Running Combofix and OTL scans now. Here are 3 files from virscan.org, the first one (edithostadv.exe) i tried i thought i had disabled avg, but was mistaken, so i wont be able to get that scan for you until i get to another computer. I can tell you right now though, it (edithostadv.exe) had red malware, trojan downloader, and spyware all over it (i scanned it at a friends house before their computer shut down while i was posting here)
Thank you again for all your help. Good news that the Rootkit is gone, now just to round up whatever other critters are still around...
Oh, and i did install Jolicloud, yet i was planning to uninstall it after getting all this taken care of.
VirSCAN.org Scanned Report :
Scanned time : 2008/04/28 05:50:23 (MST)
Scanner results: 3% Scanner(s) (1/36) found malware!
File Name : explorer.exe
File Size : 1033728 byte
File Type : MS-DOS executable (EXE), OS/2 or MS Windows
MD5 : 12896823fb95bfb3dc9b46bcaedc9923
SHA1 : 9d2bf84874abc5b6e9a2744b7865c193c08d362f
Online report :
http://r.virscan.org...18b094b5da3a210Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 3.5.0.16 2008.04.27 2008-04-27 3.84 -
AhnLab V3 2008.04.28.00 2008.04.28 2008-04-28 1.13 -
AntiVir 7.8.0.10 7.0.3.220 2008-04-28 2.78 -
Arcavir 1.0.4 200804271350 2008-04-27 2.30 -
AVAST! 1.0.8 080428-0 2008-04-28 3.06 -
AVG 7.5.51.442 269.23.5/1401 2008-04-28 2.87 -
BitDefender 7.60825.1184481 7.18704 2008-04-28 4.08 -
CA (VET) 9.0.0.143 31.3.5741 2008-04-28 6.55 -
ClamAV 0.93 6863 2008-04-21 0.27 -
Comodo 2.11 2.0.0.509 2008-04-28 1.03 -
CP Secure 1.1.0.715 2008.04.28 2008-04-28 7.54 -
Dr.Web 4.44.0.9170 2008.04.28 2008-04-28 6.33 -
ewido 4.0.0.2 2008.04.28 2008-04-28 2.55 -
F-Prot 4.4.1.52 20080427 2008-04-27 1.60 -
F-Secure 5.51.6100 2008.04.28.01 2008-04-28 5.04 -
Fortinet 2.81-3.11 9.25 2008-04-28 2.31 -
ViRobot 20080428 2008.04.28 2008-04-28 0.39 -
Ikarus T3.1.01.26 2008.04.28.70668 2008-04-28 2.51 -
JiangMin 10.00.650 2008.04.28 2008-04-28 1.53 -
Kaspersky 5.5.10 2008.04.28 2008-04-28 10.89 -
KingSoft 2007.6.20.249 2008.4.28 2008-04-28 1.18 -
McAfee 5.2.00 5282 2008-04-25 6.31 -
Microsoft 1.3408 2008.04.24 2008-04-24 7.22 -
mks_vir 2.01 2008.04.28 2008-04-28 5.72 -
Norman 5.91.10 5.90 2008-04-22 16.99 -
Panda 9.04.03.0001 2008.04.27 2008-04-27 9.46 -
Trend Micro 8.500-1001 5.244.03 2008-04-28 0.04 -
Prevx V2 20080428 2008-04-28 8.40 TROJAN.DOWNLOADER.GEN
Quick Heal 9.00 2008.04.26 2008-04-26 6.32 -
Rising 20.0 20.42.01.00 2008-04-28 2.57 -
Sophos 2.72.0 4.28 2008-04-28 18.16 -
Symantec 1.3.0.24 20080427.009 2008-04-27 0.62 -
nProtect 2008-04-28.00 1437905 2008-04-28 13.80 -
The Hacker 6.2.92 v00294 2008-04-26 3.66 -
VBA32 3.12.6.5 20080428.0807 2008-04-28 5.85 -
VirusBuster 4.3.19:9 9.126.6/11.0 2008-04-27 6.81 -
VirSCAN.org Scanned Report :
Scanned time : 2011/10/17 23:50:04 (MST)
Scanner results: Scanners did not find malware!
File Name : userinit.exe
File Size : 26112 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : a93aee1928a9d7ce3e16d24ec7380f89
SHA1 : 513f8bdf67a5a9e09803cfb61f590b39f2683853
Online report :
http://r.virscan.org...ab20cdecb6be3f9Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.1.0.4 20111018100135 2011-10-18 0.42 -
AhnLab V3 2011.10.18.00 2011.10.18 2011-10-18 2.40 -
AntiVir 8.2.6.84 7.11.16.29 2011-10-17 0.64 -
Antiy 2.0.18 20111017.13306130 2011-10-17 0.20 -
Arcavir 2011 201110171500 2011-10-17 3.35 -
Authentium 5.1.1 201110172233 2011-10-17 1.67 -
AVAST! 4.7.4 111017-1 2011-10-17 0.01 -
AVG 8.5.850 271.1.1/3941 2011-10-06 0.27 -
BitDefender 7.90123.9302815 7.39528 2011-10-18 6.78 -
ClamAV 0.97.1 13813 2011-10-18 0.00 -
Comodo 5.1 10482 2011-10-18 2.05 -
CP Secure 1.3.0.5 2011.10.18 2011-10-18 0.06 -
Dr.Web 5.0.2.3300 2011.10.18 2011-10-18 22.46 -
F-Prot 4.6.2.117 20111017 2011-10-17 0.81 -
F-Secure 7.02.73807 2011.10.18.01 2011-10-18 0.35 -
Fortinet 4.2.257 14.247 2011-10-17 0.18 -
GData 22.2462 20111018 2011-10-18 0.20 -
ViRobot 20111017 2011.10.17 2011-10-17 0.44 -
Ikarus T3.1.32.20.0 2011.10.18.79603 2011-10-18 5.81 -
JiangMin 13.0.900 2011.10.17 2011-10-17 2.12 -
Kaspersky 5.5.10 2011.10.17 2011-10-17 0.18 -
KingSoft 2009.2.5.15 2011.10.18.9 2011-10-18 1.30 -
McAfee 5400.1158 6502 2011-10-17 11.24 -
Microsoft 1.7702 2011.10.18 2011-10-18 3.62 -
NOD32 3.0.21 6545 2011-10-15 0.01 -
Norman 6.07.11 6.07.00 2011-09-17 22.04 -
Panda 9.05.01 2011.10.17 2011-10-17 3.06 -
Trend Micro 9.500-1005 8.504.08 2011-10-17 0.12 -
Quick Heal 11.00 2011.10.18 2011-10-18 1.05 -
Rising 20.0 23.80.01.01 2011-10-18 2.50 -
Sophos 3.24.4 4.70 2011-10-18 4.54 -
Sunbelt 3.9.2514.2 10795 2011-10-17 0.77 -
Symantec 1.3.0.24 20111017.003 2011-10-17 0.06 -
nProtect 20111017.01 13003106 2011-10-17 1.22 -
The Hacker 6.7.0.1 v00325 2011-10-16 0.53 -
VBA32 3.12.16.4 20111016.1836 2011-10-16 7.36 -
VirusBuster 5.4.0.7 14.1.16.0/6540609 2011-10-17 0.00 -
VirSCAN.org Scanned Report :
Scanned time : 2011/10/17 23:53:52 (MST)
Scanner results: Scanners did not find malware!
File Name : winlogon.exe
File Size : 507904 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : ed0ef0a136dec83df69f04118870003e
SHA1 : f77a7cd78877527023ebfb35e83b75ef59d3df07
Online report :
http://r.virscan.org...ff66276c8280f6dScanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.1.0.4 20111018100135 2011-10-18 0.34 -
AhnLab V3 2011.10.18.00 2011.10.18 2011-10-18 2.47 -
AntiVir 8.2.6.84 7.11.16.29 2011-10-17 0.32 -
Antiy 2.0.18 20111017.13306130 2011-10-17 0.02 -
Arcavir 2011 201110171500 2011-10-17 2.88 -
Authentium 5.1.1 201110172233 2011-10-17 1.67 -
AVAST! 4.7.4 111017-1 2011-10-17 0.05 -
AVG 8.5.850 271.1.1/3941 2011-10-06 0.27 -
BitDefender 7.90123.9302815 7.39528 2011-10-18 4.65 -
ClamAV 0.97.1 13813 2011-10-18 0.12 -
Comodo 5.1 10482 2011-10-18 1.89 -
CP Secure 1.3.0.5 2011.10.18 2011-10-18 0.10 -
Dr.Web 5.0.2.3300 2011.10.18 2011-10-18 15.83 -
F-Prot 4.6.2.117 20111017 2011-10-17 0.79 -
F-Secure 7.02.73807 2011.10.18.01 2011-10-18 0.31 -
Fortinet 4.2.257 14.247 2011-10-17 0.18 -
GData 22.2462 20111018 2011-10-18 0.11 -
ViRobot 20111017 2011.10.17 2011-10-17 0.39 -
Ikarus T3.1.32.20.0 2011.10.18.79603 2011-10-18 5.02 -
JiangMin 13.0.900 2011.10.17 2011-10-17 1.83 -
Kaspersky 5.5.10 2011.10.17 2011-10-17 0.18 -
KingSoft 2009.2.5.15 2011.10.18.9 2011-10-18 0.88 -
McAfee 5400.1158 6502 2011-10-17 11.19 -
Microsoft 1.7702 2011.10.18 2011-10-18 3.48 -
NOD32 3.0.21 6545 2011-10-15 0.01 -
Norman 6.07.11 6.07.00 2011-09-17 4.01 -
Panda 9.05.01 2011.10.17 2011-10-17 2.17 -
Trend Micro 9.500-1005 8.504.08 2011-10-17 0.04 -
Quick Heal 11.00 2011.10.18 2011-10-18 1.09 -
Rising 20.0 23.80.01.01 2011-10-18 2.41 -
Sophos 3.24.4 4.70 2011-10-18 4.45 -
Sunbelt 3.9.2514.2 10795 2011-10-17 0.68 -
Symantec 1.3.0.24 20111017.003 2011-10-17 0.07 -
nProtect 20111017.01 13003106 2011-10-17 1.58 -
The Hacker 6.7.0.1 v00325 2011-10-16 0.54 -
VBA32 3.12.16.4 20111016.1836 2011-10-16 4.84 -
VirusBuster 5.4.0.7 14.1.16.0/6540609 2011-10-17 0.00 -
ComboFix 11-10-17.02 - K 10/17/2011 23:44:20.9.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.267 [GMT -7:00]
Running from: c:\documents and settings\K\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-09-18 to 2011-10-18 )))))))))))))))))))))))))))))))
.
.
2011-10-16 17:41 . 2011-10-16 17:41 -------- d-----w- c:\documents and settings\Administrator
2011-10-12 01:05 . 2011-10-12 01:05 -------- d-----w- C:\found.000
2011-10-07 17:17 . 2011-10-07 17:17 -------- d-----w- C:\_OTL
2011-10-02 21:39 . 2011-10-02 21:39 -------- d-----w- c:\documents and settings\K\Application Data\Qlock
2011-09-29 19:23 . 2011-09-29 14:47 9851496 ----a-w- C:\mdsbdsam-setup.exe
2011-09-29 18:23 . 2011-09-29 18:23 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-09-29 17:02 . 2011-10-01 06:41 -------- d-----w- C:\MGtools
2011-09-29 15:28 . 2011-09-29 15:28 -------- d-----w- c:\documents and settings\K\Application Data\SUPERAntiSpyware.com
2011-09-29 15:28 . 2011-09-29 15:28 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-16 17:40 . 2009-08-01 07:34 44544 ----a-w- c:\windows\system32\drivers\fips.sys
2011-10-01 06:41 . 2011-09-29 17:02 27754 ----a-w- C:\MGlogs.zip
2011-09-26 18:41 . 2009-08-01 07:34 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 18:41 . 2008-07-30 02:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 18:41 . 2009-08-01 07:34 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-09 09:12 . 2009-08-01 07:34 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20 . 2009-08-01 07:34 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-22 23:48 . 2009-08-01 07:34 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48 . 2009-08-01 07:34 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48 . 2009-08-01 07:34 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2009-08-01 07:34 385024 ----a-w- c:\windows\system32\html.iec
2011-08-17 13:49 . 2009-08-01 07:34 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-08-02 12:18 . 2011-06-24 14:29 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2010-08-24 12:37 . 2010-08-24 12:37 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2011-10-16_19.39.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-01 07:34 . 2011-10-17 19:59 69678 c:\windows\system32\perfc009.dat
- 2009-08-01 07:34 . 2011-10-16 19:00 69678 c:\windows\system32\perfc009.dat
+ 2011-10-16 19:54 . 2011-10-16 19:54 98816 c:\windows\assembly\NativeImages_v2.0.50727_32\VSLangProj\57823761e3f2c54cee7fc53acefcc893\VSLangProj.ni.dll
+ 2011-10-16 19:53 . 2011-10-16 19:53 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\6c334564da041df8fb75415f2d503224\System.Windows.Presentation.ni.dll
+ 2011-10-16 19:53 . 2011-10-16 19:53 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\a54a122f1070ab71931dd9679ddd8e90\System.Web.DynamicData.Design.ni.dll
+ 2011-10-16 19:50 . 2011-10-16 19:50 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\ac92806d5bd508eb25f1b4b73a36b101\System.ComponentModel.DataAnnotations.ni.dll
+ 2011-10-16 19:50 . 2011-10-16 19:50 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\e6a9cd66d11a21776dbf425e8e28099c\System.AddIn.Contract.ni.dll
+ 2011-10-16 19:49 . 2011-10-16 19:49 22016 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\db4f8f1c2468988697b19fde758e4d5c\Microsoft.VisualStudio.Designer.Interfaces.ni.dll
+ 2011-10-16 19:50 . 2011-10-16 19:50 66560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\710038107829842461d82b979e8bca6e\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v10.0.ni.dll
+ 2011-10-16 19:48 . 2011-10-16 19:48 19968 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.In#\02af0ddfacf0bfcbc95058e324bf09e7\Microsoft.Office.InfoPath.Permission.ni.dll
+ 2011-10-16 19:47 . 2011-10-16 19:47 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\aefe683674c97a998f4e908c1a7ee7c6\Microsoft.Build.Framework.ni.dll
- 2011-10-16 19:36 . 2011-10-16 19:36 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\aefe683674c97a998f4e908c1a7ee7c6\Microsoft.Build.Framework.ni.dll
+ 2011-10-16 19:47 . 2011-10-16 19:47 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\845eef4d09f28da6ee05d99f93c90f6e\Microsoft.Build.Framework.ni.dll
- 2011-10-16 19:36 . 2011-10-16 19:36 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\ipdmctrl\84d2a811b7c0329e2bdbbf2526757fbc\ipdmctrl.ni.dll
+ 2011-10-16 19:47 . 2011-10-16 19:47 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\ipdmctrl\84d2a811b7c0329e2bdbbf2526757fbc\ipdmctrl.ni.dll
+ 2009-08-01 07:34 . 2011-10-17 19:59 437618 c:\windows\system32\perfh009.dat
- 2009-08-01 07:34 . 2011-10-16 19:00 437618 c:\windows\system32\perfh009.dat
+ 2011-10-16 19:47 . 2011-10-16 19:47 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\c8627df7adb416722d8e0f05c57fef6b\WsatConfig.ni.exe
- 2011-10-16 19:36 . 2011-10-16 19:36 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\c8627df7adb416722d8e0f05c57fef6b\WsatConfig.ni.exe
+ 2011-10-16 19:54 . 2011-10-16 19:54 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\566b2e11e7f3f6d973b17b86cf42f9bc\System.Xml.Linq.ni.dll
+ 2011-10-16 19:53 . 2011-10-16 19:53 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\3533d614ebecd4344efbee619dd11a74\System.Web.Routing.ni.dll
+ 2011-10-16 19:53 . 2011-10-16 19:53 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\d93514a764a83b18f6f3547b59cc8ae9\System.Web.Extensions.Design.ni.dll
+ 2011-10-16 19:53 . 2011-10-16 19:53 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\93b5d1b77a74b76ac73cbf51ec871c01\System.Web.Entity.ni.dll
+ 2011-10-16 19:53 . 2011-10-16 19:53 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\d06a7d5872bbe85795f947f6c75d38c6\System.Web.Entity.Design.ni.dll
+ 2011-10-16 19:53 . 2011-10-16 19:53 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\ad0851438a18bf730d974c9b2f5f776a\System.Web.DynamicData.ni.dll
+ 2011-10-16 19:53 . 2011-10-16 19:53 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\734ab0ea87d7dfd5c583eea535c05878\System.Web.Abstractions.ni.dll
+ 2011-10-16 19:53 . 2011-10-16 19:53 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\b2a84980f206431821d85d5155d5916f\System.Net.ni.dll
+ 2011-10-16 19:53 . 2011-10-16 19:53 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\f36eded354122da9555a6c7cdbdb5431\System.Management.Instrumentation.ni.dll
+ 2011-10-16 19:52 . 2011-10-16 19:52 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\11cdd1c0d65428cd3505d3813d36638c\System.DirectoryServices.AccountManagement.ni.dll
+ 2011-10-16 19:52 . 2011-10-16 19:52 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\e5ada332a9bc3c982e6aede6ba354196\System.Data.Services.Client.ni.dll
+ 2011-10-16 19:52 . 2011-10-16 19:52 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\3f179f373f31817a914b639a56cc0497\System.Data.Services.Design.ni.dll
+ 2011-10-16 19:52 . 2011-10-16 19:52 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\fee1a48b769a8c4beb335ee5ce006091\System.Data.Entity.Design.ni.dll
+ 2011-10-16 19:50 . 2011-10-16 19:50 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\b9d9ff5d03e90ede1116794f2c7dd6da\System.Data.DataSetExtensions.ni.dll
+ 2011-10-16 19:47 . 2011-10-16 19:47 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\6e45cf503f025c5fe814ea7e52f62a78\SMSvcHost.ni.exe
- 2011-10-16 19:36 . 2011-10-16 19:36 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\6e45cf503f025c5fe814ea7e52f62a78\SMSvcHost.ni.exe
+ 2011-10-16 19:44 . 2011-10-16 19:44 355328 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\fbb073920624bbdcf436fc312eaebe9f\ServiceModelReg.ni.exe
- 2011-10-16 19:36 . 2011-10-16 19:36 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\04595f414c49cf2a65b349648ba23e62\MSBuild.ni.exe
+ 2011-10-16 19:47 . 2011-10-16 19:47 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\04595f414c49cf2a65b349648ba23e62\MSBuild.ni.exe
+ 2011-10-16 19:50 . 2011-10-16 19:50 161280 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\f8aff594f6f2921bd947927d24f12488\Microsoft.VisualStudio.Tools.Office.Word.AddInProxy.v9.0.ni.dll
+ 2011-10-16 19:50 . 2011-10-16 19:50 337920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\e018f495298c7e932a777009a4c70e79\Microsoft.VisualStudio.Tools.Applications.ServerDocument.v9.0.ni.dll
+ 2011-10-16 19:49 . 2011-10-16 19:49 306176 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\d393526c651354e50ba490d2d299c509\Microsoft.VisualStudio.OLE.Interop.ni.dll
+ 2011-10-16 19:50 . 2011-10-16 19:50 365056 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\bd6a0a542d90b9f0dee78153e214e774\Microsoft.VisualStudio.Tools.Applications.Hosting.v10.0.ni.dll
+ 2011-10-16 19:50 . 2011-10-16 19:50 664064 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\b93f2154d61a824040fc489dc0a61cbb\Microsoft.VisualStudio.Tools.Applications.ServerDocument.v10.0.ni.dll
+ 2011-10-16 19:50 . 2011-10-16 19:50 146432 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\b4200110135de15b76573dbfb338afde\Microsoft.VisualStudio.Tools.Office.ContainerControl.v10.0.ni.dll
+ 2011-10-16 19:49 . 2011-10-16 19:49 369664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\b1953157e935fa670e34a2f4efab5683\Microsoft.VisualStudio.Shell.Interop.8.0.ni.dll
+ 2011-10-16 19:49 . 2011-10-16 19:49 664576 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\8669b7a8152e3248b5ff60ce38bdeed6\Microsoft.VisualStudio.ni.dll
+ 2011-10-16 19:50 . 2011-10-16 19:50 161792 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\6c50f04d344395f23a8bc4fd7d41e4c4\Microsoft.VisualStudio.Tools.Office.Excel.AddInProxy.v9.0.ni.dll
+ 2011-10-16 19:49 . 2011-10-16 19:49 823808 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\5bb795cc831574bfcbd2d08a950e756e\Microsoft.VisualStudio.Shell.ni.dll
+ 2011-10-16 19:49 . 2011-10-16 19:49 595968 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\47201f80c4663ef96d3a3ad5038917d7\Microsoft.VisualStudio.Shell.Design.ni.dll
+ 2011-10-16 19:50 . 2011-10-16 19:50 622080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\4566c7477fb3c01050267737da059f19\Microsoft.VisualStudio.Tools.Office.Runtime.v10.0.ni.dll
+ 2011-10-16 19:50 . 2011-10-16 19:50 285184 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\3b8073fe91eadf2a670f83009d663c67\Microsoft.VisualStudio.Tools.Applications.Hosting.v9.0.ni.dll
+ 2011-10-16 19:50 . 2011-10-16 19:50 303104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\20bfe9361e7d7f64c8d531c8760ea096\Microsoft.VisualStudio.Tools.Office.AppInfoDocument.v9.0.ni.dll
+ 2011-10-16 19:50 . 2011-10-16 19:50 819712 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\1c356619d4c19932e741121680fdcfe2\Microsoft.VisualStudio.Windows.Forms.ni.dll
+ 2011-10-16 19:49 . 2011-10-16 19:49 220160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\01c745016668ad80e107d25e889c3eeb\Microsoft.VisualStudio.Configuration.ni.dll
+ 2011-10-16 19:49 . 2011-10-16 19:49 167424 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.To#\94fee35dec99cd25aed3668e7be2bc8f\Microsoft.Office.Tools.Outlook.v9.0.ni.dll
+ 2011-10-16 19:49 . 2011-10-16 19:49 815616 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.To#\82cb865cd1da4f31fab81db2b2ab7fef\Microsoft.Office.Tools.Common.v9.0.ni.dll
+ 2011-10-16 19:49 . 2011-10-16 19:49 854528 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.To#\54fa844b02cc606a4c25c7ef2411f5c2\Microsoft.Office.Tools.Word.v9.0.ni.dll
+ 2011-10-16 19:48 . 2011-10-16 19:48 375808 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.In#\fc131a2a34e764b964ebf75a1c7cd536\Microsoft.Office.Interop.InfoPath.ni.dll
+ 2011-10-16 19:48 . 2011-10-16 19:48 206848 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.In#\af97a63f9934f2f16550edda7b06fc30\Microsoft.Office.InfoPath.Client.Internal.Host.Interop.ni.dll
+ 2011-10-16 19:48 . 2011-10-16 19:48 114688 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.In#\9651efa72fdb37d4ae245feec649a85b\Microsoft.Office.InfoPath.ni.dll
+ 2011-10-16 19:47 . 2011-10-16 19:47 268800 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.Bu#\c4b36597480eb30b5eaf7d4920e5cdcb\Microsoft.Office.BusinessApplications.Diagnostics.ni.dll
+ 2011-10-16 19:47 . 2011-10-16 19:47 343040 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.BusinessD#\6ffbd1eac4fb533e28e5808df3b1b2ef\Microsoft.BusinessData.ni.dll
+ 2011-10-16 19:47 . 2011-10-16 19:47 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\ff6d4892775fd1f9b137f7c92ea453f2\Microsoft.Build.Utilities.ni.dll
+ 2011-10-16 19:47 . 2011-10-16 19:47 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\47ff0720cb80a0fc0bbd15ddc3d12adc\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2011-10-16 19:47 . 2011-10-16 19:47 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\da112c5757e3c68d6369b6aa46cc9682\Microsoft.Build.Engine.ni.dll
+ 2011-10-16 19:47 . 2011-10-16 19:47 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\dc278e1123086ae32fec8f7e9751db14\Microsoft.Build.Conversion.v3.5.ni.dll
- 2011-10-16 19:36 . 2011-10-16 19:36 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\dc278e1123086ae32fec8f7e9751db14\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2011-10-16 19:47 . 2011-10-16 19:47 276480 c:\windows\assembly\NativeImages_v2.0.50727_32\EnvDTE80\49ae31763c5d5e529376bc0386477f71\EnvDTE80.ni.dll
- 2011-10-16 19:36 . 2011-10-16 19:36 276480 c:\windows\assembly\NativeImages_v2.0.50727_32\EnvDTE80\49ae31763c5d5e529376bc0386477f71\EnvDTE80.ni.dll
+ 2011-10-16 19:47 . 2011-10-16 19:47 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\3e6deccf191ab943d3a0812a38ab5c97\CustomMarshalers.ni.dll
- 2011-10-16 19:36 . 2011-10-16 19:36 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\3e6deccf191ab943d3a0812a38ab5c97\CustomMarshalers.ni.dll
+ 2011-10-16 19:54 . 2011-10-16 19:54 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\17902fdb0e0d3bc8b49bce693415fe7e\System.WorkflowServices.ni.dll
+ 2011-10-16 19:54 . 2011-10-16 19:54 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\f72c5f649951b0403e62bfab6c453e6f\System.Workflow.Runtime.ni.dll
+ 2011-10-16 19:54 . 2011-10-16 19:54 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\0aa4f4174204c93cc5181df4a6b2fb09\System.Workflow.ComponentModel.ni.dll
+ 2011-10-16 19:54 . 2011-10-16 19:54 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\921629dc69a5a895101097c88ae67897\System.Workflow.Activities.ni.dll
+ 2011-10-16 19:53 . 2011-10-16 19:53 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\f5dac0448a1dbe2687a5df92904d6274\System.Web.Mobile.ni.dll
+ 2011-10-16 19:53 . 2011-10-16 19:53 2405376 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\ccaf6bdd256a9b5079fedadcc8993327\System.Web.Extensions.ni.dll
+ 2011-10-16 19:53 . 2011-10-16 19:53 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\9ec7da53380a754b4ad97709df0dd7e7\System.ServiceModel.Web.ni.dll
+ 2011-10-16 19:52 . 2011-10-16 19:52 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\541142d8742e6e88f1e729fafee04e71\System.Data.Services.ni.dll
+ 2011-10-16 19:52 . 2011-10-16 19:52 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\a3ce22c2a84fdcb008d72d230ee0b2c0\System.Data.Entity.ni.dll
+ 2011-10-16 19:49 . 2011-10-16 19:49 1831936 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\9f852b99a0394374aa1c0abb52e6733a\Microsoft.VisualStudio.CommonIDE.ni.dll
+ 2011-10-16 19:49 . 2011-10-16 19:49 1116160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\6d4c6f1797bd15bf126c25fac2108e86\Microsoft.VisualStudio.Design.ni.dll
+ 2011-10-16 19:49 . 2011-10-16 19:49 3929600 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\539524d432614598ac67b9ac214d4030\Microsoft.VisualStudio.Editors.ni.dll
+ 2011-10-16 19:50 . 2011-10-16 19:50 1301504 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\50e6ba25e8216c9738c5af2ac2bc6006\Microsoft.VisualStudio.Tools.Applications.Adapter.v9.0.ni.dll
+ 2011-10-16 19:49 . 2011-10-16 19:49 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\24331b719aa25ac2b21099e32232840c\Microsoft.VisualBasic.ni.dll
+ 2011-10-16 19:49 . 2011-10-16 19:49 1354240 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.To#\3f098d1aefafe2995b06e052e4ae0bf5\Microsoft.Office.Tools.Excel.v9.0.ni.dll
+ 2011-10-16 19:48 . 2011-10-16 19:48 1787904 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.In#\9fb012663a6d7c785ce28d96d106ad3c\Microsoft.Office.InfoPath.Client.Internal.Host.ni.dll
+ 2011-10-16 19:48 . 2011-10-16 19:48 1184256 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.In#\38e276a5c5ee1173b699a299d7cf425d\Microsoft.Office.Interop.InfoPath.SemiTrust.ni.dll
+ 2011-10-16 19:48 . 2011-10-16 19:48 2091008 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.Bu#\e2d22f21f4bcd5c8c5c1ea4237fc1a5b\Microsoft.Office.BusinessApplications.RuntimeUi.ni.dll
+ 2011-10-16 19:47 . 2011-10-16 19:47 1563136 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.Bu#\a79a1e05738f15394641f779845c5c43\Microsoft.Office.BusinessApplications.Runtime.ni.dll
+ 2011-10-16 19:48 . 2011-10-16 19:48 4751360 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.Bu#\8ace6f86e1a162db0e56614ad84d7599\Microsoft.Office.BusinessApplications.SyncServices.ni.dll
+ 2011-10-16 19:48 . 2011-10-16 19:48 3235840 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.Bu#\443addf4f4e64dbb694f43212b490328\Microsoft.Office.BusinessData.ni.dll
+ 2011-10-16 19:47 . 2011-10-16 19:47 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\50e7c5eb58c982dba7b21cd10a69b095\Microsoft.Build.Tasks.ni.dll
+ 2011-10-16 19:47 . 2011-10-16 19:47 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\415cef6abab5bb959f200f6c537bc289\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2011-10-16 19:47 . 2011-10-16 19:47 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\eea7bcc8d356e3f2dcb4f36dfc1c6bc0\Microsoft.Build.Engine.ni.dll
- 2011-10-16 19:36 . 2011-10-16 19:36 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\eea7bcc8d356e3f2dcb4f36dfc1c6bc0\Microsoft.Build.Engine.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\K\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\K\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\K\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\K\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Jing"="c:\program files\TechSmith\Jing\Jing.exe" [2010-08-19 3069192]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-06-15 15141768]
"GizmoDriveDelegate"="c:\program files\Gizmo\gizmo.exe" [2011-05-04 223640]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-12-30 875016]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"RTHDCPL"="RTHDCPL.EXE" [2009-02-24 17529856]
"AzMixerSel"="c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe" [2006-01-25 53248]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-24 30192]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"snp2uvc"="c:\windows\system32\csnp2uvc.dll" [2009-02-17 196608]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-06 1430824]
"PLFSetL"="c:\windows\PLFSetL.exe" [2008-07-03 94208]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"SolidWorks_CheckForUpdates"="c:\program files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe" [2009-01-31 7300392]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"*edithostadv.exe"="c:\documents and settings\K\Start Menu\Programs\edithostadv.exe" [2011-10-14 171520]
.
c:\documents and settings\K\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\K\Application Data\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
EvernoteClipper.lnk - c:\program files\Evernote\Evernote\EvernoteClipper.exe [2011-8-8 977408]
qlock.lnk - c:\program files\Qlock\qlock.exe [2009-2-13 4142080]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2009-8-1 565248]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-5-8 607584]
Gizmo.lnk - c:\program files\Gizmo\gizmo.exe [2011-5-4 223640]
SolidWorks Background Downloader.lnk - c:\program files\Common Files\SolidWorks Installation Manager\BackgroundDownloading\sldBgDwld.exe [2011-7-18 1834280]
VPN Client.lnk - c:\windows\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\Icon3E5562ED7.ico [2010-10-12 6144]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\K\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\FreeOrion\\freeoriond.exe"=
"c:\\Documents and Settings\\K\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\ImageJ\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\DivX\\DivX Update\\DivXUpdate.exe"=
"c:\\Documents and Settings\\K\\Local Settings\\Application Data\\Google\\Update\\GoogleUpdate.exe"=
"c:\\Program Files\\Common Files\\SolidWorks Installation Manager\\BackgroundDownloading\\sldBgDwld.exe"=
"c:\\Program Files\\TechSmith\\Jing\\Jing.exe"=
"c:\\Program Files\\Google\\Update\\GoogleUpdate.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe"=
.
R1 GizmoDrv;Gizmo Device Driver;c:\windows\system32\drivers\gizmodrv.sys [5/4/2011 8:30 AM 25488]
R2 Gizmo Central;Gizmo Central;c:\program files\Gizmo\gservice.exe [5/4/2011 8:30 AM 34728]
R2 Remote Solver for Flow Simulation 2010;Remote Solver for Flow Simulation 2010;c:\program files\SolidWorks Corp\SolidWorks Flow Simulation (2)\binCFW\StandAloneSlv.exe [10/6/2010 7:57 PM 71432]
R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [8/1/2009 2:35 AM 237568]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [8/1/2009 12:35 AM 38912]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 9:37 PM 4640000]
S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\K\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\K\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\K\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS --> c:\docume~1\K\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/24/2010 1:56 AM 135664]
S2 Remote Solver for Flow Simulation 2011;Remote Solver for Flow Simulation 2011;"c:\program files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe" --> c:\program files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [8/1/2009 1:48 AM 1684736]
S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\SolidWorks Corp\SolidWorks (2)\swScheduler\DTSCoordinatorService.exe [12/2/2010 6:18 AM 87336]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [8/1/2009 1:50 AM 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [8/24/2010 1:56 AM 135664]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [3/25/2010 10:25 AM 30969208]
S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTS5121.sys --> c:\windows\system32\Drivers\RTS5121.sys [?]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [9/23/2005 7:01 AM 2799808]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
inetsvcs REG_MULTI_SZ intelpower
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 18:50]
.
2011-10-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-24 08:55]
.
2011-10-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-24 08:55]
.
2011-10-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3207847200-596957751-681764103-1005Core.job
- c:\documents and settings\K\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-02 01:26]
.
2011-10-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3207847200-596957751-681764103-1005UA.job
- c:\documents and settings\K\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-02 01:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_one&r=0xph08104205l0304wu45w8812314o
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_one&r=0xph08104205l0304wu45w8812314o
uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe" //mailurl:mailto:
[email protected]uInternet Settings,ProxyOverride = *.local
IE: Add to Evernote 4.0 - c:\program files\Evernote\Evernote\EvernoteIE.dll/204
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files\Evernote\Evernote\EvernoteIE.dll/204
FF - ProfilePath - c:\documents and settings\K\Application Data\Mozilla\Firefox\Profiles\tjyi1aio.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Google Gears: {000a9d1c-beef-4f90-9363-039d445309b8} - c:\program files\Google\Google Gears\Firefox
FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Evernote Web Clipper: {E0B8C461-F8FB-49b4-8373-FE32E9252800} - %profile%\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}
FF - Ext: FireFTP: {a7c6cf7f-112c-4500-a7ea-39801a327e5f} - %profile%\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
FF - Ext: Delicious Bookmarks: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9} - %profile%\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
FF - Ext: Readability:
[email protected] - %profile%\extensions\
[email protected]FF - Ext: UnMHT: {f759ca51-3a91-4dd1-ae78-9db5eee9ebf0} - %profile%\extensions\{f759ca51-3a91-4dd1-ae78-9db5eee9ebf0}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2011-10-18 00:00
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1180)
c:\windows\system32\igfxdev.dll
.
- - - - - - - > 'explorer.exe'(7444)
c:\windows\system32\WININET.dll
c:\documents and settings\K\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~2\Office14\1033\GrooveIntlResource.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\ieframe.dll
c:\program files\Gizmo\ghook.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2011-10-18 00:04:28
ComboFix-quarantined-files.txt 2011-10-18 07:04
ComboFix2.txt 2011-10-16 19:45
.
Pre-Run: 21,695,684,608 bytes free
Post-Run: 21,677,260,800 bytes free
.
- - End Of File - - 92F370C7CD2E9B57535FCB323D9D961C
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\*edithostadv.exe deleted successfully.
Invalid CLSID key: *edithostadv.exe
C:\Documents and Settings\K\Start Menu\Programs\edithostadv.exe moved successfully.
C:\WINDOWS\{2521BB91-29B1-4d7e-9137-AC9875D77735} moved successfully.
C:\mdsbdsam-setup.exe moved successfully.
File C:\Documents and Settings\K\Desktop\mdsbdsam-setup.exe not found.
File C:\WINDOWS\{2521BB91-29B1-4d7e-9137-AC9875D77735} not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 16384 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes
User: K
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 470937 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 5934892 bytes
->Flash cache emptied: 0 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32835 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1955719 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 8.00 mb
[EMPTYFLASH]
User: Administrator
->Flash cache emptied: 0 bytes
User: All Users
User: Default User
->Flash cache emptied: 0 bytes
User: K
->Flash cache emptied: 0 bytes
User: LocalService
User: NetworkService
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0.00 mb
OTL by OldTimer - Version 3.2.31.0 log created on 10182011_000826
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
OTL logfile created on: 10/18/2011 12:12:32 AM - Run 10
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\K\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1013.87 Mb Total Physical Memory | 385.91 Mb Available Physical Memory | 38.06% Memory free
2.38 Gb Paging File | 1.90 Gb Available in Paging File | 79.53% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 139.04 Gb Total Space | 20.24 Gb Free Space | 14.55% Space Free | Partition Type: NTFS
Drive D: | 3.73 Gb Total Space | 2.62 Gb Free Space | 70.31% Space Free | Partition Type: FAT32
Computer Name: ACER-399B23EC8F | User Name: K | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - [2011/10/16 11:48:06 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\K\Desktop\OTL(1).exe
PRC - [2011/09/25 14:37:43 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.69\GoogleCrashHandler.exe
PRC - [2011/08/08 18:28:02 | 000,977,408 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
PRC - [2011/06/08 12:12:40 | 001,834,280 | ---- | M] (Dassault Systmes SolidWorks Corp.) -- C:\Program Files\Common Files\SolidWorks Installation Manager\BackgroundDownloading\sldBgDwld.exe
PRC - [2011/05/25 13:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\K\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2011/05/04 08:30:42 | 000,034,728 | ---- | M] (Arainia Solutions) -- C:\Program Files\Gizmo\gservice.exe
PRC - [2011/05/04 08:30:41 | 000,223,640 | ---- | M] (Arainia Solutions) -- C:\Program Files\Gizmo\gizmo.exe
PRC - [2011/03/21 14:10:00 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/10/06 19:57:42 | 000,071,432 | ---- | M] (Mentor Graphics Corporation) -- C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation (2)\binCFW\StandAloneSlv.exe
PRC - [2010/08/19 15:23:10 | 003,069,192 | ---- | M] (TechSmith Corporation) -- C:\Program Files\TechSmith\Jing\Jing.exe
PRC - [2010/03/23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2009/06/25 17:30:36 | 000,565,248 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\AcerVCM.exe
PRC - [2009/05/08 15:09:42 | 000,607,584 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2009/02/13 23:37:32 | 004,142,080 | ---- | M] () -- C:\Program Files\Qlock\qlock.exe
PRC - [2009/02/05 08:14:56 | 000,237,568 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\RS_Service.exe
PRC - [2009/01/31 11:26:09 | 007,300,392 | ---- | M] (Dassault Systmes SolidWorks Corp.) -- C:\Program Files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe
PRC - [2008/12/30 00:09:54 | 000,875,016 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2008/07/03 15:58:22 | 000,094,208 | ---- | M] (sonix) -- C:\WINDOWS\PLFSetL.exe
PRC - [2008/04/15 17:54:42 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2008/04/15 17:54:40 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/04/14 05:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/14 05:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\savedump.exe
========== Modules (No Company Name) ========== MOD - [2011/10/16 12:03:21 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll
MOD - [2011/10/15 15:55:22 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
MOD - [2011/10/15 15:55:03 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll
MOD - [2011/10/15 15:54:11 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll
MOD - [2011/10/15 15:52:24 | 000,539,648 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c2ebcc8d60422f224b4088f3d7a2ac1f\PresentationFramework.Luna.ni.dll
MOD - [2011/10/15 15:52:16 | 014,328,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\054488924fcc579cce9fa0209dafe28b\PresentationFramework.ni.dll
MOD - [2011/10/15 15:51:03 | 012,215,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\b2f0318713eca304eaa9d86fc17edb96\PresentationCore.ni.dll
MOD - [2011/10/15 15:50:09 | 003,325,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\1adc4ae51a5ac63e896a1402749ca495\WindowsBase.ni.dll
MOD - [2011/10/15 15:49:48 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2011/10/15 15:49:24 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/05/04 08:30:42 | 000,404,384 | ---- | M] () -- C:\Program Files\Gizmo\gdatabase.dll
MOD - [2011/05/04 08:30:42 | 000,394,656 | ---- | M] () -- C:\Program Files\Gizmo\gdrive.dll
MOD - [2011/05/04 08:30:42 | 000,372,632 | ---- | M] () -- C:\Program Files\Gizmo\ghash.dll
MOD - [2011/05/04 08:30:42 | 000,339,864 | ---- | M] () -- C:\Program Files\Gizmo\gscript.dll
MOD - [2011/05/04 08:30:42 | 000,339,864 | ---- | M] () -- C:\Program Files\Gizmo\geditor.dll
MOD - [2011/05/04 08:30:41 | 000,315,800 | ---- | M] () -- C:\Program Files\Gizmo\gmanager.dll
MOD - [2011/05/04 08:30:41 | 000,166,816 | ---- | M] () -- C:\Program Files\Gizmo\gimage.dll
MOD - [2011/04/19 12:39:46 | 000,315,392 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libtidy.dll
MOD - [2011/04/19 12:39:44 | 000,433,664 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libxml2.dll
MOD - [2011/03/21 14:10:36 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/03/21 14:10:00 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2010/08/19 15:23:08 | 000,969,480 | ---- | M] () -- C:\Program Files\TechSmith\Jing\Recorder.dll
MOD - [2010/06/03 13:46:00 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010/03/24 21:17:36 | 008,794,464 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/03/23 13:26:48 | 000,201,512 | ---- | M] () -- C:\WINDOWS\system32\vpnapi.dll
MOD - [2010/01/30 02:41:12 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2009/12/20 18:42:16 | 000,176,235 | ---- | M] () -- C:\WINDOWS\system32\Primomonnt.dll
MOD - [2009/05/08 15:08:42 | 002,854,976 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll
MOD - [2009/05/08 15:06:38 | 000,069,697 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2009/02/13 23:37:32 | 004,142,080 | ---- | M] () -- C:\Program Files\Qlock\qlock.exe
MOD - [2008/04/14 05:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/04/14 05:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2003/06/06 22:30:08 | 000,057,344 | ---- | M] () -- C:\Program Files\Launch Manager\PowerUtl.dll
========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- -- (Remote Solver for Flow Simulation 2011)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/07/18 23:19:56 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/05/04 08:30:42 | 000,034,728 | ---- | M] (Arainia Solutions) [Auto | Running] -- C:\Program Files\Gizmo\gservice.exe -- (Gizmo Central)
SRV - [2010/12/09 11:07:10 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2010/12/02 06:18:32 | 000,087,336 | ---- | M] (Dassault Systmes SolidWorks Corp.) [On_Demand | Stopped] -- C:\Program Files\SolidWorks Corp\SolidWorks (2)\swScheduler\DTSCoordinatorService.exe -- (CoordinatorServiceHost)
SRV - [2010/10/06 19:57:42 | 000,071,432 | ---- | M] (Mentor Graphics Corporation) [Auto | Running] -- C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation (2)\binCFW\StandAloneSlv.exe -- (Remote Solver for Flow Simulation 2010)
SRV - [2010/03/25 10:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/03/23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2009/02/05 08:14:56 | 000,237,568 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2008/04/15 17:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel®
SRV - [2005/09/23 07:01:16 | 002,799,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80)
========== Driver Services (SafeList) ========== DRV - [2011/05/04 08:30:46 | 000,025,488 | ---- | M] (Arainia Solutions LLC) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\gizmodrv.sys -- (GizmoDrv)
DRV - [2010/03/23 13:15:36 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2009/06/21 21:59:26 | 001,574,112 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2009/05/10 22:01:30 | 000,056,992 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2009/05/06 18:15:38 | 001,759,744 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2009/04/15 03:13:34 | 000,991,136 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2009/03/01 22:03:48 | 000,038,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)
DRV - [2009/02/24 01:49:44 | 005,032,448 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/02/18 02:46:56 | 000,534,312 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2008/11/16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2008/10/30 14:19:14 | 000,047,272 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2008/08/05 05:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2007/11/14 19:05:16 | 000,394,952 | ---- | M] (Zone Labs, LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2007/01/18 20:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/11/02 06:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)
DRV - [2006/01/04 00:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://homepage.acer...04wu45w8812314o IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://homepage.acer...04wu45w8812314oIE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ========== FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: {E0B8C461-F8FB-49b4-8373-FE32E9252800}:4.0.0.155231
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
FF - prefs.js..extensions.enabledItems: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}:2.3.1
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7550
FF - prefs.js..extensions.enabledItems:
[email protected]:1.9
FF - prefs.js..extensions.enabledItems: {f759ca51-3a91-4dd1-ae78-9db5eee9ebf0}:5.6.9
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\K\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\K\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\K\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Documents and Settings\K\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\K\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/08/24 05:27:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/04/13 22:47:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/04/13 22:47:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/29 08:25:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/29 08:25:55 | 000,000,000 | ---D | M]
[2010/08/24 02:06:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\K\Application Data\Mozilla\Extensions
[2011/09/29 11:53:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\K\Application Data\Mozilla\Firefox\Profiles\tjyi1aio.default\extensions
[2011/08/12 18:05:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\K\Application Data\Mozilla\Firefox\Profiles\tjyi1aio.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/08/12 18:05:05 | 000,000,000 | ---D | M] (Delicious Bookmarks) -- C:\Documents and Settings\K\Application Data\Mozilla\Firefox\Profiles\tjyi1aio.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2011/08/12 18:05:05 | 000,000,000 | ---D | M] (FireFTP) -- C:\Documents and Settings\K\Application Data\Mozilla\Firefox\Profiles\tjyi1aio.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2011/08/12 18:05:07 | 000,000,000 | ---D | M] (Evernote Web Clipper) -- C:\Documents and Settings\K\Application Data\Mozilla\Firefox\Profiles\tjyi1aio.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}
[2011/08/14 14:28:33 | 000,000,000 | ---D | M] (UnMHT) -- C:\Documents and Settings\K\Application Data\Mozilla\Firefox\Profiles\tjyi1aio.default\extensions\{f759ca51-3a91-4dd1-ae78-9db5eee9ebf0}
[2011/08/14 14:28:34 | 000,000,000 | ---D | M] (Readability) -- C:\Documents and Settings\K\Application Data\Mozilla\Firefox\Profiles\tjyi1aio.default\extensions\
[email protected][2011/10/17 20:29:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/06/29 06:22:52 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/04/13 22:47:03 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO
[2011/04/13 22:47:04 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA
[2010/08/24 05:27:06 | 000,000,000 | ---D | M] (Google Gears) -- C:\PROGRAM FILES\GOOGLE\GOOGLE GEARS\FIREFOX
[2010/08/26 15:38:33 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/05/16 16:52:28 | 000,258,560 | ---- | M] (Dassault Systmes SolidWorks Corp.) -- C:\Program Files\mozilla firefox\plugins\npEModelPlugin.dll
O1 HOSTS File: ([2011/10/16 12:39:10 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\Drivers\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PLFSetL] C:\WINDOWS\PLFSetL.exe (sonix)
O4 - HKLM..\Run: [snp2uvc] C:\WINDOWS\System32\csnp2uvc.dll ( )
O4 - HKLM..\Run: [SolidWorks_CheckForUpdates] C:\Program Files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe (Dassault Systmes SolidWorks Corp.)
O4 - HKCU..\Run: [GizmoDriveDelegate] C:\Program Files\Gizmo\gizmo.exe (Arainia Solutions)
O4 - HKCU..\Run: [Jing] C:\Program Files\TechSmith\Jing\Jing.exe (TechSmith Corporation)
O4 - HKLM..\RunOnce: [*acctadmqueue.exe] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\acctadmqueue.exe (if systems)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\acctadmqueue.exe (if systems)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acer VCM.lnk = C:\Program Files\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Gizmo.lnk = C:\Program Files\Gizmo\gizmo.exe (Arainia Solutions)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SolidWorks Background Downloader.lnk = C:\Program Files\Common Files\SolidWorks Installation Manager\BackgroundDownloading\sldBgDwld.exe (Dassault Systmes SolidWorks Corp.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\Icon3E5562ED7.ico ()
O4 - Startup: C:\Documents and Settings\K\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\K\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Documents and Settings\K\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O4 - Startup: C:\Documents and Settings\K\Start Menu\Programs\Startup\qlock.lnk = C:\Program Files\Qlock\qlock.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\K\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\K\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/31 23:55:07 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: mcmscsvc - Service
SafeBootMin: MCODS - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: AppMgmt - File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: mcmscsvc - Service
SafeBootNet: MCODS - Service
SafeBootNet: MpfService - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ========== [2011/10/18 00:08:31 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/10/18 00:08:30 | 000,171,520 | ---- | C] (if systems) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\acctadmqueue.exe
[2011/10/18 00:07:07 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\K\Desktop\OTL(1).exe
[2011/10/17 23:42:40 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/10/17 23:37:36 | 004,263,508 | R--- | C] (Swearware) -- C:\Documents and Settings\K\Desktop\ComboFix.exe
[2011/10/16 12:10:00 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/10/14 10:37:56 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/10/14 10:37:56 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/10/14 10:37:56 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/10/14 10:37:56 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/10/11 18:05:30 | 000,000,000 | ---D | C] -- C:\found.000
[2011/10/07 12:21:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/10/07 10:17:24 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/10/03 21:38:04 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\K\Recent
[2011/10/02 14:39:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\K\Application Data\Qlock
[2011/10/02 14:05:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/10/02 14:04:53 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/02 14:04:39 | 000,000,000 | R--D | C] -- C:\Documents and Settings\K\Start Menu\Programs\Administrative Tools
[2011/09/29 11:21:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/09/29 11:21:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/09/29 10:02:49 | 000,000,000 | ---D | C] -- C:\MGtools
[2011/09/29 08:28:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\K\Application Data\SUPERAntiSpyware.com
[2011/09/29 08:28:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/08/22 13:06:54 | 000,196,608 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll
[2010/08/22 06:51:46 | 000,225,280 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll
[2009/08/01 00:35:00 | 000,049,152 | ---- | C] ( ) -- C:\WINDOWS\Interop.IWshRuntimeLibrary.dll
========== Files - Modified Within 30 Days ========== [2011/10/18 00:14:05 | 000,437,618 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/10/18 00:14:05 | 000,069,678 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/10/18 00:10:23 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2011/10/18 00:09:33 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/18 00:09:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/18 00:09:27 | 1063,194,624 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/18 00:08:30 | 000,171,520 | ---- | M] (if systems) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\acctadmqueue.exe
[2011/10/17 23:42:17 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/17 23:36:24 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/10/17 20:49:48 | 004,263,508 | R--- | M] (Swearware) -- C:\Documents and Settings\K\Desktop\ComboFix.exe
[2011/10/17 20:43:58 | 059,854,808 | ---- | M] () -- C:\Documents and Settings\K\Desktop\setup_av_free_cnet.exe
[2011/10/17 13:48:06 | 000,000,962 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3207847200-596957751-681764103-1005UA.job
[2011/10/16 21:48:00 | 000,000,910 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3207847200-596957751-681764103-1005Core.job
[2011/10/16 12:39:10 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/10/16 12:10:08 | 000,000,328 | RHS- | M] () -- C:\boot.ini
[2011/10/16 11:48:06 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\K\Desktop\OTL(1).exe
[2011/10/16 10:40:24 | 000,368,096 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/14 09:28:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/10/03 01:35:11 | 005,971,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2011/09/30 23:41:30 | 000,027,754 | ---- | M] () -- C:\MGlogs.zip
[2011/09/29 14:22:20 | 000,582,656 | ---- | M] () -- C:\Documents and Settings\K\Desktop\OTL.exe
[2011/09/29 14:21:56 | 000,582,656 | ---- | M] () -- C:\Documents and Settings\K\Desktop\OTL.scr
[2011/09/29 10:20:10 | 002,170,570 | ---- | M] () -- C:\Documents and Settings\K\My Documents\cc_20110929_101851.reg
[2011/09/29 08:19:56 | 002,420,346 | ---- | M] () -- C:\MGtools.exe
[2011/09/26 11:41:20 | 000,611,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\uiautomationcore.dll
[2011/09/26 11:41:20 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oleacc.dll
[2011/09/26 11:41:14 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\oleaccrc.dll
[2011/09/26 11:41:14 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oleaccrc.dll
========== Files Created - No Company Name ========== [2011/10/17 21:09:11 | 059,854,808 | ---- | C] () -- C:\Documents and Settings\K\Desktop\setup_av_free_cnet.exe
[2011/10/16 12:10:08 | 000,000,212 | ---- | C] () -- C:\Boot.bak
[2011/10/16 12:10:02 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/10/16 11:56:35 | 1063,194,624 | -HS- | C] () -- C:\hiberfil.sys
[2011/10/14 10:37:56 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/10/14 10:37:56 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/10/14 10:37:56 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/10/14 10:37:56 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/10/14 10:37:56 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/10/14 09:44:48 | 000,582,656 | ---- | C] () -- C:\Documents and Settings\K\Desktop\OTL.scr
[2011/10/11 18:36:14 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/10/02 16:04:16 | 000,582,656 | ---- | C] () -- C:\Documents and Settings\K\Desktop\OTL.exe
[2011/09/29 12:23:12 | 002,420,346 | ---- | C] () -- C:\MGtools.exe
[2011/09/29 10:19:18 | 002,170,570 | ---- | C] () -- C:\Documents and Settings\K\My Documents\cc_20110929_101851.reg
[2011/09/29 10:02:52 | 000,027,754 | ---- | C] () -- C:\MGlogs.zip
[2011/09/11 20:28:42 | 000,000,625 | ---- | C] () -- C:\WINDOWS\solvermfc.INI
[2011/02/10 19:28:31 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/12/09 11:18:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\eDrawingOfficeAutomator.INI
[2010/10/17 22:04:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\yap.INI
[2010/09/16 11:41:58 | 000,957,904 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/09/03 12:03:54 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2010/08/25 02:31:38 | 000,083,108 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/08/24 15:30:06 | 000,009,216 | ---- | C] () -- C:\Documents and Settings\K\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/24 02:05:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/08/22 13:06:54 | 001,759,744 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2010/08/22 13:06:54 | 000,028,544 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys
[2010/08/22 13:06:53 | 000,000,323 | ---- | C] () -- C:\WINDOWS\PidList.ini
[2010/03/23 13:26:48 | 000,201,512 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2010/03/23 13:17:40 | 000,197,416 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2009/12/20 18:42:18 | 000,000,314 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2009/08/01 03:01:06 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/08/01 01:48:57 | 000,090,772 | ---- | C] () -- C:\WINDOWS\System32\drivers\RtConvEQ.DAT
[2009/08/01 01:48:57 | 000,000,536 | ---- | C] () -- C:\WINDOWS\System32\drivers\RtHdatEx.dat
[2009/08/01 01:48:57 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTEQEX2.dat
[2009/08/01 01:48:57 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTEQEX1.dat
[2009/08/01 01:48:57 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTEQEX0.dat
[2009/08/01 01:48:57 | 000,000,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTHDAEQ0.dat
[2009/08/01 01:48:57 | 000,000,164 | ---- | C] () -- C:\WINDOWS\System32\drivers\SamSfPa.dat
[2009/08/01 01:48:57 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\rtkhdaud.dat
[2009/08/01 01:48:01 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009/08/01 00:34:51 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009/08/01 00:34:50 | 000,437,618 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2009/08/01 00:34:50 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2009/08/01 00:34:50 | 000,069,678 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2009/08/01 00:34:50 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2009/08/01 00:34:50 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2009/08/01 00:34:49 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2009/08/01 00:34:49 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2009/08/01 00:34:48 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2009/08/01 00:34:48 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2009/08/01 00:34:44 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2009/08/01 00:34:42 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2009/07/31 23:58:22 | 000,007,003 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2009/07/31 23:57:06 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/07/31 23:52:54 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/07/31 23:51:59 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2009/07/31 16:49:29 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/07/31 16:48:41 | 000,368,096 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/05/08 15:08:42 | 002,854,976 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2009/02/24 19:20:23 | 000,020,480 | ---- | C] () -- C:\WINDOWS\LauncheRyDiscCalc.exe
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
========== Custom Scans ========== < > < > < %SYSTEMDRIVE%\*.exe >[2011/09/29 08:19:56 | 002,420,346 | ---- | M] () -- C:\MGtools.exe
< %SYSTEMDRIVE%\*.exe >[2011/09/29 08:19:56 | 002,420,346 | ---- | M] () -- C:\MGtools.exe
< %ALLUSERSPROFILE%\Application Data\*.exe > < %APPDATA%\*. >[2010/08/22 13:14:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\.BitTornado
[2009/08/01 02:35:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Acer
[2009/08/01 02:07:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Acer GameZone Console
[2011/10/02 14:29:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Adobe
[2011/08/04 12:35:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Apple Computer
[2011/03/01 05:39:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\ArcSoft
[2011/01/08 12:30:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\calibre
[2011/05/25 11:12:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\DassaultSystemes
[2011/08/04 08:54:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\DivX
[2011/10/17 20:31:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Dropbox
[2011/01/02 15:42:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\FreeOrion
[2011/05/04 08:30:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Gizmo
[2010/08/24 01:57:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Google
[2009/07/31 23:58:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Identities
[2011/10/18 00:10:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\IM
[2009/08/01 01:43:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\InstallShield
[2009/08/01 02:32:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Macromedia
[2011/03/02 20:18:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2010/08/26 17:36:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\MathWorks
[2011/07/22 10:00:47 | 000,000,000 | --SD | M] -- C:\Documents and Settings\K\Application Data\Microsoft
[2010/10/17 22:22:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\MiKTeX
[2011/09/15 00:49:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Mozilla
[2010/10/14 06:58:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\MuPAD
[2010/11/24 22:25:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Paltalk
[2011/04/09 23:19:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\PrimoPDF
[2011/10/02 14:39:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Qlock
[2011/10/18 00:10:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Skype
[2011/06/29 06:21:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\skypePM
[2011/09/15 10:10:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\SolidWorks
[2011/06/02 13:47:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\SolidWorks 2009
[2011/09/12 01:28:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\SolidWorks 2010
[2010/08/26 15:35:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Sun
[2009/08/01 02:25:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Super-Cow
[2011/09/29 08:28:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\SUPERAntiSpyware.com
[2011/07/12 18:05:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\vlc
[2010/12/27 18:36:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\WinRAR
< MD5 for: EXPLORER.EXE >[2008/04/14 05:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/14 05:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 05:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe
< MD5 for: SVCHOST.EXE >[2008/04/14 05:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/14 05:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008/04/14 05:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
< MD5 for: USERINIT.EXE >[2008/04/14 05:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/14 05:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/14 05:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe
< MD5 for: WINLOGON.EXE >[2008/04/14 05:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/14 05:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/14 05:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe
< %systemroot%\*. /mp /s > < hklm\software\clients\startmenuinternet|command /rs >HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/09/29 08:25:51 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/09/29 08:25:51 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/09/29 08:25:51 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/09/29 08:25:48 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/09/29 08:25:48 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/09/29 08:25:48 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/08/22 04:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/08/22 04:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/08/22 04:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
< hklm\software\clients\startmenuinternet|command /64 /rs >HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/09/29 08:25:51 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/09/29 08:25:51 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/09/29 08:25:51 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/09/29 08:25:48 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/09/29 08:25:48 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/09/29 08:25:48 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/08/22 04:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/08/22 04:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/08/22 04:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
< %systemroot%\system32\*.dll /lockedfiles > < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /lockedfiles >< End of report >
OTL logfile created on: 10/18/2011 12:12:32 AM - Run 10
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\K\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1013.87 Mb Total Physical Memory | 385.91 Mb Available Physical Memory | 38.06% Memory free
2.38 Gb Paging File | 1.90 Gb Available in Paging File | 79.53% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 139.04 Gb Total Space | 20.24 Gb Free Space | 14.55% Space Free | Partition Type: NTFS
Drive D: | 3.73 Gb Total Space | 2.62 Gb Free Space | 70.31% Space Free | Partition Type: FAT32
Computer Name: ACER-399B23EC8F | User Name: K | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - [2011/10/16 11:48:06 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\K\Desktop\OTL(1).exe
PRC - [2011/09/25 14:37:43 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.69\GoogleCrashHandler.exe
PRC - [2011/08/08 18:28:02 | 000,977,408 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
PRC - [2011/06/08 12:12:40 | 001,834,280 | ---- | M] (Dassault Systmes SolidWorks Corp.) -- C:\Program Files\Common Files\SolidWorks Installation Manager\BackgroundDownloading\sldBgDwld.exe
PRC - [2011/05/25 13:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\K\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2011/05/04 08:30:42 | 000,034,728 | ---- | M] (Arainia Solutions) -- C:\Program Files\Gizmo\gservice.exe
PRC - [2011/05/04 08:30:41 | 000,223,640 | ---- | M] (Arainia Solutions) -- C:\Program Files\Gizmo\gizmo.exe
PRC - [2011/03/21 14:10:00 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/10/06 19:57:42 | 000,071,432 | ---- | M] (Mentor Graphics Corporation) -- C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation (2)\binCFW\StandAloneSlv.exe
PRC - [2010/08/19 15:23:10 | 003,069,192 | ---- | M] (TechSmith Corporation) -- C:\Program Files\TechSmith\Jing\Jing.exe
PRC - [2010/03/23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2009/06/25 17:30:36 | 000,565,248 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\AcerVCM.exe
PRC - [2009/05/08 15:09:42 | 000,607,584 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2009/02/13 23:37:32 | 004,142,080 | ---- | M] () -- C:\Program Files\Qlock\qlock.exe
PRC - [2009/02/05 08:14:56 | 000,237,568 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\RS_Service.exe
PRC - [2009/01/31 11:26:09 | 007,300,392 | ---- | M] (Dassault Systmes SolidWorks Corp.) -- C:\Program Files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe
PRC - [2008/12/30 00:09:54 | 000,875,016 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2008/07/03 15:58:22 | 000,094,208 | ---- | M] (sonix) -- C:\WINDOWS\PLFSetL.exe
PRC - [2008/04/15 17:54:42 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2008/04/15 17:54:40 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/04/14 05:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/14 05:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\savedump.exe
========== Modules (No Company Name) ========== MOD - [2011/10/16 12:03:21 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll
MOD - [2011/10/15 15:55:22 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
MOD - [2011/10/15 15:55:03 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll
MOD - [2011/10/15 15:54:11 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll
MOD - [2011/10/15 15:52:24 | 000,539,648 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c2ebcc8d60422f224b4088f3d7a2ac1f\PresentationFramework.Luna.ni.dll
MOD - [2011/10/15 15:52:16 | 014,328,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\054488924fcc579cce9fa0209dafe28b\PresentationFramework.ni.dll
MOD - [2011/10/15 15:51:03 | 012,215,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\b2f0318713eca304eaa9d86fc17edb96\PresentationCore.ni.dll
MOD - [2011/10/15 15:50:09 | 003,325,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\1adc4ae51a5ac63e896a1402749ca495\WindowsBase.ni.dll
MOD - [2011/10/15 15:49:48 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2011/10/15 15:49:24 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/05/04 08:30:42 | 000,404,384 | ---- | M] () -- C:\Program Files\Gizmo\gdatabase.dll
MOD - [2011/05/04 08:30:42 | 000,394,656 | ---- | M] () -- C:\Program Files\Gizmo\gdrive.dll
MOD - [2011/05/04 08:30:42 | 000,372,632 | ---- | M] () -- C:\Program Files\Gizmo\ghash.dll
MOD - [2011/05/04 08:30:42 | 000,339,864 | ---- | M] () -- C:\Program Files\Gizmo\gscript.dll
MOD - [2011/05/04 08:30:42 | 000,339,864 | ---- | M] () -- C:\Program Files\Gizmo\geditor.dll
MOD - [2011/05/04 08:30:41 | 000,315,800 | ---- | M] () -- C:\Program Files\Gizmo\gmanager.dll
MOD - [2011/05/04 08:30:41 | 000,166,816 | ---- | M] () -- C:\Program Files\Gizmo\gimage.dll
MOD - [2011/04/19 12:39:46 | 000,315,392 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libtidy.dll
MOD - [2011/04/19 12:39:44 | 000,433,664 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libxml2.dll
MOD - [2011/03/21 14:10:36 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/03/21 14:10:00 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2010/08/19 15:23:08 | 000,969,480 | ---- | M] () -- C:\Program Files\TechSmith\Jing\Recorder.dll
MOD - [2010/06/03 13:46:00 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010/03/24 21:17:36 | 008,794,464 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/03/23 13:26:48 | 000,201,512 | ---- | M] () -- C:\WINDOWS\system32\vpnapi.dll
MOD - [2010/01/30 02:41:12 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2009/12/20 18:42:16 | 000,176,235 | ---- | M] () -- C:\WINDOWS\system32\Primomonnt.dll
MOD - [2009/05/08 15:08:42 | 002,854,976 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll
MOD - [2009/05/08 15:06:38 | 000,069,697 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2009/02/13 23:37:32 | 004,142,080 | ---- | M] () -- C:\Program Files\Qlock\qlock.exe
MOD - [2008/04/14 05:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/04/14 05:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2003/06/06 22:30:08 | 000,057,344 | ---- | M] () -- C:\Program Files\Launch Manager\PowerUtl.dll
========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- -- (Remote Solver for Flow Simulation 2011)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/07/18 23:19:56 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/05/04 08:30:42 | 000,034,728 | ---- | M] (Arainia Solutions) [Auto | Running] -- C:\Program Files\Gizmo\gservice.exe -- (Gizmo Central)
SRV - [2010/12/09 11:07:10 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2010/12/02 06:18:32 | 000,087,336 | ---- | M] (Dassault Systmes SolidWorks Corp.) [On_Demand | Stopped] -- C:\Program Files\SolidWorks Corp\SolidWorks (2)\swScheduler\DTSCoordinatorService.exe -- (CoordinatorServiceHost)
SRV - [2010/10/06 19:57:42 | 000,071,432 | ---- | M] (Mentor Graphics Corporation) [Auto | Running] -- C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation (2)\binCFW\StandAloneSlv.exe -- (Remote Solver for Flow Simulation 2010)
SRV - [2010/03/25 10:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/03/23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2009/02/05 08:14:56 | 000,237,568 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2008/04/15 17:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel®
SRV - [2005/09/23 07:01:16 | 002,799,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80)
========== Driver Services (SafeList) ========== DRV - [2011/05/04 08:30:46 | 000,025,488 | ---- | M] (Arainia Solutions LLC) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\gizmodrv.sys -- (GizmoDrv)
DRV - [2010/03/23 13:15:36 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2009/06/21 21:59:26 | 001,574,112 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2009/05/10 22:01:30 | 000,056,992 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2009/05/06 18:15:38 | 001,759,744 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2009/04/15 03:13:34 | 000,991,136 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2009/03/01 22:03:48 | 000,038,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)
DRV - [2009/02/24 01:49:44 | 005,032,448 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/02/18 02:46:56 | 000,534,312 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2008/11/16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2008/10/30 14:19:14 | 000,047,272 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2008/08/05 05:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2007/11/14 19:05:16 | 000,394,952 | ---- | M] (Zone Labs, LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2007/01/18 20:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/11/02 06:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)
DRV - [2006/01/04 00:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://homepage.acer...04wu45w8812314o IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://homepage.acer...04wu45w8812314oIE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ========== FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: {E0B8C461-F8FB-49b4-8373-FE32E9252800}:4.0.0.155231
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
FF - prefs.js..extensions.enabledItems: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}:2.3.1
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7550
FF - prefs.js..extensions.enabledItems:
[email protected]:1.9
FF - prefs.js..extensions.enabledItems: {f759ca51-3a91-4dd1-ae78-9db5eee9ebf0}:5.6.9
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\K\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\K\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\K\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Documents and Settings\K\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\K\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/08/24 05:27:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/04/13 22:47:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/04/13 22:47:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/29 08:25:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/29 08:25:55 | 000,000,000 | ---D | M]
[2010/08/24 02:06:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\K\Application Data\Mozilla\Extensions
[2011/09/29 11:53:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\K\Application Data\Mozilla\Firefox\Profiles\tjyi1aio.default\extensions
[2011/08/12 18:05:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\K\Application Data\Mozilla\Firefox\Profiles\tjyi1aio.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/08/12 18:05:05 | 000,000,000 | ---D | M] (Delicious Bookmarks) -- C:\Documents and Settings\K\Application Data\Mozilla\Firefox\Profiles\tjyi1aio.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2011/08/12 18:05:05 | 000,000,000 | ---D | M] (FireFTP) -- C:\Documents and Settings\K\Application Data\Mozilla\Firefox\Profiles\tjyi1aio.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2011/08/12 18:05:07 | 000,000,000 | ---D | M] (Evernote Web Clipper) -- C:\Documents and Settings\K\Application Data\Mozilla\Firefox\Profiles\tjyi1aio.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}
[2011/08/14 14:28:33 | 000,000,000 | ---D | M] (UnMHT) -- C:\Documents and Settings\K\Application Data\Mozilla\Firefox\Profiles\tjyi1aio.default\extensions\{f759ca51-3a91-4dd1-ae78-9db5eee9ebf0}
[2011/08/14 14:28:34 | 000,000,000 | ---D | M] (Readability) -- C:\Documents and Settings\K\Application Data\Mozilla\Firefox\Profiles\tjyi1aio.default\extensions\
[email protected][2011/10/17 20:29:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/06/29 06:22:52 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/04/13 22:47:03 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO
[2011/04/13 22:47:04 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA
[2010/08/24 05:27:06 | 000,000,000 | ---D | M] (Google Gears) -- C:\PROGRAM FILES\GOOGLE\GOOGLE GEARS\FIREFOX
[2010/08/26 15:38:33 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/05/16 16:52:28 | 000,258,560 | ---- | M] (Dassault Systmes SolidWorks Corp.) -- C:\Program Files\mozilla firefox\plugins\npEModelPlugin.dll
O1 HOSTS File: ([2011/10/16 12:39:10 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\Drivers\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PLFSetL] C:\WINDOWS\PLFSetL.exe (sonix)
O4 - HKLM..\Run: [snp2uvc] C:\WINDOWS\System32\csnp2uvc.dll ( )
O4 - HKLM..\Run: [SolidWorks_CheckForUpdates] C:\Program Files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe (Dassault Systmes SolidWorks Corp.)
O4 - HKCU..\Run: [GizmoDriveDelegate] C:\Program Files\Gizmo\gizmo.exe (Arainia Solutions)
O4 - HKCU..\Run: [Jing] C:\Program Files\TechSmith\Jing\Jing.exe (TechSmith Corporation)
O4 - HKLM..\RunOnce: [*acctadmqueue.exe] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\acctadmqueue.exe (if systems)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\acctadmqueue.exe (if systems)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acer VCM.lnk = C:\Program Files\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Gizmo.lnk = C:\Program Files\Gizmo\gizmo.exe (Arainia Solutions)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SolidWorks Background Downloader.lnk = C:\Program Files\Common Files\SolidWorks Installation Manager\BackgroundDownloading\sldBgDwld.exe (Dassault Systmes SolidWorks Corp.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\Icon3E5562ED7.ico ()
O4 - Startup: C:\Documents and Settings\K\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\K\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Documents and Settings\K\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O4 - Startup: C:\Documents and Settings\K\Start Menu\Programs\Startup\qlock.lnk = C:\Program Files\Qlock\qlock.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\K\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\K\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/31 23:55:07 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: mcmscsvc - Service
SafeBootMin: MCODS - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: AppMgmt - File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: mcmscsvc - Service
SafeBootNet: MCODS - Service
SafeBootNet: MpfService - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ========== [2011/10/18 00:08:31 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/10/18 00:08:30 | 000,171,520 | ---- | C] (if systems) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\acctadmqueue.exe
[2011/10/18 00:07:07 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\K\Desktop\OTL(1).exe
[2011/10/17 23:42:40 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/10/17 23:37:36 | 004,263,508 | R--- | C] (Swearware) -- C:\Documents and Settings\K\Desktop\ComboFix.exe
[2011/10/16 12:10:00 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/10/14 10:37:56 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/10/14 10:37:56 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/10/14 10:37:56 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/10/14 10:37:56 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/10/11 18:05:30 | 000,000,000 | ---D | C] -- C:\found.000
[2011/10/07 12:21:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/10/07 10:17:24 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/10/03 21:38:04 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\K\Recent
[2011/10/02 14:39:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\K\Application Data\Qlock
[2011/10/02 14:05:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/10/02 14:04:53 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/02 14:04:39 | 000,000,000 | R--D | C] -- C:\Documents and Settings\K\Start Menu\Programs\Administrative Tools
[2011/09/29 11:21:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/09/29 11:21:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/09/29 10:02:49 | 000,000,000 | ---D | C] -- C:\MGtools
[2011/09/29 08:28:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\K\Application Data\SUPERAntiSpyware.com
[2011/09/29 08:28:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/08/22 13:06:54 | 000,196,608 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll
[2010/08/22 06:51:46 | 000,225,280 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll
[2009/08/01 00:35:00 | 000,049,152 | ---- | C] ( ) -- C:\WINDOWS\Interop.IWshRuntimeLibrary.dll
========== Files - Modified Within 30 Days ========== [2011/10/18 00:14:05 | 000,437,618 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/10/18 00:14:05 | 000,069,678 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/10/18 00:10:23 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2011/10/18 00:09:33 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/18 00:09:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/18 00:09:27 | 1063,194,624 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/18 00:08:30 | 000,171,520 | ---- | M] (if systems) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\acctadmqueue.exe
[2011/10/17 23:42:17 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/17 23:36:24 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/10/17 20:49:48 | 004,263,508 | R--- | M] (Swearware) -- C:\Documents and Settings\K\Desktop\ComboFix.exe
[2011/10/17 20:43:58 | 059,854,808 | ---- | M] () -- C:\Documents and Settings\K\Desktop\setup_av_free_cnet.exe
[2011/10/17 13:48:06 | 000,000,962 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3207847200-596957751-681764103-1005UA.job
[2011/10/16 21:48:00 | 000,000,910 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3207847200-596957751-681764103-1005Core.job
[2011/10/16 12:39:10 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/10/16 12:10:08 | 000,000,328 | RHS- | M] () -- C:\boot.ini
[2011/10/16 11:48:06 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\K\Desktop\OTL(1).exe
[2011/10/16 10:40:24 | 000,368,096 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/14 09:28:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/10/03 01:35:11 | 005,971,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2011/09/30 23:41:30 | 000,027,754 | ---- | M] () -- C:\MGlogs.zip
[2011/09/29 14:22:20 | 000,582,656 | ---- | M] () -- C:\Documents and Settings\K\Desktop\OTL.exe
[2011/09/29 14:21:56 | 000,582,656 | ---- | M] () -- C:\Documents and Settings\K\Desktop\OTL.scr
[2011/09/29 10:20:10 | 002,170,570 | ---- | M] () -- C:\Documents and Settings\K\My Documents\cc_20110929_101851.reg
[2011/09/29 08:19:56 | 002,420,346 | ---- | M] () -- C:\MGtools.exe
[2011/09/26 11:41:20 | 000,611,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\uiautomationcore.dll
[2011/09/26 11:41:20 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oleacc.dll
[2011/09/26 11:41:14 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\oleaccrc.dll
[2011/09/26 11:41:14 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oleaccrc.dll
========== Files Created - No Company Name ========== [2011/10/17 21:09:11 | 059,854,808 | ---- | C] () -- C:\Documents and Settings\K\Desktop\setup_av_free_cnet.exe
[2011/10/16 12:10:08 | 000,000,212 | ---- | C] () -- C:\Boot.bak
[2011/10/16 12:10:02 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/10/16 11:56:35 | 1063,194,624 | -HS- | C] () -- C:\hiberfil.sys
[2011/10/14 10:37:56 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/10/14 10:37:56 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/10/14 10:37:56 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/10/14 10:37:56 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/10/14 10:37:56 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/10/14 09:44:48 | 000,582,656 | ---- | C] () -- C:\Documents and Settings\K\Desktop\OTL.scr
[2011/10/11 18:36:14 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/10/02 16:04:16 | 000,582,656 | ---- | C] () -- C:\Documents and Settings\K\Desktop\OTL.exe
[2011/09/29 12:23:12 | 002,420,346 | ---- | C] () -- C:\MGtools.exe
[2011/09/29 10:19:18 | 002,170,570 | ---- | C] () -- C:\Documents and Settings\K\My Documents\cc_20110929_101851.reg
[2011/09/29 10:02:52 | 000,027,754 | ---- | C] () -- C:\MGlogs.zip
[2011/09/11 20:28:42 | 000,000,625 | ---- | C] () -- C:\WINDOWS\solvermfc.INI
[2011/02/10 19:28:31 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/12/09 11:18:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\eDrawingOfficeAutomator.INI
[2010/10/17 22:04:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\yap.INI
[2010/09/16 11:41:58 | 000,957,904 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/09/03 12:03:54 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2010/08/25 02:31:38 | 000,083,108 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/08/24 15:30:06 | 000,009,216 | ---- | C] () -- C:\Documents and Settings\K\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/24 02:05:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/08/22 13:06:54 | 001,759,744 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2010/08/22 13:06:54 | 000,028,544 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys
[2010/08/22 13:06:53 | 000,000,323 | ---- | C] () -- C:\WINDOWS\PidList.ini
[2010/03/23 13:26:48 | 000,201,512 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2010/03/23 13:17:40 | 000,197,416 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2009/12/20 18:42:18 | 000,000,314 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2009/08/01 03:01:06 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/08/01 01:48:57 | 000,090,772 | ---- | C] () -- C:\WINDOWS\System32\drivers\RtConvEQ.DAT
[2009/08/01 01:48:57 | 000,000,536 | ---- | C] () -- C:\WINDOWS\System32\drivers\RtHdatEx.dat
[2009/08/01 01:48:57 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTEQEX2.dat
[2009/08/01 01:48:57 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTEQEX1.dat
[2009/08/01 01:48:57 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTEQEX0.dat
[2009/08/01 01:48:57 | 000,000,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTHDAEQ0.dat
[2009/08/01 01:48:57 | 000,000,164 | ---- | C] () -- C:\WINDOWS\System32\drivers\SamSfPa.dat
[2009/08/01 01:48:57 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\rtkhdaud.dat
[2009/08/01 01:48:01 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009/08/01 00:34:51 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009/08/01 00:34:50 | 000,437,618 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2009/08/01 00:34:50 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2009/08/01 00:34:50 | 000,069,678 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2009/08/01 00:34:50 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2009/08/01 00:34:50 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2009/08/01 00:34:49 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2009/08/01 00:34:49 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2009/08/01 00:34:48 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2009/08/01 00:34:48 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2009/08/01 00:34:44 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2009/08/01 00:34:42 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2009/07/31 23:58:22 | 000,007,003 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2009/07/31 23:57:06 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/07/31 23:52:54 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/07/31 23:51:59 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2009/07/31 16:49:29 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/07/31 16:48:41 | 000,368,096 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/05/08 15:08:42 | 002,854,976 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2009/02/24 19:20:23 | 000,020,480 | ---- | C] () -- C:\WINDOWS\LauncheRyDiscCalc.exe
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
========== Custom Scans ========== < > < > < %SYSTEMDRIVE%\*.exe >[2011/09/29 08:19:56 | 002,420,346 | ---- | M] () -- C:\MGtools.exe
< %SYSTEMDRIVE%\*.exe >[2011/09/29 08:19:56 | 002,420,346 | ---- | M] () -- C:\MGtools.exe
< %ALLUSERSPROFILE%\Application Data\*.exe > < %APPDATA%\*. >[2010/08/22 13:14:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\.BitTornado
[2009/08/01 02:35:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Acer
[2009/08/01 02:07:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Acer GameZone Console
[2011/10/02 14:29:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Adobe
[2011/08/04 12:35:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Apple Computer
[2011/03/01 05:39:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\ArcSoft
[2011/01/08 12:30:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\calibre
[2011/05/25 11:12:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\DassaultSystemes
[2011/08/04 08:54:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\DivX
[2011/10/17 20:31:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Dropbox
[2011/01/02 15:42:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\FreeOrion
[2011/05/04 08:30:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Gizmo
[2010/08/24 01:57:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Google
[2009/07/31 23:58:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Identities
[2011/10/18 00:10:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\IM
[2009/08/01 01:43:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\InstallShield
[2009/08/01 02:32:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Macromedia
[2011/03/02 20:18:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2010/08/26 17:36:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\MathWorks
[2011/07/22 10:00:47 | 000,000,000 | --SD | M] -- C:\Documents and Settings\K\Application Data\Microsoft
[2010/10/17 22:22:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\MiKTeX
[2011/09/15 00:49:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Mozilla
[2010/10/14 06:58:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\MuPAD
[2010/11/24 22:25:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Paltalk
[2011/04/09 23:19:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\PrimoPDF
[2011/10/02 14:39:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Qlock
[2011/10/18 00:10:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Skype
[2011/06/29 06:21:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\skypePM
[2011/09/15 10:10:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\SolidWorks
[2011/06/02 13:47:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\SolidWorks 2009
[2011/09/12 01:28:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\SolidWorks 2010
[2010/08/26 15:35:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Sun
[2009/08/01 02:25:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Super-Cow
[2011/09/29 08:28:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\SUPERAntiSpyware.com
[2011/07/12 18:05:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\vlc
[2010/12/27 18:36:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\WinRAR
< MD5 for: EXPLORER.EXE >[2008/04/14 05:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/14 05:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 05:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe
< MD5 for: SVCHOST.EXE >[2008/04/14 05:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/14 05:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008/04/14 05:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
< MD5 for: USERINIT.EXE >[2008/04/14 05:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/14 05:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/14 05:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe
< MD5 for: WINLOGON.EXE >[2008/04/14 05:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/14 05:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/14 05:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe
< %systemroot%\*. /mp /s > < hklm\software\clients\startmenuinternet|command /rs >HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/09/29 08:25:51 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/09/29 08:25:51 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/09/29 08:25:51 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/09/29 08:25:48 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/09/29 08:25:48 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/09/29 08:25:48 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/08/22 04:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/08/22 04:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/08/22 04:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
< hklm\software\clients\startmenuinternet|command /64 /rs >HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/09/29 08:25:51 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/09/29 08:25:51 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/09/29 08:25:51 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/09/29 08:25:48 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/09/29 08:25:48 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/09/29 08:25:48 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/08/22 04:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/08/22 04:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/08/22 04:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
< %systemroot%\system32\*.dll /lockedfiles > < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /lockedfiles >< End of report >