.dll MOD - [2011-08-03 11:55:00 | 000,406,016 | ---- | M] () -- C:\Program Files (x86)\WebEx\Connect\P2PAudioVideo.dll MOD - [2011-08-03 11:55:00 | 000,343,040 | ---- | M] () -- C:\Program Files (x86)\WebEx\Connect\PandoraWidget.dll MOD - [2011-08-03 11:55:00 | 000,233,984 | ---- | M] () -- C:\Program Files (x86)\WebEx\Connect\SearchOverlay.dll MOD - [2011-08-03 11:55:00 | 000,204,800 | ---- | M] () -- C:\Program Files (x86)\WebEx\Connect\TriCapture.dll MOD - [2011-08-03 11:55:00 | 000,080,896 | ---- | M] () -- C:\Program Files (x86)\WebEx\Connect\SharedMenu.dll MOD - [2011-08-03 11:54:56 | 000,896,000 | ---- | M] () -- C:\Program Files (x86)\WebEx\Connect\ConvWindow.dll MOD - [2011-08-03 11:54:56 | 000,553,984 | ---- | M] () -- C:\Program Files (x86)\WebEx\Connect\MeetingTab.dll MOD - [2011-08-03 11:54:56 | 000,540,160 | ---- | M] () -- C:\Program Files (x86)\WebEx\Connect\ContactPage.dll MOD - [2011-08-03 11:54:56 | 000,357,376 | ---- | M] () -- C:\Program Files (x86)\WebEx\Connect\MeetingMgr.dll MOD - [2011-08-03 11:54:56 | 000,330,240 | ---- | M] () -- C:\Program Files (x86)\WebEx\Connect\ConOI.dll MOD - [2011-08-03 11:54:56 | 000,324,608 | ---- | M] () -- C:\Program Files (x86)\WebEx\Connect\AudioConfMgr.dll MOD - [2011-08-03 11:54:56 | 000,279,040 | ---- | M] () -- C:\Program Files (x86)\WebEx\Connect\ConnectConfigInfo.dll MOD - [2011-08-03 11:54:56 | 000,272,896 | ---- | M] () -- C:\Program Files (x86)\WebEx\Connect\CEB.dll MOD - [2011-08-03 11:54:56 | 000,256,512 | ---- | M] () -- C:\Program Files (x86)\WebEx\Connect\InstantMeeting.dll MOD - [2011-08-03 11:54:56 | 000,158,720 | ---- | M] () -- C:\Program Files (x86)\WebEx\Connect\NotiMgr.dll MOD - [2011-08-03 11:54:56 | 000,120,320 | ---- | M] () -- C:\Program Files (x86)\WebEx\Connect\Buff.dll MOD - [2011-08-03 11:54:56 | 000,101,888 | ---- | M] () -- C:\Program Files (x86)\WebEx\Connect\CacheManager.dll MOD - [2011-08-03 11:54:56 | 000,066,048 | ---- | M] () -- C:\Program Files (x86)\WebEx\Connect\Expat.dll MOD - [2011-08-03 11:54:56 | 000,047,104 | ---- | M] () -- C:\Program Files (x86)\WebEx\Connect\NetworkMonitor.dll MOD - [2011-08-03 11:54:56 | 000,045,568 | ---- | M] () -- C:\Program Files (x86)\WebEx\Connect\AudioConfBridge.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2011-08-31 12:49:06 | 000,158,208 | ---- | M] (Siemens AG) [Auto | Running] -- C:\Program Files\Siemens\UCMS\Core\UCMS.exe -- (UCMS) SRV:[b]64bit:[/b] - [2011-02-10 21:44:52 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_e085d3cd5b474ba6\stacsv64.exe -- (STacSV) SRV:[b]64bit:[/b] - [2011-02-10 21:44:50 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_e085d3cd5b474ba6\AESTSr64.exe -- (AESTFilters) SRV:[b]64bit:[/b] - [2009-12-10 14:09:16 | 000,515,872 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe -- (dcpsysmgrsvc) SRV:[b]64bit:[/b] - [2009-11-20 18:43:04 | 000,373,024 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe -- (buttonsvc64) SRV:[b]64bit:[/b] - [2009-08-17 22:09:52 | 000,868,128 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV:[b]64bit:[/b] - [2009-07-14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:[b]64bit:[/b] - [2009-07-14 03:39:47 | 000,081,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tlntsvr.exe -- (TlntSvr) SRV - [2013-04-06 21:11:14 | 002,261,504 | ---- | M] (Proxy Labs) [Auto | Running] -- D:\Proxy Labs\ProxyCap\pcapsvc.exe -- (pcapsvc) SRV - [2013-03-29 21:53:56 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013-03-17 13:18:48 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013-03-15 18:31:48 | 000,384,888 | ---- | M] (BlueStack Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe -- (BstHdLogRotatorSvc) SRV - [2013-03-15 18:31:28 | 000,393,080 | ---- | M] (BlueStack Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-Service.exe -- (BstHdAndroidSvc) SRV - [2012-12-18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012-08-25 00:30:36 | 000,028,672 | ---- | M] (IBM Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cccredmgr.exe -- (cccredmgr) SRV - [2012-08-22 00:28:20 | 000,227,328 | ---- | M] () [Auto | Stopped] -- C:/Program Files (x86)/IBM/RationalSDLC/ClearCase/bin/albd_server.exe -- (Albd) SRV - [2012-08-16 01:33:38 | 000,037,888 | ---- | M] (IBM Corporation) [Auto | Running] -- C:\Program Files (x86)\IBM\RationalSDLC\ClearCase\bin\lockmgr.exe -- (LockMgr) SRV - [2012-02-23 18:37:32 | 002,425,504 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmListen.exe -- (tmlisten) SRV - [2012-01-16 11:01:54 | 002,138,400 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\NTRTScan.exe -- (ntrtscan) SRV - [2011-11-16 08:13:56 | 000,042,872 | ---- | M] (Open Text Corporation) [Auto | Running] -- C:\Program Files (x86)\OpenText\Enterprise Connect\UCDAVService.exe -- (UCDavService) SRV - [2011-09-09 06:38:56 | 000,475,088 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent) SRV - [2011-08-03 11:55:32 | 000,859,448 | ---- | M] (WebEx Communications Inc.) [Auto | Running] -- C:\Program Files (x86)\WebEx\Connect\apUpdate.exe -- (Cisco WebEx Connect Upgrade Service) SRV - [2011-04-15 13:27:06 | 000,596,736 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmPfw.exe -- (TmPfw) SRV - [2011-04-15 13:17:44 | 000,918,032 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmProxy.exe -- (TmProxy) SRV - [2011-02-10 21:44:52 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\WINDOWS\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_e085d3cd5b474ba6\STacSV64.exe -- (STacSV) SRV - [2011-02-10 21:44:50 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\WINDOWS\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_e085d3cd5b474ba6\AESTSr64.exe -- (AESTFilters) SRV - [2010-08-05 11:18:18 | 000,653,992 | ---- | M] (Check Point Software Tech Ltd) [Auto | Running] -- C:\Windows\SysWOW64\Prot_srv.exe -- (Pointsec) SRV - [2010-08-05 11:18:18 | 000,232,104 | ---- | M] (Check Point Software Tech Ltd) [Auto | Running] -- C:\Windows\SysWOW64\pstartSr.exe -- (Pointsec_start) SRV - [2010-06-25 19:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009-09-18 05:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\CCM\CcmExec.exe -- (CcmExec) SRV - [2009-09-18 05:00:00 | 000,246,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\CCM\TSManager.exe -- (smstsmgr) SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - [2012-11-05 15:37:32 | 000,289,448 | ---- | M] (Check Point Software Tech Ltd) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\prot_2k.sys -- (prot_2k) DRV:[b]64bit:[/b] - [2012-09-20 06:35:36 | 000,203,104 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) DRV:[b]64bit:[/b] - [2012-09-20 06:35:36 | 000,102,368 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) DRV:[b]64bit:[/b] - [2012-08-23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:[b]64bit:[/b] - [2012-08-23 16:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:[b]64bit:[/b] - [2012-08-23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:[b]64bit:[/b] - [2012-08-22 00:33:04 | 000,018,840 | ---- | M] (IBM Corporation) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\mvfsMini60x64.sys -- (MVFS Storage Filter) DRV:[b]64bit:[/b] - [2012-08-22 00:30:50 | 000,692,632 | ---- | M] (IBM Corporation) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\mvfs60x64.sys -- (Mvfs) DRV:[b]64bit:[/b] - [2012-03-01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:[b]64bit:[/b] - [2011-09-09 06:30:06 | 000,026,536 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva) DRV:[b]64bit:[/b] - [2011-09-09 06:29:20 | 000,106,408 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acsock64.sys -- (acsock) DRV:[b]64bit:[/b] - [2011-06-29 06:18:16 | 000,091,864 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ctxusbm.sys -- (ctxusbm) DRV:[b]64bit:[/b] - [2011-03-11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:[b]64bit:[/b] - [2011-03-11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:[b]64bit:[/b] - [2011-02-14 23:56:08 | 000,287,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y62x64.sys -- (e1yexpress) DRV:[b]64bit:[/b] - [2011-02-14 23:56:02 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:[b]64bit:[/b] - [2011-02-14 23:56:02 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:[b]64bit:[/b] - [2011-02-14 23:56:02 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:[b]64bit:[/b] - [2011-02-14 23:56:02 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:[b]64bit:[/b] - [2011-02-10 21:45:16 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:[b]64bit:[/b] - [2011-02-10 21:45:14 | 010,603,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:[b]64bit:[/b] - [2011-02-10 21:45:06 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:[b]64bit:[/b] - [2011-02-10 21:45:00 | 000,300,592 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService) DRV:[b]64bit:[/b] - [2011-02-10 21:44:58 | 000,416,328 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Mbm3DevMt.sys -- (Mbm3DevMt) DRV:[b]64bit:[/b] - [2011-02-10 21:44:58 | 000,378,952 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Mbm3CBus.sys -- (Mbm3CBus) DRV:[b]64bit:[/b] - [2011-02-10 21:44:58 | 000,127,104 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qcusbserdl.sys -- (qcusbserdl) DRV:[b]64bit:[/b] - [2011-02-10 21:44:58 | 000,121,600 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qcusbserdl2k.sys -- (qcusbserdl2k) DRV:[b]64bit:[/b] - [2011-02-10 21:44:58 | 000,038,440 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cvusbdrv.sys -- (cvusbdrv) DRV:[b]64bit:[/b] - [2011-02-10 21:44:58 | 000,017,408 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wwussf64.sys -- (ecnssndisfltr) DRV:[b]64bit:[/b] - [2011-02-10 21:44:58 | 000,012,800 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wwuss64.sys -- (ecnssndis) DRV:[b]64bit:[/b] - [2011-02-10 21:44:58 | 000,008,832 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qcfilterdl.sys -- (QCFilterdl) DRV:[b]64bit:[/b] - [2011-02-10 21:44:58 | 000,006,400 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qcfilterdl2k.sys -- (qcfilterdl2k) DRV:[b]64bit:[/b] - [2011-02-10 21:44:56 | 000,376,320 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\d557mgmt.sys -- (d557mgmt) DRV:[b]64bit:[/b] - [2011-02-10 21:44:56 | 000,328,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\d557bus.sys -- (d557bus) DRV:[b]64bit:[/b] - [2011-02-10 21:44:56 | 000,096,296 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\d554gps64.sys -- (d554gps) DRV:[b]64bit:[/b] - [2011-02-10 21:44:54 | 000,505,856 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:[b]64bit:[/b] - [2011-02-10 21:44:54 | 000,080,896 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\risdpe64.sys -- (risdpcie) DRV:[b]64bit:[/b] - [2011-02-10 21:44:54 | 000,067,584 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk) DRV:[b]64bit:[/b] - [2011-02-10 21:44:54 | 000,060,416 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rimspe64.sys -- (rimspci) DRV:[b]64bit:[/b] - [2011-02-10 21:44:54 | 000,057,856 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp) DRV:[b]64bit:[/b] - [2011-02-10 21:44:54 | 000,055,808 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rixdpe64.sys -- (rixdpcie) DRV:[b]64bit:[/b] - [2011-02-10 21:44:54 | 000,055,296 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk) DRV:[b]64bit:[/b] - [2010-11-21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:[b]64bit:[/b] - [2010-11-21 05:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:[b]64bit:[/b] - [2010-11-21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:[b]64bit:[/b] - [2010-11-08 20:07:48 | 000,338,000 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\tmwfp.sys -- (tmwfp) DRV:[b]64bit:[/b] - [2010-11-08 20:06:58 | 000,196,688 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmlwf.sys -- (tmlwf) DRV:[b]64bit:[/b] - [2010-11-08 20:05:20 | 000,108,624 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi) DRV:[b]64bit:[/b] - [2010-10-18 03:21:32 | 008,153,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) DRV:[b]64bit:[/b] - [2010-09-27 16:05:15 | 000,145,408 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) DRV:[b]64bit:[/b] - [2010-06-25 19:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF) DRV:[b]64bit:[/b] - [2009-10-29 20:38:42 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) DRV:[b]64bit:[/b] - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:[b]64bit:[/b] - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:[b]64bit:[/b] - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:[b]64bit:[/b] - [2009-07-14 02:00:24 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\acpials.sys -- (acpials) DRV:[b]64bit:[/b] - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:[b]64bit:[/b] - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:[b]64bit:[/b] - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:[b]64bit:[/b] - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2013-03-15 18:31:40 | 000,071,032 | ---- | M] (BlueStack Systems) [Kernel | Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys -- (BstHdDrv) DRV - [2012-07-17 13:37:44 | 000,344,376 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmxpflt.sys -- (TmFilter) DRV - [2012-07-17 13:37:16 | 000,042,808 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmpreflt.sys -- (TmPreFilter) DRV - [2012-07-17 13:28:46 | 002,224,952 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\VsapiNT.sys -- (VSApiNt) DRV - [2010-08-05 11:17:18 | 000,222,504 | ---- | M] (Check Point Software Tech Ltd) [Kernel | Boot | Running] -- C:\WINDOWS\SysWow64\drivers\prot_2k.sys -- (prot_2k) DRV - [2009-09-18 05:00:00 | 000,026,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\CCM\PrepDrv.sys -- (prepdrvr) DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://proxyconf.glb.nsn-net.net/proxy.pac IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://proxyconf.glb.nsn-net.net/proxy.pac IE - HKU\S-1-5-21-1593251271-2640304127-1825641215-96630\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = https://inside.nokiasiemensnetworks.com/ IE - HKU\S-1-5-21-1593251271-2640304127-1825641215-96630\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://inside.nokiasiemensnetworks.com/ IE - HKU\S-1-5-21-1593251271-2640304127-1825641215-96630\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1593251271-2640304127-1825641215-96630\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1593251271-2640304127-1825641215-96630\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1593251271-2640304127-1825641215-96630\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = IE - HKU\S-1-5-21-1593251271-2640304127-1825641215-96630\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = IE - HKU\S-1-5-21-1593251271-2640304127-1825641215-96630\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://proxyconf.glb.nsn-net.net/proxy.pac [color=#E56717]========== FireFox ==========[/color] FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Citrix.com/npican: C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\WINDOWS\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) [2013-03-17 13:05:51 | 000,000,000 | ---D | M] (No name found) -- D:\userdata\WRO01692\Application Data\Mozilla\Extensions [2012-09-28 20:39:06 | 000,031,872 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll O1 HOSTS File: ([2009-06-10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:[b]64bit:[/b] - BHO: (WebEx Productivity Tools) - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli64.dll (Cisco WebEx LLC) O2:[b]64bit:[/b] - BHO: (Enterprise Connect ToolBar Helper) - {C7050823-9FEE-41db-9741-72B3562D4898} - C:\Program Files (x86)\OpenText\Enterprise Connect\HECWE64.dll (Open Text Corporation) O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Enterprise Connect ToolBar Helper) - {C7050823-9FEE-41db-9741-72B3562D4898} - C:\Program Files (x86)\OpenText\Enterprise Connect\HECWE.dll (Open Text Corporation) O2 - BHO: (Password Manager XP Helper) - {F0BD2AEF-6A48-42DC-85CE-F4C335C59B5E} - C:\Program Files (x86)\Password Manager XP\Integration\IE\PMHelper.dll (CP Lab) O3:[b]64bit:[/b] - HKLM\..\Toolbar: (Enterprise Connect) - {90B54763-4C78-439C-BFA5-910FF9F74AB2} - C:\Program Files (x86)\OpenText\Enterprise Connect\HECWE64.dll (Open Text Corporation) O3:[b]64bit:[/b] - HKLM\..\Toolbar: (WebEx Productivity Tools) - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli64.dll (Cisco WebEx LLC) O4:[b]64bit:[/b] - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4:[b]64bit:[/b] - HKLM..\Run: [DellControlPoint] C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe (Dell Inc.) O4:[b]64bit:[/b] - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [MCDesk] %ProgramFiles%\Siemens\Customer\tools\MCDesk\MCDesk64.exe %ProgramFiles%\Siemens\Customer\tools\MCDesk\NSN.ini File not found O4:[b]64bit:[/b] - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [ProxyCap] D:\Proxy Labs\ProxyCap\pcapui.exe (Proxy Labs) O4:[b]64bit:[/b] - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe (BlueStack Systems, Inc.) O4 - HKLM..\Run: [CCDoctor] C:\Program Files (x86)\IBM\RationalSDLC\ClearCase\bin\ccdoctor.exe (Rational Software Corporation) O4 - HKLM..\Run: [Check Point Endpoint Tray Application] C:\Program Files (x86)\Common Files\Check Point\UIFramework\cptray.exe (Check Point Software Technologies LTD) O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.) O4 - HKLM..\Run: [Communicator] C:\Program Files (x86)\Microsoft Lync\communicator.exe (Microsoft Corporation) O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.) O4 - HKLM..\Run: [KiesTrayAgent] D:\Private\Samsung\Kies\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Program Files (x86)\Trend Micro\OfficeScan Client\pccntmon.exe (Trend Micro Inc.) O4 - HKLM..\Run: [OpenText WebDAV Server] C:\Program Files (x86)\OpenText\Enterprise Connect\UCDAVProxy.exe (Open Text Corporation) O4 - HKLM..\Run: [Pointsec Tray] C:\Program Files (x86)\Pointsec\Pointsec for PC\P95tray.exe (Check Point Software Tech Ltd) O4 - HKU\.DEFAULT..\Run: [Cisco WebEx Connect] C:\Program Files (x86)\WebEx\Connect\connect.exe (Cisco WebEx) O4 - HKU\S-1-5-18..\Run: [Cisco WebEx Connect] C:\Program Files (x86)\WebEx\Connect\connect.exe (Cisco WebEx) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1593251271-2640304127-1825641215-96630..\Run: [] D:\Private\Samsung\Kies\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung) O4 - HKU\S-1-5-21-1593251271-2640304127-1825641215-96630..\Run: [Akamai NetSession Interface] C:\Users\wro01692\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) O4 - HKU\S-1-5-21-1593251271-2640304127-1825641215-96630..\Run: [Cisco WebEx Connect] C:\Program Files (x86)\WebEx\Connect\connect.exe (Cisco WebEx) O4 - HKU\S-1-5-21-1593251271-2640304127-1825641215-96630..\Run: [KiesAirMessage] D:\Private\Samsung\Kies\Kies\KiesAirMessage.exe -startup File not found O4 - HKU\S-1-5-21-1593251271-2640304127-1825641215-96630..\Run: [KiesPreload] D:\Private\Samsung\Kies\Kies\Kies.exe (Samsung) O4 - HKU\S-1-5-21-1593251271-2640304127-1825641215-96630..\Run: [Steam] D:\Steam\Steam.exe (Valve Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\All Users\Application Data\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk = File not found O4 - Startup: C:\Users\All Users\Application Data\Microsoft\Windows\Start Menu\Programs\Startup\Dell ControlPoint System Manager.lnk = File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\CaretBrowsing present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Download present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\SearchScopes present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Security present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\SQM present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPublishingWizard = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWebServices = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoOnlinePrintsWizard = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: enablelinkedconnections = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: nointernetopenwith = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStartupSound = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: MaxGPOScriptWait = 1800 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideShutdownScripts = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Main present O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\SearchScopes present O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\SQM present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Main present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\SearchScopes present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\SQM present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Main present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\SearchScopes present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\SQM present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Main present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\SearchScopes present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\SQM present O7 - HKU\S-1-5-21-1593251271-2640304127-1825641215-96630\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1593251271-2640304127-1825641215-96630\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O7 - HKU\S-1-5-21-1593251271-2640304127-1825641215-96630\Software\Policies\Microsoft\Internet Explorer\Main present O7 - HKU\S-1-5-21-1593251271-2640304127-1825641215-96630\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-21-1593251271-2640304127-1825641215-96630\Software\Policies\Microsoft\Internet Explorer\SearchScopes present O7 - HKU\S-1-5-21-1593251271-2640304127-1825641215-96630\Software\Policies\Microsoft\Internet Explorer\SQM present O7 - HKU\S-1-5-21-1593251271-2640304127-1825641215-96630\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O7 - HKU\S-1-5-21-1593251271-2640304127-1825641215-96630\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisablePersonalDirChange = 1 O7 - HKU\S-1-5-21-1593251271-2640304127-1825641215-96630\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyGames = 1 O7 - HKU\S-1-5-21-1593251271-2640304127-1825641215-96630\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 1 = HomeGroup O7 - HKU\S-1-5-21-1593251271-2640304127-1825641215-96630\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 2 = Share with a homegroup O7 - HKU\S-1-5-21-1593251271-2640304127-1825641215-96630\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 3 = Get Windows Live Essentials O7 - HKU\S-1-5-21-1593251271-2640304127-1825641215-96630\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 4 = Go online to get Windows Live Essentials O7 - HKU\S-1-5-21-1593251271-2640304127-1825641215-96630\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 5 = Create a system repair disc O7 - HKU\S-1-5-21-1593251271-2640304127-1825641215-96630\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0 O7 - HKU\S-1-5-21-1593251271-2640304127-1825641215-96630\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogonScripts = 0 O7 - HKU\S-1-5-21-1593251271-2640304127-1825641215-96630\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0 O8:[b]64bit:[/b] - Extra context menu item: I&M Chat - C:\Program Files (x86)\Nokia Siemens Networks\Communication Suite\scripts\call_imscript.htm () O8:[b]64bit:[/b] - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8:[b]64bit:[/b] - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8:[b]64bit:[/b] - Extra context menu item: V&oice Call - C:\Program Files (x86)\Nokia Siemens Networks\Communication Suite\scripts\call_voicescript.htm () O8:[b]64bit:[/b] - Extra context menu item: Vi&deo Call - C:\Program Files (x86)\Nokia Siemens Networks\Communication Suite\scripts\call_videoscript.htm () O8 - Extra context menu item: I&M Chat - C:\Program Files (x86)\Nokia Siemens Networks\Communication Suite\scripts\call_imscript.htm () O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: V&oice Call - C:\Program Files (x86)\Nokia Siemens Networks\Communication Suite\scripts\call_voicescript.htm () O8 - Extra context menu item: Vi&deo Call - C:\Program Files (x86)\Nokia Siemens Networks\Communication Suite\scripts\call_videoscript.htm () O9:[b]64bit:[/b] - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:[b]64bit:[/b] - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation) O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\WINDOWS\SysNative\pcapwsp.dll (Proxy Labs) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\WINDOWS\SysWow64\pcapwsp.dll (Proxy Labs) O13[b]64bit:[/b] - gopher Prefix: missing O13 - gopher Prefix: missing O16:[b]64bit:[/b] - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16:[b]64bit:[/b] - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16:[b]64bit:[/b] - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {41520880-8342-3431-3684-140032321000} https://sharenet-ims.inside.nokiasiemensnetworks.com/livelink/livelink?func=webdav.webdavxpi&filename=otdavview101.cab (Content Server - WebDAV 10.0.1) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CC679CB8-DC4B-458B-B817-D447B3B6AC31} vpnweb.cab (Cisco AnyConnect Secure Mobility Client Web Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = nsn-intra.net O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{120B3FE3-1129-44C1-BEE3-93EB1BD9780C}: DhcpNameServer = O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D6FB7FF7-13CA-4AE0-AA06-6CD32FC2BB23}: DhcpNameServer = O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found O18:[b]64bit:[/b] - Protocol\Filter\application/x-ica - No CLSID value found O18:[b]64bit:[/b] - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found O18:[b]64bit:[/b] - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found O18:[b]64bit:[/b] - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found O18:[b]64bit:[/b] - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found O18:[b]64bit:[/b] - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found O18:[b]64bit:[/b] - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found O18:[b]64bit:[/b] - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found O18:[b]64bit:[/b] - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found O18:[b]64bit:[/b] - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found O18:[b]64bit:[/b] - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found O18:[b]64bit:[/b] - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found O18:[b]64bit:[/b] - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found O18:[b]64bit:[/b] - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found O18:[b]64bit:[/b] - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found O18:[b]64bit:[/b] - Protocol\Filter\ica - No CLSID value found O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\WINDOWS\System32\Userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: GinaDLL - (pssogina.dll) - C:\WINDOWS\SysNative\pssogina.dll (Check Point Software Tech Ltd) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation) O20:[b]64bit:[/b] - Winlogon\Notify\ccnotify: DllName - (ccnotify.dll) - C:\WINDOWS\SysNative\ccnotify.dll (IBM Corporation) O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\WINDOWS\SysNative\igfxdev.dll (Intel Corporation) O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 0 O32 - AutoRun File - [2013-03-26 09:27:43 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2012-06-14 00:28:07 | 000,000,044 | R--- | M] () - E:\autorun.inf -- [ UDF ] O34 - HKLM BootExecute: (autocheck autochk *) O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2013-04-25 11:03:52 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013-04-24 07:55:45 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\apisetschema.dll [2013-04-24 07:55:44 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntoskrnl.exe [2013-04-24 07:55:43 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ntkrnlpa.exe [2013-04-24 07:55:43 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ntoskrnl.exe [2013-04-24 07:55:43 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\csrsrv.dll [2013-04-24 07:55:42 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\smss.exe [2013-04-24 07:55:00 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mshtmled.dll [2013-04-24 07:55:00 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mshtmled.dll [2013-04-24 07:54:58 | 000,735,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msfeeds.dll [2013-04-24 07:54:56 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieui.dll [2013-04-24 07:54:56 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ieui.dll [2013-04-24 07:54:56 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\url.dll [2013-04-24 07:54:56 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\url.dll [2013-04-22 10:00:25 | 000,602,112 | ---- | C] (OldTimer Tools) -- D:\userdata\wro01692\Desktop\OTL.exe [2013-04-12 11:15:14 | 000,000,000 | ---D | C] -- C:\Users\wro01692\Lync Recordings [2013-04-12 11:05:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013-04-12 11:04:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Lync [2013-04-12 11:04:40 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Lync [2013-04-12 11:04:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Lync [2013-04-12 11:03:51 | 000,000,000 | ---D | C] -- C:\Users\wro01692\Tracing [2013-04-12 11:03:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OCSetup [2013-04-10 13:55:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks [2013-04-10 13:55:32 | 000,000,000 | ---D | C] -- C:\ProgramData\BlueStacks [2013-04-10 13:40:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\appmgmt [2013-04-10 07:59:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BlueStacks [2013-04-10 07:59:10 | 000,000,000 | ---D | C] -- C:\ProgramData\BlueStacksSetup [2013-04-06 21:15:48 | 000,683,520 | ---- | C] (Proxy Labs) -- C:\WINDOWS\SysNative\pcapwsp.dll [2013-04-06 21:15:38 | 000,552,960 | ---- | C] (Proxy Labs) -- C:\WINDOWS\SysWow64\pcapwsp.dll [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2013-04-25 11:18:01 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013-04-25 11:14:26 | 000,006,720 | ---- | M] () -- C:\WINDOWS\cfgall.ini [2013-04-25 11:10:53 | 000,019,136 | -H-- | M] () -- C:\WINDOWS\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013-04-25 11:10:53 | 000,019,136 | -H-- | M] () -- C:\WINDOWS\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013-04-25 11:07:56 | 000,000,393 | ---- | M] () -- C:\WINDOWS\SMSCFG.INI [2013-04-25 11:04:26 | 000,001,984 | ---- | M] () -- D:\userdata\wro01692\Desktop\3FJF74J WRO01692.lnk [2013-04-25 11:03:58 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2013-04-25 11:03:04 | 000,002,573 | ---- | M] () -- C:\Users\Public\Desktop\Connect network drives.lnk [2013-04-25 11:02:19 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013-04-25 11:02:10 | 3183,374,336 | -HS- | M] () -- C:\hiberfil.sys [2013-04-25 10:59:15 | 000,000,151 | ---- | M] () -- D:\userdata\wro01692\Desktop\fix2.bat [2013-04-25 10:46:00 | 000,000,902 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2013-04-25 10:43:03 | 000,000,169 | ---- | M] () -- D:\userdata\wro01692\Desktop\fix.bat [2013-04-25 10:01:52 | 000,338,520 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT [2013-04-24 14:54:06 | 000,214,603 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2013-04-24 07:38:05 | 000,676,934 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat [2013-04-24 07:38:04 | 000,812,894 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI [2013-04-24 07:38:04 | 000,129,400 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat [2013-04-22 10:00:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\userdata\wro01692\Desktop\OTL.exe [2013-04-21 20:24:51 | 000,234,544 | ---- | M] () -- C:\WINDOWS\RegBootClean64.exe [2013-04-21 20:24:51 | 000,004,642 | ---- | M] () -- C:\WINDOWS\RegBootClean64.CFG [2013-04-21 20:24:35 | 000,181,808 | ---- | M] () -- C:\WINDOWS\RegBootClean.exe [2013-04-21 20:24:35 | 000,004,256 | ---- | M] () -- C:\WINDOWS\RegBootClean.CFG [2013-04-15 09:00:32 | 000,060,380 | RHS- | M] () -- C:\Users\wro01692\ntuser.pol [2013-04-10 13:55:59 | 000,001,786 | ---- | M] () -- C:\Users\Public\Desktop\Apps.lnk [2013-04-10 13:55:58 | 000,001,813 | ---- | M] () -- C:\Users\Public\Desktop\Start BlueStacks.lnk [2013-04-06 21:15:48 | 000,683,520 | ---- | M] (Proxy Labs) -- C:\WINDOWS\SysNative\pcapwsp.dll [2013-04-06 21:15:38 | 000,552,960 | ---- | M] (Proxy Labs) -- C:\WINDOWS\SysWow64\pcapwsp.dll [2013-04-06 21:13:00 | 000,315,392 | ---- | M] ( ) -- C:\WINDOWS\SysWow64\sbcrreag.dll [2013-04-06 21:10:42 | 000,359,936 | ---- | M] ( ) -- C:\WINDOWS\SysNative\sbcrreag.dll [color=#E56717]========== Files Created - No Company Name ==========[/color] [2013-04-25 10:59:15 | 000,000,151 | ---- | C] () -- D:\userdata\wro01692\Desktop\fix2.bat [2013-04-25 10:28:39 | 000,000,169 | ---- | C] () -- D:\userdata\wro01692\Desktop\fix.bat [2013-04-19 09:36:48 | 000,004,642 | ---- | C] () -- C:\WINDOWS\RegBootClean64.CFG [2013-04-19 09:36:28 | 000,004,256 | ---- | C] () -- C:\WINDOWS\RegBootClean.CFG [2013-04-10 13:55:59 | 000,001,786 | ---- | C] () -- C:\Users\Public\Desktop\Apps.lnk [2013-04-10 13:55:58 | 000,001,813 | ---- | C] () -- C:\Users\Public\Desktop\Start BlueStacks.lnk [2013-04-10 10:13:54 | 000,002,573 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ProxyCap.lnk [2013-04-06 21:13:00 | 000,315,392 | ---- | C] ( ) -- C:\WINDOWS\SysWow64\sbcrreag.dll [2013-04-06 21:10:42 | 000,359,936 | ---- | C] ( ) -- C:\WINDOWS\SysNative\sbcrreag.dll [2013-03-06 10:09:03 | 000,234,544 | ---- | C] () -- C:\WINDOWS\RegBootClean64.exe [2013-03-06 10:08:56 | 000,181,808 | ---- | C] () -- C:\WINDOWS\RegBootClean.exe [2013-01-23 16:15:18 | 000,000,600 | ---- | C] () -- C:\Users\wro01692\PUTTY.RND [2013-01-21 11:50:04 | 000,004,761 | ---- | C] () -- C:\Users\wro01692\AppData\Local\recently-used.xbel [2012-12-18 11:06:10 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe [2012-12-18 11:06:06 | 000,974,848 | ---- | C] () -- C:\WINDOWS\SysWow64\cis-2.4.dll [2012-12-18 11:06:06 | 000,081,920 | ---- | C] () -- C:\WINDOWS\SysWow64\issacapi_bs-2.3.dll [2012-12-18 11:06:06 | 000,065,536 | ---- | C] () -- C:\WINDOWS\SysWow64\issacapi_pe-2.3.dll [2012-12-18 11:06:06 | 000,057,344 | ---- | C] () -- C:\WINDOWS\SysWow64\issacapi_se-2.3.dll [2012-11-29 10:10:53 | 000,000,600 | ---- | C] () -- C:\Users\wro01692\AppData\Local\PUTTY.RND [2012-11-16 17:12:32 | 000,008,192 | ---- | C] () -- C:\WINDOWS\SysWow64\srbt.dll [2012-11-05 15:56:21 | 000,060,380 | RHS- | C] () -- C:\Users\wro01692\ntuser.pol [2012-11-05 15:55:46 | 000,214,603 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2012-11-05 15:39:27 | 000,006,720 | ---- | C] () -- C:\WINDOWS\cfgall.ini [2012-11-05 15:15:21 | 000,004,764 | ---- | C] () -- C:\WINDOWS\SysWow64\CcmFramework.ini [2012-07-27 22:27:31 | 000,798,806 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI [2012-07-27 22:26:11 | 000,000,393 | ---- | C] () -- C:\WINDOWS\SMSCFG.INI [2011-05-13 11:07:24 | 000,139,264 | ---- | C] () -- C:\WINDOWS\SysWow64\nsldap32v50.dll [2011-05-13 11:07:24 | 000,040,960 | ---- | C] () -- C:\WINDOWS\SysWow64\nsldapssl32v50.dll [2011-05-13 11:07:24 | 000,024,576 | ---- | C] () -- C:\WINDOWS\SysWow64\nsldappr32v50.dll [color=#E56717]========== ZeroAccess Check ==========[/color] [2009-07-14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012-06-09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012-06-09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "ThreadingModel" = Free "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012-08-21 15:11:31 | 000,857,088 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2012-08-21 15:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012-08-21 15:08:38 | 000,453,120 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] [color=#E56717]========== LOP Check ==========[/color] [color=#E56717]========== Purity Check ==========[/color] < End of report >