OTL logfile created on: 8/4/2013 8:46:35 PM - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Eve\Desktop 64bit-Windows Server 2003 Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 4.00 Gb Total Physical Memory | 2.95 Gb Available Physical Memory | 73.78% Memory free 13.74 Gb Paging File | 12.91 Gb Available in Paging File | 93.95% Paging File free Paging file location(s): c:\pagefile.sys 6141 9000y:\pagef [Binary data over 200 bytes] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86) Drive C: | 117.19 Gb Total Space | 61.80 Gb Free Space | 52.74% Space Free | Partition Type: NTFS Drive D: | 214.85 Gb Total Space | 4.13 Gb Free Space | 1.92% Space Free | Partition Type: NTFS Drive X: | 18.03 Gb Total Space | 16.93 Gb Free Space | 93.90% Space Free | Partition Type: NTFS Drive Y: | 7.91 Gb Total Space | 3.88 Gb Free Space | 48.99% Space Free | Partition Type: NTFS Drive Z: | 23.93 Gb Total Space | 15.92 Gb Free Space | 66.52% Space Free | Partition Type: FAT32 Computer Name: PHOTO1 | User Name: Eve | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2013/08/01 20:46:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Eve\desktop\OTL.exe PRC - [2013/08/01 20:18:08 | 000,182,184 | ---- | M] (Oracle Corporation) -- C:\Program Files (x86)\Java\jre7\bin\jqs.exe PRC - [2013/06/27 13:01:08 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2013/05/09 04:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe PRC - [2013/05/09 04:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe PRC - [2013/04/25 16:54:10 | 000,335,168 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe PRC - [2013/01/31 07:26:23 | 001,259,296 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2011/02/14 09:55:16 | 000,043,520 | R--- | M] () -- C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe PRC - [2008/09/10 14:01:28 | 000,611,664 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\aawservice.exe PRC - [2008/07/30 18:23:44 | 000,181,312 | ---- | M] () -- C:\Program Files (x86)\Photodex\ProShowGold\scsiaccess.exe PRC - [2008/06/19 14:22:08 | 000,868,352 | ---- | M] () -- C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe PRC - [2007/10/22 16:31:14 | 000,323,584 | ---- | M] () -- C:\Program Files (x86)\GEEK SQUAD UPS\pppeuser.exe PRC - [2004/03/04 02:05:26 | 000,131,177 | ---- | M] () -- C:\Program Files (x86)\CardReader2.0\OTiReader.exe PRC - [2004/02/26 06:46:48 | 000,024,576 | ---- | M] () -- C:\Program Files (x86)\CardReader2.0\CRBroadCasting.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2013/08/04 03:02:47 | 002,091,520 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\13080400\algo.dll MOD - [2013/06/27 13:01:06 | 003,285,912 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2011/02/14 09:55:16 | 000,043,520 | R--- | M] () -- C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe MOD - [2008/07/30 18:23:44 | 000,181,312 | ---- | M] () -- C:\Program Files (x86)\Photodex\ProShowGold\scsiaccess.exe MOD - [2008/06/19 14:22:08 | 000,868,352 | ---- | M] () -- C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe MOD - [2007/10/22 16:31:14 | 000,323,584 | ---- | M] () -- C:\Program Files (x86)\GEEK SQUAD UPS\pppeuser.exe MOD - [2004/03/04 02:05:26 | 000,131,177 | ---- | M] () -- C:\Program Files (x86)\CardReader2.0\OTiReader.exe MOD - [2004/02/26 06:46:48 | 000,024,576 | ---- | M] () -- C:\Program Files (x86)\CardReader2.0\CRBroadCasting.exe [color=#E56717]========== Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2013/05/09 04:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2013/08/01 20:18:08 | 000,182,184 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files (x86)\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2013/07/21 11:02:15 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013/06/27 13:01:07 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013/04/25 16:54:10 | 000,335,168 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice) SRV - [2013/01/31 07:26:23 | 001,259,296 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2010/08/18 02:31:42 | 000,111,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler) SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2008/09/10 14:01:28 | 000,611,664 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice) SRV - [2008/07/30 18:23:44 | 000,181,312 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Photodex\ProShowGold\scsiaccess.exe -- (ScsiAccess) SRV - [2008/07/25 11:17:02 | 000,069,632 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008/06/19 14:22:08 | 000,868,352 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe -- (ppped) SRV - [2007/10/14 21:15:16 | 000,963,072 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC) SRV - [2007/02/17 00:44:20 | 000,077,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\pchsvc.dll -- (helpsvc) SRV - [2006/10/18 21:05:24 | 000,913,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2004/03/04 02:05:26 | 000,131,177 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\CardReader2.0\OTiReader.exe -- (OTi Card Reader Service) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2005/06/01 03:55:06 | 000,039,424 | R--- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\GVCplDrv64.sys -- (GVCPLDrv64) DRV - [2005/03/31 13:33:50 | 000,014,848 | ---- | M] (ABIT) [Kernel | Boot | Running] -- C:\WINDOWS\SysWOW64\Drivers\uGuru.sys -- (UGURU) DRV - [2005/03/25 08:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysWow64\mnmdd.dll -- (mnmdd) DRV - [2005/03/25 08:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) [Adapter | On_Demand | Unknown] -- C:\WINDOWS\SysWow64\winsock.dll -- (Winsock) DRV - [2005/02/03 01:50:28 | 000,004,224 | ---- | M] () [File_System | System | Unknown] -- C:\WINDOWS\SysWow64\StarOpen.sys -- (StarOpen) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.prolabexpress.com/ IE - HKCU\..\SearchScopes,DefaultScope = Yahoo! IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\..\SearchScopes\Yahoo!: "URL" = http://us.search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=iobit-trans IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.startup.homepage: "http://www.prolabexpress.com/" FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:8.0.1489 FF - prefs.js..extensions.enabledAddons: ascsurfingprotection%40iobit.com:1.0 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0 FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29 FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems) FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\Eve\Application Data\Facebook\npfbplugin_1_0_3.dll ( ) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/05/14 12:27:08 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/06/27 13:00:49 | 000,000,000 | ---D | M] [2008/12/09 23:28:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Eve\Application Data\Mozilla\Extensions [2013/08/04 20:41:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Eve\Application Data\Mozilla\Firefox\Profiles\t225qmc8.default\extensions [2010/04/28 07:47:33 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Eve\Application Data\Mozilla\Firefox\Profiles\t225qmc8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2013/06/27 13:00:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions [2013/06/27 13:01:10 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\EVE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\T225QMC8.DEFAULT\EXTENSIONS\ASCSURFINGPROTECTION@IOBIT.COM File not found (No name found) -- C:\PROGRAM FILES (X86)\IOBIT APPS TOOLBAR\FF [2013/05/14 12:27:08 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF Hosts file not found O2:[b]64bit:[/b] - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:[b]64bit:[/b] - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3:[b]64bit:[/b] - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - %SystemRoot%\system32\browseui.dll File not found O3:[b]64bit:[/b] - HKCU\..\Toolbar\ShellBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - %SystemRoot%\system32\SHELL32.dll File not found O3:[b]64bit:[/b] - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - %SystemRoot%\system32\browseui.dll File not found O3:[b]64bit:[/b] - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - %SystemRoot%\system32\SHELL32.dll File not found O4:[b]64bit:[/b] - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:[b]64bit:[/b] - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4:[b]64bit:[/b] - HKLM..\Run: [AlcWzrd] C:\WINDOWS\alcwzrd.exe (RealTek Semicoductor Corp.) O4:[b]64bit:[/b] - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup File not found O4:[b]64bit:[/b] - HKLM..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login File not found O4:[b]64bit:[/b] - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe () O4:[b]64bit:[/b] - HKLM..\Run: [SoundMan] C:\WINDOWS\SoundMan.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [CRBroadCasting] C:\Program Files (x86)\CardReader2.0\CRBroadCasting.exe () O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [VMM Mode Selection] C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe () O4 - HKCU..\Run: [PowerPanel Personal Edition User Interaction] C:\Program Files (x86)\GEEK SQUAD UPS\pppeuser.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0 O8:[b]64bit:[/b] - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found O8:[b]64bit:[/b] - Extra context menu item: Locate Spot on Map by GPS - C:\Program Files (x86)\Opanda\IExif 2.26\IExifMap.htm () O8:[b]64bit:[/b] - Extra context menu item: View Exif/GPS/IPTC with IExif - C:\Program Files (x86)\Opanda\IExif 2.26\IExifCom.htm () O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Locate Spot on Map by GPS - C:\Program Files (x86)\Opanda\IExif 2.26\IExifMap.htm () O8 - Extra context menu item: View Exif/GPS/IPTC with IExif - C:\Program Files (x86)\Opanda\IExif 2.26\IExifCom.htm () O9:[b]64bit:[/b] - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9:[b]64bit:[/b] - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - %SystemRoot%\System32\mswsock.dll File not found O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - %SystemRoot%\System32\winrnr.dll File not found O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - %SystemRoot%\System32\mswsock.dll File not found O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000001 - %SystemRoot%\system32\mswsock.dll File not found O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000002 - %SystemRoot%\system32\mswsock.dll File not found O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000003 - %SystemRoot%\system32\mswsock.dll File not found O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000004 - %SystemRoot%\system32\mswsock.dll File not found O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000005 - %SystemRoot%\system32\mswsock.dll File not found O16:[b]64bit:[/b] - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x64/client/wuweb_site.cab?1342913664578 (WUWebControl Class) O16:[b]64bit:[/b] - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} http://www.photodex.com/pxplay.cab (Reg Error: Key error.) O16:[b]64bit:[/b] - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} http://download.abacast.com/download/files/abasetup162.cab (Reg Error: Key error.) O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photos.walmart.com/WalmartActivia.cab (Snapfish Activia) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1152736626415 (WUWebControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1342913712843 (MUWebControl Class) O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} http://www.prolabexpress.com/ImageUploader4.cab (Image Uploader Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.25.2) O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} http://www.prolabexpress.com/ImageUploader3.cab (Aurigma Image Uploader 3.5 Control) O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} http://photo.walmart.com/photo/uploads/FujifilmUploadClient.cab (FujifilmUploader Class) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.25.2) O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} Reg Error: Value error. (Photodex Presenter AX control) O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} Reg Error: Value error. (Reg Error: Key error.) O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} http://www.prolabexpress.com/XUpload.ocx (Persits Software XUpload) O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} http://www.prolabexpress.com/ImageUploader4.cab (Image Uploader Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 209.18.47.61 209.18.47.62 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E57CDF3E-9E36-4E24-B755-288E09B49330}: DhcpNameServer = 192.168.2.1 209.18.47.61 209.18.47.62 O18:[b]64bit:[/b] - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found O18:[b]64bit:[/b] - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll File not found O18:[b]64bit:[/b] - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll File not found O18:[b]64bit:[/b] - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found O18:[b]64bit:[/b] - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found O18:[b]64bit:[/b] - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found O18:[b]64bit:[/b] - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found O18:[b]64bit:[/b] - Protocol\Handler\http\0x00000001 - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\http\oledb - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found O18:[b]64bit:[/b] - Protocol\Handler\https\0x00000001 - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\https\oledb - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\ipp - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\ipp\0x00000001 - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll File not found O18:[b]64bit:[/b] - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found O18:[b]64bit:[/b] - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found O18:[b]64bit:[/b] - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found O18:[b]64bit:[/b] - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - %SystemRoot%\system32\inetcomm.dll File not found O18:[b]64bit:[/b] - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found O18:[b]64bit:[/b] - Protocol\Handler\msdaipp - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll File not found O18:[b]64bit:[/b] - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found O18:[b]64bit:[/b] - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - %SystemRoot%\system32\mshtml.dll File not found O18:[b]64bit:[/b] - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll File not found O18:[b]64bit:[/b] - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found O18:[b]64bit:[/b] - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll File not found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18:[b]64bit:[/b] - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found O18:[b]64bit:[/b] - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found O18:[b]64bit:[/b] - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found O18:[b]64bit:[/b] - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll File not found O18:[b]64bit:[/b] - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found O18:[b]64bit:[/b] - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found O18:[b]64bit:[/b] - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found O18:[b]64bit:[/b] - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - %SystemRoot%\system32\SHELL32.dll File not found O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - File not found O20:[b]64bit:[/b] - HKLM Winlogon: UIHost - (%SystemRoot%\system32\logonui.exe) - File not found O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: System - (lsass.exe) - File not found O20 - HKLM Winlogon: UserInit - (userinit) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation) O20:[b]64bit:[/b] - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - File not found O20:[b]64bit:[/b] - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - File not found O20:[b]64bit:[/b] - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - File not found O20:[b]64bit:[/b] - Winlogon\Notify\dimsntfy: DllName - (dimsntfy.dll) - File not found O20:[b]64bit:[/b] - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found O20:[b]64bit:[/b] - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - File not found O20:[b]64bit:[/b] - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - File not found O20:[b]64bit:[/b] - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - File not found O20:[b]64bit:[/b] - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - File not found O20:[b]64bit:[/b] - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - File not found O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - File not found O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - File not found O20 - Winlogon\Notify\termsrv: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - File not found O21:[b]64bit:[/b] - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll File not found O21:[b]64bit:[/b] - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\SHELL32.dll File not found O21:[b]64bit:[/b] - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll File not found O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll File not found O21:[b]64bit:[/b] - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll File not found O22:[b]64bit:[/b] - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - %SystemRoot%\system32\browseui.dll File not found O22:[b]64bit:[/b] - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - %SystemRoot%\system32\browseui.dll File not found O24 - Desktop WallPaper: C:\Documents and Settings\Eve\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Eve\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O28:[b]64bit:[/b] - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/07/11 22:50:26 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2009/05/06 22:31:45 | 000,321,315 | ---- | M] () - D:\autoviewer.zip -- [ NTFS ] O33 - MountPoints2\{c4887888-5b2e-11e2-9116-00508d91224f}\Shell - "" = AutoRun O33 - MountPoints2\{c4887888-5b2e-11e2-9116-00508d91224f}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{c4887888-5b2e-11e2-9116-00508d91224f}\Shell\AutoRun\command - "" = G:\ToolLauncher-Bootstrap.exe O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (lsdelete) O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) MsConfig:64bit - StartUpReg: [b]HP Software Update[/b] - hkey= - key= - C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard) MsConfig:64bit - State: "startup" - Reg Error: Key error. SafeBootMin:[b]64bit:[/b] Base - Driver Group SafeBootMin:[b]64bit:[/b] Boot Bus Extender - Driver Group SafeBootMin:[b]64bit:[/b] Boot file system - Driver Group SafeBootMin:[b]64bit:[/b] File system - Driver Group SafeBootMin:[b]64bit:[/b] Filter - Driver Group SafeBootMin:[b]64bit:[/b] PCI Configuration - Driver Group SafeBootMin:[b]64bit:[/b] PNP Filter - Driver Group SafeBootMin:[b]64bit:[/b] Primary disk - Driver Group SafeBootMin:[b]64bit:[/b] SCSI Class - Driver Group SafeBootMin:[b]64bit:[/b] sermouse.sys - Driver SafeBootMin:[b]64bit:[/b] System Bus Extender - Driver Group SafeBootMin:[b]64bit:[/b] wd.sys - Driver SafeBootMin:[b]64bit:[/b] {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:[b]64bit:[/b] {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:[b]64bit:[/b] {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:[b]64bit:[/b] {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:[b]64bit:[/b] {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:[b]64bit:[/b] {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:[b]64bit:[/b] {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:[b]64bit:[/b] {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:[b]64bit:[/b] {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:[b]64bit:[/b] {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:[b]64bit:[/b] {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:[b]64bit:[/b] {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:[b]64bit:[/b] {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:[b]64bit:[/b] {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: aawservice - C:\Program Files (x86)\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft) SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\pchsvc.dll (Microsoft Corporation) SafeBootMin: IMFservice - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe (IObit) SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: wd.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:[b]64bit:[/b] Base - Driver Group SafeBootNet:[b]64bit:[/b] Boot Bus Extender - Driver Group SafeBootNet:[b]64bit:[/b] Boot file system - Driver Group SafeBootNet:[b]64bit:[/b] File system - Driver Group SafeBootNet:[b]64bit:[/b] Filter - Driver Group SafeBootNet:[b]64bit:[/b] NDIS Wrapper - Driver Group SafeBootNet:[b]64bit:[/b] NetBIOSGroup - Driver Group SafeBootNet:[b]64bit:[/b] NetDDEGroup - Driver Group SafeBootNet:[b]64bit:[/b] Network - Driver Group SafeBootNet:[b]64bit:[/b] NetworkProvider - Driver Group SafeBootNet:[b]64bit:[/b] PCI Configuration - Driver Group SafeBootNet:[b]64bit:[/b] PNP Filter - Driver Group SafeBootNet:[b]64bit:[/b] PNP_TDI - Driver Group SafeBootNet:[b]64bit:[/b] Primary disk - Driver Group SafeBootNet:[b]64bit:[/b] SCSI Class - Driver Group SafeBootNet:[b]64bit:[/b] sermouse.sys - Driver SafeBootNet:[b]64bit:[/b] Streams Drivers - Driver Group SafeBootNet:[b]64bit:[/b] System Bus Extender - Driver Group SafeBootNet:[b]64bit:[/b] TDI - Driver Group SafeBootNet:[b]64bit:[/b] UploadMgr - Service SafeBootNet:[b]64bit:[/b] {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:[b]64bit:[/b] {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:[b]64bit:[/b] {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:[b]64bit:[/b] {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:[b]64bit:[/b] {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:[b]64bit:[/b] {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:[b]64bit:[/b] {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:[b]64bit:[/b] {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:[b]64bit:[/b] {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:[b]64bit:[/b] {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:[b]64bit:[/b] {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:[b]64bit:[/b] {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:[b]64bit:[/b] {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:[b]64bit:[/b] {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:[b]64bit:[/b] {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:[b]64bit:[/b] {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:[b]64bit:[/b] {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:[b]64bit:[/b] {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: aawservice - C:\Program Files (x86)\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft) SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\pchsvc.dll (Microsoft Corporation) SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: UploadMgr - Service SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ActiveX:[b]64bit:[/b] {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML) ActiveX:[b]64bit:[/b] {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Windows Media Player ActiveX:[b]64bit:[/b] {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX:[b]64bit:[/b] {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:[b]64bit:[/b] {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java ActiveX:[b]64bit:[/b] {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:[b]64bit:[/b] {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX:[b]64bit:[/b] {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring ActiveX:[b]64bit:[/b] {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX:[b]64bit:[/b] {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:[b]64bit:[/b] {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:[b]64bit:[/b] {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX:[b]64bit:[/b] {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:[b]64bit:[/b] {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX:[b]64bit:[/b] {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX:[b]64bit:[/b] {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:[b]64bit:[/b] {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:[b]64bit:[/b] {6BF52A52-394A-11d3-B153-00C04F79FAA6} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub ActiveX:[b]64bit:[/b] {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:[b]64bit:[/b] {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX:[b]64bit:[/b] {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:[b]64bit:[/b] {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX:[b]64bit:[/b] {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install ActiveX:[b]64bit:[/b] {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:[b]64bit:[/b] {abcdf74f-9a64-4e6e-b8eb-6e5a41de6550} - Help and Support Center ActiveX:[b]64bit:[/b] {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - ActiveX:[b]64bit:[/b] {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework ActiveX:[b]64bit:[/b] {B6EC01E7-431D-4D29-B9D4-E1D74CAF0AB0} - .NET Framework ActiveX:[b]64bit:[/b] {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX:[b]64bit:[/b] {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:[b]64bit:[/b] {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler ActiveX:[b]64bit:[/b] {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player 9 ActiveX ActiveX:[b]64bit:[/b] {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:[b]64bit:[/b] {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:[b]64bit:[/b] <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX:[b]64bit:[/b] >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX:[b]64bit:[/b] >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX:[b]64bit:[/b] >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX:[b]64bit:[/b] >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX:[b]64bit:[/b] >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE ActiveX:[b]64bit:[/b] Microsoft Base Smart Card Crypto Provider Package - ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML) ActiveX: {1325db73-d9f1-48f8-8895-6d814ec58889} - Security Update for Windows XP (KB913433) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906) ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\SysWOW64\Rundll32.exe c:\WINDOWS\SysWOW64\mscories.dll,Install ActiveX: {8F736E10-8E5C-4399-A532-D0C00A406227} - Microsoft .NET Framework 1.1 Security Update (KB2698023) ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {A07B27B7-5D54-208C-1630-CFC74FF765D9} - Security Update for Windows XP (KB913433) ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework ActiveX: {B6EC01E7-431D-4D29-B9D4-E1D74CAF0AB0} - .NET Framework ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C0F0DCDC-99EA-4405-BDAE-CACABD3D2DF0} - Microsoft .NET Framework 1.1 Security Update (KB2833941) ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE Drivers32:[b]64bit:[/b] aux - File not found Drivers32:[b]64bit:[/b] midi - File not found Drivers32:[b]64bit:[/b] midimapper - File not found Drivers32:[b]64bit:[/b] mixer - File not found Drivers32:[b]64bit:[/b] msacm.imaadpcm - File not found Drivers32:[b]64bit:[/b] msacm.msadpcm - File not found Drivers32:[b]64bit:[/b] msacm.msg711 - File not found Drivers32:[b]64bit:[/b] msacm.msgsm610 - File not found Drivers32:[b]64bit:[/b] msacm.trspch - File not found Drivers32:[b]64bit:[/b] vidc.i420 - File not found Drivers32:[b]64bit:[/b] vidc.iv31 - File not found Drivers32:[b]64bit:[/b] vidc.iv32 - File not found Drivers32:[b]64bit:[/b] vidc.iv41 - File not found Drivers32:[b]64bit:[/b] vidc.iv50 - File not found Drivers32:[b]64bit:[/b] vidc.iyuv - File not found Drivers32:[b]64bit:[/b] vidc.mrle - File not found Drivers32:[b]64bit:[/b] vidc.msvc - File not found Drivers32:[b]64bit:[/b] vidc.uyvy - File not found Drivers32:[b]64bit:[/b] vidc.yuy2 - File not found Drivers32:[b]64bit:[/b] vidc.yvu9 - File not found Drivers32:[b]64bit:[/b] vidc.yvyu - File not found Drivers32:[b]64bit:[/b] wave - File not found Drivers32:[b]64bit:[/b] wavemapper - File not found Drivers32: msacm.l3acm - C:\WINDOWS\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - C:\WINDOWS\SysWow64\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\SysWow64\tssoft32.acm (DSP GROUP, INC.) Drivers32: vidc.cvid - C:\WINDOWS\SysWow64\iccvid.dll (Radius Inc.) Drivers32: vidc.iv31 - C:\WINDOWS\SysWow64\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\SysWow64\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\SysWow64\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\SysWOW64\ir50_32.dll (Intel Corporation) Drivers32: vidc.LEAD - LCODCCMP.DLL File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2013/08/04 11:36:21 | 002,799,296 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Eve\Desktop\procexp.exe [2013/08/01 20:46:41 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Eve\Desktop\OTL.exe [2013/08/01 20:21:01 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2013/08/01 20:18:39 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysWow64\javaws.exe [2013/08/01 20:18:31 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysWow64\javaw.exe [2013/08/01 20:18:31 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysWow64\java.exe [2013/08/01 20:18:31 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysWow64\WindowsAccessBridge-32.dll [2013/08/01 17:26:38 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Eve\Recent [11 C:\WINDOWS\SysWow64\*.tmp files -> C:\WINDOWS\SysWow64\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2013/08/04 20:36:12 | 000,000,320 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job [2013/08/04 20:36:11 | 000,000,364 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job [2013/08/04 20:34:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013/08/04 13:03:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013/08/04 12:36:25 | 000,061,440 | ---- | M] ( ) -- C:\Documents and Settings\Eve\Desktop\VEW.exe [2013/08/04 11:35:56 | 002,799,296 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Eve\Desktop\procexp.exe [2013/08/02 12:43:04 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Eve\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word.lnk [2013/08/01 20:46:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Eve\Desktop\OTL.exe [2013/08/01 20:18:11 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\WindowsAccessBridge-32.dll [2013/08/01 20:18:06 | 000,263,592 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\javaws.exe [2013/08/01 20:18:06 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\javaw.exe [2013/08/01 20:18:05 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\java.exe [2013/08/01 20:18:05 | 000,144,896 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\javacpl.cpl [2013/08/01 20:18:04 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\npDeployJava1.dll [2013/08/01 20:18:04 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\deployJava1.dll [2013/07/30 02:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-PHOTO1-Eve.job [2013/07/26 21:22:01 | 000,000,664 | ---- | M] () -- C:\WINDOWS\SysWow64\d3d9caps.dat [2013/07/25 08:13:17 | 000,002,243 | ---- | M] () -- C:\Documents and Settings\Eve\Desktop\SmartFTP Client.lnk [2013/07/21 11:02:15 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerApp.exe [2013/07/21 11:02:15 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl [2013/07/19 19:27:38 | 000,000,889 | ---- | M] () -- C:\Documents and Settings\Eve\Application Data\Microsoft\Internet Explorer\Quick Launch\Smart Defrag 2.lnk [2013/07/19 19:27:38 | 000,000,871 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Smart Defrag 2.lnk [2013/07/19 13:13:06 | 000,000,132 | ---- | M] () -- C:\Documents and Settings\Eve\Application Data\Adobe BMP Format CS5 Prefs [2013/07/14 23:25:34 | 000,073,438 | ---- | M] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI [2013/07/12 17:50:50 | 000,063,364 | -H-- | M] () -- C:\WINDOWS\SysWow64\mlfcache.dat [2013/07/09 11:20:22 | 001,520,069 | ---- | M] () -- D:\Eve's Documents\13_brochure.jpg [11 C:\WINDOWS\SysWow64\*.tmp files -> C:\WINDOWS\SysWow64\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2013/08/04 12:36:44 | 000,061,440 | ---- | C] ( ) -- C:\Documents and Settings\Eve\Desktop\VEW.exe [2013/07/19 13:13:06 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Eve\Application Data\Adobe BMP Format CS5 Prefs [2013/07/09 11:20:22 | 001,520,069 | ---- | C] () -- D:\Eve's Documents\13_brochure.jpg [2013/04/08 10:02:21 | 000,517,397 | ---- | C] () -- C:\Documents and Settings\Eve\Local Settings\Application Data\census.cache [2013/04/08 10:02:16 | 000,163,396 | ---- | C] () -- C:\Documents and Settings\Eve\Local Settings\Application Data\ars.cache [2013/04/08 09:53:26 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Eve\Local Settings\Application Data\housecall.guid.cache [2012/10/31 12:39:52 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Eve\Application Data\Adobe PNG Format CS5 Prefs [2012/10/28 14:05:55 | 000,001,456 | ---- | C] () -- C:\Documents and Settings\Eve\Local Settings\Application Data\Adobe Save for Web 12.0 Prefs [2011/09/28 11:17:55 | 000,063,364 | -H-- | C] () -- C:\WINDOWS\SysWow64\mlfcache.dat [2011/09/15 22:54:06 | 000,000,664 | ---- | C] () -- C:\WINDOWS\SysWow64\d3d9caps.dat [2011/07/29 14:15:47 | 000,060,864 | ---- | C] () -- C:\Documents and Settings\Eve\g2mdlhlpx.exe [2007/08/01 08:44:57 | 000,013,698 | ---- | C] () -- C:\Documents and Settings\All Users\Adobe Bridge Cache.bc [2007/08/01 08:44:57 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\All Users\Adobe Bridge Cache.bct [2007/01/20 11:57:56 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\Eve\Local Settings\Application Data\fusioncache.dat [2006/11/16 13:11:13 | 000,060,928 | ---- | C] () -- C:\Documents and Settings\Eve\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [color=#E56717]========== ZeroAccess Check ==========[/color] [2006/07/12 16:59:54 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = %SystemRoot%\system32\shdocvw.dll "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\SysWOW64\shdocvw.dll -- [2007/02/18 11:05:50 | 001,508,352 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\WINDOWS\system32\wbem\fastprox.dll "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\SysWOW64\wbem\fastprox.dll -- [2009/03/19 19:51:22 | 000,483,840 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\WINDOWS\system32\wbem\wbemess.dll "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] [color=#E56717]========== Custom Scans ==========[/color] [color=#E56717]========== Drive Information ==========[/color] Physical Drives --------------- Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media Interface type: IDE Media Type: Fixed hard disk media Model: WDC WD1600JS-22MHB0 Partitions: 3 Status: OK Status Info: 0 Drive: \\\\.\\PHYSICALDRIVE1 - Fixed hard disk media Interface type: SCSI Media Type: Fixed hard disk media Model: SiImage SCSI Disk Device Partitions: 2 Status: OK Status Info: 0 Drive: \\\\.\\PHYSICALDRIVE2 - Interface type: USB Media Type: Model: OTi CF CARD Reader USB Device Partitions: 0 Status: OK Status Info: 0 Drive: \\\\.\\PHYSICALDRIVE3 - Interface type: USB Media Type: Model: OTi SM CARD Reader USB Device Partitions: 0 Status: OK Status Info: 0 Drive: \\\\.\\PHYSICALDRIVE4 - Interface type: USB Media Type: Model: OTi SD CARD Reader USB Device Partitions: 0 Status: OK Status Info: 0 Drive: \\\\.\\PHYSICALDRIVE5 - Interface type: USB Media Type: Model: OTi MS CARD Reader USB Device Partitions: 0 Status: OK Status Info: 0 Drive: \\\\.\\PHYSICALDRIVE6 - Interface type: USB Media Type: Model: HP USB Device Partitions: 0 Status: OK Status Info: 0 Partitions --------------- DeviceID: Disk #0, Partition #0 PartitionType: Installable File System Bootable: True BootPartition: True PrimaryPartition: True Size: 117.00GB Starting Offset: 32256 Hidden sectors: 0 DeviceID: Disk #0, Partition #1 PartitionType: Installable File System Bootable: False BootPartition: False PrimaryPartition: True Size: 8.00GB Starting Offset: 125830333440 Hidden sectors: 0 DeviceID: Disk #0, Partition #2 PartitionType: Unknown Bootable: False BootPartition: False PrimaryPartition: True Size: 24.00GB Starting Offset: 134327047680 Hidden sectors: 0 DeviceID: Disk #1, Partition #0 PartitionType: Installable File System Bootable: False BootPartition: False PrimaryPartition: True Size: 215.00GB Starting Offset: 32256 Hidden sectors: 0 DeviceID: Disk #1, Partition #1 PartitionType: Installable File System Bootable: False BootPartition: False PrimaryPartition: True Size: 18.00GB Starting Offset: 230694428160 Hidden sectors: 0 [color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color] [color=#A23BEC]< %systemroot%\assembly\GAC_32\*.ini >[/color] [color=#A23BEC]< %systemroot%\assembly\GAC_64\*.ini >[/color] [color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color] [color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*.exe >[/color] [color=#A23BEC]< %APPDATA%\*. >[/color] [2013/02/20 17:59:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eve\Application Data\Adobe [2012/02/10 14:14:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eve\Application Data\Adobe Mini Bridge CS5.1 [2008/05/19 15:20:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eve\Application Data\AdobeUM [2010/06/08 13:20:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eve\Application Data\Aleo Software [2010/03/22 13:38:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eve\Application Data\Amazon [2012/10/04 12:37:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eve\Application Data\Anthropics [2013/05/25 14:30:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eve\Application Data\Apple Computer [2012/03/26 12:43:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eve\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2012/02/10 13:27:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eve\Application Data\com.adobe.downloadassistant.AdobeDownloadAssistant [2006/08/22 17:58:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eve\Application Data\CyberLink [2006/07/15 16:08:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eve\Application Data\DeepBurner Pro [2008/09/06 14:21:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eve\Application Data\ExpressDigital [2012/02/10 13:05:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eve\Application Data\Facebook [2010/05/04 16:08:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eve\Application Data\FlashPaletteEditor13Gavin.3C7B62C82486DACC1A3C3C969AC37A107CDB7879.1 [2013/04/04 19:08:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eve\Application Data\Glarysoft [2007/04/30 15:16:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eve\Application Data\Help [2007/02/10 17:42:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eve\Application Data\HP [2013/05/02 10:44:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eve\Application Data\HpUpdate [2006/09/14 10:34:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eve\Application Data\Identities [2009/06/17 20:22:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eve\Application Data\Imagenomic [2010/12/16 11:55:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eve\Application Data\InstallShield [2013/04/10 12:49:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eve\Application Data\IObit [2007/02/26 12:03:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eve\Application Data\Lavasoft [2012/02/11 12:13:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eve\Application Data\Macromedia [2013/04/04 19:10:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eve\Application Data\Malwarebytes [2008/12/29 17:08:05 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Eve\Application Data\Microsoft [2006/07/16 12:17:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eve\Application Data\Microsoft Web Folders [2013/08/01 17:19:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eve\Application Data\Move Networks [2008/12/09 23:28:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eve\Application Data\Mozilla [2006/07/24 11:20:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eve\Application Data\Netscape [2006/07/16 10:55:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eve\Application Data\Nikon [2012/07/04 19:21:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eve\Application Data\NVIDIA [2006/08/03 09:10:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eve\Application Data\Opera [2008/07/30 18:23:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eve\Application Data\Photodex [2007/07/31 18:40:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eve\Application Data\Real [2006/08/09 09:03:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eve\Application Data\SmartFTP [2006/10/27 15:31:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eve\Application Data\Snapfish [2012/02/10 14:14:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eve\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2006/10/24 15:25:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eve\Application Data\Sun [2011/09/28 11:06:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eve\Application Data\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1 [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2007/02/18 11:01:10 | 011,678,589 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\amd64\sp2.cab:atapi.sys [2007/02/18 11:01:10 | 011,678,589 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\amd64\sp2.cab:atapi.sys [2005/03/24 17:12:00 | 000,148,480 | ---- | M] (Microsoft Corporation) MD5=72C77044943340964FA513B92D6D6874 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys [2007/02/17 00:03:34 | 000,150,016 | ---- | M] (Microsoft Corporation) MD5=7A1814D0D112F50F828E25557A1ED29F -- C:\WINDOWS\ServicePackFiles\amd64\atapi.sys [color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color] [2005/03/25 08:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) MD5=4B93BB34AF478A0FD9765D9B73356DC9 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe [2007/02/18 11:05:28 | 001,053,184 | ---- | M] (Microsoft Corporation) MD5=A26C39540F8BE3729846E360E2C57344 -- C:\WINDOWS\SysWOW64\explorer.exe [2007/02/17 00:20:36 | 001,364,480 | ---- | M] (Microsoft Corporation) MD5=AE7A08C05F72A9242734C03230A5CD7F -- C:\WINDOWS\explorer.exe [2007/02/17 00:20:36 | 001,364,480 | ---- | M] (Microsoft Corporation) MD5=AE7A08C05F72A9242734C03230A5CD7F -- C:\WINDOWS\ServicePackFiles\amd64\explorer.exe [color=#A23BEC]< MD5 for: MSWSOCK.DLL >[/color] [2005/03/25 08:00:00 | 000,489,472 | ---- | M] (Microsoft Corporation) MD5=50FB63888AE8515FAE0E4367BC16B7A8 -- C:\WINDOWS\$NtServicePackUninstall$\mswsock.dll [2008/06/21 02:29:34 | 000,493,056 | ---- | M] (Microsoft Corporation) MD5=7522FBD86A6494EFAB98AF49B12F525C -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\mswsock.dll [2007/02/17 00:39:44 | 000,492,032 | ---- | M] (Microsoft Corporation) MD5=7F6F508DAE92E99B62287562F10343B1 -- C:\WINDOWS\$NtUninstallKB951748$\mswsock.dll [2007/02/17 00:39:44 | 000,492,032 | ---- | M] (Microsoft Corporation) MD5=7F6F508DAE92E99B62287562F10343B1 -- C:\WINDOWS\ServicePackFiles\amd64\mswsock.dll [2011/03/03 12:50:58 | 000,233,472 | ---- | M] (Microsoft Corporation) MD5=8CFB662B5EECFABBFBC7F554B55CE82C -- C:\WINDOWS\SysWOW64\mswsock.dll [2008/06/21 15:07:28 | 000,492,544 | ---- | M] (Microsoft Corporation) MD5=9A143C80CA47FC111FB565B56B2867A9 -- C:\WINDOWS\$NtUninstallKB2509553$\mswsock.dll [2011/03/03 12:47:30 | 000,493,056 | ---- | M] (Microsoft Corporation) MD5=E3978EF56F355B258DE579477D253C88 -- C:\WINDOWS\$hf_mig$\KB2509553\SP2QFE\mswsock.dll [color=#A23BEC]< MD5 for: NWPROVAU.DLL >[/color] [2007/02/17 00:41:40 | 000,191,488 | ---- | M] (Microsoft Corporation) MD5=AF4FCA7DB1FBFEC8CFDF0066A25C0B5D -- C:\WINDOWS\ServicePackFiles\amd64\nwprovau.dll [2005/03/25 08:00:00 | 000,191,488 | ---- | M] (Microsoft Corporation) MD5=F4E991E1B4EE78A41A1C7C999B57F6FD -- C:\WINDOWS\$NtServicePackUninstall$\nwprovau.dll [color=#A23BEC]< MD5 for: SERVICES.EXE >[/color] [2005/03/25 08:00:00 | 000,221,696 | ---- | M] (Microsoft Corporation) MD5=250C256374AB397492ED71AEFCF17436 -- C:\WINDOWS\$NtServicePackUninstall$\services.exe [2009/03/19 19:42:16 | 000,227,840 | ---- | M] (Microsoft Corporation) MD5=5BC6B0FFA0EB95A02F63D5BCAD39127B -- C:\WINDOWS\$hf_mig$\KB956572\SP2QFE\services.exe [2007/02/17 00:54:26 | 000,224,256 | ---- | M] (Microsoft Corporation) MD5=D255E0DDB63A6223BFD8057266380017 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe [2007/02/17 00:54:26 | 000,224,256 | ---- | M] (Microsoft Corporation) MD5=D255E0DDB63A6223BFD8057266380017 -- C:\WINDOWS\ServicePackFiles\amd64\services.exe [color=#A23BEC]< MD5 for: SVCHOST.EXE >[/color] [2007/02/17 00:59:04 | 000,025,600 | ---- | M] (Microsoft Corporation) MD5=46300880A5062A41C16DF5E3E836A6C9 -- C:\WINDOWS\ServicePackFiles\amd64\svchost.exe [2005/03/25 08:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=BDDFEB952617080316692951215793E9 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe [2007/02/18 11:05:52 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=C09CCFE81DEC9B162533D7184D705682 -- C:\WINDOWS\SysWOW64\svchost.exe [color=#A23BEC]< MD5 for: USER32.DLL >[/color] [2007/03/02 00:56:26 | 001,085,952 | ---- | M] (Microsoft Corporation) MD5=280D5F8C310C761D0A44178892A3CD60 -- C:\WINDOWS\$hf_mig$\KB925902\SP1QFE\user32.dll [2007/03/02 00:56:18 | 001,086,464 | ---- | M] (Microsoft Corporation) MD5=35BC0334F3D679209C34CB6E4293C29C -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll [2007/02/17 01:00:52 | 001,086,976 | ---- | M] (Microsoft Corporation) MD5=377AADB366B617396A6DAF0D206A5C55 -- C:\WINDOWS\$NtUninstallKB925902$\user32.dll [2007/02/17 01:00:52 | 001,086,976 | ---- | M] (Microsoft Corporation) MD5=377AADB366B617396A6DAF0D206A5C55 -- C:\WINDOWS\ServicePackFiles\amd64\user32.dll [2007/03/02 00:56:24 | 001,085,952 | ---- | M] (Microsoft Corporation) MD5=463A557EF9543B58C6287ED1F650ADCA -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll [2007/03/02 01:54:34 | 000,602,624 | ---- | M] (Microsoft Corporation) MD5=8BE4E29DA25073BF7894E2A61C9525DE -- C:\WINDOWS\SysWOW64\user32.dll [2005/03/25 08:00:00 | 001,085,952 | ---- | M] (Microsoft Corporation) MD5=9AEB3130E5CF4F9CAA2667F49C6795E5 -- C:\WINDOWS\$NtUninstallKB925902_0$\user32.dll [2007/03/02 01:54:30 | 001,086,464 | ---- | M] (Microsoft Corporation) MD5=C34683231AA9162B2106CA149B729D38 -- C:\WINDOWS\$hf_mig$\KB925902\SP2GDR\user32.dll [color=#A23BEC]< MD5 for: USERINIT.EXE >[/color] [2007/02/17 01:00:56 | 000,039,424 | ---- | M] (Microsoft Corporation) MD5=438393CC0B5122B5D988BD7BA05FE3C9 -- C:\WINDOWS\ServicePackFiles\amd64\userinit.exe [2005/03/25 08:00:00 | 000,039,424 | ---- | M] (Microsoft Corporation) MD5=5EF907A339CAF229F3CE38909C93F53B -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe [2007/02/18 11:05:56 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=B5FEB3B971A8B8C81CE9DE65031A87E5 -- C:\WINDOWS\SysWOW64\userinit.exe [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2005/03/25 08:00:00 | 000,922,624 | ---- | M] (Microsoft Corporation) MD5=2412D710F07F527E99D5FCBD8D6E5B89 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2007/02/17 01:02:56 | 000,944,128 | ---- | M] (Microsoft Corporation) MD5=901C7E44D11C00CA9D48BA1A866FDC4B -- C:\WINDOWS\ServicePackFiles\amd64\winlogon.exe [color=#A23BEC]< MD5 for: WINRNR.DLL >[/color] [2007/02/18 11:05:58 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=372097347142B42A6DD0DB68E20C37B2 -- C:\WINDOWS\SysWOW64\winrnr.dll [2005/03/25 08:00:00 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=6EB3E6DCA6696C63F687EC31E00D7611 -- C:\WINDOWS\$NtServicePackUninstall$\winrnr.dll [2007/02/17 01:03:02 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=AF37F6996D658513E01EA049DAC2FE6B -- C:\WINDOWS\ServicePackFiles\amd64\winrnr.dll [color=#A23BEC]< C:\Windows\assembly\tmp\U\*.* /s >[/color] [color=#A23BEC]< %systemroot%\*. /mp /s >[/color] [color=#A23BEC]< hklm\software\clients\startmenuinternet|command /rs >[/color] HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2013/06/27 13:01:04 | 000,867,072 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2013/06/27 13:01:04 | 000,867,072 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2013/06/27 13:01:04 | 000,867,072 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2013/06/27 13:01:08 | 000,920,472 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2013/06/27 13:01:08 | 000,920,472 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2013/06/27 13:01:08 | 000,920,472 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2013/06/07 22:57:08 | 000,070,656 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2013/06/07 22:57:08 | 000,070,656 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2013/06/07 22:57:08 | 000,070,656 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2013/06/07 22:57:08 | 000,643,224 | ---- | M] (Microsoft Corporation) [color=#A23BEC]< hklm\software\clients\startmenuinternet|command /64 /rs >[/color] 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\PROGRA~2\MOZILL~1\FIREFOX.EXE [2013/06/27 13:01:08 | 000,920,472 | ---- | M] (Mozilla Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2013/06/07 22:57:08 | 000,643,224 | ---- | M] (Microsoft Corporation) [color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color] [11 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] [color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color] [color=#A23BEC]< %ProgramFiles%\WINDOWS NT\*.* /s >[/color] [2009/11/22 00:32:34 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\WINDOWS NT\Accessories\mswrd6.wpc [2010/12/31 19:30:26 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\WINDOWS NT\Accessories\mswrd8.wpc [2010/07/26 16:50:52 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\WINDOWS NT\Accessories\wordpad.exe [2009/11/22 00:32:34 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\WINDOWS NT\Accessories\write.wpc [2005/03/25 08:00:00 | 000,003,947 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\FONT.DAT [2005/03/25 08:00:00 | 000,928,700 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\PINBALL.DAT [2005/03/25 08:00:00 | 000,274,944 | ---- | M] (Cinematronics) -- C:\Program Files (x86)\WINDOWS NT\Pinball\PINBALL.EXE [2005/03/25 08:00:00 | 000,108,607 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\PINBALL.MID [2005/03/25 08:00:00 | 000,028,888 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\PINBALL2.MID [2005/03/25 08:00:00 | 000,055,490 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\SOUND1.WAV [2005/03/25 08:00:00 | 000,001,226 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\SOUND104.WAV [2005/03/25 08:00:00 | 000,001,968 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\SOUND105.WAV [2005/03/25 08:00:00 | 000,007,754 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\SOUND108.WAV [2005/03/25 08:00:00 | 000,000,890 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\SOUND111.WAV [2005/03/25 08:00:00 | 000,000,824 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\SOUND112.WAV [2005/03/25 08:00:00 | 000,004,296 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\SOUND12.WAV [2005/03/25 08:00:00 | 000,008,034 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\SOUND13.WAV [2005/03/25 08:00:00 | 000,001,290 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\SOUND131.WAV [2005/03/25 08:00:00 | 000,019,282 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\SOUND136.WAV [2005/03/25 08:00:00 | 000,003,002 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\SOUND14.WAV [2005/03/25 08:00:00 | 000,001,046 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\SOUND16.WAV [2005/03/25 08:00:00 | 000,002,090 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\SOUND17.WAV [2005/03/25 08:00:00 | 000,003,986 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\SOUND18.WAV [2005/03/25 08:00:00 | 000,027,472 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\SOUND181.WAV [2005/03/25 08:00:00 | 000,005,230 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\SOUND19.WAV [2005/03/25 08:00:00 | 000,008,650 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\SOUND20.WAV [2005/03/25 08:00:00 | 000,009,194 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\SOUND21.WAV [2005/03/25 08:00:00 | 000,007,376 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\SOUND22.WAV [2005/03/25 08:00:00 | 000,012,106 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\SOUND24.WAV [2005/03/25 08:00:00 | 000,014,600 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\SOUND240.WAV [2005/03/25 08:00:00 | 000,020,712 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\SOUND243.WAV [2005/03/25 08:00:00 | 000,025,704 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\SOUND25.WAV [2005/03/25 08:00:00 | 000,007,306 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\SOUND26.WAV [2005/03/25 08:00:00 | 000,020,242 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\SOUND27.WAV [2005/03/25 08:00:00 | 000,008,650 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\SOUND28.WAV [2005/03/25 08:00:00 | 000,010,364 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\SOUND29.WAV [2005/03/25 08:00:00 | 000,022,858 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\SOUND3.WAV [2005/03/25 08:00:00 | 000,022,570 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\SOUND30.WAV [2005/03/25 08:00:00 | 000,001,520 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\SOUND34.WAV [2005/03/25 08:00:00 | 000,019,498 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\SOUND35.WAV [2005/03/25 08:00:00 | 000,033,848 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\SOUND36.WAV [2005/03/25 08:00:00 | 000,013,024 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\SOUND38.WAV [2005/03/25 08:00:00 | 000,028,282 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\SOUND39.WAV [2005/03/25 08:00:00 | 000,016,626 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\SOUND4.WAV [2005/03/25 08:00:00 | 000,029,140 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\SOUND42.WAV [2005/03/25 08:00:00 | 000,022,796 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\SOUND43.WAV [2005/03/25 08:00:00 | 000,009,770 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\SOUND45.WAV [2005/03/25 08:00:00 | 000,001,876 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\SOUND49.WAV [2005/03/25 08:00:00 | 000,003,330 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\SOUND49D.WAV [2005/03/25 08:00:00 | 000,003,180 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\SOUND5.WAV [2005/03/25 08:00:00 | 000,012,074 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\SOUND50.WAV [2005/03/25 08:00:00 | 000,008,932 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\SOUND528.WAV [2005/03/25 08:00:00 | 000,009,022 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\SOUND53.WAV [2005/03/25 08:00:00 | 000,018,250 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\SOUND54.WAV [2005/03/25 08:00:00 | 000,021,890 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\SOUND55.WAV [2005/03/25 08:00:00 | 000,029,004 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\SOUND560.WAV [2005/03/25 08:00:00 | 000,024,192 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\SOUND563.WAV [2005/03/25 08:00:00 | 000,030,502 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\SOUND57.WAV [2005/03/25 08:00:00 | 000,003,408 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\SOUND58.WAV [2005/03/25 08:00:00 | 000,004,376 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\SOUND6.WAV [2005/03/25 08:00:00 | 000,017,676 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\SOUND65.WAV [2005/03/25 08:00:00 | 000,032,402 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\SOUND68.WAV [2005/03/25 08:00:00 | 000,026,442 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\SOUND7.WAV [2005/03/25 08:00:00 | 000,014,592 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\SOUND713.WAV [2005/03/25 08:00:00 | 000,027,268 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\SOUND735.WAV [2005/03/25 08:00:00 | 000,002,102 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\SOUND8.WAV [2005/03/25 08:00:00 | 000,047,230 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\SOUND827.WAV [2005/03/25 08:00:00 | 000,020,098 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\SOUND9.WAV [2005/03/25 08:00:00 | 000,006,742 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\SOUND999.WAV [2005/03/25 08:00:00 | 000,339,178 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\table.bmp [2005/03/25 08:00:00 | 000,002,687 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\wavemix.inf [color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color] < End of report >