Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Super Awesome Rootkit Infection! Yeay!... :/

Started by Ksavvy , Sep 30 2011 01:26 AM

This topic is locked

#1
Ksavvy

Posted 30 September 2011 - 01:26 AM

Member

Member
32 posts

Hi there,

I had a zentom infection, and used rkill and exehelper to stop processes and the like, i was able to run SuperAntiSpyware online scan and it seemed to have found quite a bit. It then asked me for a restart and when i did, zentom was gone, but i kept getting Internet explorer download requests for ieframe. I cannot install malware bytes anit malware or hijack this, or Viper and now SAS will begin a scan and then immediately disappear.

Im using a usb drive to transfer files, because firefox only gives me blank windows no matter where i am trying to navigate too.

I hope that description gives at least a basic idea of whats going on.

I will post my OTL log below. Thank you in advance for your help.

OTL logfile created on: 9/29/2011 2:31:58 PM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = D:\Cleanup
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.87 Mb Total Physical Memory | 417.43 Mb Available Physical Memory | 41.17% Memory free
2.38 Gb Paging File | 1.52 Gb Available in Paging File | 63.63% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 139.04 Gb Total Space | 2.17 Gb Free Space | 1.56% Space Free | Partition Type: NTFS
Drive D: | 3.73 Gb Total Space | 3.34 Gb Free Space | 89.62% Space Free | Partition Type: FAT32

Computer Name: ACER-399B23EC8F | User Name: K | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found -- C:\WINDOWS\2115398467:3163875713.exe
PRC - [2011/09/29 14:22:20 | 000,582,656 | ---- | M] (OldTimer Tools) -- D:\Cleanup\OTL.exe
PRC - [2011/09/25 14:37:43 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.69\GoogleCrashHandler.exe
PRC - [2011/08/08 18:28:02 | 000,977,408 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
PRC - [2011/06/08 12:12:40 | 001,834,280 | ---- | M] (Dassault Systèmes SolidWorks Corp.) -- C:\Program Files\Common Files\SolidWorks Installation Manager\BackgroundDownloading\sldBgDwld.exe
PRC - [2011/05/25 13:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\K\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2011/05/04 08:30:42 | 000,034,728 | ---- | M] (Arainia Solutions) -- C:\Program Files\Gizmo\gservice.exe
PRC - [2011/05/04 08:30:41 | 000,223,640 | ---- | M] (Arainia Solutions) -- C:\Program Files\Gizmo\gizmo.exe
PRC - [2011/04/13 17:03:02 | 000,089,864 | ---- | M] (Mentor Graphics Corporation) -- C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe
PRC - [2011/03/21 14:10:00 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/10/06 19:57:42 | 000,071,432 | ---- | M] (Mentor Graphics Corporation) -- C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation (2)\binCFW\StandAloneSlv.exe
PRC - [2010/08/19 15:23:10 | 003,069,192 | ---- | M] (TechSmith Corporation) -- C:\Program Files\TechSmith\Jing\Jing.exe
PRC - [2010/03/23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2009/06/25 17:30:36 | 000,565,248 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\AcerVCM.exe
PRC - [2009/05/08 15:09:42 | 000,607,584 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2009/02/13 23:37:32 | 004,142,080 | ---- | M] () -- C:\Program Files\Qlock\qlock.exe
PRC - [2009/01/31 11:26:09 | 007,300,392 | ---- | M] (Dassault Systèmes SolidWorks Corp.) -- C:\Program Files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe
PRC - [2008/07/03 15:58:22 | 000,094,208 | ---- | M] (sonix) -- C:\WINDOWS\PLFSetL.exe
PRC - [2008/04/15 17:54:42 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/04/15 17:54:40 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/04/14 05:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2011/09/29 10:28:22 | 000,053,248 | ---- | M] () -- C:\WINDOWS\system32\6to4v32.dll
MOD - [2011/09/29 10:28:19 | 000,037,376 | ---- | M] () -- C:\WINDOWS\system32\inetsw32.dll
MOD - [2011/08/10 14:13:39 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\77df2cd21a5b85a1605b335aa9ad9d44\System.Configuration.ni.dll
MOD - [2011/08/10 05:59:37 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\10154dcad2d62f226af2fd4211460a4b\System.Xml.ni.dll
MOD - [2011/08/10 05:59:12 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d00cc387e462e4c3cdcd112b137cac87\System.Windows.Forms.ni.dll
MOD - [2011/08/10 05:58:08 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7ed09623172a292eaee51e2e3bcaf784\System.Drawing.ni.dll
MOD - [2011/08/10 05:55:45 | 000,539,648 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\b7795999cc67f3a6cec40f5b24005e00\PresentationFramework.Luna.ni.dll
MOD - [2011/08/10 05:55:32 | 014,328,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\704556e34128441ea9f1a81cc89f8a79\PresentationFramework.ni.dll
MOD - [2011/08/10 05:53:55 | 012,215,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\5f332c48d03eca57419c4f0e884092ee\PresentationCore.ni.dll
MOD - [2011/08/10 05:52:42 | 003,325,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\fd6e0cd6f124a6d041ef1b4c9a5f080b\WindowsBase.ni.dll
MOD - [2011/08/10 05:52:11 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e6c79e1d71b0c9000afd7e5e439b5c54\System.ni.dll
MOD - [2011/06/21 18:50:36 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2011/05/04 08:30:42 | 000,404,384 | ---- | M] () -- C:\Program Files\Gizmo\gdatabase.dll
MOD - [2011/05/04 08:30:42 | 000,394,656 | ---- | M] () -- C:\Program Files\Gizmo\gdrive.dll
MOD - [2011/05/04 08:30:42 | 000,372,632 | ---- | M] () -- C:\Program Files\Gizmo\ghash.dll
MOD - [2011/05/04 08:30:42 | 000,339,864 | ---- | M] () -- C:\Program Files\Gizmo\gscript.dll
MOD - [2011/05/04 08:30:42 | 000,339,864 | ---- | M] () -- C:\Program Files\Gizmo\geditor.dll
MOD - [2011/05/04 08:30:41 | 000,315,800 | ---- | M] () -- C:\Program Files\Gizmo\gmanager.dll
MOD - [2011/05/04 08:30:41 | 000,166,816 | ---- | M] () -- C:\Program Files\Gizmo\gimage.dll
MOD - [2011/04/19 12:39:46 | 000,315,392 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libtidy.dll
MOD - [2011/04/19 12:39:44 | 000,433,664 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libxml2.dll
MOD - [2011/03/21 14:10:36 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/03/21 14:10:00 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2010/08/19 15:23:08 | 000,969,480 | ---- | M] () -- C:\Program Files\TechSmith\Jing\Recorder.dll
MOD - [2010/06/03 13:46:00 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010/03/24 21:17:36 | 008,794,464 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/03/23 13:26:48 | 000,201,512 | ---- | M] () -- C:\WINDOWS\system32\vpnapi.dll
MOD - [2010/03/15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2010/01/30 02:41:12 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2009/12/20 18:42:16 | 000,176,235 | ---- | M] () -- C:\WINDOWS\system32\Primomonnt.dll
MOD - [2009/05/08 15:08:42 | 002,854,976 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll
MOD - [2009/05/08 15:06:38 | 000,069,697 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2009/02/13 23:37:32 | 004,142,080 | ---- | M] () -- C:\Program Files\Qlock\qlock.exe
MOD - [2008/06/20 09:02:47 | 000,245,248 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/04/14 05:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/04/14 05:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/09/29 10:28:22 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\6to4v32.dll -- (6to4)
SRV - [2011/09/29 10:28:19 | 000,220,160 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\WINDOWS\system32\intelw32.dll -- (intelpower)
SRV - [2011/07/18 23:19:56 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/05/04 08:30:42 | 000,034,728 | ---- | M] (Arainia Solutions) [Auto | Running] -- C:\Program Files\Gizmo\gservice.exe -- (Gizmo Central)
SRV - [2011/04/13 17:03:02 | 000,089,864 | ---- | M] (Mentor Graphics Corporation) [Auto | Running] -- C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe -- (Remote Solver for Flow Simulation 2011)
SRV - [2010/12/09 11:07:10 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2010/12/02 06:18:32 | 000,087,336 | ---- | M] (Dassault Systèmes SolidWorks Corp.) [On_Demand | Stopped] -- C:\Program Files\SolidWorks Corp\SolidWorks (2)\swScheduler\DTSCoordinatorService.exe -- (CoordinatorServiceHost)
SRV - [2010/10/06 19:57:42 | 000,071,432 | ---- | M] (Mentor Graphics Corporation) [Auto | Running] -- C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation (2)\binCFW\StandAloneSlv.exe -- (Remote Solver for Flow Simulation 2010)
SRV - [2010/03/25 10:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/03/23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2009/02/05 08:14:56 | 000,237,568 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Program Files\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2008/04/15 17:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2005/09/23 07:01:16 | 002,799,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80)

========== Driver Services (SafeList) ==========

DRV - [2011/07/22 09:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Documents and Settings\K\Local Settings\Temp\SAS_SelfExtract\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 14:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Documents and Settings\K\Local Settings\Temp\SAS_SelfExtract\saskutil.sys -- (SASKUTIL)
DRV - [2011/05/04 08:30:46 | 000,025,488 | ---- | M] (Arainia Solutions LLC) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\gizmodrv.sys -- (GizmoDrv)
DRV - [2010/03/23 13:15:36 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2009/06/21 21:59:26 | 001,574,112 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2009/05/10 22:01:30 | 000,056,992 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2009/05/06 18:15:38 | 001,759,744 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2009/04/15 03:13:34 | 000,991,136 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2009/03/01 22:03:48 | 000,038,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)
DRV - [2009/02/24 01:49:44 | 005,032,448 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/02/18 02:46:56 | 000,534,312 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2008/11/16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2008/08/05 05:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2007/11/14 19:05:16 | 000,394,952 | ---- | M] (Zone Labs, LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2007/01/18 20:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/11/02 06:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)
DRV - [2006/01/04 00:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...04wu45w8812314o
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...04wu45w8812314o

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...04wu45w8812314o
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...04wu45w8812314o
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {E0B8C461-F8FB-49b4-8373-FE32E9252800}:4.0.0.155231
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
FF - prefs.js..extensions.enabledItems: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}:2.3.1
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7550
FF - prefs.js..extensions.enabledItems: [email protected]:1.9
FF - prefs.js..extensions.enabledItems: {f759ca51-3a91-4dd1-ae78-9db5eee9ebf0}:5.6.9

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\K\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\K\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\K\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Documents and Settings\K\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\K\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/08/24 05:27:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/04/13 22:47:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/04/13 22:47:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/29 08:25:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/29 08:25:55 | 000,000,000 | ---D | M]

[2010/08/24 02:06:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\K\Application Data\Mozilla\Extensions
[2011/09/29 11:53:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\K\Application Data\Mozilla\Firefox\Profiles\tjyi1aio.default\extensions
[2011/08/12 18:05:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\K\Application Data\Mozilla\Firefox\Profiles\tjyi1aio.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/08/12 18:05:05 | 000,000,000 | ---D | M] (Delicious Bookmarks) -- C:\Documents and Settings\K\Application Data\Mozilla\Firefox\Profiles\tjyi1aio.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2011/08/12 18:05:05 | 000,000,000 | ---D | M] (FireFTP) -- C:\Documents and Settings\K\Application Data\Mozilla\Firefox\Profiles\tjyi1aio.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2011/08/12 18:05:07 | 000,000,000 | ---D | M] (Evernote Web Clipper) -- C:\Documents and Settings\K\Application Data\Mozilla\Firefox\Profiles\tjyi1aio.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}
[2011/08/14 14:28:33 | 000,000,000 | ---D | M] (UnMHT) -- C:\Documents and Settings\K\Application Data\Mozilla\Firefox\Profiles\tjyi1aio.default\extensions\{f759ca51-3a91-4dd1-ae78-9db5eee9ebf0}
[2011/08/14 14:28:34 | 000,000,000 | ---D | M] (Readability) -- C:\Documents and Settings\K\Application Data\Mozilla\Firefox\Profiles\tjyi1aio.default\extensions\[email protected]
[2011/09/29 08:36:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/06/29 06:22:52 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/08/26 15:38:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/04/13 22:47:03 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO
[2011/04/13 22:47:04 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA
[2010/08/24 05:27:06 | 000,000,000 | ---D | M] (Google Gears) -- C:\PROGRAM FILES\GOOGLE\GOOGLE GEARS\FIREFOX
[2010/08/26 15:38:33 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/08/26 15:38:33 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/05/16 16:52:28 | 000,258,560 | ---- | M] (Dassault Systèmes SolidWorks Corp.) -- C:\Program Files\mozilla firefox\plugins\npEModelPlugin.dll

Hosts file not found
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\Drivers\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PLFSetL] C:\WINDOWS\PLFSetL.exe (sonix)
O4 - HKLM..\Run: [snp2uvc] C:\WINDOWS\System32\csnp2uvc.dll ( )
O4 - HKLM..\Run: [SolidWorks_CheckForUpdates] C:\Program Files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe (Dassault Systèmes SolidWorks Corp.)
O4 - HKCU..\Run: [GizmoDriveDelegate] C:\Program Files\Gizmo\gizmo.exe (Arainia Solutions)
O4 - HKCU..\Run: [Jing] C:\Program Files\TechSmith\Jing\Jing.exe (TechSmith Corporation)
O4 - HKLM..\RunOnce: [*dnsdevcab.exe] C:\Documents and Settings\K\Start Menu\Programs\Startup\dnsdevcab.exe (©if systems)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acer VCM.lnk = C:\Program Files\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Gizmo.lnk = C:\Program Files\Gizmo\gizmo.exe (Arainia Solutions)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SolidWorks Background Downloader.lnk = C:\Program Files\Common Files\SolidWorks Installation Manager\BackgroundDownloading\sldBgDwld.exe (Dassault Systèmes SolidWorks Corp.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\Icon3E5562ED7.ico ()
O4 - Startup: C:\Documents and Settings\K\Start Menu\Programs\Startup\dnsdevcab.exe (©if systems)
O4 - Startup: C:\Documents and Settings\K\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\K\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Documents and Settings\K\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O4 - Startup: C:\Documents and Settings\K\Start Menu\Programs\Startup\qlock.lnk = C:\Program Files\Qlock\qlock.exe ()
O4 - Startup: C:\Documents and Settings\K\Start Menu\Programs\Startup\Zentom System Guard.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -Explorer.exe ()
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\inetsw32: DllName - (inetsw32.dll) - C:\WINDOWS\System32\inetsw32.dll ()
O20 - Winlogon\Notify\intelworks: DllName - (inetsw32.dll) - C:\WINDOWS\System32\inetsw32.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\K\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\K\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/31 23:55:07 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{2d254dc1-220f-11e0-9935-00262268679d}\Shell - "" = AutoRun
O33 - MountPoints2\{2d254dc1-220f-11e0-9935-00262268679d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2d254dc1-220f-11e0-9935-00262268679d}\Shell\AutoRun\command - "" = D:\MI.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

File not found -- C:\WINDOWS\System32\
[2011/09/29 11:21:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/09/29 11:21:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/09/29 10:14:15 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\K\Recent
[2011/09/29 10:02:49 | 000,000,000 | ---D | C] -- C:\MGtools
[2011/09/29 09:53:11 | 000,171,520 | ---- | C] (©if systems) -- C:\Documents and Settings\K\Start Menu\Programs\Startup\dnsdevcab.exe
[2011/09/29 08:28:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\K\Application Data\SUPERAntiSpyware.com
[2011/09/29 08:28:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/09/28 12:51:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\K\Start Menu\Programs\Zentom System Guard
[2011/09/11 20:10:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\K\Application Data\SolidWorks 2010
[2010/08/22 13:06:54 | 000,196,608 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll
[2010/08/22 06:51:46 | 000,225,280 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll
[2009/08/01 00:35:00 | 000,049,152 | ---- | C] ( ) -- C:\WINDOWS\Interop.IWshRuntimeLibrary.dll
[15 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

File not found -- C:\WINDOWS\System32\
[2011/09/29 13:48:06 | 000,000,962 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3207847200-596957751-681764103-1005UA.job
[2011/09/29 13:42:07 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/29 12:23:25 | 000,027,754 | ---- | M] () -- C:\MGlogs.zip
[2011/09/29 10:57:46 | 000,437,616 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/09/29 10:57:46 | 000,069,676 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/09/29 10:52:59 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2011/09/29 10:52:39 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/29 10:52:35 | 000,000,000 | ---- | M] () -- C:\WINDOWS\2115398467
[2011/09/29 10:52:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/29 10:52:32 | 1063,194,624 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/29 10:28:22 | 000,053,248 | ---- | M] () -- C:\WINDOWS\System32\6to4v32.dll
[2011/09/29 10:28:19 | 000,037,376 | ---- | M] () -- C:\WINDOWS\System32\inetsw32.dll
[2011/09/29 10:24:51 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\{2521BB91-29B1-4d7e-9137-AC9875D77735}
[2011/09/29 10:20:10 | 002,170,570 | ---- | M] () -- C:\Documents and Settings\K\My Documents\cc_20110929_101851.reg
[2011/09/29 09:53:11 | 000,171,520 | ---- | M] (©if systems) -- C:\Documents and Settings\K\Start Menu\Programs\Startup\dnsdevcab.exe
[2011/09/29 08:28:00 | 017,217,688 | ---- | M] () -- C:\Documents and Settings\K\Desktop\SAS_09216917.COM
[2011/09/29 08:19:56 | 002,420,346 | ---- | M] () -- C:\MGtools.exe
[2011/09/29 08:19:56 | 002,420,346 | ---- | M] () -- C:\Documents and Settings\K\Desktop\MGtools.exe
[2011/09/29 08:03:37 | 000,001,117 | ---- | M] () -- C:\Documents and Settings\K\Application Data\Microsoft\Internet Explorer\Quick Launch\Zentom System Guard.lnk
[2011/09/29 08:03:36 | 000,001,151 | ---- | M] () -- C:\Documents and Settings\K\Start Menu\Programs\Startup\Zentom System Guard.lnk
[2011/09/29 08:03:34 | 000,001,139 | ---- | M] () -- C:\Documents and Settings\K\Desktop\Zentom System Guard.lnk
[2011/09/29 07:47:36 | 009,851,496 | ---- | M] () -- C:\mdsbdsam-setup.exe
[2011/09/29 07:47:36 | 009,851,496 | ---- | M] () -- C:\Documents and Settings\K\Desktop\mdsbdsam-setup.exe
[2011/09/28 17:43:26 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/09/28 13:36:20 | 000,000,624 | ---- | M] () -- C:\Documents and Settings\K\Desktop\AVPFind.bat.htm
[2011/09/28 13:30:45 | 001,008,092 | ---- | M] () -- C:\Documents and Settings\K\Desktop\rkill.exe
[2011/09/25 21:48:00 | 000,000,910 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3207847200-596957751-681764103-1005Core.job
[2011/09/23 11:04:45 | 000,000,686 | ---- | M] () -- C:\Documents and Settings\K\Desktop\Shortcut to Opti 597 - Technical Writing.lnk
[2011/09/16 10:48:16 | 000,000,591 | ---- | M] () -- C:\Documents and Settings\K\Desktop\Shortcut to Goodrich.lnk
[2011/09/16 09:28:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/09/15 10:10:12 | 000,002,453 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SolidWorks 2010.lnk
[2011/09/12 01:10:21 | 000,000,625 | ---- | M] () -- C:\WINDOWS\solvermfc.INI
[2011/09/11 20:22:09 | 134,302,870 | ---- | M] () -- C:\Documents and Settings\K\Desktop\1659_Huge_in_a_Hurry.pdf
[15 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/29 12:23:12 | 009,851,496 | ---- | C] () -- C:\mdsbdsam-setup.exe
[2011/09/29 12:23:12 | 002,420,346 | ---- | C] () -- C:\MGtools.exe
[2011/09/29 10:28:22 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\6to4v32.dll
[2011/09/29 10:28:19 | 000,037,376 | ---- | C] () -- C:\WINDOWS\System32\inetsw32.dll
[2011/09/29 10:24:51 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\{2521BB91-29B1-4d7e-9137-AC9875D77735}
[2011/09/29 10:19:18 | 002,170,570 | ---- | C] () -- C:\Documents and Settings\K\My Documents\cc_20110929_101851.reg
[2011/09/29 10:08:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\2115398467
[2011/09/29 10:02:52 | 000,027,754 | ---- | C] () -- C:\MGlogs.zip
[2011/09/29 10:02:43 | 002,420,346 | ---- | C] () -- C:\Documents and Settings\K\Desktop\MGtools.exe
[2011/09/29 10:02:38 | 009,851,496 | ---- | C] () -- C:\Documents and Settings\K\Desktop\mdsbdsam-setup.exe
[2011/09/29 08:27:27 | 017,217,688 | ---- | C] () -- C:\Documents and Settings\K\Desktop\SAS_09216917.COM
[2011/09/28 13:36:13 | 000,000,624 | ---- | C] () -- C:\Documents and Settings\K\Desktop\AVPFind.bat.htm
[2011/09/28 13:30:42 | 001,008,092 | ---- | C] () -- C:\Documents and Settings\K\Desktop\rkill.exe
[2011/09/28 12:51:34 | 000,001,151 | ---- | C] () -- C:\Documents and Settings\K\Start Menu\Programs\Startup\Zentom System Guard.lnk
[2011/09/28 12:51:34 | 000,001,139 | ---- | C] () -- C:\Documents and Settings\K\Desktop\Zentom System Guard.lnk
[2011/09/28 12:51:34 | 000,001,117 | ---- | C] () -- C:\Documents and Settings\K\Application Data\Microsoft\Internet Explorer\Quick Launch\Zentom System Guard.lnk
[2011/09/23 11:04:45 | 000,000,686 | ---- | C] () -- C:\Documents and Settings\K\Desktop\Shortcut to Opti 597 - Technical Writing.lnk
[2011/09/11 20:28:42 | 000,000,625 | ---- | C] () -- C:\WINDOWS\solvermfc.INI
[2011/09/11 20:13:41 | 134,302,870 | ---- | C] () -- C:\Documents and Settings\K\Desktop\1659_Huge_in_a_Hurry.pdf
[2011/02/10 19:28:31 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/12/09 11:18:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\eDrawingOfficeAutomator.INI
[2010/10/17 22:04:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\yap.INI
[2010/09/16 11:41:58 | 000,957,904 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/09/03 12:03:54 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2010/09/02 15:53:10 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/25 02:31:38 | 000,083,108 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/08/24 15:30:06 | 000,009,216 | ---- | C] () -- C:\Documents and Settings\K\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/24 02:05:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/08/22 13:06:54 | 001,759,744 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2010/08/22 13:06:54 | 000,028,544 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys
[2010/08/22 13:06:53 | 000,000,323 | ---- | C] () -- C:\WINDOWS\PidList.ini
[2010/03/23 13:26:48 | 000,201,512 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2010/03/23 13:17:40 | 000,197,416 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2009/12/20 18:42:18 | 000,000,314 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2009/08/01 03:01:06 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/08/01 01:48:57 | 000,090,772 | ---- | C] () -- C:\WINDOWS\System32\drivers\RtConvEQ.DAT
[2009/08/01 01:48:57 | 000,000,536 | ---- | C] () -- C:\WINDOWS\System32\drivers\RtHdatEx.dat
[2009/08/01 01:48:57 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTEQEX2.dat
[2009/08/01 01:48:57 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTEQEX1.dat
[2009/08/01 01:48:57 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTEQEX0.dat
[2009/08/01 01:48:57 | 000,000,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTHDAEQ0.dat
[2009/08/01 01:48:57 | 000,000,164 | ---- | C] () -- C:\WINDOWS\System32\drivers\SamSfPa.dat
[2009/08/01 01:48:57 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\rtkhdaud.dat
[2009/08/01 01:48:01 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009/08/01 00:34:51 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009/08/01 00:34:50 | 000,437,616 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2009/08/01 00:34:50 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2009/08/01 00:34:50 | 000,069,676 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2009/08/01 00:34:50 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2009/08/01 00:34:50 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2009/08/01 00:34:49 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2009/08/01 00:34:49 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2009/08/01 00:34:48 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2009/08/01 00:34:48 | 000,049,156 | ---- | C] () -- C:\WINDOWS\System32\certstore.dat
[2009/08/01 00:34:48 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2009/08/01 00:34:44 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2009/08/01 00:34:42 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2009/07/31 23:58:22 | 000,032,768 | ---- | C] () -- C:\WINDOWS\AMove.exe
[2009/07/31 23:58:22 | 000,007,003 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2009/07/31 23:57:06 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/07/31 23:52:54 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/07/31 23:51:59 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2009/07/31 16:49:29 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/07/31 16:48:41 | 000,368,096 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/05/08 15:08:42 | 002,854,976 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2009/02/24 19:20:23 | 000,020,480 | ---- | C] () -- C:\WINDOWS\LauncheRyDiscCalc.exe
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== LOP Check ==========

[2011/05/25 11:12:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DassaultSystemes
[2009/08/01 02:33:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eSobi
[2010/08/24 16:05:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/08/22 13:14:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\.BitTornado
[2009/08/01 02:35:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Acer
[2009/08/01 02:07:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Acer GameZone Console
[2011/01/08 12:30:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\calibre
[2011/05/25 11:12:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\DassaultSystemes
[2011/09/29 10:53:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Dropbox
[2011/01/02 15:42:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\FreeOrion
[2011/05/04 08:30:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Gizmo
[2011/09/29 10:52:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\IM
[2011/03/02 20:18:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2010/10/14 06:58:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\MuPAD
[2010/11/24 22:25:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Paltalk
[2011/04/09 23:19:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\PrimoPDF
[2010/11/24 19:47:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Qlock
[2009/08/01 02:25:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Super-Cow

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 816 bytes -> C:\WINDOWS\2115398467:3163875713.exe

< End of report >

#2
Ksavvy

Posted 01 October 2011 - 10:26 AM

Member

Topic Starter
Member
32 posts

BTW, I did go through the Malware Removal Won't Run Tutorial, and although i can get one of the rkill programs to run, i still cannot install, mbam and Super antispyware gets killed about 30 seconds into a scan.

I have root repeal that i can run and save a log of if that will help.

Thanks again.

#3
michaelg9

Posted 02 October 2011 - 12:22 PM

Trusted Helper

Malware Removal
2,949 posts

. I'm Michael and I'm going to help you fix your computer :yes:

Note: Before we start the process you should:

POST your logs, don't attach them, as it makes it harder to read. Also please don't edit any log in any case
Disable ANY programs that offer real-time protection features while executing my instructions. That includes your antivirus, antispyware, windows defender or any other program that offers protection. When you're clean or waiting for my next set of instructions, re-enable them .If you need any help disabling them, ask.
Topics that are idle for 4 days after I post instructions will be closed, unless I'm notified of the delay.
Last, as most of the tools we use here need administrative rights in order to function properly, I expect that you will be running them from an administrator account.

You are infected with ZeroAccess rootkit

Warning!!
You have an information stealing trojan installed on your computer.
Backdoor Trojans, IRCBots, keyloggers and Infostealers are very dangerous because they provide a way of accessing a computer system that bypasses security mechanisms and can steal sensitive information like passwords, personal and financial data which they send back to the hacker. Remote attackers use backdoor Trojans as part of an exploit to to gain unauthorized access to a computer and take control of it without your knowledge.

If your computer was used for online banking, has credit card information or other sensitive data on it, I suggest you do the following.

All passwords should be changed to include those used for banking, email, eBay and forums. You should consider them to be compromised. They should be changed using a different computer and not the infected one. If you use the infected computer, an attacker may get the new passwords and transaction information.
Banking and credit card institutions should be notified of the possible security breach.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

Next:

Download Combofix from any of the links below but rename it to explorer.com before saving it to your Desktop.

Link 1
Link 2
Link 3

==================================

Click Start --> Run, and enter this command exactly as shown:

"%userprofile%\desktop\explorer.com" /killall

When finished, it will produce a report for you.
Please post the C:\ComboFix.txt so we can continue cleaning the system.

Next:

Download the latest version of TDSSKiller from here and save it to your Desktop.

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
Click the Start Scan button.
If a suspicious object is detected, the default action will be Skip, click on Continue.
If malicious objects are found, they will show in the Scan results and offer three (3) options.
Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

OTL Custom Scan

Download OTL to your Desktop
Double click on the icon to run it.
Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top, make sure Stadard output is selected.
Select Scan all users
Under Extra Registry select Use Safelist
Check the boxes beside LOP Check and Purity Check.
Under the Custom Scans/Fixes box copy and paste this in:

netsvcs
%SYSTEMDRIVE%\*.exe
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT
Click the button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open OTL.Txt and Extras.txt in Notepad windows.
Please copy (Edit->Select All, Edit->Copy) the contents of these files and post them with your next reply.

#4
Ksavvy

Posted 02 October 2011 - 04:04 PM

Member

Topic Starter
Member
32 posts

Thank you for your help.

I ran Combofix as instructed. After 1 reboot and many alerts about corrupt files and suggestions of running chkdsk utility while combofix was running, the computer rebooted again.

Now there is a cmd window saying: "Preparing Log Report. Do not run any programs until Combofix has finished." but since it has been like that for a good 20 minutes, i assume it is hanging.

Should i leave it or should i attempt to run the program again? There is no log as of yet for me to post from combofix

Thank you again for your help.

#5
Ksavvy

Posted 02 October 2011 - 06:24 PM

Member

Topic Starter
Member
32 posts

So I ran Combofix again and it went much faster, but had the same hangup on the log creation for a while before it closed on its own from some error. I found a 1kb log file in the C:\ComboFix\Combofix.txt file that i am attaching below. I am also attaching the TDSSK log and the OTL scan logs.

Thanks.

ComboFix 11-10-02.03 - K 10/02/2011 16:09:10.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.533 [GMT -7:00]
Running from: C:\Documents and Settings\K\Desktop\ComboFix.exe
Command switches used :: /killall

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

16:32:47.0843 5532 TDSS rootkit removing tool 2.6.2.0 Sep 26 2011 18:56:43
16:32:47.0875 5532 ============================================================
16:32:47.0875 5532 Current date / time: 2011/10/02 16:32:47.0875
16:32:47.0875 5532 SystemInfo:
16:32:47.0875 5532
16:32:47.0875 5532 OS Version: 5.1.2600 ServicePack: 3.0
16:32:47.0875 5532 Product type: Workstation
16:32:47.0875 5532 ComputerName: ACER-399B23EC8F
16:32:47.0875 5532 UserName: K
16:32:47.0875 5532 Windows directory: C:\WINDOWS
16:32:47.0875 5532 System windows directory: C:\WINDOWS
16:32:47.0875 5532 Processor architecture: Intel x86
16:32:47.0875 5532 Number of processors: 2
16:32:47.0875 5532 Page size: 0x1000
16:32:47.0875 5532 Boot type: Normal boot
16:32:47.0875 5532 ============================================================
16:32:48.0640 5532 Initialize success
16:33:16.0265 5808 ============================================================
16:33:16.0265 5808 Scan started
16:33:16.0265 5808 Mode: Manual; SigCheck; TDLFS;
16:33:16.0265 5808 ============================================================
16:33:16.0609 5808 Abiosdsk - ok
16:33:16.0671 5808 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
16:33:18.0468 5808 abp480n5 - ok
16:33:18.0656 5808 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:33:18.0984 5808 ACPI - ok
16:33:19.0187 5808 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
16:33:19.0421 5808 ACPIEC - ok
16:33:19.0625 5808 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
16:33:19.0921 5808 adpu160m - ok
16:33:20.0140 5808 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
16:33:20.0359 5808 aec - ok
16:33:20.0421 5808 AFD (14b028c2d9403272bdd0b19ba9573435) C:\WINDOWS\System32\drivers\afd.sys
16:33:20.0468 5808 AFD ( UnsignedFile.Multi.Generic ) - warning
16:33:20.0468 5808 AFD - detected UnsignedFile.Multi.Generic (1)
16:33:20.0625 5808 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
16:33:20.0937 5808 agp440 - ok
16:33:20.0984 5808 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
16:33:21.0328 5808 agpCPQ - ok
16:33:21.0484 5808 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
16:33:21.0578 5808 Aha154x - ok
16:33:21.0609 5808 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
16:33:21.0828 5808 aic78u2 - ok
16:33:22.0000 5808 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
16:33:22.0234 5808 aic78xx - ok
16:33:22.0281 5808 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
16:33:22.0515 5808 AliIde - ok
16:33:22.0703 5808 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
16:33:22.0906 5808 alim1541 - ok
16:33:23.0203 5808 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys
16:33:23.0453 5808 Ambfilt - ok
16:33:23.0640 5808 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
16:33:23.0859 5808 amdagp - ok
16:33:24.0062 5808 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
16:33:24.0218 5808 amsint - ok
16:33:24.0484 5808 AR5416 (41074707ba49d02e240c7b960217aabe) C:\WINDOWS\system32\DRIVERS\athw.sys
16:33:24.0609 5808 AR5416 - ok
16:33:24.0796 5808 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
16:33:25.0093 5808 asc - ok
16:33:25.0281 5808 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
16:33:25.0359 5808 asc3350p - ok
16:33:25.0390 5808 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
16:33:25.0593 5808 asc3550 - ok
16:33:25.0796 5808 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:33:26.0062 5808 AsyncMac - ok
16:33:26.0109 5808 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
16:33:26.0390 5808 atapi - ok
16:33:26.0531 5808 Atdisk - ok
16:33:26.0578 5808 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:33:26.0812 5808 Atmarpc - ok
16:33:26.0968 5808 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
16:33:27.0250 5808 audstub - ok
16:33:27.0421 5808 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
16:33:27.0625 5808 Beep - ok
16:33:27.0718 5808 btaudio (2c04f295f7f40eb46f7accd3f6cdef4a) C:\WINDOWS\system32\drivers\btaudio.sys
16:33:27.0828 5808 btaudio - ok
16:33:28.0015 5808 BTKRNL (75130181fa2fd6cbe83083c5311abe78) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
16:33:28.0140 5808 BTKRNL - ok
16:33:28.0343 5808 btwhid (c51d50cf24da69a9c499e65b0edb3bb7) C:\WINDOWS\system32\DRIVERS\btwhid.sys
16:33:28.0375 5808 btwhid - ok
16:33:28.0437 5808 BTWUSB - ok
16:33:28.0593 5808 catchme - ok
16:33:28.0781 5808 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
16:33:29.0078 5808 cbidf - ok
16:33:29.0265 5808 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
16:33:29.0468 5808 cbidf2k - ok
16:33:29.0562 5808 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
16:33:29.0796 5808 CCDECODE - ok
16:33:29.0968 5808 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
16:33:30.0046 5808 cd20xrnt - ok
16:33:30.0203 5808 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
16:33:30.0421 5808 Cdaudio - ok
16:33:30.0500 5808 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
16:33:30.0828 5808 Cdfs - ok
16:33:30.0984 5808 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:33:31.0046 5808 Cdrom - ok
16:33:31.0078 5808 Changer - ok
16:33:31.0234 5808 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
16:33:31.0500 5808 CmBatt - ok
16:33:31.0578 5808 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
16:33:31.0796 5808 CmdIde - ok
16:33:31.0937 5808 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
16:33:32.0156 5808 Compbatt - ok
16:33:32.0296 5808 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
16:33:32.0546 5808 Cpqarray - ok
16:33:32.0703 5808 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
16:33:32.0750 5808 CVirtA - ok
16:33:32.0828 5808 CVPNDRVA (18994842386fd3039279d7865740abbd) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
16:33:32.0859 5808 CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning
16:33:32.0859 5808 CVPNDRVA - detected UnsignedFile.Multi.Generic (1)
16:33:33.0046 5808 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
16:33:33.0328 5808 dac2w2k - ok
16:33:33.0359 5808 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
16:33:33.0562 5808 dac960nt - ok
16:33:33.0796 5808 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
16:33:34.0015 5808 Disk - ok
16:33:34.0125 5808 DKbFltr (08d30af92c270f2e76787c81589dbad6) C:\WINDOWS\system32\DRIVERS\DKbFltr.sys
16:33:34.0171 5808 DKbFltr - ok
16:33:34.0375 5808 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
16:33:34.0656 5808 dmboot - ok
16:33:34.0843 5808 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
16:33:35.0062 5808 dmio - ok
16:33:35.0250 5808 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
16:33:35.0468 5808 dmload - ok
16:33:35.0578 5808 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
16:33:35.0859 5808 DMusic - ok
16:33:36.0046 5808 DNE (b5aa5aa5ac327bd7c1aec0c58f0c1144) C:\WINDOWS\system32\DRIVERS\dne2000.sys
16:33:36.0062 5808 DNE - ok
16:33:36.0125 5808 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
16:33:36.0359 5808 dpti2o - ok
16:33:36.0468 5808 DritekPortIO (5c918d413f5837e67a85775c9873775e) C:\PROGRA~1\LAUNCH~1\DPortIO.sys
16:33:36.0500 5808 DritekPortIO - ok
16:33:36.0671 5808 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
16:33:37.0000 5808 drmkaud - ok
16:33:37.0234 5808 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
16:33:37.0437 5808 Fastfat - ok
16:33:37.0500 5808 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
16:33:37.0703 5808 Fdc - ok
16:33:37.0890 5808 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
16:33:38.0109 5808 Fips - ok
16:33:38.0296 5808 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
16:33:38.0593 5808 Flpydisk - ok
16:33:38.0656 5808 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
16:33:38.0875 5808 FltMgr - ok
16:33:39.0125 5808 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:33:39.0406 5808 Fs_Rec - ok
16:33:39.0468 5808 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:33:39.0671 5808 Ftdisk - ok
16:33:39.0906 5808 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
16:33:39.0921 5808 GEARAspiWDM - ok
16:33:39.0968 5808 GizmoDrv (e48da656df32eda6e5b9d06e3d410b49) C:\WINDOWS\system32\drivers\GizmoDrv.sys
16:33:40.0000 5808 GizmoDrv - ok
16:33:40.0203 5808 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:33:40.0500 5808 Gpc - ok
16:33:40.0609 5808 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
16:33:40.0953 5808 HDAudBus - ok
16:33:41.0171 5808 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:33:41.0375 5808 HidUsb - ok
16:33:41.0500 5808 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
16:33:41.0703 5808 hpn - ok
16:33:41.0906 5808 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
16:33:41.0968 5808 HTTP - ok
16:33:42.0203 5808 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
16:33:42.0500 5808 i2omgmt - ok
16:33:42.0562 5808 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
16:33:42.0765 5808 i2omp - ok
16:33:42.0937 5808 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:33:43.0140 5808 i8042prt - ok
16:33:43.0578 5808 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
16:33:44.0109 5808 ialm - ok
16:33:44.0296 5808 iaStor (db0cc620b27a928d968c1a1e9cd9cb87) C:\WINDOWS\system32\drivers\iaStor.sys
16:33:44.0343 5808 iaStor - ok
16:33:44.0531 5808 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
16:33:44.0750 5808 Imapi - ok
16:33:44.0906 5808 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
16:33:45.0109 5808 ini910u - ok
16:33:45.0343 5808 IntcAzAudAddService (cb1113029fae50c685198eabd9885161) C:\WINDOWS\system32\drivers\RtkHDAud.sys
16:33:45.0843 5808 IntcAzAudAddService - ok
16:33:46.0046 5808 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
16:33:46.0359 5808 IntelIde - ok
16:33:46.0421 5808 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
16:33:46.0640 5808 intelppm - ok
16:33:46.0812 5808 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
16:33:47.0015 5808 Ip6Fw - ok
16:33:47.0203 5808 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:33:47.0406 5808 IpFilterDriver - ok
16:33:47.0625 5808 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:33:47.0890 5808 IpInIp - ok
16:33:48.0109 5808 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:33:48.0312 5808 IpNat - ok
16:33:48.0500 5808 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:33:48.0796 5808 IPSec - ok
16:33:49.0000 5808 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
16:33:49.0093 5808 IRENUM - ok
16:33:49.0250 5808 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:33:49.0515 5808 isapnp - ok
16:33:49.0593 5808 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:33:49.0796 5808 Kbdclass - ok
16:33:49.0953 5808 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
16:33:50.0156 5808 kmixer - ok
16:33:50.0218 5808 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
16:33:50.0296 5808 KSecDD - ok
16:33:50.0453 5808 L1c (6c8658587e91ea25b0fd2e71781ad228) C:\WINDOWS\system32\DRIVERS\l1c51x86.sys
16:33:50.0515 5808 L1c - ok
16:33:50.0562 5808 lbrtfdc - ok
16:33:50.0750 5808 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
16:33:51.0078 5808 mnmdd - ok
16:33:51.0156 5808 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
16:33:51.0375 5808 Modem - ok
16:33:51.0640 5808 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys
16:33:51.0843 5808 Monfilt - ok
16:33:52.0015 5808 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:33:52.0328 5808 Mouclass - ok
16:33:52.0515 5808 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:33:52.0781 5808 mouhid - ok
16:33:52.0968 5808 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
16:33:53.0156 5808 MountMgr - ok
16:33:53.0359 5808 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
16:33:53.0625 5808 mraid35x - ok
16:33:53.0687 5808 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:33:53.0906 5808 MRxDAV - ok
16:33:54.0187 5808 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:33:54.0296 5808 MRxSmb - ok
16:33:54.0500 5808 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
16:33:54.0812 5808 Msfs - ok
16:33:54.0859 5808 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:33:55.0062 5808 MSKSSRV - ok
16:33:55.0234 5808 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:33:55.0484 5808 MSPCLOCK - ok
16:33:55.0718 5808 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
16:33:56.0000 5808 MSPQM - ok
16:33:56.0078 5808 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:33:56.0406 5808 mssmbios - ok
16:33:56.0562 5808 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
16:33:56.0765 5808 MSTEE - ok
16:33:56.0828 5808 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
16:33:56.0890 5808 Mup - ok
16:33:57.0078 5808 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
16:33:57.0359 5808 NABTSFEC - ok
16:33:57.0562 5808 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
16:33:57.0859 5808 NDIS - ok
16:33:58.0046 5808 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
16:33:58.0234 5808 NdisIP - ok
16:33:58.0296 5808 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:33:58.0312 5808 NdisTapi - ok
16:33:58.0500 5808 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:33:58.0781 5808 Ndisuio - ok
16:33:58.0843 5808 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:33:59.0046 5808 NdisWan - ok
16:33:59.0218 5808 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
16:33:59.0265 5808 NDProxy - ok
16:33:59.0453 5808 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
16:33:59.0718 5808 NetBIOS - ok
16:33:59.0906 5808 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
16:34:00.0109 5808 NetBT - ok
16:34:00.0203 5808 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
16:34:00.0453 5808 Npfs - ok
16:34:00.0625 5808 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
16:34:00.0859 5808 Ntfs - ok
16:34:01.0171 5808 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
16:34:01.0203 5808 NuidFltr - ok
16:34:01.0234 5808 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
16:34:01.0578 5808 Null - ok
16:34:01.0796 5808 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:34:02.0062 5808 NwlnkFlt - ok
16:34:02.0250 5808 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:34:02.0437 5808 NwlnkFwd - ok
16:34:02.0609 5808 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
16:34:02.0890 5808 Parport - ok
16:34:03.0000 5808 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
16:34:03.0187 5808 PartMgr - ok
16:34:03.0390 5808 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
16:34:03.0578 5808 ParVdm - ok
16:34:03.0687 5808 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
16:34:03.0890 5808 PCI - ok
16:34:04.0093 5808 PCIDump - ok
16:34:04.0140 5808 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
16:34:04.0375 5808 PCIIde - ok
16:34:04.0593 5808 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
16:34:04.0796 5808 Pcmcia - ok
16:34:04.0828 5808 PDCOMP - ok
16:34:04.0843 5808 PDFRAME - ok
16:34:04.0859 5808 PDRELI - ok
16:34:04.0875 5808 PDRFRAME - ok
16:34:04.0906 5808 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
16:34:05.0140 5808 perc2 - ok
16:34:05.0312 5808 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
16:34:05.0500 5808 perc2hib - ok
16:34:05.0593 5808 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:34:05.0796 5808 PptpMiniport - ok
16:34:05.0968 5808 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
16:34:06.0171 5808 PSched - ok
16:34:06.0265 5808 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:34:06.0546 5808 Ptilink - ok
16:34:06.0703 5808 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
16:34:06.0718 5808 PxHelp20 - ok
16:34:06.0781 5808 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
16:34:06.0968 5808 ql1080 - ok
16:34:07.0203 5808 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
16:34:07.0484 5808 Ql10wnt - ok
16:34:07.0546 5808 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
16:34:07.0828 5808 ql12160 - ok
16:34:07.0828 5808 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
16:34:08.0031 5808 ql1240 - ok
16:34:08.0203 5808 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
16:34:08.0406 5808 ql1280 - ok
16:34:08.0437 5808 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:34:08.0625 5808 RasAcd - ok
16:34:08.0796 5808 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:34:09.0015 5808 Rasl2tp - ok
16:34:09.0109 5808 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:34:09.0312 5808 RasPppoe - ok
16:34:09.0500 5808 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
16:34:09.0703 5808 Raspti - ok
16:34:09.0828 5808 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:34:10.0140 5808 Rdbss - ok
16:34:10.0296 5808 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:34:10.0484 5808 RDPCDD - ok
16:34:10.0593 5808 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
16:34:10.0843 5808 rdpdr - ok
16:34:11.0187 5808 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
16:34:11.0250 5808 RDPWD - ok
16:34:11.0531 5808 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
16:34:11.0859 5808 redbook - ok
16:34:12.0156 5808 RSUSBSTOR - ok
16:34:12.0187 5808 Rts516xIR - ok
16:34:12.0328 5808 SASDIFSV - ok
16:34:12.0343 5808 SASKUTIL - ok
16:34:12.0578 5808 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:34:12.0781 5808 Secdrv - ok
16:34:12.0984 5808 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
16:34:13.0203 5808 Serial - ok
16:34:13.0296 5808 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
16:34:13.0546 5808 Sfloppy - ok
16:34:13.0703 5808 Simbad - ok
16:34:13.0765 5808 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
16:34:13.0984 5808 sisagp - ok
16:34:14.0250 5808 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
16:34:14.0578 5808 SLIP - ok
16:34:14.0890 5808 SNP2UVC (c792610f7d2009352721c1ae38da0619) C:\WINDOWS\system32\DRIVERS\snp2uvc.sys
16:34:15.0078 5808 SNP2UVC - ok
16:34:15.0281 5808 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
16:34:15.0500 5808 Sparrow - ok
16:34:15.0734 5808 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
16:34:15.0968 5808 splitter - ok
16:34:16.0218 5808 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
16:34:16.0312 5808 sr - ok
16:34:16.0515 5808 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
16:34:16.0625 5808 Srv - ok
16:34:16.0843 5808 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
16:34:17.0109 5808 streamip - ok
16:34:17.0296 5808 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
16:34:17.0500 5808 swenum - ok
16:34:17.0734 5808 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
16:34:18.0015 5808 swmidi - ok
16:34:18.0234 5808 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
16:34:18.0515 5808 symc810 - ok
16:34:18.0734 5808 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
16:34:19.0000 5808 symc8xx - ok
16:34:19.0203 5808 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
16:34:19.0406 5808 sym_hi - ok
16:34:19.0625 5808 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
16:34:19.0890 5808 sym_u3 - ok
16:34:20.0109 5808 SynTP (5c3e900f41426a372de60675afc8aa07) C:\WINDOWS\system32\DRIVERS\SynTP.sys
16:34:20.0140 5808 SynTP - ok
16:34:20.0203 5808 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
16:34:20.0390 5808 sysaudio - ok
16:34:20.0671 5808 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:34:20.0765 5808 Tcpip - ok
16:34:20.0968 5808 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
16:34:21.0187 5808 TDPIPE - ok
16:34:21.0421 5808 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
16:34:21.0703 5808 TDTCP - ok
16:34:21.0906 5808 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
16:34:22.0109 5808 TermDD - ok
16:34:22.0312 5808 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
16:34:22.0546 5808 TosIde - ok
16:34:22.0609 5808 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
16:34:22.0796 5808 Udfs - ok
16:34:22.0968 5808 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
16:34:23.0062 5808 ultra - ok
16:34:23.0296 5808 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
16:34:23.0578 5808 Update - ok
16:34:23.0796 5808 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
16:34:23.0984 5808 usbaudio - ok
16:34:24.0234 5808 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:34:24.0515 5808 usbccgp - ok
16:34:24.0546 5808 USBCCID - ok
16:34:24.0593 5808 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:34:24.0812 5808 usbehci - ok
16:34:25.0000 5808 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:34:25.0187 5808 usbhub - ok
16:34:25.0421 5808 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:34:25.0703 5808 USBSTOR - ok
16:34:25.0781 5808 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
16:34:25.0984 5808 usbuhci - ok
16:34:26.0234 5808 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
16:34:26.0437 5808 usbvideo - ok
16:34:26.0500 5808 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
16:34:26.0765 5808 VgaSave - ok
16:34:26.0921 5808 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
16:34:27.0109 5808 viaagp - ok
16:34:27.0296 5808 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
16:34:27.0562 5808 ViaIde - ok
16:34:27.0703 5808 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
16:34:27.0906 5808 VolSnap - ok
16:34:28.0062 5808 vsdatant (0354ba3a5ba5e28cc247eb5f5dd8793c) C:\WINDOWS\system32\vsdatant.sys
16:34:28.0125 5808 vsdatant - ok
16:34:28.0296 5808 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:34:28.0593 5808 Wanarp - ok
16:34:28.0671 5808 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
16:34:28.0718 5808 Wdf01000 - ok
16:34:28.0906 5808 WDICA - ok
16:34:28.0968 5808 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
16:34:29.0203 5808 wdmaud - ok
16:34:29.0421 5808 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
16:34:29.0609 5808 WmiAcpi - ok
16:34:29.0687 5808 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
16:34:29.0906 5808 WSTCODEC - ok
16:34:29.0984 5808 MBR (0x1B8) (04d4350ae5fb6fc2ad3e7c26b1323c68) \Device\Harddisk0\DR0
16:34:29.0984 5808 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - infected
16:34:29.0984 5808 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
16:34:30.0015 5808 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
16:34:30.0015 5808 \Device\Harddisk0\DR0 - detected TDSS File System (1)
16:34:30.0015 5808 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR3
16:34:32.0484 5808 \Device\Harddisk1\DR3 - ok
16:34:32.0500 5808 Boot (0x1200) (30c5b47a751e97f75229bbf6f716e73c) \Device\Harddisk0\DR0\Partition0
16:34:32.0500 5808 \Device\Harddisk0\DR0\Partition0 - ok
16:34:32.0515 5808 Boot (0x1200) (856a6a028b87e4dc874e2693c1db17ee) \Device\Harddisk1\DR3\Partition0
16:34:32.0515 5808 \Device\Harddisk1\DR3\Partition0 - ok
16:34:32.0515 5808 ============================================================
16:34:32.0515 5808 Scan finished
16:34:32.0515 5808 ============================================================
16:34:32.0640 5800 Detected object count: 4
16:34:32.0640 5800 Actual detected object count: 4
16:35:15.0921 5800 AFD ( UnsignedFile.Multi.Generic ) - skipped by user
16:35:15.0921 5800 AFD ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:35:15.0937 5800 CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user
16:35:15.0937 5800 CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:35:15.0984 5800 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - will be cured on reboot
16:35:15.0984 5800 \Device\Harddisk0\DR0 - ok
16:35:15.0984 5800 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - User select action: Cure
16:35:16.0000 5800 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
16:35:16.0000 5800 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
16:35:41.0984 5528 Deinitialize success

OTL logfile created on: 10/2/2011 4:47:09 PM - Run 2
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\K\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.87 Mb Total Physical Memory | 419.42 Mb Available Physical Memory | 41.37% Memory free
2.38 Gb Paging File | 1.92 Gb Available in Paging File | 80.46% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 139.04 Gb Total Space | 1.97 Gb Free Space | 1.41% Space Free | Partition Type: NTFS
Drive D: | 3.73 Gb Total Space | 2.93 Gb Free Space | 78.74% Space Free | Partition Type: FAT32

Computer Name: ACER-399B23EC8F | User Name: K | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/29 14:22:20 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\K\Desktop\OTL.exe
PRC - [2011/09/25 14:37:43 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.69\GoogleCrashHandler.exe
PRC - [2011/08/08 18:28:02 | 000,977,408 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
PRC - [2011/06/08 12:12:40 | 001,834,280 | ---- | M] (Dassault Systèmes SolidWorks Corp.) -- C:\Program Files\Common Files\SolidWorks Installation Manager\BackgroundDownloading\sldBgDwld.exe
PRC - [2011/05/25 13:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\K\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2011/05/04 08:30:42 | 000,034,728 | ---- | M] (Arainia Solutions) -- C:\Program Files\Gizmo\gservice.exe
PRC - [2011/05/04 08:30:41 | 000,223,640 | ---- | M] (Arainia Solutions) -- C:\Program Files\Gizmo\gizmo.exe
PRC - [2011/03/21 14:10:00 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/10/06 19:57:42 | 000,071,432 | ---- | M] (Mentor Graphics Corporation) -- C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation (2)\binCFW\StandAloneSlv.exe
PRC - [2009/06/25 17:30:36 | 000,565,248 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\AcerVCM.exe
PRC - [2009/05/08 15:09:42 | 000,607,584 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2009/02/13 23:37:32 | 004,142,080 | ---- | M] () -- C:\Program Files\Qlock\qlock.exe
PRC - [2009/02/05 08:14:56 | 000,237,568 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\RS_Service.exe
PRC - [2009/01/31 11:26:09 | 007,300,392 | ---- | M] (Dassault Systèmes SolidWorks Corp.) -- C:\Program Files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe
PRC - [2008/12/30 00:09:54 | 000,875,016 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2008/07/03 15:58:22 | 000,094,208 | ---- | M] (sonix) -- C:\WINDOWS\PLFSetL.exe
PRC - [2008/04/15 17:54:42 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2008/04/15 17:54:40 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/04/14 05:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2011/09/29 10:28:19 | 000,037,376 | ---- | M] () -- C:\WINDOWS\system32\inetsw32.dll
MOD - [2011/05/04 08:30:42 | 000,404,384 | ---- | M] () -- C:\Program Files\Gizmo\gdatabase.dll
MOD - [2011/05/04 08:30:42 | 000,394,656 | ---- | M] () -- C:\Program Files\Gizmo\gdrive.dll
MOD - [2011/05/04 08:30:42 | 000,372,632 | ---- | M] () -- C:\Program Files\Gizmo\ghash.dll
MOD - [2011/05/04 08:30:42 | 000,339,864 | ---- | M] () -- C:\Program Files\Gizmo\gscript.dll
MOD - [2011/05/04 08:30:42 | 000,339,864 | ---- | M] () -- C:\Program Files\Gizmo\geditor.dll
MOD - [2011/05/04 08:30:41 | 000,315,800 | ---- | M] () -- C:\Program Files\Gizmo\gmanager.dll
MOD - [2011/05/04 08:30:41 | 000,166,816 | ---- | M] () -- C:\Program Files\Gizmo\gimage.dll
MOD - [2011/04/19 12:39:46 | 000,315,392 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libtidy.dll
MOD - [2011/04/19 12:39:44 | 000,433,664 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libxml2.dll
MOD - [2011/03/21 14:10:36 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/03/21 14:10:00 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2010/06/03 13:46:00 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010/03/24 21:17:36 | 008,794,464 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/03/15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2010/01/30 02:41:12 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2009/12/20 18:42:16 | 000,176,235 | ---- | M] () -- C:\WINDOWS\system32\Primomonnt.dll
MOD - [2009/05/08 15:08:42 | 002,854,976 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll
MOD - [2009/05/08 15:06:38 | 000,069,697 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2009/02/13 23:37:32 | 004,142,080 | ---- | M] () -- C:\Program Files\Qlock\qlock.exe
MOD - [2008/04/14 05:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/04/14 05:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2003/06/06 22:30:08 | 000,057,344 | ---- | M] () -- C:\Program Files\Launch Manager\PowerUtl.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Remote Solver for Flow Simulation 2011)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/07/18 23:19:56 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/05/04 08:30:42 | 000,034,728 | ---- | M] (Arainia Solutions) [Auto | Running] -- C:\Program Files\Gizmo\gservice.exe -- (Gizmo Central)
SRV - [2010/12/09 11:07:10 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2010/12/02 06:18:32 | 000,087,336 | ---- | M] (Dassault Systèmes SolidWorks Corp.) [On_Demand | Stopped] -- C:\Program Files\SolidWorks Corp\SolidWorks (2)\swScheduler\DTSCoordinatorService.exe -- (CoordinatorServiceHost)
SRV - [2010/10/06 19:57:42 | 000,071,432 | ---- | M] (Mentor Graphics Corporation) [Auto | Running] -- C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation (2)\binCFW\StandAloneSlv.exe -- (Remote Solver for Flow Simulation 2010)
SRV - [2010/03/25 10:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/03/23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2009/02/05 08:14:56 | 000,237,568 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2008/04/15 17:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel®
SRV - [2005/09/23 07:01:16 | 002,799,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80)

========== Driver Services (SafeList) ==========

DRV - [2011/05/04 08:30:46 | 000,025,488 | ---- | M] (Arainia Solutions LLC) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\gizmodrv.sys -- (GizmoDrv)
DRV - [2011/02/16 06:22:48 | 000,138,496 | ---- | M] (©if systems Systems) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\afd.sys -- (AFD)
DRV - [2010/03/23 13:15:36 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2009/06/21 21:59:26 | 001,574,112 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2009/05/10 22:01:30 | 000,056,992 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2009/05/06 18:15:38 | 001,759,744 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2009/04/15 03:13:34 | 000,991,136 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2009/03/01 22:03:48 | 000,038,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)
DRV - [2009/02/24 01:49:44 | 005,032,448 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/02/18 02:46:56 | 000,534,312 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2008/11/16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2008/08/05 05:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2007/11/14 19:05:16 | 000,394,952 | ---- | M] (Zone Labs, LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2007/01/18 20:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/11/02 06:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)
DRV - [2006/01/04 00:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...04wu45w8812314o

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3207847200-596957751-681764103-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...04wu45w8812314o
IE - HKU\S-1-5-21-3207847200-596957751-681764103-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3207847200-596957751-681764103-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {E0B8C461-F8FB-49b4-8373-FE32E9252800}:4.0.0.155231
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
FF - prefs.js..extensions.enabledItems: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}:2.3.1
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7550
FF - prefs.js..extensions.enabledItems: [email protected]:1.9
FF - prefs.js..extensions.enabledItems: {f759ca51-3a91-4dd1-ae78-9db5eee9ebf0}:5.6.9

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\K\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\K\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\K\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Documents and Settings\K\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\K\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/08/24 05:27:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/04/13 22:47:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/04/13 22:47:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/29 08:25:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/29 08:25:55 | 000,000,000 | ---D | M]

[2010/08/24 02:06:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\K\Application Data\Mozilla\Extensions
[2011/09/29 11:53:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\K\Application Data\Mozilla\Firefox\Profiles\tjyi1aio.default\extensions
[2011/08/12 18:05:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\K\Application Data\Mozilla\Firefox\Profiles\tjyi1aio.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/08/12 18:05:05 | 000,000,000 | ---D | M] (Delicious Bookmarks) -- C:\Documents and Settings\K\Application Data\Mozilla\Firefox\Profiles\tjyi1aio.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2011/08/12 18:05:05 | 000,000,000 | ---D | M] (FireFTP) -- C:\Documents and Settings\K\Application Data\Mozilla\Firefox\Profiles\tjyi1aio.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2011/08/12 18:05:07 | 000,000,000 | ---D | M] (Evernote Web Clipper) -- C:\Documents and Settings\K\Application Data\Mozilla\Firefox\Profiles\tjyi1aio.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}
[2011/08/14 14:28:33 | 000,000,000 | ---D | M] (UnMHT) -- C:\Documents and Settings\K\Application Data\Mozilla\Firefox\Profiles\tjyi1aio.default\extensions\{f759ca51-3a91-4dd1-ae78-9db5eee9ebf0}
[2011/08/14 14:28:34 | 000,000,000 | ---D | M] (Readability) -- C:\Documents and Settings\K\Application Data\Mozilla\Firefox\Profiles\tjyi1aio.default\extensions\[email protected]
[2011/09/29 11:53:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/06/29 06:22:52 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/08/26 15:38:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/04/13 22:47:03 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO
[2011/04/13 22:47:04 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA
[2010/08/24 05:27:06 | 000,000,000 | ---D | M] (Google Gears) -- C:\PROGRAM FILES\GOOGLE\GOOGLE GEARS\FIREFOX
[2010/08/26 15:38:33 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/08/26 15:38:33 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/05/16 16:52:28 | 000,258,560 | ---- | M] (Dassault Systèmes SolidWorks Corp.) -- C:\Program Files\mozilla firefox\plugins\npEModelPlugin.dll

O1 HOSTS File: ([2011/10/02 16:24:45 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\Drivers\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PLFSetL] C:\WINDOWS\PLFSetL.exe (sonix)
O4 - HKLM..\Run: [snp2uvc] C:\WINDOWS\System32\csnp2uvc.dll ( )
O4 - HKLM..\Run: [SolidWorks_CheckForUpdates] C:\Program Files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe (Dassault Systèmes SolidWorks Corp.)
O4 - HKU\S-1-5-21-3207847200-596957751-681764103-1005..\Run: [GizmoDriveDelegate] C:\Program Files\Gizmo\gizmo.exe (Arainia Solutions)
O4 - HKU\S-1-5-21-3207847200-596957751-681764103-1005..\Run: [Jing] C:\Program Files\TechSmith\Jing\Jing.exe (TechSmith Corporation)
O4 - HKLM..\RunOnce: [*dnsdevcab.exe] C:\Documents and Settings\K\Start Menu\Programs\Startup\dnsdevcab.exe (©if systems)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acer VCM.lnk = C:\Program Files\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Gizmo.lnk = C:\Program Files\Gizmo\gizmo.exe (Arainia Solutions)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SolidWorks Background Downloader.lnk = C:\Program Files\Common Files\SolidWorks Installation Manager\BackgroundDownloading\sldBgDwld.exe (Dassault Systèmes SolidWorks Corp.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\Icon3E5562ED7.ico ()
O4 - Startup: C:\Documents and Settings\K\Start Menu\Programs\Startup\dnsdevcab.exe (©if systems)
O4 - Startup: C:\Documents and Settings\K\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\K\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Documents and Settings\K\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O4 - Startup: C:\Documents and Settings\K\Start Menu\Programs\Startup\qlock.lnk = C:\Program Files\Qlock\qlock.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3207847200-596957751-681764103-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3207847200-596957751-681764103-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3207847200-596957751-681764103-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-3207847200-596957751-681764103-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-3207847200-596957751-681764103-1005\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-3207847200-596957751-681764103-1005\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\inetsw32: DllName - (inetsw32.dll) - C:\WINDOWS\System32\inetsw32.dll ()
O20 - Winlogon\Notify\intelworks: DllName - (inetsw32.dll) - C:\WINDOWS\System32\inetsw32.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\K\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\K\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/31 23:55:07 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: mcmscsvc - Service
SafeBootMin: MCODS - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: AFD - C:\WINDOWS\System32\drivers\afd.sys (©if systems Systems)
SafeBootNet: AppMgmt - File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: mcmscsvc - Service
SafeBootNet: MCODS - Service
SafeBootNet: MpfService - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Service
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/10/02 16:20:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/10/02 16:07:03 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/10/02 16:04:16 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\K\Desktop\OTL.exe
[2011/10/02 14:39:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\K\Application Data\Qlock
[2011/10/02 14:05:23 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/10/02 14:05:23 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/10/02 14:05:23 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/10/02 14:05:23 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/10/02 14:05:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/10/02 14:04:53 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/02 14:04:39 | 000,000,000 | R--D | C] -- C:\Documents and Settings\K\Start Menu\Programs\Administrative Tools
[2011/10/02 14:03:08 | 004,240,182 | R--- | C] (Swearware) -- C:\Documents and Settings\K\Desktop\ComboFix.exe
[2011/10/02 14:03:08 | 001,548,080 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\K\Desktop\tdsskiller.exe
[2011/09/29 11:21:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/09/29 11:21:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/09/29 10:14:15 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\K\Recent
[2011/09/29 10:02:49 | 000,000,000 | ---D | C] -- C:\MGtools
[2011/09/29 09:53:11 | 000,171,520 | ---- | C] (©if systems) -- C:\Documents and Settings\K\Start Menu\Programs\Startup\dnsdevcab.exe
[2011/09/29 08:28:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\K\Application Data\SUPERAntiSpyware.com
[2011/09/29 08:28:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/09/11 20:10:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\K\Application Data\SolidWorks 2010
[2010/08/22 13:06:54 | 000,196,608 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll
[2010/08/22 06:51:46 | 000,225,280 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll
[2009/08/01 00:35:00 | 000,049,152 | ---- | C] ( ) -- C:\WINDOWS\Interop.IWshRuntimeLibrary.dll
[15 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/02 16:48:06 | 000,000,962 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3207847200-596957751-681764103-1005UA.job
[2011/10/02 16:42:16 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/02 16:41:28 | 000,437,616 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/10/02 16:41:28 | 000,069,676 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/10/02 16:38:02 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2011/10/02 16:37:12 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/02 16:36:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/02 16:36:48 | 1063,194,624 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/02 16:24:45 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/10/02 13:48:04 | 004,240,182 | R--- | M] (Swearware) -- C:\Documents and Settings\K\Desktop\ComboFix.exe
[2011/10/02 13:47:10 | 001,548,080 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\K\Desktop\tdsskiller.exe
[2011/10/01 21:48:00 | 000,000,910 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3207847200-596957751-681764103-1005Core.job
[2011/09/30 23:41:30 | 000,027,754 | ---- | M] () -- C:\MGlogs.zip
[2011/09/30 09:28:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/09/29 15:01:52 | 429,497,188 | ---- | M] () -- C:\Documents and Settings\K\Desktop\Sony.Vegas.Pro.10.0e.Build.737.derinport.in.devrimow.rar
[2011/09/29 14:22:20 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\K\Desktop\OTL.exe
[2011/09/29 10:28:19 | 000,037,376 | ---- | M] () -- C:\WINDOWS\System32\inetsw32.dll
[2011/09/29 10:20:10 | 002,170,570 | ---- | M] () -- C:\Documents and Settings\K\My Documents\cc_20110929_101851.reg
[2011/09/29 09:53:11 | 000,171,520 | ---- | M] (©if systems) -- C:\Documents and Settings\K\Start Menu\Programs\Startup\dnsdevcab.exe
[2011/09/29 08:28:00 | 017,217,688 | ---- | M] () -- C:\Documents and Settings\K\Desktop\SAS_09216917.COM
[2011/09/29 08:19:56 | 002,420,346 | ---- | M] () -- C:\MGtools.exe
[2011/09/29 08:19:56 | 002,420,346 | ---- | M] () -- C:\Documents and Settings\K\Desktop\MGtools.exe
[2011/09/29 07:47:36 | 009,851,496 | ---- | M] () -- C:\mdsbdsam-setup.exe
[2011/09/29 07:47:36 | 009,851,496 | ---- | M] () -- C:\Documents and Settings\K\Desktop\mdsbdsam-setup.exe
[2011/09/28 13:30:45 | 001,008,092 | ---- | M] () -- C:\Documents and Settings\K\Desktop\rkill.exe
[2011/09/23 11:04:45 | 000,000,686 | ---- | M] () -- C:\Documents and Settings\K\Desktop\Shortcut to Opti 597 - Technical Writing.lnk
[2011/09/16 10:48:16 | 000,000,591 | ---- | M] () -- C:\Documents and Settings\K\Desktop\Shortcut to Goodrich.lnk
[2011/09/15 10:10:12 | 000,002,453 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SolidWorks 2010.lnk
[2011/09/12 01:10:21 | 000,000,625 | ---- | M] () -- C:\WINDOWS\solvermfc.INI
[2011/09/11 20:22:09 | 134,302,870 | ---- | M] () -- C:\Documents and Settings\K\Desktop\1659_Huge_in_a_Hurry.pdf
[2011/09/09 02:12:13 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[15 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/02 16:46:29 | 429,497,188 | ---- | C] () -- C:\Documents and Settings\K\Desktop\Sony.Vegas.Pro.10.0e.Build.737.derinport.in.devrimow.rar
[2011/10/02 14:05:23 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/10/02 14:05:23 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/10/02 14:05:23 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/10/02 14:05:23 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/10/02 14:05:23 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/09/29 12:23:12 | 009,851,496 | ---- | C] () -- C:\mdsbdsam-setup.exe
[2011/09/29 12:23:12 | 002,420,346 | ---- | C] () -- C:\MGtools.exe
[2011/09/29 10:28:19 | 000,037,376 | ---- | C] () -- C:\WINDOWS\System32\inetsw32.dll
[2011/09/29 10:19:18 | 002,170,570 | ---- | C] () -- C:\Documents and Settings\K\My Documents\cc_20110929_101851.reg
[2011/09/29 10:02:52 | 000,027,754 | ---- | C] () -- C:\MGlogs.zip
[2011/09/29 10:02:43 | 002,420,346 | ---- | C] () -- C:\Documents and Settings\K\Desktop\MGtools.exe
[2011/09/29 10:02:38 | 009,851,496 | ---- | C] () -- C:\Documents and Settings\K\Desktop\mdsbdsam-setup.exe
[2011/09/29 08:27:27 | 017,217,688 | ---- | C] () -- C:\Documents and Settings\K\Desktop\SAS_09216917.COM
[2011/09/28 13:30:42 | 001,008,092 | ---- | C] () -- C:\Documents and Settings\K\Desktop\rkill.exe
[2011/09/23 11:04:45 | 000,000,686 | ---- | C] () -- C:\Documents and Settings\K\Desktop\Shortcut to Opti 597 - Technical Writing.lnk
[2011/09/11 20:28:42 | 000,000,625 | ---- | C] () -- C:\WINDOWS\solvermfc.INI
[2011/09/11 20:13:41 | 134,302,870 | ---- | C] () -- C:\Documents and Settings\K\Desktop\1659_Huge_in_a_Hurry.pdf
[2011/02/10 19:28:31 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/12/09 11:18:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\eDrawingOfficeAutomator.INI
[2010/10/17 22:04:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\yap.INI
[2010/09/16 11:41:58 | 000,957,904 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/09/03 12:03:54 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2010/08/25 02:31:38 | 000,083,108 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/08/24 15:30:06 | 000,009,216 | ---- | C] () -- C:\Documents and Settings\K\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/24 02:05:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/08/22 13:06:54 | 001,759,744 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2010/08/22 13:06:54 | 000,028,544 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys
[2010/08/22 13:06:53 | 000,000,323 | ---- | C] () -- C:\WINDOWS\PidList.ini
[2010/03/23 13:26:48 | 000,201,512 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2010/03/23 13:17:40 | 000,197,416 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2009/12/20 18:42:18 | 000,000,314 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2009/08/01 03:01:06 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/08/01 01:48:57 | 000,090,772 | ---- | C] () -- C:\WINDOWS\System32\drivers\RtConvEQ.DAT
[2009/08/01 01:48:57 | 000,000,536 | ---- | C] () -- C:\WINDOWS\System32\drivers\RtHdatEx.dat
[2009/08/01 01:48:57 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTEQEX2.dat
[2009/08/01 01:48:57 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTEQEX1.dat
[2009/08/01 01:48:57 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTEQEX0.dat
[2009/08/01 01:48:57 | 000,000,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTHDAEQ0.dat
[2009/08/01 01:48:57 | 000,000,164 | ---- | C] () -- C:\WINDOWS\System32\drivers\SamSfPa.dat
[2009/08/01 01:48:57 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\rtkhdaud.dat
[2009/08/01 01:48:01 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009/08/01 00:34:51 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009/08/01 00:34:50 | 000,437,616 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2009/08/01 00:34:50 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2009/08/01 00:34:50 | 000,069,676 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2009/08/01 00:34:50 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2009/08/01 00:34:50 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2009/08/01 00:34:49 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2009/08/01 00:34:49 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2009/08/01 00:34:48 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2009/08/01 00:34:48 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2009/08/01 00:34:44 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2009/08/01 00:34:42 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2009/07/31 23:58:22 | 000,032,768 | ---- | C] () -- C:\WINDOWS\AMove.exe
[2009/07/31 23:58:22 | 000,007,003 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2009/07/31 23:57:06 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/07/31 23:52:54 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/07/31 23:51:59 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2009/07/31 16:49:29 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/07/31 16:48:41 | 000,368,096 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/05/08 15:08:42 | 002,854,976 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2009/02/24 19:20:23 | 000,020,480 | ---- | C] () -- C:\WINDOWS\LauncheRyDiscCalc.exe
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== LOP Check ==========

[2011/05/25 11:12:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DassaultSystemes
[2009/08/01 02:33:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eSobi
[2010/08/24 16:05:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/08/01 02:35:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Acer
[2009/08/01 02:07:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Acer GameZone Console
[2009/08/01 02:25:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Super-Cow
[2010/08/22 13:14:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\.BitTornado
[2009/08/01 02:35:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Acer
[2009/08/01 02:07:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Acer GameZone Console
[2011/01/08 12:30:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\calibre
[2011/05/25 11:12:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\DassaultSystemes
[2011/09/29 10:53:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Dropbox
[2011/01/02 15:42:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\FreeOrion
[2011/05/04 08:30:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Gizmo
[2011/10/02 16:37:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\IM
[2011/03/02 20:18:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2010/10/14 06:58:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\MuPAD
[2010/11/24 22:25:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Paltalk
[2011/04/09 23:19:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\PrimoPDF
[2011/10/02 14:39:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Qlock
[2009/08/01 02:25:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Super-Cow

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[2011/09/29 07:47:36 | 009,851,496 | ---- | M] () -- C:\mdsbdsam-setup.exe
[2011/09/29 08:19:56 | 002,420,346 | ---- | M] () -- C:\MGtools.exe

< %SYSTEMDRIVE%\*.exe >
[2011/09/29 07:47:36 | 009,851,496 | ---- | M] () -- C:\mdsbdsam-setup.exe
[2011/09/29 08:19:56 | 002,420,346 | ---- | M] () -- C:\MGtools.exe

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2010/08/22 13:14:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\.BitTornado
[2009/08/01 02:35:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Acer
[2009/08/01 02:07:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Acer GameZone Console
[2011/10/02 14:29:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Adobe
[2011/08/04 12:35:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Apple Computer
[2011/03/01 05:39:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\ArcSoft
[2011/01/08 12:30:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\calibre
[2011/05/25 11:12:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\DassaultSystemes
[2011/08/04 08:54:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\DivX
[2011/09/29 10:53:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Dropbox
[2011/01/02 15:42:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\FreeOrion
[2011/05/04 08:30:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Gizmo
[2010/08/24 01:57:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Google
[2009/07/31 23:58:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Identities
[2011/10/02 16:37:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\IM
[2009/08/01 01:43:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\InstallShield
[2009/08/01 02:32:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Macromedia
[2011/03/02 20:18:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2010/08/26 17:36:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\MathWorks
[2011/07/22 10:00:47 | 000,000,000 | --SD | M] -- C:\Documents and Settings\K\Application Data\Microsoft
[2010/10/17 22:22:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\MiKTeX
[2011/09/15 00:49:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Mozilla
[2010/10/14 06:58:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\MuPAD
[2010/11/24 22:25:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Paltalk
[2011/04/09 23:19:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\PrimoPDF
[2011/10/02 14:39:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Qlock
[2011/10/02 16:38:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Skype
[2011/06/29 06:21:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\skypePM
[2011/09/15 10:10:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\SolidWorks
[2011/06/02 13:47:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\SolidWorks 2009
[2011/09/12 01:28:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\SolidWorks 2010
[2010/08/26 15:35:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Sun
[2009/08/01 02:25:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Super-Cow
[2011/09/29 08:28:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\SUPERAntiSpyware.com
[2011/07/12 18:05:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\vlc
[2010/12/27 18:36:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\WinRAR

< MD5 for: EXPLORER.EXE >
[2008/04/14 05:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 05:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 05:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008/04/14 05:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/04/14 05:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/14 05:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2008/04/14 05:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/14 05:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/09/29 08:25:51 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/09/29 08:25:51 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/09/29 08:25:51 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/09/29 08:25:48 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/09/29 08:25:48 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/09/29 08:25:48 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/06/23 05:05:37 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/06/23 05:05:37 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/06/23 05:05:37 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/09/29 08:25:51 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/09/29 08:25:51 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/09/29 08:25:51 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/09/29 08:25:48 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/09/29 08:25:48 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/09/29 08:25:48 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/06/23 05:05:37 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/06/23 05:05:37 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/06/23 05:05:37 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\*.dll /lockedfiles >
[15 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< End of report >

OTL Extras logfile created on: 10/2/2011 4:47:09 PM - Run 2
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\K\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.87 Mb Total Physical Memory | 419.42 Mb Available Physical Memory | 41.37% Memory free
2.38 Gb Paging File | 1.92 Gb Available in Paging File | 80.46% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 139.04 Gb Total Space | 1.97 Gb Free Space | 1.41% Space Free | Partition Type: NTFS
Drive D: | 3.73 Gb Total Space | 2.93 Gb Free Space | 78.74% Space Free | Partition Type: FAT32

Computer Name: ACER-399B23EC8F | User Name: K | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-3207847200-596957751-681764103-1005\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Documents and Settings\K\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\K\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"C:\Program Files\FreeOrion\freeoriond.exe" = C:\Program Files\FreeOrion\freeoriond.exe:*:Enabled:freeoriond -- ()
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"C:\Documents and Settings\K\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\K\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\ImageJ\jre\bin\javaw.exe" = C:\Program Files\ImageJ\jre\bin\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Documents and Settings\K\Start Menu\Programs\Startup\dnsdevcab.exe" = C:\Documents and Settings\K\Start Menu\Programs\Startup\dnsdevcab.exe:*:Disabled:Invared LTD -- (©if systems)
"C:\Program Files\DivX\DivX Update\DivXUpdate.exe" = C:\Program Files\DivX\DivX Update\DivXUpdate.exe:*:Disabled:DivX Update -- ()
"C:\Program Files\Common Files\SolidWorks Installation Manager\BackgroundDownloading\sldBgDwld.exe" = C:\Program Files\Common Files\SolidWorks Installation Manager\BackgroundDownloading\sldBgDwld.exe:*:Disabled:sldBgDwldresu -- (Dassault Systèmes SolidWorks Corp.)
"C:\Program Files\TechSmith\Jing\Jing.exe" = C:\Program Files\TechSmith\Jing\Jing.exe:*:Disabled:Jing -- (TechSmith Corporation)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"D:\Cleanup\iExplore.exe" = D:\Cleanup\iExplore.exe:*:Enabled:iExplore -- ()

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{15041B8B-AC63-41DF-91D2-2118CE39E8D9}" = SolidWorks Flow Simulation 2010 SP05
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 21
"{2AD738DC-FC24-4342-A2DA-BB6DCCF6B048}" = Jing
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = WebCam
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3E5CBADD-2E51-47C1-BBE2-B802DB6DA56A}" = FXCM MT4 powered by BT 4.00
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51F026FA-5146-4232-A8BA-1364740BD053}" = Acer Crystal Eye webcam
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{736D2DAD-3D87-4CAA-8646-83D238AD68E0}" = PhotoView 360
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{82705358-3BD6-3CD5-AA9A-B8F058BE3A29}" = Google Talk Plugin
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B0CBE5D-33AE-4C85-8F52-E53DAE76BA5C}" = SolidWorks Flow Simulation 2011 SP04
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-00A4-0409-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components
"{90140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
"{92D9E57D-73A5-4329-9888-FBBC16ED8944}_is1" = UN.CO.VER. 2.0
"{9402DAC1-447E-49C9-979D-BD5838E709D7}" = SolidWorks eDrawings 2011 SP04
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = USB2.0 Card Reader Software
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2B6CEF9-F05B-4E6A-97CB-4241C1155F77}" = TweetAttacks
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AF2066F6-7C57-46A1-A306-077EBBFC7B2B}" = SolidWorks 2010 SP05
"{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}" = Cisco Systems VPN Client 5.0.07.0290
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{C00F32AF-E350-43CC-80EB-F0D961A5C9BD}" = calibre
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0D3BFE5-5215-41BD-B82E-81D7FB6A9166}" = SolidWorks 2011 SP04
"{D31220EB-925B-4D3D-ACDD-1389DA6D2EF3}" = SolidWorks eDrawings 2010
"{D481EA96-2313-4A7C-98EE-710D1AF884AC}" = Microsoft Visual Studio 2005 Tools for Applications - ENU
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{DBAC1413-D5AE-4c89-AE9A-B330B02DBAB0}" = eVoice Player 1.0
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.5
"{F82AA7DA-F49B-CA39-C3FC-DDC983B3E223}" = Market Samurai
"Acer Screensaver" = Acer ScreenSaver
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DivX Setup.divx.com" = DivX Setup
"DjVuLibre+DjView" = DjVuLibre+DjView
"FreeOrion" = FreeOrion 0.3.15
"Gizmo Central" = Gizmo Central
"Google Desktop" = Google Desktop
"HDMI" = Intel® Graphics Media Accelerator Driver
"ie8" = Windows Internet Explorer 8
"ImageJ_is1" = ImageJ 1.44p
"Jolicloudexpress" = Jolicloud
"LManager" = Launch Manager
"MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1" = Market Samurai
"MatlabR2010a" = MATLAB R2010a
"Mendeley Desktop" = Mendeley Desktop 0.9.8.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual Studio 2005 Tools for Applications - ENU" = Microsoft Visual Studio 2005 Tools for Applications - ENU
"MiKTeX 2.9" = MiKTeX 2.9
"Mnemosyne_is1" = Mnemosyne 1.2.2
"Mozilla Firefox (3.6.23)" = Mozilla Firefox (3.6.23)
"MWSnap 3" = MWSnap 3
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OpenTTD" = OpenTTD 1.0.5
"PalTalk8.2" = PaltalkScene
"PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software
"Qlock" = Qlock Lite
"Scrivener for Windows Beta 1.6" = Scrivener for Windows Beta
"SolidWorks Installation Manager 20100-40500-1100-200" = SolidWorks 2010 SP05
"SolidWorks Installation Manager 20110-40400-1100-200" = SolidWorks 2011 SP04
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"The Rosetta Stone" = The Rosetta Stone
"thinkorswim" = thinkorswim
"VLC media player" = VLC media player 1.1.3
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"WinRAR archiver" = WinRAR archiver
"YTdetect" = Yahoo! Detect

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3207847200-596957751-681764103-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/29/2011 1:34:15 PM | Computer Name = ACER-399B23EC8F | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

Error - 10/2/2011 5:16:37 PM | Computer Name = ACER-399B23EC8F | Source = JavaQuickStarterService | ID = 1
Description =

Error - 10/2/2011 5:37:23 PM | Computer Name = ACER-399B23EC8F | Source = JavaQuickStarterService | ID = 1
Description =

Error - 10/2/2011 5:41:46 PM | Computer Name = ACER-399B23EC8F | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 jing.exe, P2 2.4.10231.1521, P3 4c6d8494, P4
system, P5 2.0.0.0, P6 4db9c770, P7 2810, P8 21, P9 system.net.sockets.socket,
P10 NIL.

Error - 10/2/2011 7:24:29 PM | Computer Name = ACER-399B23EC8F | Source = JavaQuickStarterService | ID = 1
Description =

Error - 10/2/2011 7:27:09 PM | Computer Name = ACER-399B23EC8F | Source = .NET Runtime 2.0 Error Reporting | ID = 1000
Description = Faulting application presentationfontcache.exe, version 3.0.6920.1427,
stamp 488f1424, faulting module mscorwks.dll, version 2.0.50727.3623, stamp 4d8c187e,
debug? 0, fault address 0x000b0dd2.

Error - 10/2/2011 7:27:24 PM | Computer Name = ACER-399B23EC8F | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 jing.exe, P2 2.4.10231.1521, P3 4c6d8494, P4
system, P5 2.0.0.0, P6 4db9c770, P7 2810, P8 21, P9 system.net.sockets.socket,
P10 NIL.

Error - 10/2/2011 7:37:16 PM | Computer Name = ACER-399B23EC8F | Source = JavaQuickStarterService | ID = 1
Description =

Error - 10/2/2011 7:38:47 PM | Computer Name = ACER-399B23EC8F | Source = .NET Runtime 2.0 Error Reporting | ID = 1000
Description = Faulting application presentationfontcache.exe, version 3.0.6920.1427,
stamp 488f1424, faulting module mscorwks.dll, version 2.0.50727.3623, stamp 4d8c187e,
debug? 0, fault address 0x000b0dd2.

Error - 10/2/2011 7:41:59 PM | Computer Name = ACER-399B23EC8F | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 jing.exe, P2 2.4.10231.1521, P3 4c6d8494, P4
system, P5 2.0.0.0, P6 4db9c770, P7 2810, P8 21, P9 system.net.sockets.socket,
P10 NIL.

[ System Events ]
Error - 10/2/2011 7:38:58 PM | Computer Name = ACER-399B23EC8F | Source = Service Control Manager | ID = 7031
Description = The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated
unexpectedly. It has done this 1 time(s). The following corrective action will
be taken in 0 milliseconds: Restart the service.

Error - 10/2/2011 7:39:26 PM | Computer Name = ACER-399B23EC8F | Source = DCOM | ID = 10010
Description = The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register
with DCOM within the required timeout.

Error - 10/2/2011 7:39:26 PM | Computer Name = ACER-399B23EC8F | Source = Service Control Manager | ID = 7024
Description = The Background Intelligent Transfer Service service terminated with
service-specific error 2147952450 (0x80072742).

Error - 10/2/2011 7:39:56 PM | Computer Name = ACER-399B23EC8F | Source = DCOM | ID = 10010
Description = The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register
with DCOM within the required timeout.

Error - 10/2/2011 7:39:56 PM | Computer Name = ACER-399B23EC8F | Source = Service Control Manager | ID = 7024
Description = The Background Intelligent Transfer Service service terminated with
service-specific error 2147952450 (0x80072742).

Error - 10/2/2011 7:40:26 PM | Computer Name = ACER-399B23EC8F | Source = DCOM | ID = 10010
Description = The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register
with DCOM within the required timeout.

Error - 10/2/2011 7:40:26 PM | Computer Name = ACER-399B23EC8F | Source = Service Control Manager | ID = 7024
Description = The Background Intelligent Transfer Service service terminated with
service-specific error 2147952450 (0x80072742).

Error - 10/2/2011 7:40:56 PM | Computer Name = ACER-399B23EC8F | Source = DCOM | ID = 10010
Description = The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register
with DCOM within the required timeout.

Error - 10/2/2011 7:40:56 PM | Computer Name = ACER-399B23EC8F | Source = Service Control Manager | ID = 7024
Description = The Background Intelligent Transfer Service service terminated with
service-specific error 2147952450 (0x80072742).

Error - 10/2/2011 7:41:26 PM | Computer Name = ACER-399B23EC8F | Source = DCOM | ID = 10010
Description = The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register
with DCOM within the required timeout.

< End of report >

#6
michaelg9

Posted 03 October 2011 - 10:21 AM

Trusted Helper

Malware Removal
2,949 posts

Hello,

Please uninstall:

Java™ 6 Update 21

As it's outdated

Next:

As I see in your logs, your drive has very few free hard disk space.:

Drive C: | 139.04 Gb Total Space | 1.97 Gb Free Space | 1.41% Space Free | Partition Type: NTFS

The minimum recommended free hard disk space is 15%. Yours has the 1.41% Space Free, and that will cause problems in the normal running of our tools, so you must free some space before we continue.

To free some space, here are some things you can do:

Follow this tutorial to use Disk Cleanup to remove unnecessary files, clear older restore points and remove programs you don't need.

These two files I can see that use a lot of space, if you don't need them you can delete them:

C:\Documents and Settings\K\Desktop\Sony.Vegas.Pro.10.0e.Build.737.derinport.in.devrimow.rar
C:\Documents and Settings\K\Desktop\1659_Huge_in_a_Hurry.pdf

Also hibernation driver is a big file, you can disable hibernation to remove it by following this tutorial

Look at what files you have that take up a lot of space, like if you have lot of videos, and determine which ones you can delete or move to another storage medium to free some space.

Free as many space as you can and then open OTL and press the quick scan button. Post the log here and we'll see if that's enough and then continue

#7
Ksavvy

Posted 03 October 2011 - 10:54 PM

Member

Topic Starter
Member
32 posts

OTL logfile created on: 10/3/2011 9:38:46 PM - Run 3
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\K\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.87 Mb Total Physical Memory | 278.45 Mb Available Physical Memory | 27.46% Memory free
2.38 Gb Paging File | 1.83 Gb Available in Paging File | 76.65% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 139.04 Gb Total Space | 17.03 Gb Free Space | 12.25% Space Free | Partition Type: NTFS
Drive D: | 931.28 Gb Total Space | 268.73 Gb Free Space | 28.86% Space Free | Partition Type: FAT32

Computer Name: ACER-399B23EC8F | User Name: K | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/29 14:22:20 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\K\Desktop\OTL.exe
PRC - [2011/09/25 14:37:43 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.69\GoogleCrashHandler.exe
PRC - [2011/08/08 18:28:02 | 000,977,408 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
PRC - [2011/06/08 12:12:40 | 001,834,280 | ---- | M] (Dassault Systèmes SolidWorks Corp.) -- C:\Program Files\Common Files\SolidWorks Installation Manager\BackgroundDownloading\sldBgDwld.exe
PRC - [2011/05/25 13:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\K\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2011/05/04 08:30:42 | 000,034,728 | ---- | M] (Arainia Solutions) -- C:\Program Files\Gizmo\gservice.exe
PRC - [2011/05/04 08:30:41 | 000,223,640 | ---- | M] (Arainia Solutions) -- C:\Program Files\Gizmo\gizmo.exe
PRC - [2011/03/21 14:10:00 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/10/06 19:57:42 | 000,071,432 | ---- | M] (Mentor Graphics Corporation) -- C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation (2)\binCFW\StandAloneSlv.exe
PRC - [2009/06/25 17:30:36 | 000,565,248 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\AcerVCM.exe
PRC - [2009/05/08 15:09:42 | 000,607,584 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2009/02/13 23:37:32 | 004,142,080 | ---- | M] () -- C:\Program Files\Qlock\qlock.exe
PRC - [2009/02/05 08:14:56 | 000,237,568 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\RS_Service.exe
PRC - [2009/01/31 11:26:09 | 007,300,392 | ---- | M] (Dassault Systèmes SolidWorks Corp.) -- C:\Program Files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe
PRC - [2008/12/30 00:09:54 | 000,875,016 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2008/07/03 15:58:22 | 000,094,208 | ---- | M] (sonix) -- C:\WINDOWS\PLFSetL.exe
PRC - [2008/04/15 17:54:42 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2008/04/15 17:54:40 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/04/14 05:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2011/09/29 10:28:19 | 000,037,376 | ---- | M] () -- C:\WINDOWS\system32\inetsw32.dll
MOD - [2011/05/04 08:30:42 | 000,404,384 | ---- | M] () -- C:\Program Files\Gizmo\gdatabase.dll
MOD - [2011/05/04 08:30:42 | 000,394,656 | ---- | M] () -- C:\Program Files\Gizmo\gdrive.dll
MOD - [2011/05/04 08:30:42 | 000,372,632 | ---- | M] () -- C:\Program Files\Gizmo\ghash.dll
MOD - [2011/05/04 08:30:42 | 000,339,864 | ---- | M] () -- C:\Program Files\Gizmo\gscript.dll
MOD - [2011/05/04 08:30:42 | 000,339,864 | ---- | M] () -- C:\Program Files\Gizmo\geditor.dll
MOD - [2011/05/04 08:30:42 | 000,059,304 | ---- | M] () -- C:\Program Files\Gizmo\gshell.dll
MOD - [2011/05/04 08:30:41 | 000,315,800 | ---- | M] () -- C:\Program Files\Gizmo\gmanager.dll
MOD - [2011/05/04 08:30:41 | 000,166,816 | ---- | M] () -- C:\Program Files\Gizmo\gimage.dll
MOD - [2011/04/19 12:39:46 | 000,315,392 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libtidy.dll
MOD - [2011/04/19 12:39:44 | 000,433,664 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libxml2.dll
MOD - [2011/03/21 14:10:36 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/03/21 14:10:00 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2010/06/03 13:46:00 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010/03/24 21:17:36 | 008,794,464 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/03/15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2010/01/30 02:41:12 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2009/12/20 18:42:16 | 000,176,235 | ---- | M] () -- C:\WINDOWS\system32\Primomonnt.dll
MOD - [2009/05/08 15:08:42 | 002,854,976 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll
MOD - [2009/05/08 15:06:38 | 000,069,697 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2009/02/13 23:37:32 | 004,142,080 | ---- | M] () -- C:\Program Files\Qlock\qlock.exe
MOD - [2008/04/14 05:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/04/14 05:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2003/06/06 22:30:08 | 000,057,344 | ---- | M] () -- C:\Program Files\Launch Manager\PowerUtl.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Remote Solver for Flow Simulation 2011)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/07/18 23:19:56 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/05/04 08:30:42 | 000,034,728 | ---- | M] (Arainia Solutions) [Auto | Running] -- C:\Program Files\Gizmo\gservice.exe -- (Gizmo Central)
SRV - [2010/12/09 11:07:10 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2010/12/02 06:18:32 | 000,087,336 | ---- | M] (Dassault Systèmes SolidWorks Corp.) [On_Demand | Stopped] -- C:\Program Files\SolidWorks Corp\SolidWorks (2)\swScheduler\DTSCoordinatorService.exe -- (CoordinatorServiceHost)
SRV - [2010/10/06 19:57:42 | 000,071,432 | ---- | M] (Mentor Graphics Corporation) [Auto | Running] -- C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation (2)\binCFW\StandAloneSlv.exe -- (Remote Solver for Flow Simulation 2010)
SRV - [2010/03/25 10:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/03/23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2009/02/05 08:14:56 | 000,237,568 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2008/04/15 17:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel®
SRV - [2005/09/23 07:01:16 | 002,799,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80)

========== Driver Services (SafeList) ==========

DRV - [2011/05/04 08:30:46 | 000,025,488 | ---- | M] (Arainia Solutions LLC) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\gizmodrv.sys -- (GizmoDrv)
DRV - [2011/02/16 06:22:48 | 000,138,496 | ---- | M] (©if systems Systems) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\afd.sys -- (AFD)
DRV - [2010/03/23 13:15:36 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2009/06/21 21:59:26 | 001,574,112 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2009/05/10 22:01:30 | 000,056,992 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2009/05/06 18:15:38 | 001,759,744 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2009/04/15 03:13:34 | 000,991,136 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2009/03/01 22:03:48 | 000,038,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)
DRV - [2009/02/24 01:49:44 | 005,032,448 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/02/18 02:46:56 | 000,534,312 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2008/11/16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2008/08/05 05:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2007/11/14 19:05:16 | 000,394,952 | ---- | M] (Zone Labs, LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2007/01/18 20:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/11/02 06:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)
DRV - [2006/01/04 00:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...04wu45w8812314o

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...04wu45w8812314o
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {E0B8C461-F8FB-49b4-8373-FE32E9252800}:4.0.0.155231
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
FF - prefs.js..extensions.enabledItems: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}:2.3.1
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7550
FF - prefs.js..extensions.enabledItems: [email protected]:1.9
FF - prefs.js..extensions.enabledItems: {f759ca51-3a91-4dd1-ae78-9db5eee9ebf0}:5.6.9

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\K\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\K\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\K\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Documents and Settings\K\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\K\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/08/24 05:27:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/04/13 22:47:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/04/13 22:47:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/29 08:25:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/29 08:25:55 | 000,000,000 | ---D | M]

[2010/08/24 02:06:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\K\Application Data\Mozilla\Extensions
[2011/09/29 11:53:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\K\Application Data\Mozilla\Firefox\Profiles\tjyi1aio.default\extensions
[2011/08/12 18:05:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\K\Application Data\Mozilla\Firefox\Profiles\tjyi1aio.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/08/12 18:05:05 | 000,000,000 | ---D | M] (Delicious Bookmarks) -- C:\Documents and Settings\K\Application Data\Mozilla\Firefox\Profiles\tjyi1aio.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2011/08/12 18:05:05 | 000,000,000 | ---D | M] (FireFTP) -- C:\Documents and Settings\K\Application Data\Mozilla\Firefox\Profiles\tjyi1aio.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2011/08/12 18:05:07 | 000,000,000 | ---D | M] (Evernote Web Clipper) -- C:\Documents and Settings\K\Application Data\Mozilla\Firefox\Profiles\tjyi1aio.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}
[2011/08/14 14:28:33 | 000,000,000 | ---D | M] (UnMHT) -- C:\Documents and Settings\K\Application Data\Mozilla\Firefox\Profiles\tjyi1aio.default\extensions\{f759ca51-3a91-4dd1-ae78-9db5eee9ebf0}
[2011/08/14 14:28:34 | 000,000,000 | ---D | M] (Readability) -- C:\Documents and Settings\K\Application Data\Mozilla\Firefox\Profiles\tjyi1aio.default\extensions\[email protected]
[2011/09/29 11:53:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/06/29 06:22:52 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/04/13 22:47:03 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO
[2011/04/13 22:47:04 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA
[2010/08/24 05:27:06 | 000,000,000 | ---D | M] (Google Gears) -- C:\PROGRAM FILES\GOOGLE\GOOGLE GEARS\FIREFOX
File not found (No name found) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/08/26 15:38:33 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/05/16 16:52:28 | 000,258,560 | ---- | M] (Dassault Systèmes SolidWorks Corp.) -- C:\Program Files\mozilla firefox\plugins\npEModelPlugin.dll

O1 HOSTS File: ([2011/10/02 16:24:45 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\Drivers\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PLFSetL] C:\WINDOWS\PLFSetL.exe (sonix)
O4 - HKLM..\Run: [snp2uvc] C:\WINDOWS\System32\csnp2uvc.dll ( )
O4 - HKLM..\Run: [SolidWorks_CheckForUpdates] C:\Program Files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe (Dassault Systèmes SolidWorks Corp.)
O4 - HKCU..\Run: [GizmoDriveDelegate] C:\Program Files\Gizmo\gizmo.exe (Arainia Solutions)
O4 - HKCU..\Run: [Jing] C:\Program Files\TechSmith\Jing\Jing.exe (TechSmith Corporation)
O4 - HKLM..\RunOnce: [*dnsdevcab.exe] C:\Documents and Settings\K\Start Menu\Programs\Startup\dnsdevcab.exe (©if systems)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acer VCM.lnk = C:\Program Files\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Gizmo.lnk = C:\Program Files\Gizmo\gizmo.exe (Arainia Solutions)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SolidWorks Background Downloader.lnk = C:\Program Files\Common Files\SolidWorks Installation Manager\BackgroundDownloading\sldBgDwld.exe (Dassault Systèmes SolidWorks Corp.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\Icon3E5562ED7.ico ()
O4 - Startup: C:\Documents and Settings\K\Start Menu\Programs\Startup\dnsdevcab.exe (©if systems)
O4 - Startup: C:\Documents and Settings\K\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\K\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Documents and Settings\K\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O4 - Startup: C:\Documents and Settings\K\Start Menu\Programs\Startup\qlock.lnk = C:\Program Files\Qlock\qlock.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\inetsw32: DllName - (inetsw32.dll) - C:\WINDOWS\System32\inetsw32.dll ()
O20 - Winlogon\Notify\intelworks: DllName - (inetsw32.dll) - C:\WINDOWS\System32\inetsw32.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\K\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\K\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/31 23:55:07 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/03 21:38:04 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\K\Recent
[2011/10/03 11:44:49 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/10/02 16:20:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/10/02 16:07:03 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/10/02 16:04:16 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\K\Desktop\OTL.exe
[2011/10/02 14:39:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\K\Application Data\Qlock
[2011/10/02 14:05:23 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/10/02 14:05:23 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/10/02 14:05:23 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/10/02 14:05:23 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/10/02 14:05:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/10/02 14:04:53 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/02 14:04:39 | 000,000,000 | R--D | C] -- C:\Documents and Settings\K\Start Menu\Programs\Administrative Tools
[2011/10/02 14:03:08 | 004,240,182 | R--- | C] (Swearware) -- C:\Documents and Settings\K\Desktop\ComboFix.exe
[2011/10/02 14:03:08 | 001,548,080 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\K\Desktop\tdsskiller.exe
[2011/09/29 11:21:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/09/29 11:21:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/09/29 10:02:49 | 000,000,000 | ---D | C] -- C:\MGtools
[2011/09/29 09:53:11 | 000,171,520 | ---- | C] (©if systems) -- C:\Documents and Settings\K\Start Menu\Programs\Startup\dnsdevcab.exe
[2011/09/29 08:28:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\K\Application Data\SUPERAntiSpyware.com
[2011/09/29 08:28:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/09/11 20:10:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\K\Application Data\SolidWorks 2010
[2010/08/22 13:06:54 | 000,196,608 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll
[2010/08/22 06:51:46 | 000,225,280 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll
[2009/08/01 00:35:00 | 000,049,152 | ---- | C] ( ) -- C:\WINDOWS\Interop.IWshRuntimeLibrary.dll
[15 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/03 21:42:17 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/03 16:48:07 | 000,000,962 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3207847200-596957751-681764103-1005UA.job
[2011/10/02 16:41:28 | 000,437,616 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/10/02 16:41:28 | 000,069,676 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/10/02 16:38:02 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2011/10/02 16:37:12 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/02 16:36:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/02 16:36:48 | 1063,194,624 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/02 16:24:45 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/10/02 13:48:04 | 004,240,182 | R--- | M] (Swearware) -- C:\Documents and Settings\K\Desktop\ComboFix.exe
[2011/10/02 13:47:10 | 001,548,080 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\K\Desktop\tdsskiller.exe
[2011/10/01 21:48:00 | 000,000,910 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3207847200-596957751-681764103-1005Core.job
[2011/09/30 23:41:30 | 000,027,754 | ---- | M] () -- C:\MGlogs.zip
[2011/09/30 09:28:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/09/29 14:22:20 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\K\Desktop\OTL.exe
[2011/09/29 10:28:19 | 000,037,376 | ---- | M] () -- C:\WINDOWS\System32\inetsw32.dll
[2011/09/29 10:20:10 | 002,170,570 | ---- | M] () -- C:\Documents and Settings\K\My Documents\cc_20110929_101851.reg
[2011/09/29 09:53:11 | 000,171,520 | ---- | M] (©if systems) -- C:\Documents and Settings\K\Start Menu\Programs\Startup\dnsdevcab.exe
[2011/09/29 08:28:00 | 017,217,688 | ---- | M] () -- C:\Documents and Settings\K\Desktop\SAS_09216917.COM
[2011/09/29 08:19:56 | 002,420,346 | ---- | M] () -- C:\MGtools.exe
[2011/09/29 08:19:56 | 002,420,346 | ---- | M] () -- C:\Documents and Settings\K\Desktop\MGtools.exe
[2011/09/29 07:47:36 | 009,851,496 | ---- | M] () -- C:\mdsbdsam-setup.exe
[2011/09/29 07:47:36 | 009,851,496 | ---- | M] () -- C:\Documents and Settings\K\Desktop\mdsbdsam-setup.exe
[2011/09/28 13:30:45 | 001,008,092 | ---- | M] () -- C:\Documents and Settings\K\Desktop\rkill.exe
[2011/09/23 11:04:45 | 000,000,686 | ---- | M] () -- C:\Documents and Settings\K\Desktop\Shortcut to Opti 597 - Technical Writing.lnk
[2011/09/16 10:48:16 | 000,000,591 | ---- | M] () -- C:\Documents and Settings\K\Desktop\Shortcut to Goodrich.lnk
[2011/09/15 10:10:12 | 000,002,453 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SolidWorks 2010.lnk
[2011/09/12 01:10:21 | 000,000,625 | ---- | M] () -- C:\WINDOWS\solvermfc.INI
[2011/09/11 20:22:09 | 134,302,870 | ---- | M] () -- C:\Documents and Settings\K\Desktop\1659_Huge_in_a_Hurry.pdf
[15 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/02 14:05:23 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/10/02 14:05:23 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/10/02 14:05:23 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/10/02 14:05:23 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/10/02 14:05:23 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/09/29 12:23:12 | 009,851,496 | ---- | C] () -- C:\mdsbdsam-setup.exe
[2011/09/29 12:23:12 | 002,420,346 | ---- | C] () -- C:\MGtools.exe
[2011/09/29 10:28:19 | 000,037,376 | ---- | C] () -- C:\WINDOWS\System32\inetsw32.dll
[2011/09/29 10:19:18 | 002,170,570 | ---- | C] () -- C:\Documents and Settings\K\My Documents\cc_20110929_101851.reg
[2011/09/29 10:02:52 | 000,027,754 | ---- | C] () -- C:\MGlogs.zip
[2011/09/29 10:02:43 | 002,420,346 | ---- | C] () -- C:\Documents and Settings\K\Desktop\MGtools.exe
[2011/09/29 10:02:38 | 009,851,496 | ---- | C] () -- C:\Documents and Settings\K\Desktop\mdsbdsam-setup.exe
[2011/09/29 08:27:27 | 017,217,688 | ---- | C] () -- C:\Documents and Settings\K\Desktop\SAS_09216917.COM
[2011/09/28 13:30:42 | 001,008,092 | ---- | C] () -- C:\Documents and Settings\K\Desktop\rkill.exe
[2011/09/23 11:04:45 | 000,000,686 | ---- | C] () -- C:\Documents and Settings\K\Desktop\Shortcut to Opti 597 - Technical Writing.lnk
[2011/09/11 20:28:42 | 000,000,625 | ---- | C] () -- C:\WINDOWS\solvermfc.INI
[2011/09/11 20:13:41 | 134,302,870 | ---- | C] () -- C:\Documents and Settings\K\Desktop\1659_Huge_in_a_Hurry.pdf
[2011/02/10 19:28:31 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/12/09 11:18:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\eDrawingOfficeAutomator.INI
[2010/10/17 22:04:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\yap.INI
[2010/09/16 11:41:58 | 000,957,904 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/09/03 12:03:54 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2010/08/25 02:31:38 | 000,083,108 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/08/24 15:30:06 | 000,009,216 | ---- | C] () -- C:\Documents and Settings\K\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/24 02:05:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/08/22 13:06:54 | 001,759,744 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2010/08/22 13:06:54 | 000,028,544 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys
[2010/08/22 13:06:53 | 000,000,323 | ---- | C] () -- C:\WINDOWS\PidList.ini
[2010/03/23 13:26:48 | 000,201,512 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2010/03/23 13:17:40 | 000,197,416 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2009/12/20 18:42:18 | 000,000,314 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2009/08/01 03:01:06 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/08/01 01:48:57 | 000,090,772 | ---- | C] () -- C:\WINDOWS\System32\drivers\RtConvEQ.DAT
[2009/08/01 01:48:57 | 000,000,536 | ---- | C] () -- C:\WINDOWS\System32\drivers\RtHdatEx.dat
[2009/08/01 01:48:57 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTEQEX2.dat
[2009/08/01 01:48:57 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTEQEX1.dat
[2009/08/01 01:48:57 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTEQEX0.dat
[2009/08/01 01:48:57 | 000,000,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTHDAEQ0.dat
[2009/08/01 01:48:57 | 000,000,164 | ---- | C] () -- C:\WINDOWS\System32\drivers\SamSfPa.dat
[2009/08/01 01:48:57 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\rtkhdaud.dat
[2009/08/01 01:48:01 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009/08/01 00:34:51 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009/08/01 00:34:50 | 000,437,616 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2009/08/01 00:34:50 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2009/08/01 00:34:50 | 000,069,676 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2009/08/01 00:34:50 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2009/08/01 00:34:50 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2009/08/01 00:34:49 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2009/08/01 00:34:49 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2009/08/01 00:34:48 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2009/08/01 00:34:48 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2009/08/01 00:34:44 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2009/08/01 00:34:42 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2009/07/31 23:58:22 | 000,032,768 | ---- | C] () -- C:\WINDOWS\AMove.exe
[2009/07/31 23:58:22 | 000,007,003 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2009/07/31 23:57:06 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/07/31 23:52:54 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/07/31 23:51:59 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2009/07/31 16:49:29 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/07/31 16:48:41 | 000,368,096 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/05/08 15:08:42 | 002,854,976 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2009/02/24 19:20:23 | 000,020,480 | ---- | C] () -- C:\WINDOWS\LauncheRyDiscCalc.exe
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== LOP Check ==========

[2011/05/25 11:12:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DassaultSystemes
[2009/08/01 02:33:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eSobi
[2010/08/24 16:05:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/08/22 13:14:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\.BitTornado
[2009/08/01 02:35:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Acer
[2009/08/01 02:07:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Acer GameZone Console
[2011/01/08 12:30:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\calibre
[2011/05/25 11:12:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\DassaultSystemes
[2011/09/29 10:53:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Dropbox
[2011/01/02 15:42:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\FreeOrion
[2011/05/04 08:30:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Gizmo
[2011/10/02 16:37:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\IM
[2011/03/02 20:18:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2010/10/14 06:58:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\MuPAD
[2010/11/24 22:25:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Paltalk
[2011/04/09 23:19:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\PrimoPDF
[2011/10/02 14:39:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Qlock
[2009/08/01 02:25:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Super-Cow

========== Purity Check ==========

< End of report >

#8
michaelg9

Posted 04 October 2011 - 12:05 PM

Trusted Helper

Malware Removal
2,949 posts

Try to free a little more space, so it reaches at least 15%:
Drive C: | 139.04 Gb Total Space | 17.03 Gb Free Space | 12.25% Space Free | Partition Type: NTFS

#9
Ksavvy

Posted 05 October 2011 - 09:12 AM

Member

Topic Starter
Member
32 posts

I think we got there... (fingers crossed for luck)...

OTL logfile created on: 10/5/2011 6:53:41 AM - Run 4
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\K\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.87 Mb Total Physical Memory | 253.23 Mb Available Physical Memory | 24.98% Memory free
2.38 Gb Paging File | 1.75 Gb Available in Paging File | 73.24% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 139.04 Gb Total Space | 20.91 Gb Free Space | 15.04% Space Free | Partition Type: NTFS

Computer Name: ACER-399B23EC8F | User Name: K | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/29 14:22:20 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\K\Desktop\OTL.exe
PRC - [2011/09/25 14:37:43 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.69\GoogleCrashHandler.exe
PRC - [2011/08/08 18:28:02 | 000,977,408 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
PRC - [2011/06/08 12:12:40 | 001,834,280 | ---- | M] (Dassault Systèmes SolidWorks Corp.) -- C:\Program Files\Common Files\SolidWorks Installation Manager\BackgroundDownloading\sldBgDwld.exe
PRC - [2011/05/25 13:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\K\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2011/05/04 08:30:42 | 000,034,728 | ---- | M] (Arainia Solutions) -- C:\Program Files\Gizmo\gservice.exe
PRC - [2011/05/04 08:30:41 | 000,223,640 | ---- | M] (Arainia Solutions) -- C:\Program Files\Gizmo\gizmo.exe
PRC - [2011/03/21 14:10:00 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/10/06 19:57:42 | 000,071,432 | ---- | M] (Mentor Graphics Corporation) -- C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation (2)\binCFW\StandAloneSlv.exe
PRC - [2010/03/09 09:57:40 | 002,162,024 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\POWERPNT.EXE
PRC - [2009/06/25 17:30:36 | 000,565,248 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\AcerVCM.exe
PRC - [2009/05/08 15:09:42 | 000,607,584 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2009/02/13 23:37:32 | 004,142,080 | ---- | M] () -- C:\Program Files\Qlock\qlock.exe
PRC - [2009/02/05 08:14:56 | 000,237,568 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\RS_Service.exe
PRC - [2009/01/31 11:26:09 | 007,300,392 | ---- | M] (Dassault Systèmes SolidWorks Corp.) -- C:\Program Files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe
PRC - [2008/12/30 00:09:54 | 000,875,016 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2008/07/03 15:58:22 | 000,094,208 | ---- | M] (sonix) -- C:\WINDOWS\PLFSetL.exe
PRC - [2008/04/15 17:54:42 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2008/04/15 17:54:40 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/04/14 05:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2011/09/29 10:28:19 | 000,037,376 | ---- | M] () -- C:\WINDOWS\system32\inetsw32.dll
MOD - [2011/05/04 08:30:42 | 000,404,384 | ---- | M] () -- C:\Program Files\Gizmo\gdatabase.dll
MOD - [2011/05/04 08:30:42 | 000,394,656 | ---- | M] () -- C:\Program Files\Gizmo\gdrive.dll
MOD - [2011/05/04 08:30:42 | 000,372,632 | ---- | M] () -- C:\Program Files\Gizmo\ghash.dll
MOD - [2011/05/04 08:30:42 | 000,339,864 | ---- | M] () -- C:\Program Files\Gizmo\gscript.dll
MOD - [2011/05/04 08:30:42 | 000,339,864 | ---- | M] () -- C:\Program Files\Gizmo\geditor.dll
MOD - [2011/05/04 08:30:42 | 000,059,304 | ---- | M] () -- C:\Program Files\Gizmo\gshell.dll
MOD - [2011/05/04 08:30:41 | 000,315,800 | ---- | M] () -- C:\Program Files\Gizmo\gmanager.dll
MOD - [2011/05/04 08:30:41 | 000,166,816 | ---- | M] () -- C:\Program Files\Gizmo\gimage.dll
MOD - [2011/04/19 12:39:46 | 000,315,392 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libtidy.dll
MOD - [2011/04/19 12:39:44 | 000,433,664 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libxml2.dll
MOD - [2011/03/21 14:10:36 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/03/21 14:10:00 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2010/06/03 13:46:00 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010/03/24 21:17:36 | 008,794,464 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/03/15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2010/01/30 02:41:12 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2009/12/20 18:42:16 | 000,176,235 | ---- | M] () -- C:\WINDOWS\system32\Primomonnt.dll
MOD - [2009/05/08 15:08:42 | 002,854,976 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll
MOD - [2009/05/08 15:06:38 | 000,069,697 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2009/02/13 23:37:32 | 004,142,080 | ---- | M] () -- C:\Program Files\Qlock\qlock.exe
MOD - [2008/04/14 05:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/04/14 05:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2003/06/06 22:30:08 | 000,057,344 | ---- | M] () -- C:\Program Files\Launch Manager\PowerUtl.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Remote Solver for Flow Simulation 2011)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/07/18 23:19:56 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/05/04 08:30:42 | 000,034,728 | ---- | M] (Arainia Solutions) [Auto | Running] -- C:\Program Files\Gizmo\gservice.exe -- (Gizmo Central)
SRV - [2010/12/09 11:07:10 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2010/12/02 06:18:32 | 000,087,336 | ---- | M] (Dassault Systèmes SolidWorks Corp.) [On_Demand | Stopped] -- C:\Program Files\SolidWorks Corp\SolidWorks (2)\swScheduler\DTSCoordinatorService.exe -- (CoordinatorServiceHost)
SRV - [2010/10/06 19:57:42 | 000,071,432 | ---- | M] (Mentor Graphics Corporation) [Auto | Running] -- C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation (2)\binCFW\StandAloneSlv.exe -- (Remote Solver for Flow Simulation 2010)
SRV - [2010/03/25 10:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/03/23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2009/02/05 08:14:56 | 000,237,568 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2008/04/15 17:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel®
SRV - [2005/09/23 07:01:16 | 002,799,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80)

========== Driver Services (SafeList) ==========

DRV - [2011/05/04 08:30:46 | 000,025,488 | ---- | M] (Arainia Solutions LLC) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\gizmodrv.sys -- (GizmoDrv)
DRV - [2011/02/16 06:22:48 | 000,138,496 | ---- | M] (©if systems Systems) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\afd.sys -- (AFD)
DRV - [2010/03/23 13:15:36 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2009/06/21 21:59:26 | 001,574,112 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2009/05/10 22:01:30 | 000,056,992 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2009/05/06 18:15:38 | 001,759,744 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2009/04/15 03:13:34 | 000,991,136 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2009/03/01 22:03:48 | 000,038,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)
DRV - [2009/02/24 01:49:44 | 005,032,448 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/02/18 02:46:56 | 000,534,312 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2008/11/16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2008/08/05 05:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2007/11/14 19:05:16 | 000,394,952 | ---- | M] (Zone Labs, LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2007/01/18 20:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/11/02 06:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)
DRV - [2006/01/04 00:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...04wu45w8812314o

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...04wu45w8812314o
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {E0B8C461-F8FB-49b4-8373-FE32E9252800}:4.0.0.155231
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
FF - prefs.js..extensions.enabledItems: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}:2.3.1
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7550
FF - prefs.js..extensions.enabledItems: [email protected]:1.9
FF - prefs.js..extensions.enabledItems: {f759ca51-3a91-4dd1-ae78-9db5eee9ebf0}:5.6.9

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\K\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\K\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\K\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Documents and Settings\K\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\K\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/08/24 05:27:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/04/13 22:47:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/04/13 22:47:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/29 08:25:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/29 08:25:55 | 000,000,000 | ---D | M]

[2010/08/24 02:06:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\K\Application Data\Mozilla\Extensions
[2011/09/29 11:53:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\K\Application Data\Mozilla\Firefox\Profiles\tjyi1aio.default\extensions
[2011/08/12 18:05:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\K\Application Data\Mozilla\Firefox\Profiles\tjyi1aio.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/08/12 18:05:05 | 000,000,000 | ---D | M] (Delicious Bookmarks) -- C:\Documents and Settings\K\Application Data\Mozilla\Firefox\Profiles\tjyi1aio.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2011/08/12 18:05:05 | 000,000,000 | ---D | M] (FireFTP) -- C:\Documents and Settings\K\Application Data\Mozilla\Firefox\Profiles\tjyi1aio.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2011/08/12 18:05:07 | 000,000,000 | ---D | M] (Evernote Web Clipper) -- C:\Documents and Settings\K\Application Data\Mozilla\Firefox\Profiles\tjyi1aio.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}
[2011/08/14 14:28:33 | 000,000,000 | ---D | M] (UnMHT) -- C:\Documents and Settings\K\Application Data\Mozilla\Firefox\Profiles\tjyi1aio.default\extensions\{f759ca51-3a91-4dd1-ae78-9db5eee9ebf0}
[2011/08/14 14:28:34 | 000,000,000 | ---D | M] (Readability) -- C:\Documents and Settings\K\Application Data\Mozilla\Firefox\Profiles\tjyi1aio.default\extensions\[email protected]
[2011/10/03 11:57:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/06/29 06:22:52 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/04/13 22:47:03 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO
[2011/04/13 22:47:04 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA
[2010/08/24 05:27:06 | 000,000,000 | ---D | M] (Google Gears) -- C:\PROGRAM FILES\GOOGLE\GOOGLE GEARS\FIREFOX
File not found (No name found) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/08/26 15:38:33 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/05/16 16:52:28 | 000,258,560 | ---- | M] (Dassault Systèmes SolidWorks Corp.) -- C:\Program Files\mozilla firefox\plugins\npEModelPlugin.dll

O1 HOSTS File: ([2011/10/02 16:24:45 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\Drivers\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PLFSetL] C:\WINDOWS\PLFSetL.exe (sonix)
O4 - HKLM..\Run: [snp2uvc] C:\WINDOWS\System32\csnp2uvc.dll ( )
O4 - HKLM..\Run: [SolidWorks_CheckForUpdates] C:\Program Files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe (Dassault Systèmes SolidWorks Corp.)
O4 - HKCU..\Run: [GizmoDriveDelegate] C:\Program Files\Gizmo\gizmo.exe (Arainia Solutions)
O4 - HKCU..\Run: [Jing] C:\Program Files\TechSmith\Jing\Jing.exe (TechSmith Corporation)
O4 - HKLM..\RunOnce: [*dnsdevcab.exe] C:\Documents and Settings\K\Start Menu\Programs\Startup\dnsdevcab.exe (©if systems)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acer VCM.lnk = C:\Program Files\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Gizmo.lnk = C:\Program Files\Gizmo\gizmo.exe (Arainia Solutions)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SolidWorks Background Downloader.lnk = C:\Program Files\Common Files\SolidWorks Installation Manager\BackgroundDownloading\sldBgDwld.exe (Dassault Systèmes SolidWorks Corp.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\Icon3E5562ED7.ico ()
O4 - Startup: C:\Documents and Settings\K\Start Menu\Programs\Startup\dnsdevcab.exe (©if systems)
O4 - Startup: C:\Documents and Settings\K\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\K\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Documents and Settings\K\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O4 - Startup: C:\Documents and Settings\K\Start Menu\Programs\Startup\qlock.lnk = C:\Program Files\Qlock\qlock.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\inetsw32: DllName - (inetsw32.dll) - C:\WINDOWS\System32\inetsw32.dll ()
O20 - Winlogon\Notify\intelworks: DllName - (inetsw32.dll) - C:\WINDOWS\System32\inetsw32.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\K\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\K\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/31 23:55:07 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/03 21:38:04 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\K\Recent
[2011/10/03 11:44:49 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/10/02 16:20:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/10/02 16:07:03 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/10/02 16:04:16 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\K\Desktop\OTL.exe
[2011/10/02 14:39:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\K\Application Data\Qlock
[2011/10/02 14:05:23 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/10/02 14:05:23 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/10/02 14:05:23 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/10/02 14:05:23 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/10/02 14:05:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/10/02 14:04:53 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/02 14:04:39 | 000,000,000 | R--D | C] -- C:\Documents and Settings\K\Start Menu\Programs\Administrative Tools
[2011/10/02 14:03:08 | 004,240,182 | R--- | C] (Swearware) -- C:\Documents and Settings\K\Desktop\ComboFix.exe
[2011/10/02 14:03:08 | 001,548,080 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\K\Desktop\tdsskiller.exe
[2011/09/29 11:21:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/09/29 11:21:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/09/29 10:02:49 | 000,000,000 | ---D | C] -- C:\MGtools
[2011/09/29 09:53:11 | 000,171,520 | ---- | C] (©if systems) -- C:\Documents and Settings\K\Start Menu\Programs\Startup\dnsdevcab.exe
[2011/09/29 08:28:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\K\Application Data\SUPERAntiSpyware.com
[2011/09/29 08:28:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/09/11 20:10:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\K\Application Data\SolidWorks 2010
[2010/08/22 13:06:54 | 000,196,608 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll
[2010/08/22 06:51:46 | 000,225,280 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll
[2009/08/01 00:35:00 | 000,049,152 | ---- | C] ( ) -- C:\WINDOWS\Interop.IWshRuntimeLibrary.dll
[15 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/05 06:48:05 | 000,000,962 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3207847200-596957751-681764103-1005UA.job
[2011/10/05 06:42:17 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/03 21:48:02 | 000,000,910 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3207847200-596957751-681764103-1005Core.job
[2011/10/02 16:41:28 | 000,437,616 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/10/02 16:41:28 | 000,069,676 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/10/02 16:38:02 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2011/10/02 16:37:12 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/02 16:36:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/02 16:36:48 | 1063,194,624 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/02 16:24:45 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/10/02 13:48:04 | 004,240,182 | R--- | M] (Swearware) -- C:\Documents and Settings\K\Desktop\ComboFix.exe
[2011/10/02 13:47:10 | 001,548,080 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\K\Desktop\tdsskiller.exe
[2011/09/30 23:41:30 | 000,027,754 | ---- | M] () -- C:\MGlogs.zip
[2011/09/30 09:28:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/09/29 14:22:20 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\K\Desktop\OTL.exe
[2011/09/29 10:28:19 | 000,037,376 | ---- | M] () -- C:\WINDOWS\System32\inetsw32.dll
[2011/09/29 10:20:10 | 002,170,570 | ---- | M] () -- C:\Documents and Settings\K\My Documents\cc_20110929_101851.reg
[2011/09/29 09:53:11 | 000,171,520 | ---- | M] (©if systems) -- C:\Documents and Settings\K\Start Menu\Programs\Startup\dnsdevcab.exe
[2011/09/29 08:28:00 | 017,217,688 | ---- | M] () -- C:\Documents and Settings\K\Desktop\SAS_09216917.COM
[2011/09/29 08:19:56 | 002,420,346 | ---- | M] () -- C:\MGtools.exe
[2011/09/29 08:19:56 | 002,420,346 | ---- | M] () -- C:\Documents and Settings\K\Desktop\MGtools.exe
[2011/09/29 07:47:36 | 009,851,496 | ---- | M] () -- C:\mdsbdsam-setup.exe
[2011/09/29 07:47:36 | 009,851,496 | ---- | M] () -- C:\Documents and Settings\K\Desktop\mdsbdsam-setup.exe
[2011/09/28 13:30:45 | 001,008,092 | ---- | M] () -- C:\Documents and Settings\K\Desktop\rkill.exe
[2011/09/23 11:04:45 | 000,000,686 | ---- | M] () -- C:\Documents and Settings\K\Desktop\Shortcut to Opti 597 - Technical Writing.lnk
[2011/09/16 10:48:16 | 000,000,591 | ---- | M] () -- C:\Documents and Settings\K\Desktop\Shortcut to Goodrich.lnk
[2011/09/15 10:10:12 | 000,002,453 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SolidWorks 2010.lnk
[2011/09/12 01:10:21 | 000,000,625 | ---- | M] () -- C:\WINDOWS\solvermfc.INI
[2011/09/11 20:22:09 | 134,302,870 | ---- | M] () -- C:\Documents and Settings\K\Desktop\1659_Huge_in_a_Hurry.pdf
[15 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/02 14:05:23 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/10/02 14:05:23 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/10/02 14:05:23 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/10/02 14:05:23 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/10/02 14:05:23 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/09/29 12:23:12 | 009,851,496 | ---- | C] () -- C:\mdsbdsam-setup.exe
[2011/09/29 12:23:12 | 002,420,346 | ---- | C] () -- C:\MGtools.exe
[2011/09/29 10:28:19 | 000,037,376 | ---- | C] () -- C:\WINDOWS\System32\inetsw32.dll
[2011/09/29 10:19:18 | 002,170,570 | ---- | C] () -- C:\Documents and Settings\K\My Documents\cc_20110929_101851.reg
[2011/09/29 10:02:52 | 000,027,754 | ---- | C] () -- C:\MGlogs.zip
[2011/09/29 10:02:43 | 002,420,346 | ---- | C] () -- C:\Documents and Settings\K\Desktop\MGtools.exe
[2011/09/29 10:02:38 | 009,851,496 | ---- | C] () -- C:\Documents and Settings\K\Desktop\mdsbdsam-setup.exe
[2011/09/29 08:27:27 | 017,217,688 | ---- | C] () -- C:\Documents and Settings\K\Desktop\SAS_09216917.COM
[2011/09/28 13:30:42 | 001,008,092 | ---- | C] () -- C:\Documents and Settings\K\Desktop\rkill.exe
[2011/09/23 11:04:45 | 000,000,686 | ---- | C] () -- C:\Documents and Settings\K\Desktop\Shortcut to Opti 597 - Technical Writing.lnk
[2011/09/11 20:28:42 | 000,000,625 | ---- | C] () -- C:\WINDOWS\solvermfc.INI
[2011/09/11 20:13:41 | 134,302,870 | ---- | C] () -- C:\Documents and Settings\K\Desktop\1659_Huge_in_a_Hurry.pdf
[2011/02/10 19:28:31 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/12/09 11:18:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\eDrawingOfficeAutomator.INI
[2010/10/17 22:04:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\yap.INI
[2010/09/16 11:41:58 | 000,957,904 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/09/03 12:03:54 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2010/08/25 02:31:38 | 000,083,108 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/08/24 15:30:06 | 000,009,216 | ---- | C] () -- C:\Documents and Settings\K\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/24 02:05:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/08/22 13:06:54 | 001,759,744 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2010/08/22 13:06:54 | 000,028,544 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys
[2010/08/22 13:06:53 | 000,000,323 | ---- | C] () -- C:\WINDOWS\PidList.ini
[2010/03/23 13:26:48 | 000,201,512 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2010/03/23 13:17:40 | 000,197,416 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2009/12/20 18:42:18 | 000,000,314 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2009/08/01 03:01:06 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/08/01 01:48:57 | 000,090,772 | ---- | C] () -- C:\WINDOWS\System32\drivers\RtConvEQ.DAT
[2009/08/01 01:48:57 | 000,000,536 | ---- | C] () -- C:\WINDOWS\System32\drivers\RtHdatEx.dat
[2009/08/01 01:48:57 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTEQEX2.dat
[2009/08/01 01:48:57 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTEQEX1.dat
[2009/08/01 01:48:57 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTEQEX0.dat
[2009/08/01 01:48:57 | 000,000,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTHDAEQ0.dat
[2009/08/01 01:48:57 | 000,000,164 | ---- | C] () -- C:\WINDOWS\System32\drivers\SamSfPa.dat
[2009/08/01 01:48:57 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\rtkhdaud.dat
[2009/08/01 01:48:01 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009/08/01 00:34:51 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009/08/01 00:34:50 | 000,437,616 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2009/08/01 00:34:50 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2009/08/01 00:34:50 | 000,069,676 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2009/08/01 00:34:50 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2009/08/01 00:34:50 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2009/08/01 00:34:49 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2009/08/01 00:34:49 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2009/08/01 00:34:48 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2009/08/01 00:34:48 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2009/08/01 00:34:44 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2009/08/01 00:34:42 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2009/07/31 23:58:22 | 000,032,768 | ---- | C] () -- C:\WINDOWS\AMove.exe
[2009/07/31 23:58:22 | 000,007,003 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2009/07/31 23:57:06 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/07/31 23:52:54 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/07/31 23:51:59 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2009/07/31 16:49:29 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/07/31 16:48:41 | 000,368,096 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/05/08 15:08:42 | 002,854,976 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2009/02/24 19:20:23 | 000,020,480 | ---- | C] () -- C:\WINDOWS\LauncheRyDiscCalc.exe
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== LOP Check ==========

[2011/05/25 11:12:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DassaultSystemes
[2009/08/01 02:33:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eSobi
[2010/08/24 16:05:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/08/22 13:14:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\.BitTornado
[2009/08/01 02:35:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Acer
[2009/08/01 02:07:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Acer GameZone Console
[2011/01/08 12:30:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\calibre
[2011/05/25 11:12:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\DassaultSystemes
[2011/09/29 10:53:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Dropbox
[2011/01/02 15:42:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\FreeOrion
[2011/05/04 08:30:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Gizmo
[2011/10/02 16:37:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\IM
[2011/03/02 20:18:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2010/10/14 06:58:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\MuPAD
[2010/11/24 22:25:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Paltalk
[2011/04/09 23:19:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\PrimoPDF
[2011/10/02 14:39:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Qlock
[2009/08/01 02:25:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Super-Cow

========== Purity Check ==========

< End of report >

#10
michaelg9

Posted 06 October 2011 - 10:03 AM

Trusted Helper

Malware Removal
2,949 posts

Hello

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
MOD - [2011/09/29 10:28:19 | 000,037,376 | ---- | M] () -- C:\WINDOWS\system32\inetsw32.dll
O4 - HKLM..\RunOnce: [*dnsdevcab.exe] C:\Documents and Settings\K\Start Menu\Programs\Startup\dnsdevcab.exe (©if systems)
O4 - Startup: C:\Documents and Settings\K\Start Menu\Programs\Startup\dnsdevcab.exe (©if systems)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O20 - Winlogon\Notify\inetsw32: DllName - (inetsw32.dll) - C:\WINDOWS\System32\inetsw32.dll ()
O20 - Winlogon\Notify\intelworks: DllName - (inetsw32.dll) - C:\WINDOWS\System32\inetsw32.dll ()
[2011/09/29 09:53:11 | 000,171,520 | ---- | C] (©if systems) -- C:\Documents and Settings\K\Start Menu\Programs\Startup\dnsdevcab.exe
[15 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2011/09/29 10:28:19 | 000,037,376 | ---- | M] () -- C:\WINDOWS\System32\inetsw32.dll
[2011/09/29 09:53:11 | 000,171,520 | ---- | M] (©if systems) -- C:\Documents and Settings\K\Start Menu\Programs\Startup\dnsdevcab.exe

:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done

Next:

Delete the copy of combofix from your Desktop as it's outdated and follow this:

Download Combofix from any of the links below but rename it to explorer.com before saving it to your Desktop.

Link 1
Link 2
Link 3

==================================

Click Start --> Run, and enter this command exactly as shown:

"%userprofile%\desktop\explorer.com" /killall

When finished, it will produce a report for you.
Please post the C:\ComboFix.txt so we can continue cleaning the system.

Next:

Posted Image

OTL Custom Scan

Double click on the icon to run it.
Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top, make sure Stadard output is selected.
Select Scan all users
Under Extra Registry select Use Safelist
Check the boxes beside LOP Check and Purity Check.
Under the Custom Scans/Fixes box copy and paste this in:

netsvcs
%SYSTEMDRIVE%\*.exe
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
afd.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT
Click the button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open OTL.Txt and Extras.txt in Notepad window.
Please copy (Edit->Select All, Edit->Copy) the contents of these files and post them with your next reply.

Next:

Download the latest version of TDSSKiller from here and save it to your Desktop.

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
Click the Start Scan button.
If a suspicious object is detected, the default action will be Skip, click on Continue.
If malicious objects are found, they will show in the Scan results and offer three (3) options.
Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Next:

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image

Also in Desktop there should be a file called MBR.dat after that, zip it and then attach it here

Next:

File Scanner
There are some files I need you to upload for checking

Make sure to use Internet Explorer for this
Please go to VirSCAN.org FREE on-line scan service
Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:
- C:\WINDOWS\AMove.exe
Click on the Upload button
If a pop-up appears saying the file has been scanned already, please select the ReScan button.
Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
Paste the contents of the Clipboard in your next reply.

#11
Ksavvy

Posted 07 October 2011 - 04:05 PM

Member

Topic Starter
Member
32 posts

So I tried the new combofix, but it still is not producing a log. after running it a second time it started to hang on step 50. i left it for about an hour with no change so i closed it and moved on.

Also, I couldnt do the last scan, because internet explorer wont start, and i cant get connected to any page through firefox. I managed to get the other scans done though, so here are those results.

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\*dnsdevcab.exe deleted successfully.
Invalid CLSID key: *dnsdevcab.exe
C:\Documents and Settings\K\Start Menu\Programs\Startup\dnsdevcab.exe moved successfully.
File C:\Documents and Settings\K\Start Menu\Programs\Startup\dnsdevcab.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\localhost\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\GD\\http deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\inetsw32\ deleted successfully.
C:\WINDOWS\system32\inetsw32.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\intelworks\ deleted successfully.
File C:\WINDOWS\System32\inetsw32.dll not found.
File C:\Documents and Settings\K\Start Menu\Programs\Startup\dnsdevcab.exe not found.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\System32\SET107.tmp deleted successfully.
C:\WINDOWS\System32\SET11F.tmp deleted successfully.
C:\WINDOWS\System32\SET184.tmp deleted successfully.
C:\WINDOWS\System32\SET18D.tmp deleted successfully.
C:\WINDOWS\System32\SET19A.tmp deleted successfully.
C:\WINDOWS\System32\SET1C0.tmp deleted successfully.
C:\WINDOWS\System32\SET1D9.tmp deleted successfully.
C:\WINDOWS\System32\SET201.tmp deleted successfully.
C:\WINDOWS\System32\SET207.tmp deleted successfully.
C:\WINDOWS\System32\SET229.tmp deleted successfully.
C:\WINDOWS\System32\SET22A.tmp deleted successfully.
C:\WINDOWS\System32\SET22B.tmp deleted successfully.
C:\WINDOWS\System32\SET22C.tmp deleted successfully.
C:\WINDOWS\System32\SET23C.tmp deleted successfully.
File C:\WINDOWS\System32\inetsw32.dll not found.
File C:\Documents and Settings\K\Start Menu\Programs\Startup\dnsdevcab.exe not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56823 bytes

User: K
->Temporary Internet Files folder emptied: 70726 bytes
->Java cache emptied: 16396688 bytes
->Flash cache emptied: 57000 bytes

User: LocalService
->Temporary Internet Files folder emptied: 49286 bytes

User: NetworkService
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 1439 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1955986 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33438 bytes
RecycleBin emptied: 4240182 bytes

Total Files Cleaned = 22.00 mb

[EMPTYFLASH]

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: K
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.29.1 log created on 10072011_101724

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

OTL logfile created on: 10/7/2011 2:21:03 PM - Run 5
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\K\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.87 Mb Total Physical Memory | 631.30 Mb Available Physical Memory | 62.27% Memory free
2.38 Gb Paging File | 2.17 Gb Available in Paging File | 90.89% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 139.04 Gb Total Space | 20.82 Gb Free Space | 14.97% Space Free | Partition Type: NTFS
Drive D: | 3.73 Gb Total Space | 2.93 Gb Free Space | 78.63% Space Free | Partition Type: FAT32

Computer Name: ACER-399B23EC8F | User Name: K | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/29 14:22:20 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\K\Desktop\OTL.exe
PRC - [2008/04/14 05:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2010/03/24 21:17:36 | 008,794,464 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/01/30 02:41:12 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Remote Solver for Flow Simulation 2011)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/07/18 23:19:56 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/05/04 08:30:42 | 000,034,728 | ---- | M] (Arainia Solutions) [Auto | Stopped] -- C:\Program Files\Gizmo\gservice.exe -- (Gizmo Central)
SRV - [2010/12/09 11:07:10 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2010/12/02 06:18:32 | 000,087,336 | ---- | M] (Dassault Systèmes SolidWorks Corp.) [On_Demand | Stopped] -- C:\Program Files\SolidWorks Corp\SolidWorks (2)\swScheduler\DTSCoordinatorService.exe -- (CoordinatorServiceHost)
SRV - [2010/10/06 19:57:42 | 000,071,432 | ---- | M] (Mentor Graphics Corporation) [Auto | Stopped] -- C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation (2)\binCFW\StandAloneSlv.exe -- (Remote Solver for Flow Simulation 2010)
SRV - [2010/03/25 10:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/03/23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2009/02/05 08:14:56 | 000,237,568 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Program Files\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2008/04/15 17:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel®
SRV - [2005/09/23 07:01:16 | 002,799,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2011/05/04 08:30:46 | 000,025,488 | ---- | M] (Arainia Solutions LLC) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\gizmodrv.sys -- (GizmoDrv)
DRV - [2011/02/16 06:22:48 | 000,138,496 | ---- | M] (©if systems Systems) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\afd.sys -- (AFD)
DRV - [2010/03/23 13:15:36 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2009/06/21 21:59:26 | 001,574,112 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2009/05/10 22:01:30 | 000,056,992 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2009/05/06 18:15:38 | 001,759,744 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2009/04/15 03:13:34 | 000,991,136 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2009/03/01 22:03:48 | 000,038,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)
DRV - [2009/02/24 01:49:44 | 005,032,448 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/02/18 02:46:56 | 000,534,312 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2008/11/16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2008/08/05 05:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2007/11/14 19:05:16 | 000,394,952 | ---- | M] (Zone Labs, LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2007/01/18 20:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/11/02 06:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)
DRV - [2006/01/04 00:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...04wu45w8812314o

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3207847200-596957751-681764103-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...04wu45w8812314o
IE - HKU\S-1-5-21-3207847200-596957751-681764103-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3207847200-596957751-681764103-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {E0B8C461-F8FB-49b4-8373-FE32E9252800}:4.0.0.155231
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
FF - prefs.js..extensions.enabledItems: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}:2.3.1
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7550
FF - prefs.js..extensions.enabledItems: [email protected]:1.9
FF - prefs.js..extensions.enabledItems: {f759ca51-3a91-4dd1-ae78-9db5eee9ebf0}:5.6.9

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\K\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\K\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\K\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Documents and Settings\K\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\K\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/08/24 05:27:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/04/13 22:47:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/04/13 22:47:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/29 08:25:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/29 08:25:55 | 000,000,000 | ---D | M]

[2010/08/24 02:06:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\K\Application Data\Mozilla\Extensions
[2011/09/29 11:53:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\K\Application Data\Mozilla\Firefox\Profiles\tjyi1aio.default\extensions
[2011/08/12 18:05:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\K\Application Data\Mozilla\Firefox\Profiles\tjyi1aio.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/08/12 18:05:05 | 000,000,000 | ---D | M] (Delicious Bookmarks) -- C:\Documents and Settings\K\Application Data\Mozilla\Firefox\Profiles\tjyi1aio.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2011/08/12 18:05:05 | 000,000,000 | ---D | M] (FireFTP) -- C:\Documents and Settings\K\Application Data\Mozilla\Firefox\Profiles\tjyi1aio.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2011/08/12 18:05:07 | 000,000,000 | ---D | M] (Evernote Web Clipper) -- C:\Documents and Settings\K\Application Data\Mozilla\Firefox\Profiles\tjyi1aio.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}
[2011/08/14 14:28:33 | 000,000,000 | ---D | M] (UnMHT) -- C:\Documents and Settings\K\Application Data\Mozilla\Firefox\Profiles\tjyi1aio.default\extensions\{f759ca51-3a91-4dd1-ae78-9db5eee9ebf0}
[2011/08/14 14:28:34 | 000,000,000 | ---D | M] (Readability) -- C:\Documents and Settings\K\Application Data\Mozilla\Firefox\Profiles\tjyi1aio.default\extensions\[email protected]
[2011/10/03 11:57:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/06/29 06:22:52 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/04/13 22:47:03 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO
[2011/04/13 22:47:04 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA
[2010/08/24 05:27:06 | 000,000,000 | ---D | M] (Google Gears) -- C:\PROGRAM FILES\GOOGLE\GOOGLE GEARS\FIREFOX
File not found (No name found) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/08/26 15:38:33 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/05/16 16:52:28 | 000,258,560 | ---- | M] (Dassault Systèmes SolidWorks Corp.) -- C:\Program Files\mozilla firefox\plugins\npEModelPlugin.dll

O1 HOSTS File: ([2011/10/07 12:25:51 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\Drivers\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PLFSetL] C:\WINDOWS\PLFSetL.exe (sonix)
O4 - HKLM..\Run: [snp2uvc] C:\WINDOWS\System32\csnp2uvc.dll ( )
O4 - HKLM..\Run: [SolidWorks_CheckForUpdates] C:\Program Files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe (Dassault Systèmes SolidWorks Corp.)
O4 - HKU\S-1-5-21-3207847200-596957751-681764103-1005..\Run: [GizmoDriveDelegate] C:\Program Files\Gizmo\gizmo.exe (Arainia Solutions)
O4 - HKU\S-1-5-21-3207847200-596957751-681764103-1005..\Run: [Jing] C:\Program Files\TechSmith\Jing\Jing.exe (TechSmith Corporation)
O4 - HKLM..\RunOnce: [*cscautoadsl.exe] C:\WINDOWS\System32\cscautoadsl.exe (©if systems)
O4 - HKLM..\RunOnce: [*proxyqueueapi.exe] C:\Documents and Settings\K\Start Menu\Programs\proxyqueueapi.exe (©if systems)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acer VCM.lnk = C:\Program Files\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Gizmo.lnk = C:\Program Files\Gizmo\gizmo.exe (Arainia Solutions)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SolidWorks Background Downloader.lnk = C:\Program Files\Common Files\SolidWorks Installation Manager\BackgroundDownloading\sldBgDwld.exe (Dassault Systèmes SolidWorks Corp.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\Icon3E5562ED7.ico ()
O4 - Startup: C:\Documents and Settings\K\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\K\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Documents and Settings\K\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O4 - Startup: C:\Documents and Settings\K\Start Menu\Programs\Startup\qlock.lnk = C:\Program Files\Qlock\qlock.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3207847200-596957751-681764103-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3207847200-596957751-681764103-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3207847200-596957751-681764103-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-3207847200-596957751-681764103-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\intelworks: DllName - (inetsw32.dll) - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\K\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\K\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/31 23:55:07 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: mcmscsvc - Service
SafeBootMin: MCODS - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: AFD - C:\WINDOWS\System32\drivers\afd.sys (©if systems Systems)
SafeBootNet: AppMgmt - File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: mcmscsvc - Service
SafeBootNet: MCODS - Service
SafeBootNet: MpfService - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Service
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/10/07 13:46:58 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/10/07 12:30:25 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/10/07 12:21:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/10/07 11:00:33 | 000,171,520 | ---- | C] (©if systems) -- C:\Documents and Settings\K\Start Menu\Programs\proxyqueueapi.exe
[2011/10/07 10:51:26 | 000,171,520 | ---- | C] (©if systems) -- C:\Documents and Settings\K\Application Data\cryptdnsmgr.exe
[2011/10/07 10:42:48 | 004,247,628 | R--- | C] (Swearware) -- C:\Documents and Settings\K\Desktop\ComboFix.exe
[2011/10/07 10:17:30 | 000,171,520 | ---- | C] (©if systems) -- C:\WINDOWS\System32\cscautoadsl.exe
[2011/10/07 10:17:24 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/10/03 21:38:04 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\K\Recent
[2011/10/02 16:04:16 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\K\Desktop\OTL.exe
[2011/10/02 14:39:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\K\Application Data\Qlock
[2011/10/02 14:05:23 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/10/02 14:05:23 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/10/02 14:05:23 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/10/02 14:05:23 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/10/02 14:05:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/10/02 14:04:53 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/02 14:04:39 | 000,000,000 | R--D | C] -- C:\Documents and Settings\K\Start Menu\Programs\Administrative Tools
[2011/10/02 14:03:08 | 001,548,080 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\K\Desktop\tdsskiller.exe
[2011/09/29 11:21:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/09/29 11:21:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/09/29 10:02:49 | 000,000,000 | ---D | C] -- C:\MGtools
[2011/09/29 08:28:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\K\Application Data\SUPERAntiSpyware.com
[2011/09/29 08:28:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/09/11 20:10:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\K\Application Data\SolidWorks 2010
[2010/08/22 13:06:54 | 000,196,608 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll
[2010/08/22 06:51:46 | 000,225,280 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll
[2009/08/01 00:35:00 | 000,049,152 | ---- | C] ( ) -- C:\WINDOWS\Interop.IWshRuntimeLibrary.dll

========== Files - Modified Within 30 Days ==========

[2011/10/07 12:30:11 | 000,437,616 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/10/07 12:30:11 | 000,069,676 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/10/07 12:26:40 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2011/10/07 12:25:51 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/10/07 12:25:33 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/07 12:25:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/07 12:25:05 | 1063,194,624 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/07 10:51:26 | 000,171,520 | ---- | M] (©if systems) -- C:\Documents and Settings\K\Application Data\cryptdnsmgr.exe
[2011/10/07 10:48:06 | 000,000,962 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3207847200-596957751-681764103-1005UA.job
[2011/10/07 10:42:16 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/07 10:17:30 | 000,171,520 | ---- | M] (©if systems) -- C:\WINDOWS\System32\cscautoadsl.exe
[2011/10/07 09:28:06 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/10/07 09:01:44 | 004,247,628 | R--- | M] (Swearware) -- C:\Documents and Settings\K\Desktop\ComboFix.exe
[2011/10/03 21:48:02 | 000,000,910 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3207847200-596957751-681764103-1005Core.job
[2011/10/02 13:47:10 | 001,548,080 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\K\Desktop\tdsskiller.exe
[2011/09/30 23:41:30 | 000,027,754 | ---- | M] () -- C:\MGlogs.zip
[2011/09/29 14:22:20 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\K\Desktop\OTL.exe
[2011/09/29 10:20:10 | 002,170,570 | ---- | M] () -- C:\Documents and Settings\K\My Documents\cc_20110929_101851.reg
[2011/09/29 08:28:00 | 017,217,688 | ---- | M] () -- C:\Documents and Settings\K\Desktop\SAS_09216917.COM
[2011/09/29 08:19:56 | 002,420,346 | ---- | M] () -- C:\MGtools.exe
[2011/09/29 08:19:56 | 002,420,346 | ---- | M] () -- C:\Documents and Settings\K\Desktop\MGtools.exe
[2011/09/29 07:47:36 | 009,851,496 | ---- | M] () -- C:\mdsbdsam-setup.exe
[2011/09/29 07:47:36 | 009,851,496 | ---- | M] () -- C:\Documents and Settings\K\Desktop\mdsbdsam-setup.exe
[2011/09/28 13:30:45 | 001,008,092 | ---- | M] () -- C:\Documents and Settings\K\Desktop\rkill.exe
[2011/09/23 11:04:45 | 000,000,686 | ---- | M] () -- C:\Documents and Settings\K\Desktop\Shortcut to Opti 597 - Technical Writing.lnk
[2011/09/16 10:48:16 | 000,000,591 | ---- | M] () -- C:\Documents and Settings\K\Desktop\Shortcut to Goodrich.lnk
[2011/09/15 10:10:12 | 000,002,453 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SolidWorks 2010.lnk
[2011/09/12 01:10:21 | 000,000,625 | ---- | M] () -- C:\WINDOWS\solvermfc.INI
[2011/09/11 20:22:09 | 134,302,870 | ---- | M] () -- C:\Documents and Settings\K\Desktop\1659_Huge_in_a_Hurry.pdf
[2011/09/09 02:12:13 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll

========== Files Created - No Company Name ==========

[2011/10/02 14:05:23 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/10/02 14:05:23 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/10/02 14:05:23 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/10/02 14:05:23 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/10/02 14:05:23 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/09/29 12:23:12 | 009,851,496 | ---- | C] () -- C:\mdsbdsam-setup.exe
[2011/09/29 12:23:12 | 002,420,346 | ---- | C] () -- C:\MGtools.exe
[2011/09/29 10:19:18 | 002,170,570 | ---- | C] () -- C:\Documents and Settings\K\My Documents\cc_20110929_101851.reg
[2011/09/29 10:02:52 | 000,027,754 | ---- | C] () -- C:\MGlogs.zip
[2011/09/29 10:02:43 | 002,420,346 | ---- | C] () -- C:\Documents and Settings\K\Desktop\MGtools.exe
[2011/09/29 10:02:38 | 009,851,496 | ---- | C] () -- C:\Documents and Settings\K\Desktop\mdsbdsam-setup.exe
[2011/09/29 08:27:27 | 017,217,688 | ---- | C] () -- C:\Documents and Settings\K\Desktop\SAS_09216917.COM
[2011/09/28 13:30:42 | 001,008,092 | ---- | C] () -- C:\Documents and Settings\K\Desktop\rkill.exe
[2011/09/23 11:04:45 | 000,000,686 | ---- | C] () -- C:\Documents and Settings\K\Desktop\Shortcut to Opti 597 - Technical Writing.lnk
[2011/09/11 20:28:42 | 000,000,625 | ---- | C] () -- C:\WINDOWS\solvermfc.INI
[2011/09/11 20:13:41 | 134,302,870 | ---- | C] () -- C:\Documents and Settings\K\Desktop\1659_Huge_in_a_Hurry.pdf
[2011/02/10 19:28:31 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/12/09 11:18:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\eDrawingOfficeAutomator.INI
[2010/10/17 22:04:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\yap.INI
[2010/09/16 11:41:58 | 000,957,904 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/09/03 12:03:54 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2010/08/25 02:31:38 | 000,083,108 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/08/24 15:30:06 | 000,009,216 | ---- | C] () -- C:\Documents and Settings\K\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/24 02:05:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/08/22 13:06:54 | 001,759,744 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2010/08/22 13:06:54 | 000,028,544 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys
[2010/08/22 13:06:53 | 000,000,323 | ---- | C] () -- C:\WINDOWS\PidList.ini
[2010/03/23 13:26:48 | 000,201,512 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2010/03/23 13:17:40 | 000,197,416 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2009/12/20 18:42:18 | 000,000,314 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2009/08/01 03:01:06 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/08/01 01:48:57 | 000,090,772 | ---- | C] () -- C:\WINDOWS\System32\drivers\RtConvEQ.DAT
[2009/08/01 01:48:57 | 000,000,536 | ---- | C] () -- C:\WINDOWS\System32\drivers\RtHdatEx.dat
[2009/08/01 01:48:57 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTEQEX2.dat
[2009/08/01 01:48:57 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTEQEX1.dat
[2009/08/01 01:48:57 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTEQEX0.dat
[2009/08/01 01:48:57 | 000,000,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTHDAEQ0.dat
[2009/08/01 01:48:57 | 000,000,164 | ---- | C] () -- C:\WINDOWS\System32\drivers\SamSfPa.dat
[2009/08/01 01:48:57 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\rtkhdaud.dat
[2009/08/01 01:48:01 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009/08/01 00:34:51 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009/08/01 00:34:50 | 000,437,616 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2009/08/01 00:34:50 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2009/08/01 00:34:50 | 000,069,676 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2009/08/01 00:34:50 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2009/08/01 00:34:50 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2009/08/01 00:34:49 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2009/08/01 00:34:49 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2009/08/01 00:34:48 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2009/08/01 00:34:48 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2009/08/01 00:34:44 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2009/08/01 00:34:42 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2009/07/31 23:58:22 | 000,032,768 | ---- | C] () -- C:\WINDOWS\AMove.exe
[2009/07/31 23:58:22 | 000,007,003 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2009/07/31 23:57:06 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/07/31 23:52:54 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/07/31 23:51:59 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2009/07/31 16:49:29 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/07/31 16:48:41 | 000,368,096 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/05/08 15:08:42 | 002,854,976 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2009/02/24 19:20:23 | 000,020,480 | ---- | C] () -- C:\WINDOWS\LauncheRyDiscCalc.exe
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== LOP Check ==========

[2011/05/25 11:12:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DassaultSystemes
[2009/08/01 02:33:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eSobi
[2010/08/24 16:05:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/08/01 02:35:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Acer
[2009/08/01 02:07:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Acer GameZone Console
[2009/08/01 02:25:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Super-Cow
[2010/08/22 13:14:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\.BitTornado
[2009/08/01 02:35:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Acer
[2009/08/01 02:07:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Acer GameZone Console
[2011/01/08 12:30:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\calibre
[2011/05/25 11:12:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\DassaultSystemes
[2011/09/29 10:53:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Dropbox
[2011/01/02 15:42:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\FreeOrion
[2011/05/04 08:30:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Gizmo
[2011/10/07 12:26:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\IM
[2011/03/02 20:18:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2010/10/14 06:58:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\MuPAD
[2010/11/24 22:25:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Paltalk
[2011/04/09 23:19:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\PrimoPDF
[2011/10/02 14:39:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Qlock
[2009/08/01 02:25:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Super-Cow

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[2011/09/29 07:47:36 | 009,851,496 | ---- | M] () -- C:\mdsbdsam-setup.exe
[2011/09/29 08:19:56 | 002,420,346 | ---- | M] () -- C:\MGtools.exe

< %SYSTEMDRIVE%\*.exe >
[2011/09/29 07:47:36 | 009,851,496 | ---- | M] () -- C:\mdsbdsam-setup.exe
[2011/09/29 08:19:56 | 002,420,346 | ---- | M] () -- C:\MGtools.exe

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2010/08/22 13:14:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\.BitTornado
[2009/08/01 02:35:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Acer
[2009/08/01 02:07:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Acer GameZone Console
[2011/10/02 14:29:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Adobe
[2011/08/04 12:35:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Apple Computer
[2011/03/01 05:39:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\ArcSoft
[2011/01/08 12:30:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\calibre
[2011/05/25 11:12:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\DassaultSystemes
[2011/08/04 08:54:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\DivX
[2011/09/29 10:53:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Dropbox
[2011/01/02 15:42:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\FreeOrion
[2011/05/04 08:30:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Gizmo
[2010/08/24 01:57:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Google
[2009/07/31 23:58:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Identities
[2011/10/07 12:26:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\IM
[2009/08/01 01:43:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\InstallShield
[2009/08/01 02:32:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Macromedia
[2011/03/02 20:18:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2010/08/26 17:36:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\MathWorks
[2011/07/22 10:00:47 | 000,000,000 | --SD | M] -- C:\Documents and Settings\K\Application Data\Microsoft
[2010/10/17 22:22:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\MiKTeX
[2011/09/15 00:49:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Mozilla
[2010/10/14 06:58:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\MuPAD
[2010/11/24 22:25:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Paltalk
[2011/04/09 23:19:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\PrimoPDF
[2011/10/02 14:39:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Qlock
[2011/10/07 12:27:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Skype
[2011/06/29 06:21:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\skypePM
[2011/09/15 10:10:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\SolidWorks
[2011/06/02 13:47:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\SolidWorks 2009
[2011/09/12 01:28:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\SolidWorks 2010
[2010/08/26 15:35:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Sun
[2009/08/01 02:25:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Super-Cow
[2011/09/29 08:28:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\SUPERAntiSpyware.com
[2011/07/12 18:05:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\vlc
[2010/12/27 18:36:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\WinRAR

< MD5 for: AFD.SYS >
[2011/02/16 06:22:48 | 000,138,496 | ---- | M] (©if systems Systems) MD5=14B028C2D9403272BDD0B19BA9573435 -- C:\WINDOWS\system32\drivers\afd.sys
[2008/04/14 05:00:00 | 000,138,112 | ---- | M] (Microsoft Corporation) MD5=322D0E36693D6E24A2398BEE62A268CD -- C:\WINDOWS\$NtUninstallKB951748$\afd.sys
[2011/02/16 06:22:48 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=355556D9E580915118CD7EF736653A89 -- C:\WINDOWS\system32\dllcache\afd.sys
[2008/10/16 08:07:58 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=38D7B715504DA4741DF35E3594FE2099 -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\afd.sys
[2008/08/14 03:34:26 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=4D43E74F2A1239D53929B82600F1971C -- C:\WINDOWS\$hf_mig$\KB956803\SP3QFE\afd.sys
[2008/10/16 07:43:01 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7618D5218F2A614672EC61A80D854A37 -- C:\WINDOWS\$NtUninstallKB2503665$\afd.sys
[2008/08/14 03:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7E775010EF291DA96AD17CA4B17137D7 -- C:\WINDOWS\$NtUninstallKB2509553$\afd.sys
[2011/02/16 06:25:05 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=8D499B1276012EB907E7A9E0F4D8FDA4 -- C:\WINDOWS\$hf_mig$\KB2503665\SP3QFE\afd.sys
[2008/06/20 04:48:03 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=D6EE6014241D034E63C49A50CB2B442A -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys
[2008/06/20 04:40:08 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=E3049B90FE06F3F740B7CFDA44995E2C -- C:\WINDOWS\$NtUninstallKB956803$\afd.sys

< MD5 for: EXPLORER.EXE >
[2008/04/14 05:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/14 05:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 05:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 05:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/14 05:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008/04/14 05:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/04/14 05:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/14 05:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/14 05:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2008/04/14 05:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/14 05:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/14 05:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/09/29 08:25:51 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/09/29 08:25:51 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/09/29 08:25:51 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/09/29 08:25:48 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/09/29 08:25:48 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/09/29 08:25:48 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/06/23 05:05:37 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/06/23 05:05:37 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/06/23 05:05:37 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/09/29 08:25:51 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/09/29 08:25:51 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/09/29 08:25:51 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/09/29 08:25:48 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/09/29 08:25:48 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/09/29 08:25:48 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/06/23 05:05:37 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/06/23 05:05:37 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/06/23 05:05:37 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< End of report >

OTL Extras logfile created on: 10/7/2011 2:21:03 PM - Run 5
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\K\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.87 Mb Total Physical Memory | 631.30 Mb Available Physical Memory | 62.27% Memory free
2.38 Gb Paging File | 2.17 Gb Available in Paging File | 90.89% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 139.04 Gb Total Space | 20.82 Gb Free Space | 14.97% Space Free | Partition Type: NTFS
Drive D: | 3.73 Gb Total Space | 2.93 Gb Free Space | 78.63% Space Free | Partition Type: FAT32

Computer Name: ACER-399B23EC8F | User Name: K | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-3207847200-596957751-681764103-1005\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Documents and Settings\K\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\K\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"C:\Program Files\FreeOrion\freeoriond.exe" = C:\Program Files\FreeOrion\freeoriond.exe:*:Enabled:freeoriond -- ()
"C:\Documents and Settings\K\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\K\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Program Files\ImageJ\jre\bin\javaw.exe" = C:\Program Files\ImageJ\jre\bin\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\DivX\DivX Update\DivXUpdate.exe" = C:\Program Files\DivX\DivX Update\DivXUpdate.exe:*:Disabled:DivX Update -- ()
"C:\Program Files\Common Files\SolidWorks Installation Manager\BackgroundDownloading\sldBgDwld.exe" = C:\Program Files\Common Files\SolidWorks Installation Manager\BackgroundDownloading\sldBgDwld.exe:*:Disabled:sldBgDwldresu -- (Dassault Systèmes SolidWorks Corp.)
"C:\Program Files\TechSmith\Jing\Jing.exe" = C:\Program Files\TechSmith\Jing\Jing.exe:*:Disabled:Jing -- (TechSmith Corporation)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"D:\Cleanup\iExplore.exe" = D:\Cleanup\iExplore.exe:*:Enabled:iExplore -- ()

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{15041B8B-AC63-41DF-91D2-2118CE39E8D9}" = SolidWorks Flow Simulation 2010 SP05
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2AD738DC-FC24-4342-A2DA-BB6DCCF6B048}" = Jing
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = WebCam
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3E5CBADD-2E51-47C1-BBE2-B802DB6DA56A}" = FXCM MT4 powered by BT 4.00
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{51F026FA-5146-4232-A8BA-1364740BD053}" = Acer Crystal Eye webcam
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{736D2DAD-3D87-4CAA-8646-83D238AD68E0}" = PhotoView 360
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{82705358-3BD6-3CD5-AA9A-B8F058BE3A29}" = Google Talk Plugin
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B0CBE5D-33AE-4C85-8F52-E53DAE76BA5C}" = SolidWorks Flow Simulation 2011 SP04
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-00A4-0409-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components
"{90140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
"{92D9E57D-73A5-4329-9888-FBBC16ED8944}_is1" = UN.CO.VER. 2.0
"{9402DAC1-447E-49C9-979D-BD5838E709D7}" = SolidWorks eDrawings 2011 SP04
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = USB2.0 Card Reader Software
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2B6CEF9-F05B-4E6A-97CB-4241C1155F77}" = TweetAttacks
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AF2066F6-7C57-46A1-A306-077EBBFC7B2B}" = SolidWorks 2010 SP05
"{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}" = Cisco Systems VPN Client 5.0.07.0290
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{C00F32AF-E350-43CC-80EB-F0D961A5C9BD}" = calibre
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0D3BFE5-5215-41BD-B82E-81D7FB6A9166}" = SolidWorks 2011 SP04
"{D31220EB-925B-4D3D-ACDD-1389DA6D2EF3}" = SolidWorks eDrawings 2010
"{D481EA96-2313-4A7C-98EE-710D1AF884AC}" = Microsoft Visual Studio 2005 Tools for Applications - ENU
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{DBAC1413-D5AE-4c89-AE9A-B330B02DBAB0}" = eVoice Player 1.0
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.5
"{F82AA7DA-F49B-CA39-C3FC-DDC983B3E223}" = Market Samurai
"Acer Screensaver" = Acer ScreenSaver
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DivX Setup.divx.com" = DivX Setup
"DjVuLibre+DjView" = DjVuLibre+DjView
"FreeOrion" = FreeOrion 0.3.15
"Gizmo Central" = Gizmo Central
"Google Desktop" = Google Desktop
"HDMI" = Intel® Graphics Media Accelerator Driver
"ie8" = Windows Internet Explorer 8
"ImageJ_is1" = ImageJ 1.44p
"Jolicloudexpress" = Jolicloud
"LManager" = Launch Manager
"MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1" = Market Samurai
"MatlabR2010a" = MATLAB R2010a
"Mendeley Desktop" = Mendeley Desktop 0.9.8.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual Studio 2005 Tools for Applications - ENU" = Microsoft Visual Studio 2005 Tools for Applications - ENU
"MiKTeX 2.9" = MiKTeX 2.9
"Mnemosyne_is1" = Mnemosyne 1.2.2
"Mozilla Firefox (3.6.23)" = Mozilla Firefox (3.6.23)
"MWSnap 3" = MWSnap 3
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OpenTTD" = OpenTTD 1.0.5
"PalTalk8.2" = PaltalkScene
"PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software
"Qlock" = Qlock Lite
"Scrivener for Windows Beta 1.6" = Scrivener for Windows Beta
"SolidWorks Installation Manager 20100-40500-1100-200" = SolidWorks 2010 SP05
"SolidWorks Installation Manager 20110-40400-1100-200" = SolidWorks 2011 SP04
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"The Rosetta Stone" = The Rosetta Stone
"thinkorswim" = thinkorswim
"VLC media player" = VLC media player 1.1.3
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"WinRAR archiver" = WinRAR archiver
"YTdetect" = Yahoo! Detect

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3207847200-596957751-681764103-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/2/2011 7:24:29 PM | Computer Name = ACER-399B23EC8F | Source = JavaQuickStarterService | ID = 1
Description =

Error - 10/2/2011 7:27:09 PM | Computer Name = ACER-399B23EC8F | Source = .NET Runtime 2.0 Error Reporting | ID = 1000
Description = Faulting application presentationfontcache.exe, version 3.0.6920.1427,
stamp 488f1424, faulting module mscorwks.dll, version 2.0.50727.3623, stamp 4d8c187e,
debug? 0, fault address 0x000b0dd2.

Error - 10/2/2011 7:27:24 PM | Computer Name = ACER-399B23EC8F | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 jing.exe, P2 2.4.10231.1521, P3 4c6d8494, P4
system, P5 2.0.0.0, P6 4db9c770, P7 2810, P8 21, P9 system.net.sockets.socket,
P10 NIL.

Error - 10/2/2011 7:37:16 PM | Computer Name = ACER-399B23EC8F | Source = JavaQuickStarterService | ID = 1
Description =

Error - 10/2/2011 7:38:47 PM | Computer Name = ACER-399B23EC8F | Source = .NET Runtime 2.0 Error Reporting | ID = 1000
Description = Faulting application presentationfontcache.exe, version 3.0.6920.1427,
stamp 488f1424, faulting module mscorwks.dll, version 2.0.50727.3623, stamp 4d8c187e,
debug? 0, fault address 0x000b0dd2.

Error - 10/2/2011 7:41:59 PM | Computer Name = ACER-399B23EC8F | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 jing.exe, P2 2.4.10231.1521, P3 4c6d8494, P4
system, P5 2.0.0.0, P6 4db9c770, P7 2810, P8 21, P9 system.net.sockets.socket,
P10 NIL.

Error - 10/7/2011 1:38:34 PM | Computer Name = ACER-399B23EC8F | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 jing.exe, P2 2.4.10231.1521, P3 4c6d8494, P4
system, P5 2.0.0.0, P6 4db9c770, P7 2810, P8 21, P9 system.net.sockets.socket,
P10 NIL.

Error - 10/7/2011 3:05:57 PM | Computer Name = ACER-399B23EC8F | Source = .NET Runtime 2.0 Error Reporting | ID = 1000
Description = Faulting application presentationfontcache.exe, version 3.0.6920.1427,
stamp 488f1424, faulting module mscorwks.dll, version 2.0.50727.3623, stamp 4d8c187e,
debug? 0, fault address 0x000b0dd2.

Error - 10/7/2011 3:07:26 PM | Computer Name = ACER-399B23EC8F | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 jing.exe, P2 2.4.10231.1521, P3 4c6d8494, P4
system, P5 2.0.0.0, P6 4db9c770, P7 2810, P8 21, P9 system.net.sockets.socket,
P10 NIL.

Error - 10/7/2011 3:28:37 PM | Computer Name = ACER-399B23EC8F | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 jing.exe, P2 2.4.10231.1521, P3 4c6d8494, P4
system, P5 2.0.0.0, P6 4db9c770, P7 2810, P8 21, P9 system.net.sockets.socket,
P10 NIL.

[ System Events ]
Error - 10/7/2011 3:30:11 PM | Computer Name = ACER-399B23EC8F | Source = Service Control Manager | ID = 7034
Description = The Print Spooler service terminated unexpectedly. It has done this
1 time(s).

Error - 10/7/2011 3:30:11 PM | Computer Name = ACER-399B23EC8F | Source = Service Control Manager | ID = 7034
Description = The Gizmo Central service terminated unexpectedly. It has done this
1 time(s).

Error - 10/7/2011 3:30:11 PM | Computer Name = ACER-399B23EC8F | Source = Service Control Manager | ID = 7034
Description = The Windows User Mode Driver Framework service terminated unexpectedly.
It has done this 1 time(s).

Error - 10/7/2011 3:30:11 PM | Computer Name = ACER-399B23EC8F | Source = Service Control Manager | ID = 7034
Description = The Remote Solver for Flow Simulation 2010 service terminated unexpectedly.
It has done this 1 time(s).

Error - 10/7/2011 3:30:11 PM | Computer Name = ACER-399B23EC8F | Source = Service Control Manager | ID = 7031
Description = The Bluetooth Service service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 10/7/2011 3:30:11 PM | Computer Name = ACER-399B23EC8F | Source = Service Control Manager | ID = 7031
Description = The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated
unexpectedly. It has done this 1 time(s). The following corrective action will
be taken in 0 milliseconds: Restart the service.

Error - 10/7/2011 3:30:11 PM | Computer Name = ACER-399B23EC8F | Source = Service Control Manager | ID = 7034
Description = The iPod Service service terminated unexpectedly. It has done this
1 time(s).

Error - 10/7/2011 3:30:12 PM | Computer Name = ACER-399B23EC8F | Source = Service Control Manager | ID = 7034
Description = The Intel® Matrix Storage Event Monitor service terminated unexpectedly.
It has done this 1 time(s).

Error - 10/7/2011 4:47:02 PM | Computer Name = ACER-399B23EC8F | Source = Service Control Manager | ID = 7034
Description = The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated
unexpectedly. It has done this 2 time(s).

Error - 10/7/2011 4:47:03 PM | Computer Name = ACER-399B23EC8F | Source = Service Control Manager | ID = 7031
Description = The Bluetooth Service service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

< End of report >

14:39:36.0312 1020 TDSS rootkit removing tool 2.6.6.0 Oct 7 2011 12:45:24
14:39:36.0468 1020 ============================================================
14:39:36.0468 1020 Current date / time: 2011/10/07 14:39:36.0468
14:39:36.0468 1020 SystemInfo:
14:39:36.0468 1020
14:39:36.0468 1020 OS Version: 5.1.2600 ServicePack: 3.0
14:39:36.0468 1020 Product type: Workstation
14:39:36.0468 1020 ComputerName: ACER-399B23EC8F
14:39:36.0468 1020 UserName: K
14:39:36.0468 1020 Windows directory: C:\WINDOWS
14:39:36.0468 1020 System windows directory: C:\WINDOWS
14:39:36.0468 1020 Processor architecture: Intel x86
14:39:36.0468 1020 Number of processors: 2
14:39:36.0468 1020 Page size: 0x1000
14:39:36.0468 1020 Boot type: Normal boot
14:39:36.0468 1020 ============================================================
14:39:37.0187 1020 Initialize success
14:40:02.0890 3552 ============================================================
14:40:02.0890 3552 Scan started
14:40:02.0890 3552 Mode: Manual; SigCheck; TDLFS;
14:40:02.0890 3552 ============================================================
14:40:03.0968 3552 Abiosdsk - ok
14:40:04.0015 3552 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
14:40:04.0890 3552 abp480n5 - ok
14:40:05.0093 3552 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:40:05.0437 3552 ACPI - ok
14:40:05.0625 3552 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
14:40:05.0843 3552 ACPIEC - ok
14:40:06.0062 3552 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
14:40:06.0375 3552 adpu160m - ok
14:40:06.0578 3552 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
14:40:06.0781 3552 aec - ok
14:40:06.0843 3552 AFD (14b028c2d9403272bdd0b19ba9573435) C:\WINDOWS\System32\drivers\afd.sys
14:40:06.0843 3552 AFD ( Rootkit.Win32.ZAccess.h ) - infected
14:40:06.0843 3552 AFD - detected Rootkit.Win32.ZAccess.h (0)
14:40:07.0000 3552 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
14:40:07.0281 3552 agp440 - ok
14:40:07.0328 3552 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
14:40:07.0531 3552 agpCPQ - ok
14:40:07.0750 3552 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
14:40:07.0828 3552 Aha154x - ok
14:40:07.0859 3552 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
14:40:08.0062 3552 aic78u2 - ok
14:40:08.0234 3552 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
14:40:08.0500 3552 aic78xx - ok
14:40:08.0546 3552 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
14:40:08.0781 3552 AliIde - ok
14:40:08.0937 3552 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
14:40:09.0140 3552 alim1541 - ok
14:40:09.0375 3552 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys
14:40:09.0640 3552 Ambfilt - ok
14:40:09.0828 3552 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
14:40:10.0125 3552 amdagp - ok
14:40:10.0312 3552 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
14:40:10.0390 3552 amsint - ok
14:40:10.0515 3552 AR5416 (41074707ba49d02e240c7b960217aabe) C:\WINDOWS\system32\DRIVERS\athw.sys
14:40:10.0640 3552 AR5416 - ok
14:40:10.0828 3552 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
14:40:11.0046 3552 asc - ok
14:40:11.0109 3552 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
14:40:11.0187 3552 asc3350p - ok
14:40:11.0203 3552 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
14:40:11.0406 3552 asc3550 - ok
14:40:11.0625 3552 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:40:11.0859 3552 AsyncMac - ok
14:40:12.0062 3552 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
14:40:12.0343 3552 atapi - ok
14:40:12.0375 3552 Atdisk - ok
14:40:12.0421 3552 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:40:12.0625 3552 Atmarpc - ok
14:40:12.0812 3552 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
14:40:13.0015 3552 audstub - ok
14:40:13.0140 3552 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
14:40:13.0437 3552 Beep - ok
14:40:13.0640 3552 btaudio (2c04f295f7f40eb46f7accd3f6cdef4a) C:\WINDOWS\system32\drivers\btaudio.sys
14:40:13.0750 3552 btaudio - ok
14:40:13.0968 3552 BTKRNL (75130181fa2fd6cbe83083c5311abe78) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
14:40:14.0062 3552 BTKRNL - ok
14:40:14.0265 3552 btwhid (c51d50cf24da69a9c499e65b0edb3bb7) C:\WINDOWS\system32\DRIVERS\btwhid.sys
14:40:14.0296 3552 btwhid - ok
14:40:14.0468 3552 BTWUSB - ok
14:40:14.0593 3552 catchme - ok
14:40:14.0781 3552 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
14:40:15.0062 3552 cbidf - ok
14:40:15.0093 3552 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
14:40:15.0296 3552 cbidf2k - ok
14:40:15.0328 3552 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
14:40:15.0546 3552 CCDECODE - ok
14:40:15.0734 3552 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
14:40:15.0812 3552 cd20xrnt - ok
14:40:15.0875 3552 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
14:40:16.0062 3552 Cdaudio - ok
14:40:16.0234 3552 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
14:40:16.0531 3552 Cdfs - ok
14:40:16.0687 3552 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:40:16.0781 3552 Cdrom - ok
14:40:16.0953 3552 Changer - ok
14:40:17.0156 3552 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
14:40:17.0453 3552 CmBatt - ok
14:40:17.0515 3552 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
14:40:17.0718 3552 CmdIde - ok
14:40:17.0937 3552 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
14:40:18.0140 3552 Compbatt - ok
14:40:18.0234 3552 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
14:40:18.0484 3552 Cpqarray - ok
14:40:18.0656 3552 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
14:40:18.0703 3552 CVirtA - ok
14:40:18.0906 3552 CVPNDRVA (18994842386fd3039279d7865740abbd) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
14:40:18.0953 3552 CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning
14:40:18.0953 3552 CVPNDRVA - detected UnsignedFile.Multi.Generic (1)
14:40:19.0140 3552 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
14:40:19.0453 3552 dac2w2k - ok
14:40:19.0484 3552 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
14:40:19.0718 3552 dac960nt - ok
14:40:19.0937 3552 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
14:40:20.0125 3552 Disk - ok
14:40:20.0187 3552 DKbFltr (08d30af92c270f2e76787c81589dbad6) C:\WINDOWS\system32\DRIVERS\DKbFltr.sys
14:40:20.0218 3552 DKbFltr - ok
14:40:20.0421 3552 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
14:40:20.0765 3552 dmboot - ok
14:40:20.0968 3552 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
14:40:21.0265 3552 dmio - ok
14:40:21.0468 3552 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
14:40:21.0671 3552 dmload - ok
14:40:21.0718 3552 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
14:40:21.0937 3552 DMusic - ok
14:40:22.0140 3552 DNE (b5aa5aa5ac327bd7c1aec0c58f0c1144) C:\WINDOWS\system32\DRIVERS\dne2000.sys
14:40:22.0156 3552 DNE - ok
14:40:22.0234 3552 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
14:40:22.0437 3552 dpti2o - ok
14:40:22.0578 3552 DritekPortIO (5c918d413f5837e67a85775c9873775e) C:\PROGRA~1\LAUNCH~1\DPortIO.sys
14:40:22.0625 3552 DritekPortIO - ok
14:40:22.0796 3552 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
14:40:23.0078 3552 drmkaud - ok
14:40:23.0156 3552 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
14:40:23.0343 3552 Fastfat - ok
14:40:23.0531 3552 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
14:40:23.0750 3552 Fdc - ok
14:40:23.0937 3552 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
14:40:24.0234 3552 Fips - ok
14:40:24.0328 3552 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
14:40:24.0531 3552 Flpydisk - ok
14:40:24.0734 3552 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
14:40:25.0000 3552 FltMgr - ok
14:40:25.0062 3552 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:40:25.0265 3552 Fs_Rec - ok
14:40:25.0437 3552 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:40:25.0640 3552 Ftdisk - ok
14:40:25.0734 3552 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
14:40:25.0750 3552 GEARAspiWDM - ok
14:40:25.0906 3552 GizmoDrv (e48da656df32eda6e5b9d06e3d410b49) C:\WINDOWS\system32\drivers\GizmoDrv.sys
14:40:25.0921 3552 GizmoDrv - ok
14:40:26.0000 3552 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:40:26.0250 3552 Gpc - ok
14:40:26.0453 3552 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
14:40:26.0656 3552 HDAudBus - ok
14:40:26.0734 3552 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:40:26.0921 3552 HidUsb - ok
14:40:27.0140 3552 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
14:40:27.0312 3552 hpn - ok
14:40:27.0437 3552 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
14:40:27.0515 3552 HTTP - ok
14:40:27.0671 3552 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
14:40:27.0937 3552 i2omgmt - ok
14:40:27.0984 3552 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
14:40:28.0265 3552 i2omp - ok
14:40:28.0437 3552 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:40:28.0609 3552 i8042prt - ok
14:40:28.0968 3552 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
14:40:29.0328 3552 ialm - ok
14:40:29.0531 3552 iaStor (db0cc620b27a928d968c1a1e9cd9cb87) C:\WINDOWS\system32\drivers\iaStor.sys
14:40:29.0562 3552 iaStor - ok
14:40:29.0625 3552 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
14:40:29.0906 3552 Imapi - ok
14:40:30.0078 3552 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
14:40:30.0281 3552 ini910u - ok
14:40:30.0515 3552 IntcAzAudAddService (cb1113029fae50c685198eabd9885161) C:\WINDOWS\system32\drivers\RtkHDAud.sys
14:40:30.0843 3552 IntcAzAudAddService - ok
14:40:31.0031 3552 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
14:40:31.0265 3552 IntelIde - ok
14:40:31.0328 3552 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
14:40:31.0515 3552 intelppm - ok
14:40:31.0734 3552 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
14:40:31.0906 3552 Ip6Fw - ok
14:40:32.0015 3552 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:40:32.0203 3552 IpFilterDriver - ok
14:40:32.0218 3552 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:40:32.0406 3552 IpInIp - ok
14:40:32.0640 3552 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:40:32.0843 3552 IpNat - ok
14:40:33.0062 3552 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:40:33.0375 3552 IPSec - ok
14:40:33.0531 3552 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
14:40:33.0609 3552 IRENUM - ok
14:40:33.0671 3552 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:40:33.0859 3552 isapnp - ok
14:40:34.0031 3552 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:40:34.0296 3552 Kbdclass - ok
14:40:34.0359 3552 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
14:40:34.0593 3552 kmixer - ok
14:40:34.0750 3552 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
14:40:34.0812 3552 KSecDD - ok
14:40:34.0875 3552 L1c (6c8658587e91ea25b0fd2e71781ad228) C:\WINDOWS\system32\DRIVERS\l1c51x86.sys
14:40:34.0937 3552 L1c - ok
14:40:35.0078 3552 lbrtfdc - ok
14:40:35.0156 3552 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
14:40:35.0421 3552 mnmdd - ok
14:40:35.0593 3552 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
14:40:35.0796 3552 Modem - ok
14:40:35.0890 3552 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys
14:40:36.0046 3552 Monfilt - ok
14:40:36.0250 3552 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:40:36.0515 3552 Mouclass - ok
14:40:36.0718 3552 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:40:37.0000 3552 mouhid - ok
14:40:37.0187 3552 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
14:40:37.0375 3552 MountMgr - ok
14:40:37.0421 3552 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
14:40:37.0609 3552 mraid35x - ok
14:40:37.0843 3552 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:40:38.0046 3552 MRxDAV - ok
14:40:38.0250 3552 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:40:38.0343 3552 MRxSmb - ok
14:40:38.0562 3552 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
14:40:38.0812 3552 Msfs - ok
14:40:38.0875 3552 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:40:39.0062 3552 MSKSSRV - ok
14:40:39.0234 3552 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:40:39.0421 3552 MSPCLOCK - ok
14:40:39.0531 3552 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
14:40:39.0734 3552 MSPQM - ok
14:40:39.0937 3552 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:40:40.0203 3552 mssmbios - ok
14:40:40.0265 3552 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
14:40:40.0468 3552 MSTEE - ok
14:40:40.0656 3552 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
14:40:40.0718 3552 Mup - ok
14:40:40.0890 3552 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
14:40:41.0171 3552 NABTSFEC - ok
14:40:41.0234 3552 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
14:40:41.0421 3552 NDIS - ok
14:40:41.0625 3552 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
14:40:41.0812 3552 NdisIP - ok
14:40:41.0937 3552 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:40:41.0968 3552 NdisTapi - ok
14:40:42.0140 3552 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:40:42.0406 3552 Ndisuio - ok
14:40:42.0468 3552 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:40:42.0671 3552 NdisWan - ok
14:40:42.0828 3552 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
14:40:42.0890 3552 NDProxy - ok
14:40:43.0078 3552 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
14:40:43.0359 3552 NetBIOS - ok
14:40:43.0437 3552 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
14:40:43.0718 3552 NetBT - ok
14:40:43.0937 3552 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
14:40:44.0140 3552 Npfs - ok
14:40:44.0343 3552 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
14:40:44.0671 3552 Ntfs - ok
14:40:44.0875 3552 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
14:40:44.0890 3552 NuidFltr - ok
14:40:44.0937 3552 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
14:40:45.0125 3552 Null - ok
14:40:45.0281 3552 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:40:45.0546 3552 NwlnkFlt - ok
14:40:45.0609 3552 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:40:45.0796 3552 NwlnkFwd - ok
14:40:46.0031 3552 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
14:40:46.0265 3552 Parport - ok
14:40:46.0328 3552 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
14:40:46.0593 3552 PartMgr - ok
14:40:46.0765 3552 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
14:40:46.0953 3552 ParVdm - ok
14:40:47.0031 3552 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
14:40:47.0281 3552 PCI - ok
14:40:47.0421 3552 PCIDump - ok
14:40:47.0468 3552 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
14:40:47.0656 3552 PCIIde - ok
14:40:47.0843 3552 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
14:40:48.0062 3552 Pcmcia - ok
14:40:48.0218 3552 PDCOMP - ok
14:40:48.0250 3552 PDFRAME - ok
14:40:48.0265 3552 PDRELI - ok
14:40:48.0281 3552 PDRFRAME - ok
14:40:48.0328 3552 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
14:40:48.0500 3552 perc2 - ok
14:40:48.0515 3552 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
14:40:48.0703 3552 perc2hib - ok
14:40:48.0937 3552 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:40:49.0125 3552 PptpMiniport - ok
14:40:49.0296 3552 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
14:40:49.0484 3552 PSched - ok
14:40:49.0515 3552 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:40:49.0687 3552 Ptilink - ok
14:40:49.0828 3552 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
14:40:49.0843 3552 PxHelp20 - ok
14:40:49.0906 3552 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
14:40:50.0078 3552 ql1080 - ok
14:40:50.0250 3552 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
14:40:50.0515 3552 Ql10wnt - ok
14:40:50.0703 3552 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
14:40:50.0875 3552 ql12160 - ok
14:40:50.0906 3552 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
14:40:51.0093 3552 ql1240 - ok
14:40:51.0265 3552 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
14:40:51.0437 3552 ql1280 - ok
14:40:51.0515 3552 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:40:51.0703 3552 RasAcd - ok
14:40:51.0937 3552 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:40:52.0125 3552 Rasl2tp - ok
14:40:52.0187 3552 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:40:52.0343 3552 RasPppoe - ok
14:40:52.0531 3552 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
14:40:52.0734 3552 Raspti - ok
14:40:52.0984 3552 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:40:53.0187 3552 Rdbss - ok
14:40:53.0375 3552 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:40:53.0656 3552 RDPCDD - ok
14:40:53.0875 3552 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
14:40:54.0062 3552 rdpdr - ok
14:40:54.0281 3552 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
14:40:54.0359 3552 RDPWD - ok
14:40:54.0562 3552 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
14:40:54.0812 3552 redbook - ok
14:40:54.0890 3552 RSUSBSTOR - ok
14:40:54.0921 3552 Rts516xIR - ok
14:40:55.0031 3552 SASDIFSV - ok
14:40:55.0046 3552 SASKUTIL - ok
14:40:55.0218 3552 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:40:55.0296 3552 Secdrv - ok
14:40:55.0359 3552 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
14:40:55.0546 3552 Serial - ok
14:40:55.0734 3552 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
14:40:55.0937 3552 Sfloppy - ok
14:40:56.0000 3552 Simbad - ok
14:40:56.0031 3552 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
14:40:56.0265 3552 sisagp - ok
14:40:56.0437 3552 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
14:40:56.0609 3552 SLIP - ok
14:40:56.0781 3552 SNP2UVC (c792610f7d2009352721c1ae38da0619) C:\WINDOWS\system32\DRIVERS\snp2uvc.sys
14:40:56.0890 3552 SNP2UVC - ok
14:40:57.0109 3552 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
14:40:57.0218 3552 Sparrow - ok
14:40:57.0406 3552 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
14:40:57.0609 3552 splitter - ok
14:40:57.0718 3552 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
14:40:57.0796 3552 sr - ok
14:40:58.0000 3552 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
14:40:58.0078 3552 Srv - ok
14:40:58.0265 3552 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
14:40:58.0515 3552 streamip - ok
14:40:58.0593 3552 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
14:40:58.0796 3552 swenum - ok
14:40:58.0968 3552 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
14:40:59.0187 3552 swmidi - ok
14:40:59.0343 3552 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
14:40:59.0609 3552 symc810 - ok
14:40:59.0656 3552 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
14:40:59.0906 3552 symc8xx - ok
14:41:00.0078 3552 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
14:41:00.0250 3552 sym_hi - ok
14:41:00.0312 3552 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
14:41:00.0484 3552 sym_u3 - ok
14:41:00.0640 3552 SynTP (5c3e900f41426a372de60675afc8aa07) C:\WINDOWS\system32\DRIVERS\SynTP.sys
14:41:00.0656 3552 SynTP - ok
14:41:00.0718 3552 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
14:41:00.0906 3552 sysaudio - ok
14:41:01.0156 3552 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:41:01.0250 3552 Tcpip - ok
14:41:01.0453 3552 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
14:41:01.0718 3552 TDPIPE - ok
14:41:01.0906 3552 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
14:41:02.0093 3552 TDTCP - ok
14:41:02.0156 3552 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
14:41:02.0328 3552 TermDD - ok
14:41:02.0531 3552 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
14:41:02.0718 3552 TosIde - ok
14:41:02.0812 3552 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
14:41:03.0015 3552 Udfs - ok
14:41:03.0187 3552 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
14:41:03.0265 3552 ultra - ok
14:41:03.0500 3552 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
14:41:03.0750 3552 Update - ok
14:41:04.0015 3552 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
14:41:04.0203 3552 usbaudio - ok
14:41:04.0421 3552 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:41:04.0734 3552 usbccgp - ok
14:41:04.0906 3552 USBCCID - ok
14:41:05.0078 3552 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:41:05.0312 3552 usbehci - ok
14:41:05.0375 3552 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:41:05.0750 3552 usbhub - ok
14:41:05.0906 3552 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:41:06.0218 3552 USBSTOR - ok
14:41:06.0343 3552 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:41:06.0578 3552 usbuhci - ok
14:41:06.0734 3552 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
14:41:06.0953 3552 usbvideo - ok
14:41:07.0031 3552 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
14:41:07.0296 3552 VgaSave - ok
14:41:07.0453 3552 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
14:41:07.0671 3552 viaagp - ok
14:41:07.0703 3552 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
14:41:07.0921 3552 ViaIde - ok
14:41:08.0140 3552 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
14:41:08.0375 3552 VolSnap - ok
14:41:08.0468 3552 vsdatant (0354ba3a5ba5e28cc247eb5f5dd8793c) C:\WINDOWS\system32\vsdatant.sys
14:41:08.0500 3552 vsdatant - ok
14:41:08.0703 3552 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:41:08.0937 3552 Wanarp - ok
14:41:09.0046 3552 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
14:41:09.0093 3552 Wdf01000 - ok
14:41:09.0265 3552 WDICA - ok
14:41:09.0312 3552 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
14:41:09.0562 3552 wdmaud - ok
14:41:09.0781 3552 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
14:41:09.0968 3552 WmiAcpi - ok
14:41:10.0046 3552 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
14:41:10.0250 3552 WSTCODEC - ok
14:41:10.0312 3552 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
14:41:10.0375 3552 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
14:41:10.0375 3552 \Device\Harddisk0\DR0 - detected TDSS File System (1)
14:41:10.0375 3552 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR3
14:41:12.0750 3552 \Device\Harddisk1\DR3 - ok
14:41:12.0750 3552 Boot (0x1200) (30c5b47a751e97f75229bbf6f716e73c) \Device\Harddisk0\DR0\Partition0
14:41:12.0750 3552 \Device\Harddisk0\DR0\Partition0 - ok
14:41:12.0765 3552 Boot (0x1200) (b3079f766059035c050224629a2ef0cc) \Device\Harddisk1\DR3\Partition0
14:41:12.0765 3552 \Device\Harddisk1\DR3\Partition0 - ok
14:41:12.0765 3552 ============================================================
14:41:12.0765 3552 Scan finished
14:41:12.0765 3552 ============================================================
14:41:12.0890 2160 Detected object count: 3
14:41:12.0890 2160 Actual detected object count: 3
14:42:05.0218 2160 Backup copy found, using it..
14:42:05.0250 2160 C:\WINDOWS\System32\drivers\afd.sys - will be cured on reboot
14:42:05.0250 2160 AFD ( Rootkit.Win32.ZAccess.h ) - User select action: Cure
14:42:05.0250 2160 CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user
14:42:05.0250 2160 CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:42:05.0250 2160 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
14:42:05.0250 2160 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
14:42:07.0328 1640 Deinitialize success

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-10-07 14:48:30
-----------------------------
14:48:30.906 OS Version: Windows 5.1.2600 Service Pack 3
14:48:30.906 Number of processors: 2 586 0x1C02
14:48:30.906 ComputerName: ACER-399B23EC8F UserName: K
14:48:32.625 Initialize success
14:48:43.828 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
14:48:43.828 Disk 0 Vendor: Hitachi_ PBBO Size: 152627MB BusType: 3
14:48:43.875 Disk 0 MBR read successfully
14:48:43.906 Disk 0 MBR scan
14:48:43.921 Disk 0 Windows VISTA default MBR code
14:48:43.937 Disk 0 scanning sectors +312578048
14:48:44.062 Disk 0 scanning C:\WINDOWS\system32\drivers
14:48:52.640 Service scanning
14:48:53.187 Service .afd \* **LOCKED** 123
14:48:54.500 Modules scanning
14:49:04.359 Disk 0 trace - called modules:
14:49:04.437 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys
14:49:04.468 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f44030]
14:49:04.484 3 CLASSPNP.SYS[f787dfd7] -> nt!IofCallDriver -> \Device\0000006e[0x86f6f710]
14:49:05.062 5 ACPI.sys[f77de620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x86f28030]
14:49:05.109 Scan finished successfully
14:49:42.750 Disk 0 MBR has been saved successfully to "D:\Cleanup\Geeks\MBR.dat"
14:49:42.812 The log file has been saved successfully to "D:\Cleanup\Geeks\aswMBR.txt"

Attached Files

MBR.zip 554bytes 113 downloads

#12
michaelg9

Posted 08 October 2011 - 06:53 AM

Trusted Helper

Malware Removal
2,949 posts

Hello

Run a scan with TDSSKiller again and when it finds TDSS File System at \Device\Harddisk0\DR0 select Cure. Post the output log here

Next:

File Scanner
There are some files I need you to upload for checking

Make sure to use Internet Explorer for this
Please go to VirSCAN.org FREE on-line scan service
Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:
- C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
Click on the Upload button
If a pop-up appears saying the file has been scanned already, please select the ReScan button.
Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
Paste the contents of the Clipboard in your next reply.

Do the same for this file:
C:\WINDOWS\AMove.exe

Note: If you still cannot access the web using the infected computer to do this scan, copy the two files in a USB Drive and transfer them to a clean computer, scan them from there and post the results here

Next:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
O4 - HKLM..\RunOnce: [*cscautoadsl.exe] C:\WINDOWS\System32\cscautoadsl.exe (©if systems)
O4 - HKLM..\RunOnce: [*proxyqueueapi.exe] C:\Documents and Settings\K\Start Menu\Programs\proxyqueueapi.exe (©if systems)
[2011/10/07 11:00:33 | 000,171,520 | ---- | C] (©if systems) -- C:\Documents and Settings\K\Start Menu\Programs\proxyqueueapi.exe
[2011/10/07 10:51:26 | 000,171,520 | ---- | C] (©if systems) -- C:\Documents and Settings\K\Application Data\cryptdnsmgr.exe
[2011/10/07 10:17:30 | 000,171,520 | ---- | C] (©if systems) -- C:\WINDOWS\System32\cscautoadsl.exe

:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again.
Under the Custom Scans/Fixes box at the bottom, paste in the following
/md5start
CVPNDRVA.sys
afd.sys
/md5stop
Click the Quick Scan button. Post the log it produces in your next reply.

#13
Ksavvy

Posted 08 October 2011 - 11:38 AM

Member

Topic Starter
Member
32 posts

Cure or delete? Cure is not available for that file. Skip, Copy to Qurantine or Delete are the only options

#14
michaelg9

Posted 10 October 2011 - 09:51 AM

Trusted Helper

Malware Removal
2,949 posts

Hello

Sorry for the late reply
Select Delete

#15
Ksavvy

Posted 11 October 2011 - 07:43 PM

Member

Topic Starter
Member
32 posts

Hey,
Thanks for the reply, I selected delete.

Virscan.org is down so i wasnt able to scan the files

Here are the log files

10:30:02.0546 5884 TDSS rootkit removing tool 2.6.6.0 Oct 7 2011 12:45:24
10:30:02.0609 5884 ============================================================
10:30:02.0609 5884 Current date / time: 2011/10/08 10:30:02.0609
10:30:02.0609 5884 SystemInfo:
10:30:02.0609 5884
10:30:02.0609 5884 OS Version: 5.1.2600 ServicePack: 3.0
10:30:02.0609 5884 Product type: Workstation
10:30:02.0609 5884 ComputerName: ACER-399B23EC8F
10:30:02.0609 5884 UserName: K
10:30:02.0609 5884 Windows directory: C:\WINDOWS
10:30:02.0609 5884 System windows directory: C:\WINDOWS
10:30:02.0609 5884 Processor architecture: Intel x86
10:30:02.0609 5884 Number of processors: 2
10:30:02.0609 5884 Page size: 0x1000
10:30:02.0609 5884 Boot type: Normal boot
10:30:02.0609 5884 ============================================================
10:30:03.0500 5884 Initialize success
10:30:35.0578 0456 ============================================================
10:30:35.0578 0456 Scan started
10:30:35.0578 0456 Mode: Manual; SigCheck; TDLFS;
10:30:35.0578 0456 ============================================================
10:30:35.0734 0456 .afd - ok
10:30:35.0937 0456 Abiosdsk - ok
10:30:36.0031 0456 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
10:30:37.0328 0456 abp480n5 - ok
10:30:37.0546 0456 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
10:30:37.0953 0456 ACPI - ok
10:30:38.0125 0456 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
10:30:38.0531 0456 ACPIEC - ok
10:30:38.0609 0456 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
10:30:39.0031 0456 adpu160m - ok
10:30:39.0218 0456 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
10:30:39.0625 0456 aec - ok
10:30:39.0687 0456 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
10:30:39.0796 0456 AFD - ok
10:30:39.0953 0456 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
10:30:40.0343 0456 agp440 - ok
10:30:40.0375 0456 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
10:30:40.0765 0456 agpCPQ - ok
10:30:40.0937 0456 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
10:30:41.0109 0456 Aha154x - ok
10:30:41.0140 0456 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
10:30:41.0515 0456 aic78u2 - ok
10:30:41.0687 0456 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
10:30:42.0078 0456 aic78xx - ok
10:30:42.0140 0456 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
10:30:42.0531 0456 AliIde - ok
10:30:42.0703 0456 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
10:30:43.0125 0456 alim1541 - ok
10:30:43.0250 0456 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys
10:30:43.0562 0456 Ambfilt - ok
10:30:43.0781 0456 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
10:30:44.0203 0456 amdagp - ok
10:30:44.0437 0456 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
10:30:44.0593 0456 amsint - ok
10:30:44.0765 0456 AR5416 (41074707ba49d02e240c7b960217aabe) C:\WINDOWS\system32\DRIVERS\athw.sys
10:30:44.0968 0456 AR5416 - ok
10:30:45.0140 0456 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
10:30:45.0531 0456 asc - ok
10:30:45.0562 0456 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
10:30:45.0718 0456 asc3350p - ok
10:30:45.0734 0456 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
10:30:46.0187 0456 asc3550 - ok
10:30:46.0421 0456 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
10:30:46.0796 0456 AsyncMac - ok
10:30:46.0875 0456 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
10:30:47.0250 0456 atapi - ok
10:30:47.0390 0456 Atdisk - ok
10:30:47.0453 0456 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
10:30:47.0859 0456 Atmarpc - ok
10:30:48.0031 0456 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
10:30:48.0468 0456 audstub - ok
10:30:48.0687 0456 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
10:30:49.0109 0456 Beep - ok
10:30:49.0343 0456 btaudio (2c04f295f7f40eb46f7accd3f6cdef4a) C:\WINDOWS\system32\drivers\btaudio.sys
10:30:49.0453 0456 btaudio - ok
10:30:49.0671 0456 BTKRNL (75130181fa2fd6cbe83083c5311abe78) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
10:30:49.0781 0456 BTKRNL - ok
10:30:49.0968 0456 btwhid (c51d50cf24da69a9c499e65b0edb3bb7) C:\WINDOWS\system32\DRIVERS\btwhid.sys
10:30:50.0000 0456 btwhid - ok
10:30:50.0046 0456 BTWUSB - ok
10:30:50.0156 0456 catchme - ok
10:30:50.0343 0456 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
10:30:50.0734 0456 cbidf - ok
10:30:50.0796 0456 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
10:30:51.0218 0456 cbidf2k - ok
10:30:51.0281 0456 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
10:30:51.0687 0456 CCDECODE - ok
10:30:51.0843 0456 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
10:30:52.0000 0456 cd20xrnt - ok
10:30:52.0203 0456 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
10:30:52.0609 0456 Cdaudio - ok
10:30:52.0687 0456 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
10:30:53.0078 0456 Cdfs - ok
10:30:53.0234 0456 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
10:30:53.0359 0456 Cdrom - ok
10:30:53.0546 0456 Changer - ok
10:30:53.0734 0456 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
10:30:54.0156 0456 CmBatt - ok
10:30:54.0234 0456 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
10:30:54.0656 0456 CmdIde - ok
10:30:54.0843 0456 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
10:30:55.0250 0456 Compbatt - ok
10:30:55.0546 0456 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
10:30:55.0937 0456 Cpqarray - ok
10:30:56.0031 0456 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
10:30:56.0109 0456 CVirtA - ok
10:30:56.0328 0456 CVPNDRVA (18994842386fd3039279d7865740abbd) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
10:30:56.0375 0456 CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning
10:30:56.0375 0456 CVPNDRVA - detected UnsignedFile.Multi.Generic (1)
10:30:56.0578 0456 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
10:30:56.0968 0456 dac2w2k - ok
10:30:57.0015 0456 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
10:30:57.0421 0456 dac960nt - ok
10:30:57.0625 0456 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
10:30:58.0015 0456 Disk - ok
10:30:58.0187 0456 DKbFltr (08d30af92c270f2e76787c81589dbad6) C:\WINDOWS\system32\DRIVERS\DKbFltr.sys
10:30:58.0250 0456 DKbFltr - ok
10:30:58.0359 0456 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
10:30:58.0828 0456 dmboot - ok
10:30:59.0031 0456 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
10:30:59.0484 0456 dmio - ok
10:30:59.0531 0456 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
10:30:59.0937 0456 dmload - ok
10:31:00.0265 0456 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
10:31:00.0656 0456 DMusic - ok
10:31:00.0812 0456 DNE (b5aa5aa5ac327bd7c1aec0c58f0c1144) C:\WINDOWS\system32\DRIVERS\dne2000.sys
10:31:00.0843 0456 DNE - ok
10:31:00.0937 0456 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
10:31:01.0343 0456 dpti2o - ok
10:31:01.0453 0456 DritekPortIO (5c918d413f5837e67a85775c9873775e) C:\PROGRA~1\LAUNCH~1\DPortIO.sys
10:31:01.0500 0456 DritekPortIO - ok
10:31:01.0656 0456 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
10:31:02.0031 0456 drmkaud - ok
10:31:02.0140 0456 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
10:31:02.0500 0456 Fastfat - ok
10:31:02.0718 0456 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
10:31:03.0093 0456 Fdc - ok
10:31:03.0281 0456 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
10:31:03.0671 0456 Fips - ok
10:31:03.0765 0456 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
10:31:04.0187 0456 Flpydisk - ok
10:31:04.0359 0456 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
10:31:04.0765 0456 FltMgr - ok
10:31:04.0843 0456 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
10:31:05.0250 0456 Fs_Rec - ok
10:31:05.0421 0456 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
10:31:05.0796 0456 Ftdisk - ok
10:31:05.0875 0456 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
10:31:05.0890 0456 GEARAspiWDM - ok
10:31:06.0078 0456 GizmoDrv (e48da656df32eda6e5b9d06e3d410b49) C:\WINDOWS\system32\drivers\GizmoDrv.sys
10:31:06.0125 0456 GizmoDrv - ok
10:31:06.0187 0456 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
10:31:06.0625 0456 Gpc - ok
10:31:06.0843 0456 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
10:31:07.0218 0456 HDAudBus - ok
10:31:07.0453 0456 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
10:31:07.0984 0456 HidUsb - ok
10:31:08.0187 0456 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
10:31:08.0546 0456 hpn - ok
10:31:08.0625 0456 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
10:31:08.0750 0456 HTTP - ok
10:31:08.0921 0456 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
10:31:09.0296 0456 i2omgmt - ok
10:31:09.0375 0456 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
10:31:09.0781 0456 i2omp - ok
10:31:09.0953 0456 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
10:31:10.0328 0456 i8042prt - ok
10:31:10.0671 0456 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
10:31:11.0218 0456 ialm - ok
10:31:11.0437 0456 iaStor (db0cc620b27a928d968c1a1e9cd9cb87) C:\WINDOWS\system32\drivers\iaStor.sys
10:31:11.0500 0456 iaStor - ok
10:31:11.0562 0456 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
10:31:11.0953 0456 Imapi - ok
10:31:12.0156 0456 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
10:31:12.0531 0456 ini910u - ok
10:31:12.0921 0456 IntcAzAudAddService (cb1113029fae50c685198eabd9885161) C:\WINDOWS\system32\drivers\RtkHDAud.sys
10:31:13.0453 0456 IntcAzAudAddService - ok
10:31:13.0625 0456 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
10:31:14.0031 0456 IntelIde - ok
10:31:14.0125 0456 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
10:31:14.0515 0456 intelppm - ok
10:31:14.0671 0456 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
10:31:15.0046 0456 Ip6Fw - ok
10:31:15.0203 0456 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
10:31:15.0593 0456 IpFilterDriver - ok
10:31:15.0640 0456 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
10:31:16.0000 0456 IpInIp - ok
10:31:16.0031 0456 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
10:31:16.0406 0456 IpNat - ok
10:31:16.0578 0456 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
10:31:16.0953 0456 IPSec - ok
10:31:17.0046 0456 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
10:31:17.0203 0456 IRENUM - ok
10:31:17.0421 0456 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
10:31:17.0765 0456 isapnp - ok
10:31:17.0843 0456 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
10:31:18.0218 0456 Kbdclass - ok
10:31:18.0437 0456 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
10:31:18.0812 0456 kmixer - ok
10:31:19.0015 0456 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
10:31:19.0109 0456 KSecDD - ok
10:31:19.0296 0456 L1c (6c8658587e91ea25b0fd2e71781ad228) C:\WINDOWS\system32\DRIVERS\l1c51x86.sys
10:31:19.0390 0456 L1c - ok
10:31:19.0578 0456 lbrtfdc - ok
10:31:19.0812 0456 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
10:31:20.0187 0456 mnmdd - ok
10:31:20.0250 0456 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
10:31:20.0625 0456 Modem - ok
10:31:20.0843 0456 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys
10:31:21.0062 0456 Monfilt - ok
10:31:21.0250 0456 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
10:31:21.0609 0456 Mouclass - ok
10:31:21.0671 0456 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
10:31:22.0031 0456 mouhid - ok
10:31:22.0218 0456 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
10:31:22.0593 0456 MountMgr - ok
10:31:22.0640 0456 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
10:31:23.0000 0456 mraid35x - ok
10:31:23.0171 0456 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
10:31:23.0562 0456 MRxDAV - ok
10:31:23.0656 0456 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
10:31:23.0765 0456 MRxSmb - ok
10:31:23.0968 0456 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
10:31:24.0328 0456 Msfs - ok
10:31:24.0500 0456 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
10:31:24.0859 0456 MSKSSRV - ok
10:31:24.0906 0456 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
10:31:25.0296 0456 MSPCLOCK - ok
10:31:25.0500 0456 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
10:31:25.0890 0456 MSPQM - ok
10:31:25.0984 0456 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
10:31:26.0328 0456 mssmbios - ok
10:31:26.0468 0456 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
10:31:26.0843 0456 MSTEE - ok
10:31:26.0953 0456 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
10:31:27.0031 0456 Mup - ok
10:31:27.0218 0456 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
10:31:27.0562 0456 NABTSFEC - ok
10:31:27.0671 0456 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
10:31:28.0046 0456 NDIS - ok
10:31:28.0203 0456 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
10:31:28.0562 0456 NdisIP - ok
10:31:28.0656 0456 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
10:31:28.0718 0456 NdisTapi - ok
10:31:28.0859 0456 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
10:31:29.0234 0456 Ndisuio - ok
10:31:29.0343 0456 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:31:29.0718 0456 NdisWan - ok
10:31:29.0875 0456 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
10:31:29.0921 0456 NDProxy - ok
10:31:30.0000 0456 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
10:31:30.0390 0456 NetBIOS - ok
10:31:30.0562 0456 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
10:31:30.0937 0456 NetBT - ok
10:31:31.0218 0456 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
10:31:31.0578 0456 Npfs - ok
10:31:31.0656 0456 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
10:31:32.0062 0456 Ntfs - ok
10:31:32.0281 0456 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
10:31:32.0312 0456 NuidFltr - ok
10:31:32.0359 0456 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
10:31:32.0718 0456 Null - ok
10:31:32.0890 0456 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
10:31:33.0281 0456 NwlnkFlt - ok
10:31:33.0328 0456 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
10:31:33.0687 0456 NwlnkFwd - ok
10:31:33.0890 0456 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
10:31:34.0265 0456 Parport - ok
10:31:34.0343 0456 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
10:31:34.0687 0456 PartMgr - ok
10:31:34.0875 0456 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
10:31:35.0265 0456 ParVdm - ok
10:31:35.0312 0456 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
10:31:35.0734 0456 PCI - ok
10:31:35.0875 0456 PCIDump - ok
10:31:35.0937 0456 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
10:31:36.0296 0456 PCIIde - ok
10:31:36.0484 0456 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
10:31:36.0875 0456 Pcmcia - ok
10:31:37.0093 0456 PDCOMP - ok
10:31:37.0125 0456 PDFRAME - ok
10:31:37.0156 0456 PDRELI - ok
10:31:37.0187 0456 PDRFRAME - ok
10:31:37.0250 0456 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
10:31:37.0640 0456 perc2 - ok
10:31:37.0812 0456 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
10:31:38.0171 0456 perc2hib - ok
10:31:38.0453 0456 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
10:31:38.0859 0456 PptpMiniport - ok
10:31:39.0078 0456 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
10:31:39.0437 0456 PSched - ok
10:31:39.0640 0456 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
10:31:40.0031 0456 Ptilink - ok
10:31:40.0234 0456 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
10:31:40.0281 0456 PxHelp20 - ok
10:31:40.0343 0456 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
10:31:40.0703 0456 ql1080 - ok
10:31:40.0890 0456 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
10:31:41.0250 0456 Ql10wnt - ok
10:31:41.0468 0456 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
10:31:41.0828 0456 ql12160 - ok
10:31:41.0875 0456 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
10:31:42.0234 0456 ql1240 - ok
10:31:42.0421 0456 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
10:31:42.0796 0456 ql1280 - ok
10:31:43.0046 0456 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
10:31:43.0437 0456 RasAcd - ok
10:31:43.0656 0456 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
10:31:44.0015 0456 Rasl2tp - ok
10:31:44.0234 0456 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:31:44.0593 0456 RasPppoe - ok
10:31:44.0781 0456 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
10:31:45.0171 0456 Raspti - ok
10:31:45.0390 0456 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
10:31:45.0750 0456 Rdbss - ok
10:31:45.0968 0456 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
10:31:46.0312 0456 RDPCDD - ok
10:31:46.0562 0456 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
10:31:46.0937 0456 rdpdr - ok
10:31:47.0140 0456 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
10:31:47.0234 0456 RDPWD - ok
10:31:47.0453 0456 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
10:31:47.0812 0456 redbook - ok
10:31:48.0015 0456 RSUSBSTOR - ok
10:31:48.0062 0456 Rts516xIR - ok
10:31:48.0203 0456 SASDIFSV - ok
10:31:48.0218 0456 SASKUTIL - ok
10:31:48.0421 0456 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
10:31:48.0578 0456 Secdrv - ok
10:31:48.0718 0456 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
10:31:49.0062 0456 Serial - ok
10:31:49.0281 0456 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
10:31:49.0640 0456 Sfloppy - ok
10:31:49.0796 0456 Simbad - ok
10:31:49.0859 0456 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
10:31:50.0265 0456 sisagp - ok
10:31:50.0421 0456 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
10:31:50.0765 0456 SLIP - ok
10:31:50.0906 0456 SNP2UVC (c792610f7d2009352721c1ae38da0619) C:\WINDOWS\system32\DRIVERS\snp2uvc.sys
10:31:51.0140 0456 SNP2UVC - ok
10:31:51.0343 0456 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
10:31:51.0500 0456 Sparrow - ok
10:31:51.0734 0456 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
10:31:52.0125 0456 splitter - ok
10:31:52.0296 0456 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
10:31:52.0453 0456 sr - ok
10:31:52.0515 0456 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
10:31:52.0640 0456 Srv - ok
10:31:52.0843 0456 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
10:31:53.0187 0456 streamip - ok
10:31:53.0328 0456 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
10:31:53.0703 0456 swenum - ok
10:31:53.0890 0456 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
10:31:54.0265 0456 swmidi - ok
10:31:54.0468 0456 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
10:31:54.0812 0456 symc810 - ok
10:31:54.0843 0456 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
10:31:55.0218 0456 symc8xx - ok
10:31:55.0390 0456 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
10:31:55.0750 0456 sym_hi - ok
10:31:55.0968 0456 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
10:31:56.0343 0456 sym_u3 - ok
10:31:56.0562 0456 SynTP (5c3e900f41426a372de60675afc8aa07) C:\WINDOWS\system32\DRIVERS\SynTP.sys
10:31:56.0609 0456 SynTP - ok
10:31:56.0703 0456 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
10:31:57.0062 0456 sysaudio - ok
10:31:57.0281 0456 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
10:31:57.0390 0456 Tcpip - ok
10:31:57.0593 0456 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
10:31:57.0953 0456 TDPIPE - ok
10:31:58.0156 0456 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
10:31:58.0531 0456 TDTCP - ok
10:31:58.0578 0456 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
10:31:58.0953 0456 TermDD - ok
10:31:59.0156 0456 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
10:31:59.0546 0456 TosIde - ok
10:31:59.0781 0456 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
10:32:00.0125 0456 Udfs - ok
10:32:00.0328 0456 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
10:32:00.0484 0456 ultra - ok
10:32:00.0765 0456 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
10:32:01.0187 0456 Update - ok
10:32:01.0453 0456 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
10:32:01.0812 0456 usbaudio - ok
10:32:02.0015 0456 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
10:32:02.0390 0456 usbccgp - ok
10:32:02.0421 0456 USBCCID - ok
10:32:02.0468 0456 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
10:32:02.0859 0456 usbehci - ok
10:32:03.0078 0456 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
10:32:03.0453 0456 usbhub - ok
10:32:03.0656 0456 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
10:32:03.0984 0456 USBSTOR - ok
10:32:04.0093 0456 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
10:32:04.0484 0456 usbuhci - ok
10:32:04.0671 0456 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
10:32:05.0031 0456 usbvideo - ok
10:32:05.0250 0456 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
10:32:05.0625 0456 VgaSave - ok
10:32:05.0718 0456 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
10:32:06.0078 0456 viaagp - ok
10:32:06.0265 0456 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
10:32:06.0609 0456 ViaIde - ok
10:32:06.0828 0456 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
10:32:07.0203 0456 VolSnap - ok
10:32:07.0328 0456 vsdatant (0354ba3a5ba5e28cc247eb5f5dd8793c) C:\WINDOWS\system32\vsdatant.sys
10:32:07.0437 0456 vsdatant - ok
10:32:07.0656 0456 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:32:08.0046 0456 Wanarp - ok
10:32:08.0171 0456 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
10:32:08.0234 0456 Wdf01000 - ok
10:32:08.0343 0456 WDICA - ok
10:32:08.0453 0456 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
10:32:08.0843 0456 wdmaud - ok
10:32:09.0046 0456 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
10:32:09.0437 0456 WmiAcpi - ok
10:32:09.0593 0456 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
10:32:09.0953 0456 WSTCODEC - ok
10:32:10.0062 0456 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
10:32:10.0125 0456 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
10:32:10.0125 0456 \Device\Harddisk0\DR0 - detected TDSS File System (1)
10:32:10.0140 0456 Boot (0x1200) (30c5b47a751e97f75229bbf6f716e73c) \Device\Harddisk0\DR0\Partition0
10:32:10.0156 0456 \Device\Harddisk0\DR0\Partition0 - ok
10:32:10.0156 0456 ============================================================
10:32:10.0156 0456 Scan finished
10:32:10.0156 0456 ============================================================
10:32:10.0296 1344 Detected object count: 2
10:32:10.0296 1344 Actual detected object count: 2
12:02:37.0687 1344 CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user
12:02:37.0687 1344 CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:02:37.0703 1344 \Device\Harddisk0\DR0\TDLFS - deleted
12:02:37.0703 1344 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete
12:02:45.0937 5876 Deinitialize success

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\*cscautoadsl.exe deleted successfully.
Invalid CLSID key: *cscautoadsl.exe
C:\WINDOWS\system32\cscautoadsl.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\*proxyqueueapi.exe deleted successfully.
Invalid CLSID key: *proxyqueueapi.exe
C:\Documents and Settings\K\Start Menu\Programs\proxyqueueapi.exe moved successfully.
File C:\Documents and Settings\K\Start Menu\Programs\proxyqueueapi.exe not found.
C:\Documents and Settings\K\Application Data\cryptdnsmgr.exe moved successfully.
File C:\WINDOWS\System32\cscautoadsl.exe not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 60981493 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: K
->Temp folder emptied: 31914052 bytes
->Temporary Internet Files folder emptied: 1095591 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 56028759 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1956115 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 3024639 bytes

Total Files Cleaned = 148.00 mb

[EMPTYFLASH]

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: K
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.29.1 log created on 10112011_180913

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

OTL logfile created on: 10/11/2011 6:12:54 PM - Run 6
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\K\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.87 Mb Total Physical Memory | 387.07 Mb Available Physical Memory | 38.18% Memory free
2.38 Gb Paging File | 1.90 Gb Available in Paging File | 79.56% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 139.04 Gb Total Space | 20.91 Gb Free Space | 15.04% Space Free | Partition Type: NTFS
Drive D: | 3.73 Gb Total Space | 2.93 Gb Free Space | 78.61% Space Free | Partition Type: FAT32

Computer Name: ACER-399B23EC8F | User Name: K | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found -- C:\WINDOWS\2115398467:3163875713.exe
PRC - [2011/09/29 14:22:20 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\K\Desktop\OTL.exe
PRC - [2011/09/25 14:37:43 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.69\GoogleCrashHandler.exe
PRC - [2011/08/08 18:28:02 | 000,977,408 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
PRC - [2011/06/08 12:12:40 | 001,834,280 | ---- | M] (Dassault Systèmes SolidWorks Corp.) -- C:\Program Files\Common Files\SolidWorks Installation Manager\BackgroundDownloading\sldBgDwld.exe
PRC - [2011/05/25 13:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\K\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2011/05/04 08:30:42 | 000,034,728 | ---- | M] (Arainia Solutions) -- C:\Program Files\Gizmo\gservice.exe
PRC - [2011/05/04 08:30:41 | 000,223,640 | ---- | M] (Arainia Solutions) -- C:\Program Files\Gizmo\gizmo.exe
PRC - [2011/03/21 14:10:00 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/10/06 19:57:42 | 000,071,432 | ---- | M] (Mentor Graphics Corporation) -- C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation (2)\binCFW\StandAloneSlv.exe
PRC - [2010/08/19 15:23:10 | 003,069,192 | ---- | M] (TechSmith Corporation) -- C:\Program Files\TechSmith\Jing\Jing.exe
PRC - [2010/03/23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2009/06/25 17:30:36 | 000,565,248 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\AcerVCM.exe
PRC - [2009/05/08 15:09:42 | 000,607,584 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2009/02/13 23:37:32 | 004,142,080 | ---- | M] () -- C:\Program Files\Qlock\qlock.exe
PRC - [2009/02/05 08:14:56 | 000,237,568 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\RS_Service.exe
PRC - [2009/01/31 11:26:09 | 007,300,392 | ---- | M] (Dassault Systèmes SolidWorks Corp.) -- C:\Program Files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe
PRC - [2008/12/30 00:09:54 | 000,875,016 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2008/07/03 15:58:22 | 000,094,208 | ---- | M] (sonix) -- C:\WINDOWS\PLFSetL.exe
PRC - [2008/04/15 17:54:42 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2008/04/15 17:54:40 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/04/14 05:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2011/08/10 14:13:39 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\77df2cd21a5b85a1605b335aa9ad9d44\System.Configuration.ni.dll
MOD - [2011/08/10 05:59:37 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\10154dcad2d62f226af2fd4211460a4b\System.Xml.ni.dll
MOD - [2011/08/10 05:59:12 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d00cc387e462e4c3cdcd112b137cac87\System.Windows.Forms.ni.dll
MOD - [2011/08/10 05:58:08 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7ed09623172a292eaee51e2e3bcaf784\System.Drawing.ni.dll
MOD - [2011/08/10 05:55:45 | 000,539,648 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\b7795999cc67f3a6cec40f5b24005e00\PresentationFramework.Luna.ni.dll
MOD - [2011/08/10 05:55:32 | 014,328,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\704556e34128441ea9f1a81cc89f8a79\PresentationFramework.ni.dll
MOD - [2011/08/10 05:53:55 | 012,215,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\5f332c48d03eca57419c4f0e884092ee\PresentationCore.ni.dll
MOD - [2011/08/10 05:52:42 | 003,325,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\fd6e0cd6f124a6d041ef1b4c9a5f080b\WindowsBase.ni.dll
MOD - [2011/08/10 05:52:11 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e6c79e1d71b0c9000afd7e5e439b5c54\System.ni.dll
MOD - [2011/06/21 18:50:36 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2011/05/04 08:30:42 | 000,404,384 | ---- | M] () -- C:\Program Files\Gizmo\gdatabase.dll
MOD - [2011/05/04 08:30:42 | 000,394,656 | ---- | M] () -- C:\Program Files\Gizmo\gdrive.dll
MOD - [2011/05/04 08:30:42 | 000,372,632 | ---- | M] () -- C:\Program Files\Gizmo\ghash.dll
MOD - [2011/05/04 08:30:42 | 000,339,864 | ---- | M] () -- C:\Program Files\Gizmo\gscript.dll
MOD - [2011/05/04 08:30:42 | 000,339,864 | ---- | M] () -- C:\Program Files\Gizmo\geditor.dll
MOD - [2011/05/04 08:30:41 | 000,315,800 | ---- | M] () -- C:\Program Files\Gizmo\gmanager.dll
MOD - [2011/05/04 08:30:41 | 000,166,816 | ---- | M] () -- C:\Program Files\Gizmo\gimage.dll
MOD - [2011/04/19 12:39:46 | 000,315,392 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libtidy.dll
MOD - [2011/04/19 12:39:44 | 000,433,664 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libxml2.dll
MOD - [2011/03/21 14:10:36 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/03/21 14:10:00 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2010/08/19 15:23:08 | 000,969,480 | ---- | M] () -- C:\Program Files\TechSmith\Jing\Recorder.dll
MOD - [2010/06/03 13:46:00 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010/03/24 21:17:36 | 008,794,464 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/03/23 13:26:48 | 000,201,512 | ---- | M] () -- C:\WINDOWS\system32\vpnapi.dll
MOD - [2010/01/30 02:41:12 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2009/12/20 18:42:16 | 000,176,235 | ---- | M] () -- C:\WINDOWS\system32\Primomonnt.dll
MOD - [2009/05/08 15:08:42 | 002,854,976 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll
MOD - [2009/05/08 15:06:38 | 000,069,697 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2009/02/13 23:37:32 | 004,142,080 | ---- | M] () -- C:\Program Files\Qlock\qlock.exe
MOD - [2008/04/14 05:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/04/14 05:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2003/06/06 22:30:08 | 000,057,344 | ---- | M] () -- C:\Program Files\Launch Manager\PowerUtl.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Remote Solver for Flow Simulation 2011)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/07/18 23:19:56 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/05/04 08:30:42 | 000,034,728 | ---- | M] (Arainia Solutions) [Auto | Running] -- C:\Program Files\Gizmo\gservice.exe -- (Gizmo Central)
SRV - [2010/12/09 11:07:10 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2010/12/02 06:18:32 | 000,087,336 | ---- | M] (Dassault Systèmes SolidWorks Corp.) [On_Demand | Stopped] -- C:\Program Files\SolidWorks Corp\SolidWorks (2)\swScheduler\DTSCoordinatorService.exe -- (CoordinatorServiceHost)
SRV - [2010/10/06 19:57:42 | 000,071,432 | ---- | M] (Mentor Graphics Corporation) [Auto | Running] -- C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation (2)\binCFW\StandAloneSlv.exe -- (Remote Solver for Flow Simulation 2010)
SRV - [2010/03/25 10:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/03/23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2009/02/05 08:14:56 | 000,237,568 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2008/04/15 17:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel®
SRV - [2005/09/23 07:01:16 | 002,799,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80)

========== Driver Services (SafeList) ==========

DRV - [2011/05/04 08:30:46 | 000,025,488 | ---- | M] (Arainia Solutions LLC) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\gizmodrv.sys -- (GizmoDrv)
DRV - [2010/03/23 13:15:36 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2009/06/21 21:59:26 | 001,574,112 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2009/05/10 22:01:30 | 000,056,992 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2009/05/06 18:15:38 | 001,759,744 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2009/04/15 03:13:34 | 000,991,136 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2009/03/01 22:03:48 | 000,038,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)
DRV - [2009/02/24 01:49:44 | 005,032,448 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/02/18 02:46:56 | 000,534,312 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2008/11/16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2008/10/30 14:19:14 | 000,047,272 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2008/08/05 05:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2007/11/14 19:05:16 | 000,394,952 | ---- | M] (Zone Labs, LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2007/01/18 20:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/11/02 06:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)
DRV - [2006/01/04 00:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...04wu45w8812314o

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...04wu45w8812314o
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {E0B8C461-F8FB-49b4-8373-FE32E9252800}:4.0.0.155231
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
FF - prefs.js..extensions.enabledItems: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}:2.3.1
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7550
FF - prefs.js..extensions.enabledItems: [email protected]:1.9
FF - prefs.js..extensions.enabledItems: {f759ca51-3a91-4dd1-ae78-9db5eee9ebf0}:5.6.9

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\K\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\K\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\K\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Documents and Settings\K\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\K\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/08/24 05:27:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/04/13 22:47:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/04/13 22:47:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/29 08:25:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/29 08:25:55 | 000,000,000 | ---D | M]

[2010/08/24 02:06:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\K\Application Data\Mozilla\Extensions
[2011/09/29 11:53:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\K\Application Data\Mozilla\Firefox\Profiles\tjyi1aio.default\extensions
[2011/08/12 18:05:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\K\Application Data\Mozilla\Firefox\Profiles\tjyi1aio.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/08/12 18:05:05 | 000,000,000 | ---D | M] (Delicious Bookmarks) -- C:\Documents and Settings\K\Application Data\Mozilla\Firefox\Profiles\tjyi1aio.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2011/08/12 18:05:05 | 000,000,000 | ---D | M] (FireFTP) -- C:\Documents and Settings\K\Application Data\Mozilla\Firefox\Profiles\tjyi1aio.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2011/08/12 18:05:07 | 000,000,000 | ---D | M] (Evernote Web Clipper) -- C:\Documents and Settings\K\Application Data\Mozilla\Firefox\Profiles\tjyi1aio.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}
[2011/08/14 14:28:33 | 000,000,000 | ---D | M] (UnMHT) -- C:\Documents and Settings\K\Application Data\Mozilla\Firefox\Profiles\tjyi1aio.default\extensions\{f759ca51-3a91-4dd1-ae78-9db5eee9ebf0}
[2011/08/14 14:28:34 | 000,000,000 | ---D | M] (Readability) -- C:\Documents and Settings\K\Application Data\Mozilla\Firefox\Profiles\tjyi1aio.default\extensions\[email protected]
[2011/10/03 11:57:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/06/29 06:22:52 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/04/13 22:47:03 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO
[2011/04/13 22:47:04 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA
[2010/08/24 05:27:06 | 000,000,000 | ---D | M] (Google Gears) -- C:\PROGRAM FILES\GOOGLE\GOOGLE GEARS\FIREFOX
File not found (No name found) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/08/26 15:38:33 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/05/16 16:52:28 | 000,258,560 | ---- | M] (Dassault Systèmes SolidWorks Corp.) -- C:\Program Files\mozilla firefox\plugins\npEModelPlugin.dll

O1 HOSTS File: ([2011/10/07 12:25:51 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\Drivers\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PLFSetL] C:\WINDOWS\PLFSetL.exe (sonix)
O4 - HKLM..\Run: [snp2uvc] C:\WINDOWS\System32\csnp2uvc.dll ( )
O4 - HKLM..\Run: [SolidWorks_CheckForUpdates] C:\Program Files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe (Dassault Systèmes SolidWorks Corp.)
O4 - HKCU..\Run: [GizmoDriveDelegate] C:\Program Files\Gizmo\gizmo.exe (Arainia Solutions)
O4 - HKCU..\Run: [Jing] C:\Program Files\TechSmith\Jing\Jing.exe (TechSmith Corporation)
O4 - HKLM..\RunOnce: [*auditsrvcfg.exe] C:\Documents and Settings\K\Application Data\auditsrvcfg.exe (©if systems)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acer VCM.lnk = C:\Program Files\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Gizmo.lnk = C:\Program Files\Gizmo\gizmo.exe (Arainia Solutions)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SolidWorks Background Downloader.lnk = C:\Program Files\Common Files\SolidWorks Installation Manager\BackgroundDownloading\sldBgDwld.exe (Dassault Systèmes SolidWorks Corp.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\Icon3E5562ED7.ico ()
O4 - Startup: C:\Documents and Settings\K\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\K\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Documents and Settings\K\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O4 - Startup: C:\Documents and Settings\K\Start Menu\Programs\Startup\qlock.lnk = C:\Program Files\Qlock\qlock.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\intelworks: DllName - (inetsw32.dll) - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\K\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\K\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/31 23:55:07 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/11 18:09:18 | 000,171,520 | ---- | C] (©if systems) -- C:\Documents and Settings\K\Application Data\auditsrvcfg.exe
[2011/10/11 18:05:30 | 000,000,000 | -HSD | C] -- C:\found.000
[2011/10/11 17:55:08 | 004,247,628 | ---- | C] (Swearware) -- C:\Documents and Settings\K\Desktop\Explorer.com
[2011/10/07 14:48:25 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\K\Desktop\aswMBR.exe
[2011/10/07 14:37:47 | 001,558,320 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\K\Desktop\tdsskiller(1).exe
[2011/10/07 13:46:58 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/10/07 12:30:25 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/10/07 12:21:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/10/07 10:42:48 | 004,247,628 | R--- | C] (Swearware) -- C:\Documents and Settings\K\Desktop\ComboFix.exe
[2011/10/07 10:17:24 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/10/03 21:38:04 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\K\Recent
[2011/10/02 16:04:16 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\K\Desktop\OTL.exe
[2011/10/02 14:39:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\K\Application Data\Qlock
[2011/10/02 14:05:23 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/10/02 14:05:23 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/10/02 14:05:23 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/10/02 14:05:23 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/10/02 14:05:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/10/02 14:04:53 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/02 14:04:39 | 000,000,000 | R--D | C] -- C:\Documents and Settings\K\Start Menu\Programs\Administrative Tools
[2011/10/02 14:03:08 | 001,548,080 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\K\Desktop\tdsskiller.exe
[2011/09/29 11:21:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/09/29 11:21:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/09/29 10:02:49 | 000,000,000 | ---D | C] -- C:\MGtools
[2011/09/29 08:28:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\K\Application Data\SUPERAntiSpyware.com
[2011/09/29 08:28:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/09/11 20:10:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\K\Application Data\SolidWorks 2010
[2010/08/22 13:06:54 | 000,196,608 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll
[2010/08/22 06:51:46 | 000,225,280 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll
[2009/08/01 00:35:00 | 000,049,152 | ---- | C] ( ) -- C:\WINDOWS\Interop.IWshRuntimeLibrary.dll

========== Files - Modified Within 30 Days ==========

[2011/10/11 18:14:48 | 000,437,616 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/10/11 18:14:48 | 000,069,676 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/10/11 18:11:05 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2011/10/11 18:10:18 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/11 18:10:16 | 000,000,000 | ---- | M] () -- C:\WINDOWS\2115398467
[2011/10/11 18:10:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/11 18:10:13 | 1063,194,624 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/11 18:09:18 | 000,171,520 | ---- | M] (©if systems) -- C:\Documents and Settings\K\Application Data\auditsrvcfg.exe
[2011/10/11 18:07:08 | 000,048,016 | -HS- | M] () -- C:\WINDOWS\System32\c_74940.nl_
[2011/10/11 17:48:01 | 000,000,962 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3207847200-596957751-681764103-1005UA.job
[2011/10/11 17:42:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/09 21:48:02 | 000,000,910 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3207847200-596957751-681764103-1005Core.job
[2011/10/07 12:25:51 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/10/07 09:28:06 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/10/07 09:05:28 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\K\Desktop\aswMBR.exe
[2011/10/07 09:04:00 | 001,558,320 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\K\Desktop\tdsskiller(1).exe
[2011/10/07 09:01:44 | 004,247,628 | R--- | M] (Swearware) -- C:\Documents and Settings\K\Desktop\ComboFix.exe
[2011/10/07 09:01:44 | 004,247,628 | ---- | M] (Swearware) -- C:\Documents and Settings\K\Desktop\Explorer.com
[2011/10/02 13:47:10 | 001,548,080 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\K\Desktop\tdsskiller.exe
[2011/09/30 23:41:30 | 000,027,754 | ---- | M] () -- C:\MGlogs.zip
[2011/09/29 14:22:20 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\K\Desktop\OTL.exe
[2011/09/29 10:20:10 | 002,170,570 | ---- | M] () -- C:\Documents and Settings\K\My Documents\cc_20110929_101851.reg
[2011/09/29 08:28:00 | 017,217,688 | ---- | M] () -- C:\Documents and Settings\K\Desktop\SAS_09216917.COM
[2011/09/29 08:19:56 | 002,420,346 | ---- | M] () -- C:\MGtools.exe
[2011/09/29 08:19:56 | 002,420,346 | ---- | M] () -- C:\Documents and Settings\K\Desktop\MGtools.exe
[2011/09/29 07:47:36 | 009,851,496 | ---- | M] () -- C:\mdsbdsam-setup.exe
[2011/09/29 07:47:36 | 009,851,496 | ---- | M] () -- C:\Documents and Settings\K\Desktop\mdsbdsam-setup.exe
[2011/09/28 13:30:45 | 001,008,092 | ---- | M] () -- C:\Documents and Settings\K\Desktop\rkill.exe
[2011/09/23 11:04:45 | 000,000,686 | ---- | M] () -- C:\Documents and Settings\K\Desktop\Shortcut to Opti 597 - Technical Writing.lnk
[2011/09/16 10:48:16 | 000,000,591 | ---- | M] () -- C:\Documents and Settings\K\Desktop\Shortcut to Goodrich.lnk
[2011/09/15 10:10:12 | 000,002,453 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SolidWorks 2010.lnk
[2011/09/12 01:10:21 | 000,000,625 | ---- | M] () -- C:\WINDOWS\solvermfc.INI
[2011/09/11 20:22:09 | 134,302,870 | ---- | M] () -- C:\Documents and Settings\K\Desktop\1659_Huge_in_a_Hurry.pdf

========== Files Created - No Company Name ==========

[2011/10/11 18:07:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\2115398467
[2011/10/07 14:43:37 | 000,048,016 | -HS- | C] () -- C:\WINDOWS\System32\c_74940.nl_
[2011/10/02 14:05:23 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/10/02 14:05:23 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/10/02 14:05:23 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/10/02 14:05:23 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/10/02 14:05:23 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/09/29 12:23:12 | 009,851,496 | ---- | C] () -- C:\mdsbdsam-setup.exe
[2011/09/29 12:23:12 | 002,420,346 | ---- | C] () -- C:\MGtools.exe
[2011/09/29 10:19:18 | 002,170,570 | ---- | C] () -- C:\Documents and Settings\K\My Documents\cc_20110929_101851.reg
[2011/09/29 10:02:52 | 000,027,754 | ---- | C] () -- C:\MGlogs.zip
[2011/09/29 10:02:43 | 002,420,346 | ---- | C] () -- C:\Documents and Settings\K\Desktop\MGtools.exe
[2011/09/29 10:02:38 | 009,851,496 | ---- | C] () -- C:\Documents and Settings\K\Desktop\mdsbdsam-setup.exe
[2011/09/29 08:27:27 | 017,217,688 | ---- | C] () -- C:\Documents and Settings\K\Desktop\SAS_09216917.COM
[2011/09/28 13:30:42 | 001,008,092 | ---- | C] () -- C:\Documents and Settings\K\Desktop\rkill.exe
[2011/09/23 11:04:45 | 000,000,686 | ---- | C] () -- C:\Documents and Settings\K\Desktop\Shortcut to Opti 597 - Technical Writing.lnk
[2011/09/11 20:28:42 | 000,000,625 | ---- | C] () -- C:\WINDOWS\solvermfc.INI
[2011/09/11 20:13:41 | 134,302,870 | ---- | C] () -- C:\Documents and Settings\K\Desktop\1659_Huge_in_a_Hurry.pdf
[2011/02/10 19:28:31 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/12/09 11:18:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\eDrawingOfficeAutomator.INI
[2010/10/17 22:04:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\yap.INI
[2010/09/16 11:41:58 | 000,957,904 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/09/03 12:03:54 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2010/08/25 02:31:38 | 000,083,108 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/08/24 15:30:06 | 000,009,216 | ---- | C] () -- C:\Documents and Settings\K\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/24 02:05:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/08/22 13:06:54 | 001,759,744 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2010/08/22 13:06:54 | 000,028,544 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys
[2010/08/22 13:06:53 | 000,000,323 | ---- | C] () -- C:\WINDOWS\PidList.ini
[2010/03/23 13:26:48 | 000,201,512 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2010/03/23 13:17:40 | 000,197,416 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2009/12/20 18:42:18 | 000,000,314 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2009/08/01 03:01:06 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/08/01 01:48:57 | 000,090,772 | ---- | C] () -- C:\WINDOWS\System32\drivers\RtConvEQ.DAT
[2009/08/01 01:48:57 | 000,000,536 | ---- | C] () -- C:\WINDOWS\System32\drivers\RtHdatEx.dat
[2009/08/01 01:48:57 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTEQEX2.dat
[2009/08/01 01:48:57 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTEQEX1.dat
[2009/08/01 01:48:57 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTEQEX0.dat
[2009/08/01 01:48:57 | 000,000,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTHDAEQ0.dat
[2009/08/01 01:48:57 | 000,000,164 | ---- | C] () -- C:\WINDOWS\System32\drivers\SamSfPa.dat
[2009/08/01 01:48:57 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\rtkhdaud.dat
[2009/08/01 01:48:01 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009/08/01 00:34:51 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009/08/01 00:34:50 | 000,437,616 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2009/08/01 00:34:50 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2009/08/01 00:34:50 | 000,069,676 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2009/08/01 00:34:50 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2009/08/01 00:34:50 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2009/08/01 00:34:49 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2009/08/01 00:34:49 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2009/08/01 00:34:48 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2009/08/01 00:34:48 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2009/08/01 00:34:44 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2009/08/01 00:34:42 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2009/07/31 23:58:22 | 000,032,768 | ---- | C] () -- C:\WINDOWS\AMove.exe
[2009/07/31 23:58:22 | 000,007,003 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2009/07/31 23:57:06 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/07/31 23:52:54 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/07/31 23:51:59 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2009/07/31 16:49:29 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/07/31 16:48:41 | 000,368,096 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/05/08 15:08:42 | 002,854,976 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2009/02/24 19:20:23 | 000,020,480 | ---- | C] () -- C:\WINDOWS\LauncheRyDiscCalc.exe
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== LOP Check ==========

[2011/05/25 11:12:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DassaultSystemes
[2009/08/01 02:33:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eSobi
[2010/08/24 16:05:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/08/22 13:14:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\.BitTornado
[2009/08/01 02:35:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Acer
[2009/08/01 02:07:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Acer GameZone Console
[2011/01/08 12:30:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\calibre
[2011/05/25 11:12:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\DassaultSystemes
[2011/09/29 10:53:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Dropbox
[2011/01/02 15:42:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\FreeOrion
[2011/05/04 08:30:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Gizmo
[2011/10/11 18:11:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\IM
[2011/03/02 20:18:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2010/10/14 06:58:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\MuPAD
[2010/11/24 22:25:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Paltalk
[2011/04/09 23:19:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\PrimoPDF
[2011/10/02 14:39:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Qlock
[2009/08/01 02:25:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Super-Cow

========== Purity Check ==========

========== Custom Scans ==========

< >

< >

< MD5 for: AFD.SYS >
[2008/04/14 05:00:00 | 000,138,112 | ---- | M] (Microsoft Corporation) MD5=322D0E36693D6E24A2398BEE62A268CD -- C:\WINDOWS\$NtUninstallKB951748$\afd.sys
[2011/02/16 06:22:48 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=355556D9E580915118CD7EF736653A89 -- C:\WINDOWS\system32\dllcache\afd.sys
[2011/10/07 14:42:36 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=355556D9E580915118CD7EF736653A89 -- C:\WINDOWS\system32\drivers\afd.sys
[2008/10/16 08:07:58 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=38D7B715504DA4741DF35E3594FE2099 -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\afd.sys
[2008/08/14 03:34:26 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=4D43E74F2A1239D53929B82600F1971C -- C:\WINDOWS\$hf_mig$\KB956803\SP3QFE\afd.sys
[2008/10/16 07:43:01 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7618D5218F2A614672EC61A80D854A37 -- C:\WINDOWS\$NtUninstallKB2503665$\afd.sys
[2008/08/14 03:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7E775010EF291DA96AD17CA4B17137D7 -- C:\WINDOWS\$NtUninstallKB2509553$\afd.sys
[2011/02/16 06:25:05 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=8D499B1276012EB907E7A9E0F4D8FDA4 -- C:\WINDOWS\$hf_mig$\KB2503665\SP3QFE\afd.sys
[2008/06/20 04:48:03 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=D6EE6014241D034E63C49A50CB2B442A -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys
[2008/06/20 04:40:08 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=E3049B90FE06F3F740B7CFDA44995E2C -- C:\WINDOWS\$NtUninstallKB956803$\afd.sys

< MD5 for: CVPNDRVA.SYS >
[2010/03/23 13:15:36 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) MD5=18994842386FD3039279D7865740ABBD -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys

< >

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 816 bytes -> C:\WINDOWS\2115398467:3163875713.exe

< End of report >