OTL logfile created on: 8/4/2012 3:46:48 PM - Run 2 OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Donnie Boone\Downloads Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.24 Gb Total Physical Memory | 1.99 Gb Available Physical Memory | 61.51% Memory free 6.48 Gb Paging File | 5.08 Gb Available in Paging File | 78.50% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 297.76 Gb Total Space | 210.18 Gb Free Space | 70.59% Space Free | Partition Type: NTFS Drive G: | 279.46 Gb Total Space | 132.93 Gb Free Space | 47.57% Space Free | Partition Type: NTFS Computer Name: 9B3SKQ1 | User Name: Donnie Boone | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - File not found -- PRC - [2012/08/04 15:39:58 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Donnie Boone\Downloads\OTL.exe PRC - [2012/08/02 05:54:59 | 000,259,072 | ---- | M] () -- C:\Windows\System32\services.exe PRC - [2012/05/26 06:32:24 | 004,327,744 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\Donnie Boone\AppData\Local\Akamai\netsession_win.exe PRC - [2012/01/23 00:43:08 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME\TomTomHOMEService.exe PRC - [2012/01/17 09:39:16 | 001,044,816 | ---- | M] (Flexera Software, Inc.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe PRC - [2012/01/03 12:40:15 | 000,039,816 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMeeting\880\g2mstart.exe PRC - [2012/01/03 12:40:15 | 000,039,816 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMeeting\880\g2mlauncher.exe PRC - [2012/01/03 12:40:15 | 000,039,816 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMeeting\880\g2mcomm.exe PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011/11/02 02:00:44 | 000,090,448 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe PRC - [2011/08/03 19:54:47 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2011/08/03 19:54:46 | 000,428,200 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe PRC - [2011/08/03 19:54:46 | 000,340,136 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe PRC - [2011/08/03 19:54:46 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2011/06/24 00:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2011/05/31 13:56:46 | 000,152,936 | ---- | M] (Rockwell Automation, Inc.) -- C:\Program Files\Rockwell Software\FactoryTalk Activation\Tools\FTActivationBoost.exe PRC - [2011/05/31 13:50:58 | 001,870,336 | ---- | M] (Rockwell Automation, Inc.) -- C:\Program Files\Rockwell Software\FactoryTalk Activation\flexsvr.exe PRC - [2011/05/27 18:50:02 | 000,224,104 | ---- | M] (Rockwell Automation, Inc.) -- C:\Program Files\Common Files\Rockwell\RsvcHost.exe PRC - [2011/05/27 18:44:04 | 000,922,984 | ---- | M] (Rockwell Automation, Inc.) -- C:\Program Files\Common Files\Rockwell\RnaDirServer.exe PRC - [2011/05/27 18:43:36 | 001,049,448 | ---- | M] (Rockwell Automation, Inc.) -- C:\Program Files\Common Files\Rockwell\RNADirMultiplexor.exe PRC - [2011/05/27 18:42:58 | 000,030,056 | ---- | M] (Rockwell Automation Inc.) -- C:\Program Files\Common Files\Rockwell\RNADiagnosticsSrv.exe PRC - [2011/05/27 18:39:32 | 000,224,104 | ---- | M] (Rockwell Automation, Inc.) -- C:\Program Files\Common Files\Rockwell\RdcyHost.exe PRC - [2011/05/27 18:37:06 | 000,224,104 | ---- | M] (Rockwell Automation, Inc.) -- C:\Program Files\Common Files\Rockwell\NmspHost.exe PRC - [2011/05/27 18:27:22 | 000,250,216 | ---- | M] (Rockwell Automation, Inc.) -- C:\Program Files\Common Files\Rockwell\EventServer.exe PRC - [2011/05/27 18:27:02 | 000,334,696 | ---- | M] (Rockwell Automation, Inc.) -- C:\Program Files\Common Files\Rockwell\EventClientMultiplexer.exe PRC - [2011/05/12 18:17:18 | 000,434,176 | ---- | M] (Rockwell Automation, Inc.) -- C:\Program Files\Rockwell Automation\Rockwell Automation USBCIP Driver Package\UsbCipHelper\UsbCipHelper.exe PRC - [2011/03/21 13:41:00 | 000,148,016 | ---- | M] (Novatel Wireless Inc.) -- C:\Program Files\Novatel Wireless\LTE Support\VZWMSConfig.exe PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2011/02/02 15:08:16 | 000,018,656 | ---- | M] () -- C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe PRC - [2011/02/01 14:40:26 | 000,393,216 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2011/02/01 14:39:56 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2011/01/25 05:57:18 | 000,536,668 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe PRC - [2011/01/25 05:57:18 | 000,274,514 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\stacsv.exe PRC - [2010/12/17 10:24:06 | 000,686,704 | ---- | M] () -- C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe PRC - [2010/11/29 17:05:36 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.exe PRC - [2010/11/20 08:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010/10/12 18:28:26 | 000,726,456 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\wfcrun32.exe PRC - [2010/10/12 18:24:38 | 000,304,568 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\concentr.exe PRC - [2010/07/28 11:09:06 | 000,473,600 | ---- | M] (Tridia Corporation) -- C:\Program Files\iTivity\bin\rfbd.exe PRC - [2010/06/03 20:04:02 | 000,216,064 | ---- | M] (Novatel Wireless Inc.) -- C:\Program Files\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe PRC - [2010/05/17 23:07:14 | 001,122,568 | R--- | M] (Acresso Software Inc.) -- C:\Program Files\Rockwell Software\FactoryTalk Activation\lmgrd.exe PRC - [2010/02/11 13:50:50 | 000,072,296 | ---- | M] (O2Micro International) -- C:\Windows\System32\drivers\o2flash.exe PRC - [2010/01/14 22:13:42 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2009/07/13 21:14:46 | 000,115,200 | ---- | M] () -- \\?\C:\windows\System32\wbem\WMIADAP.EXE PRC - [2009/07/03 03:57:54 | 000,032,845 | ---- | M] (Invensys Systems, Inc.) -- C:\Program Files\Common Files\ArchestrA\NTServApp.exe PRC - [2009/06/24 20:56:50 | 000,049,152 | ---- | M] (Invensys Systems, Inc.) -- C:\Program Files\Common Files\ArchestrA\slssvc.exe PRC - [2009/06/03 15:38:06 | 000,229,446 | ---- | M] (Invensys Systems, Inc.) -- C:\Program Files\Common Files\ArchestrA\aaLogger.exe PRC - [2009/03/03 06:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Program Files\IDT\WDM\AEstSrv.exe PRC - [2009/02/24 16:47:06 | 000,143,360 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfimon.exe PRC - [2007/05/10 23:46:20 | 000,624,248 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe PRC - [2006/09/27 06:38:22 | 000,053,248 | ---- | M] (IBM Corp) -- C:\lotus\notes\ntmulti.exe PRC - [2006/09/27 06:30:14 | 001,114,112 | ---- | M] (IBM Corp) -- C:\lotus\notes\nlnotes.exe PRC - [2003/02/28 12:51:02 | 000,061,514 | ---- | M] (Wonderware Corporation) -- C:\Program Files\Common Files\ArchestrA\wwlogsvc.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2012/01/08 09:41:12 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll MOD - [2011/05/12 18:17:00 | 000,053,248 | ---- | M] () -- C:\Program Files\Rockwell Automation\Rockwell Automation USBCIP Driver Package\UsbCipHelper\rausbciplib.dll MOD - [2011/03/17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF MOD - [2010/12/17 10:24:06 | 000,686,704 | ---- | M] () -- C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe MOD - [2010/11/20 08:19:56 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.DLL MOD - [2010/11/20 08:19:56 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll MOD - [2010/10/20 16:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll MOD - [2009/02/27 17:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files\Brother\BrUtilities\BrLogAPI.dll MOD - [2007/05/10 23:25:20 | 002,469,888 | ---- | M] () -- C:\Program Files\Adobe\Acrobat 8.0\PDFMaker\Common\AdobePDFMakerX.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Auto | Running] -- C:\ProgramData\Rpcnet\Bin\rpcld.exe -- (rpcld) SRV - [2012/08/03 11:25:18 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/07/19 08:00:53 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/01/23 00:43:08 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME\TomTomHOMEService.exe -- (TomTomHOMEService) SRV - [2012/01/17 09:39:16 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011/11/15 17:23:23 | 000,082,584 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service) SRV - [2011/09/27 15:03:28 | 000,295,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2011/08/03 19:54:47 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011/08/03 19:54:46 | 000,428,200 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService) SRV - [2011/08/03 19:54:46 | 000,340,136 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService) SRV - [2011/08/03 19:54:46 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011/06/29 16:44:28 | 002,008,696 | ---- | M] (Rockwell Automation, Inc.) [On_Demand | Stopped] -- C:\Program Files\Rockwell Software\RSLINX\RSLINX.EXE -- (RSLinx) SRV - [2011/06/12 12:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2011/05/31 13:56:46 | 000,152,936 | ---- | M] (Rockwell Automation, Inc.) [Auto | Running] -- C:\Program Files\Rockwell Software\FactoryTalk Activation\Tools\FTActivationBoost.exe -- (FTActivationBoost) SRV - [2011/05/27 18:50:02 | 000,224,104 | ---- | M] (Rockwell Automation, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Rockwell\RsvcHost.exe -- (RsvcHost) SRV - [2011/05/27 18:44:04 | 000,922,984 | ---- | M] (Rockwell Automation, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Rockwell\RnaDirServer.exe -- (RNADirectory) SRV - [2011/05/27 18:43:36 | 001,049,448 | ---- | M] (Rockwell Automation, Inc.) [On_Demand | Running] -- C:\Program Files\Common Files\Rockwell\RNADirMultiplexor.exe -- (RNADirMultiplexor) SRV - [2011/05/27 18:43:18 | 000,245,096 | ---- | M] (Rockwell Automation, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Rockwell\RNADiagReceiver.exe -- (RNADiagReceiver) SRV - [2011/05/27 18:42:58 | 000,030,056 | ---- | M] (Rockwell Automation Inc.) [Auto | Running] -- C:\Program Files\Common Files\Rockwell\RNADiagnosticsSrv.exe -- (RNADiagnosticsService) SRV - [2011/05/27 18:39:32 | 000,224,104 | ---- | M] (Rockwell Automation, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Rockwell\RdcyHost.exe -- (RdcyHost) SRV - [2011/05/27 18:37:06 | 000,224,104 | ---- | M] (Rockwell Automation, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Rockwell\NmspHost.exe -- (NmspHost) SRV - [2011/05/27 18:27:22 | 000,250,216 | ---- | M] (Rockwell Automation, Inc.) [On_Demand | Running] -- C:\Program Files\Common Files\Rockwell\EventServer.exe -- (EventServer) SRV - [2011/05/27 18:27:02 | 000,334,696 | ---- | M] (Rockwell Automation, Inc.) [On_Demand | Running] -- C:\Program Files\Common Files\Rockwell\EventClientMultiplexer.exe -- (EventClientMultiplexer) SRV - [2011/05/06 16:20:54 | 000,099,784 | ---- | M] (Rockwell Automation, Inc.) [On_Demand | Stopped] -- C:\Program Files\Rockwell Software\RSLINX\dnwhodisp.exe -- (dnWhoDisp) SRV - [2011/05/05 16:03:50 | 000,202,088 | ---- | M] (Rockwell Automation, Inc.) [On_Demand | Stopped] -- C:\Program Files\Rockwell Software\RSCommon\RSOBSERV.EXE -- (Harmony) SRV - [2011/04/07 10:01:39 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2011/03/21 13:41:00 | 000,148,016 | ---- | M] (Novatel Wireless Inc.) [Auto | Running] -- C:\Program Files\Novatel Wireless\LTE Support\VZWMSConfig.exe -- (VZWConfigService) SRV - [2011/02/02 15:08:16 | 000,018,656 | ---- | M] () [Auto | Running] -- C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe -- (Autodesk Content Service) SRV - [2011/02/01 14:39:56 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2011/01/25 05:57:18 | 000,274,514 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv.exe -- (STacSV) SRV - [2010/12/18 10:01:50 | 000,552,303 | ---- | M] (Tridia Corporation) [On_Demand | Stopped] -- C:\Program Files\iTivity\bin\processor_od.exe -- (iTivityODController) SRV - [2010/12/18 10:01:14 | 000,516,903 | ---- | M] (Tridia Corporation) [On_Demand | Stopped] -- C:\Program Files\iTivity\bin\connector_od.exe -- (iTivityODConnectToIASConnector) SRV - [2010/12/18 10:01:14 | 000,516,903 | ---- | M] (Tridia Corporation) [On_Demand | Stopped] -- C:\Program Files\iTivity\bin\connector_od.exe -- (iTivityODConnector) SRV - [2010/11/29 17:05:36 | 000,058,288 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\Windows\System32\rpcnet.exe -- (Rpcnet) SRV - [2010/11/20 08:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS) SRV - [2010/11/20 08:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC) SRV - [2010/11/20 08:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc) SRV - [2010/10/25 21:15:48 | 000,104,960 | ---- | M] (Rockwell Automation) [On_Demand | Stopped] -- C:\Program Files\Rockwell Software\RSLogix Emulate 5000\PcidsService.exe -- (1784-PCIDS DeviceNet) SRV - [2010/10/25 21:13:02 | 000,085,504 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Rockwell Software\RSLogix Emulate 5000\SimModuleService.exe -- (SimModuleService) SRV - [2010/07/28 11:09:06 | 000,473,600 | ---- | M] (Tridia Corporation) [Auto | Running] -- C:\Program Files\iTivity\bin\rfbd.exe -- (tridiavnc) SRV - [2010/07/01 19:37:24 | 001,425,408 | ---- | M] (Rockwell Automation) [On_Demand | Stopped] -- C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe -- (EmuLogix 5868 Slot9) SRV - [2010/07/01 19:37:24 | 001,425,408 | ---- | M] (Rockwell Automation) [On_Demand | Stopped] -- C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe -- (EmuLogix 5868 Slot8) SRV - [2010/07/01 19:37:24 | 001,425,408 | ---- | M] (Rockwell Automation) [On_Demand | Stopped] -- C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe -- (EmuLogix 5868 Slot7) SRV - [2010/07/01 19:37:24 | 001,425,408 | ---- | M] (Rockwell Automation) [On_Demand | Stopped] -- C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe -- (EmuLogix 5868 Slot6) SRV - [2010/07/01 19:37:24 | 001,425,408 | ---- | M] (Rockwell Automation) [On_Demand | Stopped] -- C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe -- (EmuLogix 5868 Slot5) SRV - [2010/07/01 19:37:24 | 001,425,408 | ---- | M] (Rockwell Automation) [On_Demand | Stopped] -- C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe -- (EmuLogix 5868 Slot4) SRV - [2010/07/01 19:37:24 | 001,425,408 | ---- | M] (Rockwell Automation) [On_Demand | Stopped] -- C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe -- (EmuLogix 5868 Slot3) SRV - [2010/07/01 19:37:24 | 001,425,408 | ---- | M] (Rockwell Automation) [On_Demand | Stopped] -- C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe -- (EmuLogix 5868 Slot2) SRV - [2010/07/01 19:37:24 | 001,425,408 | ---- | M] (Rockwell Automation) [On_Demand | Stopped] -- C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe -- (EmuLogix 5868 Slot16) SRV - [2010/07/01 19:37:24 | 001,425,408 | ---- | M] (Rockwell Automation) [On_Demand | Stopped] -- C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe -- (EmuLogix 5868 Slot15) SRV - [2010/07/01 19:37:24 | 001,425,408 | ---- | M] (Rockwell Automation) [On_Demand | Stopped] -- C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe -- (EmuLogix 5868 Slot14) SRV - [2010/07/01 19:37:24 | 001,425,408 | ---- | M] (Rockwell Automation) [On_Demand | Stopped] -- C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe -- (EmuLogix 5868 Slot13) SRV - [2010/07/01 19:37:24 | 001,425,408 | ---- | M] (Rockwell Automation) [On_Demand | Stopped] -- C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe -- (EmuLogix 5868 Slot12) SRV - [2010/07/01 19:37:24 | 001,425,408 | ---- | M] (Rockwell Automation) [On_Demand | Stopped] -- C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe -- (EmuLogix 5868 Slot11) SRV - [2010/07/01 19:37:24 | 001,425,408 | ---- | M] (Rockwell Automation) [On_Demand | Stopped] -- C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe -- (EmuLogix 5868 Slot10) SRV - [2010/07/01 19:37:24 | 001,425,408 | ---- | M] (Rockwell Automation) [On_Demand | Stopped] -- C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe -- (EmuLogix 5868 Slot1) SRV - [2010/07/01 19:37:24 | 001,425,408 | ---- | M] (Rockwell Automation) [On_Demand | Stopped] -- C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe -- (EmuLogix 5868 Slot0) SRV - [2010/06/03 20:04:02 | 000,216,064 | ---- | M] (Novatel Wireless Inc.) [Auto | Running] -- C:\Program Files\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe -- (NWVZHelper) SRV - [2010/05/17 23:07:14 | 001,122,568 | R--- | M] (Acresso Software Inc.) [Auto | Running] -- C:\Program Files\Rockwell Software\FactoryTalk Activation\lmgrd.exe -- (FactoryTalk Activation Service) SRV - [2010/02/11 13:50:50 | 000,072,296 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\System32\drivers\o2flash.exe -- (O2FLASH) SRV - [2009/07/15 00:54:02 | 000,080,688 | ---- | M] (Invensys Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\ArchestrA\wwnetdde.exe -- (WWNetDDE) SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009/07/03 03:57:54 | 000,032,845 | ---- | M] (Invensys Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArchestrA\NTServApp.exe -- (FS Service Control) SRV - [2009/07/02 13:52:50 | 000,059,392 | ---- | M] (Invensys Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Wonderware\DAServer\DASABCIP\Bin\DASABCIP.exe -- (DASABCIP) SRV - [2009/06/24 20:56:50 | 000,049,152 | ---- | M] (Invensys Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArchestrA\slssvc.exe -- (slssvc) SRV - [2009/06/03 15:38:06 | 000,229,446 | ---- | M] (Invensys Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArchestrA\aaLogger.exe -- (aaLogger) SRV - [2009/03/03 06:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AEstSrv.exe -- (AESTFilters) SRV - [2007/08/21 18:11:34 | 000,077,824 | ---- | M] (Invensys Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Wonderware\DAServer\DASABTCP\Bin\DASABTCP.exe -- (DASABTCP) SRV - [2007/07/16 16:48:10 | 000,536,640 | ---- | M] (Tridia Corporation) [On_Demand | Stopped] -- C:\Program Files\iTivity\bin\ftpd.exe -- (TridiaFTPServer) SRV - [2006/12/20 17:12:18 | 000,098,304 | ---- | M] (OPC Foundation) [On_Demand | Stopped] -- C:\Windows\System32\OpcEnum.exe -- (OpcEnum) SRV - [2006/09/27 06:38:22 | 000,053,248 | ---- | M] (IBM Corp) [Auto | Running] -- C:\lotus\notes\ntmulti.exe -- (Multi-user Cleanup Service) SRV - [2003/02/28 12:51:02 | 000,061,514 | ---- | M] (Wonderware Corporation) [Auto | Running] -- C:\Program Files\Common Files\ArchestrA\wwlogsvc.exe -- (WWLOGSVC) SRV - [2001/05/15 15:19:04 | 000,069,702 | ---- | M] (Wonderware Corporation) [On_Demand | Stopped] -- C:\Windows\System32\WWInstSvc.Exe -- (WwRpcSvr) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\System32\Drivers\pcidnt.sys -- (pcidnt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard) DRV - [2011/11/16 07:16:01 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\Haspnt.sys -- (Haspnt) DRV - [2011/09/02 02:31:28 | 000,039,192 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt) DRV - [2011/09/02 02:31:20 | 000,041,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt) DRV - [2011/09/02 02:31:10 | 000,042,648 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LEqdUsb.sys -- (LEqdUsb) DRV - [2011/09/02 02:31:10 | 000,012,184 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidEqd.sys -- (LHidEqd) DRV - [2011/08/03 19:54:47 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011/08/03 19:54:47 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011/07/20 17:36:42 | 000,268,968 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1c6232.sys -- (e1cexpress) DRV - [2011/06/29 16:14:16 | 000,155,440 | ---- | M] (Rockwell Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\rsserial.sys -- (RSSERIAL) DRV - [2011/06/14 19:47:10 | 000,349,696 | ---- | M] (Novatel Wireless, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NWVNdis.sys -- (NWVNDIS) DRV - [2011/06/14 19:47:10 | 000,287,744 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NWRmNet_001.sys -- (NWRmNet_001) DRV - [2011/06/14 19:47:10 | 000,235,520 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NWADIenum.sys -- (NWADI) DRV - [2011/06/14 19:47:10 | 000,176,384 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nwusbser2_001.sys -- (NWUSBPort2_001) DRV - [2011/06/14 19:47:10 | 000,176,384 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbser2_000.sys -- (NWUSBPort2_000) DRV - [2011/06/14 19:47:10 | 000,176,384 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nwusbser_001.sys -- (NWUSBPort_001) DRV - [2011/06/14 19:47:10 | 000,176,384 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbser_000.sys -- (NWUSBPort_000) DRV - [2011/06/14 19:47:10 | 000,176,384 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nwusbmdm_001.sys -- (NWUSBModem_001) DRV - [2011/06/14 19:47:10 | 000,176,384 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbmdm_000.sys -- (NWUSBModem_000) DRV - [2011/06/14 19:47:10 | 000,020,480 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NwUsbCdFil.sys -- (NWUSBCDFIL) DRV - [2011/05/18 09:09:04 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d) DRV - [2011/02/01 15:53:50 | 006,652,416 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2011/02/01 15:53:50 | 006,652,416 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag) DRV - [2011/02/01 14:03:32 | 000,230,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2011/01/25 05:57:18 | 000,435,200 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA) DRV - [2011/01/04 18:41:58 | 000,062,440 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\O2MDRw7.sys -- (O2MDRRDR) DRV - [2011/01/04 17:44:06 | 000,060,904 | ---- | M] (O2Micro ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\o2mdfw7.sys -- (O2MDFRDR) DRV - [2011/01/04 17:29:06 | 000,063,848 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2sdjw7.sys -- (O2SDJRDR) DRV - [2010/12/21 15:07:44 | 007,434,240 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETwNs32.sys -- (NETwNs32) DRV - [2010/12/13 09:33:36 | 000,043,888 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelern.sys -- (Acceler) DRV - [2010/11/20 08:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010/11/20 08:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010/11/20 08:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010/11/20 06:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010/11/20 05:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010/11/20 05:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2010/11/19 09:34:14 | 000,141,568 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3xhc.sys -- (nusb3xhc) DRV - [2010/11/19 09:34:12 | 000,062,208 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3hub.sys -- (nusb3hub) DRV - [2010/11/17 06:04:24 | 000,101,392 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService) DRV - [2010/10/25 21:09:54 | 000,063,512 | ---- | M] (Rockwell Automation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VirtualBackplane.sys -- (VirtualBackplane) DRV - [2010/10/19 09:33:40 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (MEI) DRV - [2010/08/24 19:46:00 | 000,033,832 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cvusbdrv.sys -- (cvusbdrv) DRV - [2010/08/20 11:04:38 | 000,017,648 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\stdcfltn.sys -- (stdcfltn) DRV - [2010/07/14 13:51:56 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\ctxusbm.sys -- (ctxusbm) DRV - [2010/06/17 15:10:54 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009/07/13 20:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV - [2009/07/13 19:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009/07/13 18:02:52 | 000,164,864 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1k6032.sys -- (e1kexpress) DRV - [2009/04/17 11:50:16 | 000,012,952 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tcm.sys -- (tcm) DRV - [2008/07/11 08:05:00 | 000,092,712 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\sentinel.sys -- (Sentinel) DRV - [2006/11/22 11:01:48 | 000,693,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (Hardlock) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2016388921-102136296-880539805-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://foxnews.com/ IE - HKU\S-1-5-21-2016388921-102136296-880539805-1005\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found IE - HKU\S-1-5-21-2016388921-102136296-880539805-1005\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2016388921-102136296-880539805-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2016388921-102136296-880539805-1005\..\SearchScopes\{A7B331BB-E8B1-49BF-A496-7252040C5728}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms} IE - HKU\S-1-5-21-2016388921-102136296-880539805-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2016388921-102136296-880539805-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = [String data over 1000 bytes] [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316&ilc=12" FF - prefs.js..browser.startup.homepage: "http://www.unimin.com/" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6 FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.49 FF - prefs.js..extensions.enabledItems: {99B98C2C-7274-45a3-A640-D9DF1A1C8460}:1.4 FF - prefs.js..extensions.enabledItems: https-everywhere@eff.org:0.9.5 FF - prefs.js..extensions.enabledItems: {6e84150a-d526-41f1-a480-a67d3fed910d}:1.4.5.1 FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.1 FF - prefs.js..extensions.enabledItems: {455D905A-D37C-4643-A9E2-F6FEFAA0424A}:0.8.14 FF - prefs.js..extensions.enabledItems: requestpolicy@requestpolicy.com:0.5.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29 FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=827316&p=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll () FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/19 08:00:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/07 15:02:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/19 08:00:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/07 15:02:34 | 000,000,000 | ---D | M] [2011/12/03 13:29:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Donnie Boone\AppData\Roaming\Mozilla\Extensions [2011/12/03 13:29:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Donnie Boone\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com [2012/08/03 15:50:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Donnie Boone\AppData\Roaming\Mozilla\Firefox\Profiles\647c36j5.default\extensions [2011/04/07 09:36:54 | 000,000,000 | ---D | M] (CookieCuller) -- C:\Users\Donnie Boone\AppData\Roaming\Mozilla\Firefox\Profiles\647c36j5.default\extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460} [2012/01/10 16:27:38 | 000,000,000 | ---D | M] (Default Manager) -- C:\Users\Donnie Boone\AppData\Roaming\Mozilla\Firefox\Profiles\647c36j5.default\extensions\DefaultManager@Microsoft [2012/02/02 12:57:36 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\Donnie Boone\AppData\Roaming\Mozilla\Firefox\Profiles\647c36j5.default\extensions\DeviceDetection@logitech.com [2011/11/15 12:34:32 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Users\Donnie Boone\AppData\Roaming\Mozilla\Firefox\Profiles\647c36j5.default\extensions\https-everywhere@eff.org [2012/02/09 11:47:01 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Users\Donnie Boone\AppData\Roaming\Mozilla\Firefox\Profiles\647c36j5.default\extensions\LogMeInClient@logmein.com [2012/03/21 11:56:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011/11/15 12:34:27 | 000,047,883 | ---- | M] () (No name found) -- C:\USERS\DONNIE BOONE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\647C36J5.DEFAULT\EXTENSIONS\{6E84150A-D526-41F1-A480-A67D3FED910D}.XPI [2011/11/15 12:34:43 | 000,627,675 | ---- | M] () (No name found) -- C:\USERS\DONNIE BOONE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\647C36J5.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2009/07/13 19:11:12 | 000,004,819 | ---- | M] () (No name found) -- C:\USERS\DONNIE BOONE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\647C36J5.DEFAULT\EXTENSIONS\PZRTPPLGNZ@PZRTPPLGNZ.ORG.XPI [2012/07/19 08:00:53 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2010/10/12 17:33:32 | 000,124,344 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CCMSDK.dll [2010/10/12 17:37:06 | 000,070,592 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll [2010/10/12 17:35:42 | 000,091,576 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\confmgr.dll [2010/10/12 17:34:56 | 000,022,464 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll [2012/05/01 09:53:29 | 000,215,864 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\mozilla firefox\plugins\npatgpc.dll [2012/03/01 09:17:24 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010/10/12 19:16:54 | 000,484,768 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll [2010/10/12 17:37:02 | 000,024,000 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll [2012/06/18 08:05:02 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012/06/18 08:05:02 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml [color=#E56717]========== Chrome ==========[/color] CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: http://www.google.com/ CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.75\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.75\pdf.dll CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: YouTube = C:\Users\Donnie Boone\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\ CHR - Extension: Google Search = C:\Users\Donnie Boone\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\ CHR - Extension: Gmail = C:\Users\Donnie Boone\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\ O1 HOSTS File: ([2009/06/10 17:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found. O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.) O4 - HKLM..\Run: [FreeFallProtection] C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe () O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited) O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.) O4 - HKLM..\Run: [UsbCipHelper] C:\Program Files\Rockwell Automation\Rockwell Automation USBCIP Driver Package\UsbCipHelper\UsbCipHelper.exe (Rockwell Automation, Inc.) O4 - HKLM..\Run: [WinVNC] C:\Program Files\iTivity\bin\rfbd.exe (Tridia Corporation) O4 - HKU\.DEFAULT..\Run: [ElevatedDiagnostics] rundll32.exe File not found O4 - HKU\S-1-5-18..\Run: [ElevatedDiagnostics] rundll32.exe File not found O4 - HKU\S-1-5-19..\Run: [ElevatedDiagnostics] rundll32.exe File not found O4 - HKU\S-1-5-20..\Run: [ElevatedDiagnostics] rundll32.exe File not found O4 - HKU\S-1-5-21-2016388921-102136296-880539805-1005..\Run: [Akamai NetSession Interface] C:\Users\Donnie Boone\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc) O4 - HKU\S-1-5-21-2016388921-102136296-880539805-1005..\Run: [ElevatedDiagnostics] rundll32.exe File not found O4 - HKU\S-1-5-21-2016388921-102136296-880539805-1005..\Run: [GoToMeeting] C:\Program Files\Citrix\GoToMeeting\880\g2mstart.exe (Citrix Online, a division of Citrix Systems, Inc.) O4 - HKU\S-1-5-21-2016388921-102136296-880539805-1005..\Run: [TomTom] C:\Users\Donnie Boone\AppData\Local\TomTom\brosisoh.dll (Adobe Systems Incorporated) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - Startup: C:\Users\Donnie Boone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2012/01/23 06:52:33 | 000,000,000 | -H-D | M] O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\S-1-5-21-2016388921-102136296-880539805-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2016388921-102136296-880539805-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0 O7 - HKU\S-1-5-21-2016388921-102136296-880539805-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0 O7 - HKU\S-1-5-21-2016388921-102136296-880539805-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0 O7 - HKU\S-1-5-21-2016388921-102136296-880539805-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0 O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000041 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000042 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-2016388921-102136296-880539805-1005\..Trusted Domains: foxnews.com ([www] https in Trusted sites) O15 - HKU\S-1-5-21-2016388921-102136296-880539805-1005\..Trusted Domains: unimin.com ([webmail] https in Trusted sites) O15 - HKU\S-1-5-21-2016388921-102136296-880539805-1005\..Trusted Ranges: Range1 ([https] in Trusted sites) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 66.174.95.44 69.78.96.14 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{74DD1A34-6A2B-4230-904F-F5D50F392E89}: DhcpNameServer = 66.174.95.44 69.78.96.14 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{85C30B39-2F39-4753-886F-06E745C27DDA}: DhcpNameServer = 66.174.71.33 69.78.96.14 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A161880A-D69F-4DF1-9AF9-0FBC941A438C}: DhcpNameServer = 66.174.95.44 69.78.96.14 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AB2167AE-03FA-493B-8B59-5EF7A43B288E}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012/06/18 12:04:29 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ] O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{ddd7ff1a-11d5-11e1-8b38-c0f8dae40686}\Shell - "" = AutoRun O33 - MountPoints2\{ddd7ff1a-11d5-11e1-8b38-c0f8dae40686}\Shell\AutoRun\command - "" = D:\VZAccess_Manager.exe /z detect O33 - MountPoints2\{ddd7ff2c-11d5-11e1-8b38-c0f8dae40686}\Shell - "" = AutoRun O33 - MountPoints2\{ddd7ff2c-11d5-11e1-8b38-c0f8dae40686}\Shell\AutoRun\command - "" = D:\VZAccess_Manager.exe /z detect O33 - MountPoints2\{e312d3e0-6098-11e0-a6d1-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{e312d3e0-6098-11e0-a6d1-806e6f6e6963}\Shell\AutoRun\command - "" = E:\ImageDirect_Capture_Tool.exe O34 - HKLM BootExecute: (autocheck autochk /p \??\H:) O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: Sharedaccess - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: wuauserv - File not found NetSvcs: BITS - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012/08/04 09:40:52 | 000,000,000 | ---D | C] -- C:\windows\Downloaded Program Files [2012/08/04 09:30:52 | 000,000,000 | ---D | C] -- C:\windows\temp [2012/08/03 11:25:23 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group [2012/08/03 11:24:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard [2012/08/03 10:54:52 | 000,000,000 | ---D | C] -- C:\Users\Donnie Boone\AppData\Roaming\DriverCure [2012/08/03 10:54:51 | 000,000,000 | ---D | C] -- C:\Users\Donnie Boone\AppData\Roaming\SpeedyPC Software [2012/08/03 10:54:45 | 000,000,000 | ---D | C] -- C:\Users\Donnie Boone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedyPC Software [2012/08/03 10:54:36 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software [2012/08/02 20:04:25 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine [2012/08/02 12:44:48 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2012/08/02 12:38:12 | 000,000,000 | ---D | C] -- C:\Users\Donnie Boone\Desktop\Downloads [2012/08/02 12:38:06 | 000,000,000 | ---D | C] -- C:\Users\Donnie Boone\AppData\Roaming\GetRightToGo [2012/07/31 10:14:26 | 000,000,000 | ---D | C] -- C:\Users\Donnie Boone\Documents\B-Unimin [2012/07/11 16:44:10 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb [2012/07/11 16:44:09 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll [2012/07/11 16:44:09 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\url.dll [2012/07/11 16:44:09 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll [2012/07/11 16:44:09 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieUnatt.exe [2012/07/11 16:44:09 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll [2012/07/11 16:44:08 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl [2012/07/11 16:42:04 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys [2012/07/11 08:26:12 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ncrypt.dll [2012/07/11 08:26:11 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msxml3r.dll [2012/07/11 08:26:10 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\cdosys.dll [2012/07/09 18:12:13 | 000,000,000 | ---D | C] -- C:\Program Files\RAISE [2012/07/09 16:52:28 | 000,000,000 | ---D | C] -- C:\ProgramData\TRCS [2012/07/09 16:34:22 | 000,477,160 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\Hhupd.exe [2012/07/09 16:34:22 | 000,446,464 | ---- | C] (eHelp Corporation.) -- C:\windows\System32\HHACTIVEX.DLL [2012/07/09 16:34:22 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MSXML3A.DLL [2012/07/09 16:25:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SWF Studio [2011/12/30 14:59:30 | 000,122,880 | ---- | C] (Acresso Software Inc.) -- C:\Users\Donnie Boone\SetupNI.dll [3 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] [2 C:\*.tmp files -> C:\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012/08/04 15:49:52 | 000,016,576 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/08/04 15:49:52 | 000,016,576 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/08/04 15:48:27 | 000,716,366 | ---- | M] () -- C:\windows\System32\perfh009.dat [2012/08/04 15:48:27 | 000,140,964 | ---- | M] () -- C:\windows\System32\perfc009.dat [2012/08/04 15:42:28 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2012/08/04 15:42:22 | 000,017,920 | ---- | M] () -- C:\windows\System32\rpcnetp.exe [2012/08/04 15:42:20 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\windows\System32\rpcnet.dll [2012/08/04 15:42:13 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012/08/04 15:42:10 | 2608,541,696 | -HS- | M] () -- C:\hiberfil.sys [2012/08/04 15:24:05 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2012/08/04 15:18:05 | 000,000,898 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2012/08/04 09:43:33 | 000,000,080 | ---- | M] () -- C:\fix.bat [2012/08/04 08:20:41 | 000,017,920 | ---- | M] () -- C:\windows\System32\rpcnetp.dll [2012/08/03 11:25:18 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe [2012/08/03 11:25:18 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl [2012/08/03 07:58:43 | 000,000,207 | -H-- | M] () -- C:\Users\Donnie Boone\Documents\Drawing1.dwl2 [2012/08/03 07:58:43 | 000,000,057 | -H-- | M] () -- C:\Users\Donnie Boone\Documents\Drawing1.dwl [2012/08/02 12:45:29 | 001,467,728 | ---- | M] () -- C:\windows\System32\drivers\Cat.DB [2012/08/02 05:54:59 | 000,259,072 | ---- | M] () -- C:\windows\System32\services.exe [2012/07/31 15:31:23 | 000,001,836 | ---- | M] () -- C:\Users\Donnie Boone\Desktop\PO System 1.2.5.mdb.lnk [2012/07/18 06:06:00 | 000,001,678 | ---- | M] () -- C:\Users\Public\Desktop\Lotus Notes 7.lnk [2012/07/14 12:29:09 | 000,009,008 | RHS- | M] () -- C:\ProgramData\3002.abs [2012/07/13 09:27:10 | 000,001,112 | ---- | M] () -- C:\Users\Donnie Boone\Pictures - Shortcut.lnk [2012/07/11 17:48:40 | 000,483,608 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT [2012/07/10 14:44:35 | 000,000,010 | ---- | M] () -- C:\windows\IAB.ini [2012/07/10 14:40:47 | 000,000,013 | ---- | M] () -- C:\windows\MFIMPORT.INI [2012/07/10 14:32:30 | 000,000,624 | ---- | M] () -- C:\windows\FW.INI [2012/07/10 10:35:54 | 000,006,993 | ---- | M] () -- C:\windows\propbldr.ini [3 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] [2 C:\*.tmp files -> C:\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012/08/04 15:43:11 | 000,232,960 | ---- | C] () -- C:\windows\Installer\{b3ebad4a-40ac-75dc-9bd3-099103dbfb8e}\U\00000008.@ [2012/08/04 15:42:56 | 000,092,672 | ---- | C] () -- C:\windows\Installer\{b3ebad4a-40ac-75dc-9bd3-099103dbfb8e}\U\80000032.@ [2012/08/04 15:42:56 | 000,013,312 | ---- | C] () -- C:\windows\Installer\{b3ebad4a-40ac-75dc-9bd3-099103dbfb8e}\U\80000000.@ [2012/08/04 15:42:56 | 000,002,048 | ---- | C] () -- C:\windows\Installer\{b3ebad4a-40ac-75dc-9bd3-099103dbfb8e}\U\00000004.@ [2012/08/04 15:42:56 | 000,001,632 | ---- | C] () -- C:\windows\Installer\{b3ebad4a-40ac-75dc-9bd3-099103dbfb8e}\U\000000cb.@ [2012/08/03 07:58:43 | 000,000,207 | -H-- | C] () -- C:\Users\Donnie Boone\Documents\Drawing1.dwl2 [2012/08/03 07:58:43 | 000,000,057 | -H-- | C] () -- C:\Users\Donnie Boone\Documents\Drawing1.dwl [2012/08/02 12:53:51 | 000,000,080 | ---- | C] () -- C:\fix.bat [2012/08/02 12:45:05 | 001,467,728 | ---- | C] () -- C:\windows\System32\drivers\Cat.DB [2012/08/02 12:18:32 | 000,001,712 | ---- | C] () -- C:\Users\Donnie Boone\AppData\Local\{b3ebad4a-40ac-75dc-9bd3-099103dbfb8e}\U\00000001.@ [2012/08/01 20:31:30 | 000,001,712 | ---- | C] () -- C:\windows\Installer\{b3ebad4a-40ac-75dc-9bd3-099103dbfb8e}\U\00000001.@ [2012/07/14 12:29:09 | 000,009,008 | RHS- | C] () -- C:\ProgramData\3002.abs [2012/07/13 09:27:10 | 000,001,112 | ---- | C] () -- C:\Users\Donnie Boone\Pictures - Shortcut.lnk [2012/07/09 16:52:38 | 000,006,993 | ---- | C] () -- C:\windows\propbldr.ini [2012/07/09 16:37:40 | 000,000,010 | ---- | C] () -- C:\windows\IAB.ini [2012/06/21 17:15:46 | 000,003,584 | ---- | C] () -- C:\Users\Donnie Boone\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/05/16 12:04:03 | 000,233,024 | -H-- | C] () -- C:\windows\System32\mlfcache.dat [2012/03/19 10:26:56 | 000,000,624 | ---- | C] () -- C:\windows\FW.INI [2012/03/19 10:26:02 | 000,000,013 | ---- | C] () -- C:\windows\MFIMPORT.INI [2012/01/11 07:22:07 | 000,002,048 | -HS- | C] () -- C:\windows\Installer\{b3ebad4a-40ac-75dc-9bd3-099103dbfb8e}\@ [2012/01/11 07:22:07 | 000,002,048 | -HS- | C] () -- C:\Users\Donnie Boone\AppData\Local\{b3ebad4a-40ac-75dc-9bd3-099103dbfb8e}\@ [2011/11/21 22:44:16 | 000,000,236 | ---- | C] () -- C:\windows\SlRegEDS.ini [2011/11/21 21:55:41 | 000,000,100 | ---- | C] () -- C:\Users\Donnie Boone\AppData\Local\fusioncache.dat [2011/11/18 08:06:49 | 000,116,224 | ---- | C] () -- C:\windows\System32\pdfcmnnt.dll [2011/11/16 12:06:50 | 000,060,304 | ---- | C] () -- C:\Users\Donnie Boone\g2mdlhlpx.exe [2011/11/16 10:10:59 | 000,000,318 | ---- | C] () -- C:\windows\Brpfx04a.ini [2011/11/16 10:10:59 | 000,000,154 | ---- | C] () -- C:\windows\brpcfx.ini [2011/11/16 10:10:53 | 000,000,419 | ---- | C] () -- C:\windows\BRWMARK.INI [2011/11/16 10:10:53 | 000,000,027 | ---- | C] () -- C:\windows\BRPP2KA.INI [2011/11/16 10:10:40 | 000,000,050 | ---- | C] () -- C:\windows\System32\bridf08a.dat [2011/11/16 10:10:37 | 000,106,496 | ---- | C] () -- C:\windows\System32\BrMuSNMP.dll [2011/11/16 10:10:37 | 000,000,066 | ---- | C] () -- C:\windows\Brfaxrx.ini [2011/11/16 10:10:37 | 000,000,000 | ---- | C] () -- C:\windows\brdfxspd.dat [2011/11/16 07:32:35 | 000,001,985 | ---- | C] () -- C:\windows\EDS.ini [2011/11/16 07:16:01 | 000,000,383 | ---- | C] () -- C:\windows\System32\haspdos.sys [2011/11/16 07:16:00 | 000,153,088 | ---- | C] () -- C:\windows\System32\UNWISE.EXE [2011/11/16 07:16:00 | 000,024,576 | ---- | C] () -- C:\windows\System32\hdduinst.exe [2011/11/15 17:43:20 | 000,000,128 | ---- | C] () -- C:\windows\rocksoft.ini [2011/11/15 13:35:13 | 000,000,000 | ---- | C] () -- C:\windows\spcpro.INI [2011/11/15 13:33:24 | 000,000,000 | ---- | C] () -- C:\windows\licview.INI [2011/10/30 07:10:26 | 000,080,896 | ---- | C] () -- C:\windows\System32\RDVGHelper.exe [2011/10/30 07:09:48 | 000,066,048 | ---- | C] () -- C:\windows\System32\PrintBrmUi.exe [2011/09/04 16:54:42 | 000,017,920 | ---- | C] () -- C:\windows\System32\rpcnetp.dll [2011/09/04 16:54:28 | 000,017,920 | ---- | C] () -- C:\windows\System32\rpcnetp.exe [2011/06/29 16:45:46 | 000,036,472 | ---- | C] () -- C:\windows\System32\LINXVDD.DLL [2011/06/29 16:14:16 | 000,015,664 | ---- | C] () -- C:\windows\System32\drivers\PCMK485.BIN [2011/06/29 16:14:16 | 000,015,557 | ---- | C] () -- C:\windows\System32\drivers\KTX485.BIN [2011/06/29 16:14:16 | 000,009,282 | ---- | C] () -- C:\windows\System32\drivers\PCMKPCL.BIN [2011/06/29 16:14:16 | 000,009,139 | ---- | C] () -- C:\windows\System32\drivers\KTXPCL.BIN [2011/06/29 16:14:16 | 000,007,449 | ---- | C] () -- C:\windows\System32\drivers\SDDHP.BIN [2011/06/29 16:14:16 | 000,006,400 | ---- | C] () -- C:\windows\System32\drivers\slcnewkt.bin [2011/06/29 16:14:16 | 000,005,433 | ---- | C] () -- C:\windows\System32\drivers\SDDH.BIN [2011/06/29 16:14:16 | 000,001,824 | ---- | C] () -- C:\windows\System32\drivers\PCMKST3.BIN [2011/06/29 16:14:16 | 000,001,800 | ---- | C] () -- C:\windows\System32\drivers\PCMKST1.BIN [2011/06/29 16:14:16 | 000,001,800 | ---- | C] () -- C:\windows\System32\drivers\KTXST1.BIN [2011/06/29 16:14:16 | 000,000,301 | ---- | C] () -- C:\windows\System32\drivers\PCMKST0.BIN [2011/06/29 16:14:16 | 000,000,301 | ---- | C] () -- C:\windows\System32\drivers\KTXST0.BIN [2011/06/29 16:14:16 | 000,000,011 | ---- | C] () -- C:\windows\System32\drivers\PCMKST2.BIN [2011/06/29 16:14:14 | 000,262,144 | ---- | C] () -- C:\windows\System32\drivers\KTC.BIN [2011/06/29 16:14:14 | 000,007,575 | ---- | C] () -- C:\windows\System32\drivers\KLPCL.BIN [2011/06/29 16:14:14 | 000,001,825 | ---- | C] () -- C:\windows\System32\drivers\KT2ST2.BIN [2011/06/29 16:14:14 | 000,001,824 | ---- | C] () -- C:\windows\System32\drivers\KLST2.BIN [2011/06/29 16:14:14 | 000,001,801 | ---- | C] () -- C:\windows\System32\drivers\KT2ST1.BIN [2011/06/29 16:14:14 | 000,001,800 | ---- | C] () -- C:\windows\System32\drivers\KLST1.BIN [2011/06/29 16:14:14 | 000,000,248 | ---- | C] () -- C:\windows\System32\drivers\KLST0.BIN [2011/06/29 16:14:14 | 000,000,177 | ---- | C] () -- C:\windows\System32\drivers\KT2ST0.BIN [2011/06/26 11:15:00 | 000,023,040 | ---- | C] () -- C:\windows\System32\atitmpxx.dll [2011/06/26 11:15:00 | 000,002,888 | ---- | C] () -- C:\windows\System32\atipblag.dat [2011/06/26 11:14:59 | 000,224,001 | ---- | C] () -- C:\windows\System32\atiicdxx.dat [2011/06/26 11:14:24 | 000,012,952 | ---- | C] () -- C:\windows\System32\drivers\tcm.sys [2011/04/07 12:13:33 | 000,077,824 | ---- | C] () -- C:\windows\System32\HostStarter.exe [2011/04/07 12:13:33 | 000,045,056 | ---- | C] () -- C:\windows\System32\omnithread_rt.dll [2011/04/07 09:29:46 | 000,000,000 | ---- | C] () -- C:\windows\nsreg.dat [2011/04/06 17:59:28 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color] [2007/11/07 09:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe [2 C:\*.tmp files -> C:\*.tmp -> ] [color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color] [2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe [2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe [2011/02/26 01:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe [2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe [2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe [2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe [2009/08/03 01:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe [2009/08/03 01:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe [2009/10/31 02:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe [color=#A23BEC]< MD5 for: SERVICES >[/color] [2009/06/10 17:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\System32\drivers\etc\services [2009/06/10 17:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_045b589158ae90da\services [color=#A23BEC]< MD5 for: SERVICES.CFG >[/color] [2012/04/04 01:53:54 | 000,585,987 | ---- | M] () MD5=7BAB089A4F862C6BC86E0201D5BF1779 -- C:\Program Files\Adobe\Reader 10.0\Reader\Services\Services.cfg [2011/06/06 13:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg [color=#A23BEC]< MD5 for: SERVICES.CNF >[/color] [2008/06/04 02:06:02 | 000,000,003 | ---- | M] () MD5=864E46AD77EBE7A312EB11241A5114B6 -- C:\Program Files\Rockwell Software\RSNetWorxii\_vti_pvt\services.cnf [color=#A23BEC]< MD5 for: SERVICES.DLL >[/color] [2010/07/01 19:37:16 | 008,794,200 | ---- | M] (Rockwell Software, Inc.) MD5=012A9BDCA793149B2C6E52732F7C523F -- C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V13\Services.DLL [2010/07/01 19:38:00 | 012,173,312 | ---- | M] (Rockwell Automation, Inc.) MD5=053A86EBC1B378C3802985B38B24DCF0 -- C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V16\Services.DLL [2010/07/01 19:37:02 | 012,550,232 | ---- | M] (Rockwell Software, Inc.) MD5=3527ED75BD49D02751A101BFD76C492A -- C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V12\Services.DLL [2010/10/22 20:53:56 | 015,393,128 | ---- | M] (Rockwell Automation, Inc.) MD5=8C4813E4C2EBA954F49E4E9F00AC25C7 -- C:\Program Files\Rockwell Software\RSLogix 5000\ENU\v19\Bin\Services.DLL [2010/10/18 10:32:22 | 015,185,768 | ---- | M] (Rockwell Automation, Inc.) MD5=8F311676C4D7DBA8B20D8F4B88F41CAD -- C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V18\Services.DLL [2006/07/08 14:52:56 | 010,440,704 | ---- | M] (Rockwell Software, Inc.) MD5=967BDBC8A2ADD2B0429E095702E62AA5 -- C:\Program Files\Rockwell Software\RSLogix 5000\ENU\v15\Bin\Services.DLL [2005/11/29 18:34:38 | 008,708,184 | ---- | M] (Rockwell Software, Inc.) MD5=A02D91DA72D370FD993C53F10DBB460E -- C:\Program Files\Rockwell Software\RSLogix 5000\ENU\v10\Bin\Services.DLL [2010/07/01 19:38:24 | 012,890,112 | ---- | M] (Rockwell Automation, Inc.) MD5=F1CF84FF0CB69A01645B5CCD5349991E -- C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V17\Services.DLL [2010/07/01 19:37:36 | 010,424,320 | ---- | M] (Rockwell Software, Inc.) MD5=F865DC03A5D6B83F2C004274607B8AF6 -- C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\Services.DLL [color=#A23BEC]< MD5 for: SERVICES.EXE >[/color] [2009/07/13 21:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe [2012/08/02 05:54:59 | 000,259,072 | ---- | M] ()[b] Unable to obtain MD5[/b] -- C:\Windows\System32\services.exe [color=#A23BEC]< MD5 for: SERVICES.EXE.MUI >[/color] [2009/07/13 22:03:06 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=0DA5F221169DEB5AC3A22465CD6F0281 -- C:\Windows\System32\en-US\services.exe.mui [2009/07/13 22:03:06 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=0DA5F221169DEB5AC3A22465CD6F0281 -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_69d39d3a8748c332\services.exe.mui [color=#A23BEC]< MD5 for: SERVICES.HEARSTMAGS[1].XML >[/color] [2012/07/02 07:20:34 | 000,000,013 | ---- | M] () MD5=C1DDEA3EF6BBEF3E7060A1A9AD89E4C5 -- C:\Users\Donnie Boone\AppData\Local\Microsoft\Internet Explorer\DOMStore\UACYLDNI\services.hearstmags[1].xml [color=#A23BEC]< MD5 for: SERVICES.LNK >[/color] [2009/07/14 00:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk [2009/07/14 00:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk [color=#A23BEC]< MD5 for: SERVICES.MOF >[/color] [2009/06/10 17:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof [2009/06/10 17:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.mof [color=#A23BEC]< MD5 for: SERVICES.MSC >[/color] [2009/07/13 22:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\en-US\services.msc [2009/06/10 17:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc [2009/07/13 22:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc [2009/06/10 17:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc [color=#A23BEC]< MD5 for: SERVICES.PTXML >[/color] [2009/07/13 16:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\System32\wdi\perftrack\Services.ptxml [2009/07/13 16:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\Services.ptxml [color=#A23BEC]< MD5 for: SVCHOST.EXE >[/color] [2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe [2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe [color=#A23BEC]< MD5 for: USERINIT.EXE >[/color] [2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe [2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2009/10/28 02:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009/10/28 01:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2010/11/20 08:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe [2010/11/20 08:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2009/07/13 21:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe [color=#A23BEC]< HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\Local\AutoProxyCache /s >[/color] [HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\Local\AutoProxyCache\LAN] "AutodiscoveryFlags" = -2147483648 "DetectedInterfaceIpCount" = 3 "LastDetectHighDateTime" = 0 "LastDetectLowDateTime" = 0 "LastDetectTime" = 01/01/1601, 00:00:00 UTC "DetectedInterfaceIps" = 169.254.23.103;10.170.221.102;::1; "LastDetectUrl" = [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2 < End of report >