Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Super Awesome Rootkit Infection! Yeay!... :/


  • This topic is locked This topic is locked

#16
Ksavvy

Ksavvy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Tried Virscan again:


VirSCAN.org Scanned Report :
Scanned time : 2010/12/09 17:54:36 (MST)
Scanner results: Scanners did not find malware!
File Name : CVPNDRVA.sys
File Size : 308859 byte
File Type : PE32 executable for MS Windows (DLL) (native) Intel 80386 32
MD5 : 18994842386fd3039279d7865740abbd
SHA1 : 375153616e89da7f86ecc2a62bd2deb8c508de4e
Online report : http://r.virscan.org...1f43912552f8d52

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.1.0.1 20101210010847 2010-12-10 5.38 -
AhnLab V3 2010.12.09.00 2010.12.09 2010-12-09 1.95 -
AntiVir 8.2.4.122 7.10.14.244 2010-12-09 0.27 -
Antiy 2.0.18 20101207.6186214 2010-12-07 0.02 -
Arcavir 2010 201012100828 2010-12-10 0.14 -
Authentium 5.1.1 201012092053 2010-12-09 1.83 -
AVAST! 4.7.4 101209-1 2010-12-09 0.02 -
AVG 8.5.850 271.1.1/3299 2010-12-06 0.27 -
BitDefender 7.90123.6388206 7.34991 2010-12-10 5.90 -
ClamAV 0.96.3 12371 2010-12-09 0.07 -
Comodo 4.0 7006 2010-12-09 1.37 -
CP Secure 1.3.0.5 2010.12.10 2010-12-10 0.08 -
Dr.Web 5.0.2.3300 2010.12.10 2010-12-10 9.95 -
F-Prot 4.4.4.56 20101209 2010-12-09 1.78 -
F-Secure 7.02.73807 2010.12.09.11 2010-12-09 0.15 -
Fortinet 4.2.254 12.652 2010-12-09 0.21 -
GData 21.1252/21.531 20101209 2010-12-09 7.68 -
ViRobot 20101209 2010.12.09 2010-12-09 0.36 -
Ikarus T3.1.32.15.0 2010.12.09.77321 2010-12-09 5.81 -
JiangMin 13.0.900 2010.11.30 2010-11-30 1.40 -
Kaspersky 5.5.10 2010.12.09 2010-12-09 0.09 -
KingSoft 2009.2.5.15 2010.12.9.18 2010-12-09 0.70 -
McAfee 5400.1158 6192 2010-12-09 18.23 -
Microsoft 1.6402 2010.12.09 2010-12-09 3.36 -
Norman 6.06.11 6.06.00 2010-12-07 8.02 -
Panda 9.05.01 2010.12.09 2010-12-09 1.98 -
Trend Micro 9.120-1004 7.690.17 2010-12-09 0.03 -
Quick Heal 11.00 2010.12.09 2010-12-09 0.97 -
Rising 20.0 22.77.03.05 2010-12-09 2.18 -
Sophos 3.14.1 4.60 2010-12-10 2.99 -
Sunbelt 3.9.2459.2 7581 2010-12-09 0.60 -
Symantec 1.3.0.24 20101209.003 2010-12-09 1.95 -
nProtect 20101209.01 9292354 2010-12-09 10.69 -
The Hacker 6.7.0.1 v00097 2010-12-08 0.45 -
VBA32 3.12.14.2 20101209.1023 2010-12-09 3.16 -
VirusBuster 4.5.11.10 10.130.42/2008276 2010-12-09 2.65 -


VirSCAN.org Scanned Report :
Scanned time : 2008/04/13 14:16:41 (MST)
Scanner results: 3% Scanner(s) (1/36) found malware!
File Name : AMove.exe
File Size : 32768 byte
File Type : MS-DOS executable (EXE), OS/2 or MS Windows
MD5 : 4bbbf1ac59da25d9558189c2e875e838
SHA1 : cfcdf46864a4c1b1c4bb182b639688e768ae798d
Online report : http://r.virscan.org...602dbae0e57f057

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 3.0.0.126 2008.04.10 2008-04-10 7.05 -
AhnLab V3 2008.04.11.01 2008.04.11 2008-04-11 1.34 -
AntiVir 7.6.0.85 7.0.3.159 2008-04-13 4.23 -
Arcavir 1.0.4 200804131039 2008-04-13 2.93 -
AVAST! 1.0.8 080413-0 2008-04-13 3.78 -
AVG 7.5.51.442 269.22.13/1376 2008-04-13 2.20 -
BitDefender 7.60825.1142355 7.18447 2008-04-14 3.94 -
CA (VET) 9.0.0.143 31.3.5692 2008-04-12 8.61 -
ClamAV 0.92 6751 2008-04-14 0.01 -
Comodo 2.11 2.0.0.492 2008-04-11 1.42 -
CP Secure 1.1.0.715 2008.04.14 2008-04-14 5.02 -
Dr.Web 4.44.0.9170 2008.04.13 2008-04-13 9.33 -
ewido 4.0.0.2 2008.04.11 2008-04-11 2.76 -
F-Prot 4.4.1.52 20080413 2008-04-13 1.67 -
F-Secure 5.51.6100 2008.04.13.02 2008-04-13 0.07 -
Fortinet 2.81-3.11 8.951 2008-04-11 2.19 -
ViRobot 20080410 2008.04.10 2008-04-10 0.39 -
Ikarus T3.1.01.26 2008.04.07.70568 2008-04-07 2.01 -
JiangMin 10.00.650 2008.04.13 2008-04-13 1.64 -
Kaspersky 5.5.10 2008.04.13 2008-04-13 12.10 -
KingSoft 2007.6.20.249 2008.4.13 2008-04-13 0.93 -
McAfee 5.2.00 5272 2008-04-11 3.92 -
Microsoft 1.3408 2008.04.11 2008-04-11 6.92 -
mks_vir 2.01 2008.04.12 2008-04-12 4.73 -
Norman 5.91.10 5.90 2008-04-11 7.22 -
Panda 9.04.03.0001 2008.04.13 2008-04-13 3.05 -
Trend Micro 8.500-1001 5.212.54 2008-04-13 0.06 -
Prevx V2 20080412 2008-04-12 2.93 TROJAN.DOWNLOADER.GEN
Quick Heal 9.00 2008.04.12 2008-04-12 2.32 -
Rising 20.0 20.39.32.00 2008-04-10 1.66 -
Sophos 2.72.0 4.28 2008-04-08 3.34 -
Symantec 1.3.0.24 20080413.003 2008-04-13 0.36 -
nProtect 2008-04-11.00 1374568 2008-04-11 6.32 -
The Hacker 6.2.92 v00273 2008-04-10 0.78 -
VBA32 3.12.6.4 20080413.0621 2008-04-13 1.98 -
VirusBuster 4.3.19:9 9.123.40/11.0 2008-04-14 1.73 -
  • 0

Advertisements


#17
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hello


File Scanner
There are some files I need you to upload for checking

  • Make sure to use Internet Explorer for this
  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:
    • C:\Documents and Settings\K\Application Data\auditsrvcfg.exe
  • Click on the Upload button
  • If a pop-up appears saying the file has been scanned already, please select the ReScan button.
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.

Next:


Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O4 - HKLM..\RunOnce: [*auditsrvcfg.exe] C:\Documents and Settings\K\Application Data\auditsrvcfg.exe (©if systems)
    O20 - Winlogon\Notify\intelworks: DllName - (inetsw32.dll) - File not found
    [2011/10/11 18:09:18 | 000,171,520 | ---- | C] (©if systems) -- C:\Documents and Settings\K\Application Data\auditsrvcfg.exe
    [2011/10/11 18:10:16 | 000,000,000 | ---- | M] () -- C:\WINDOWS\2115398467
    [2011/10/11 18:09:18 | 000,171,520 | ---- | M] (©if systems) -- C:\Documents and Settings\K\Application Data\auditsrvcfg.exe
    [2011/10/11 18:07:08 | 000,048,016 | -HS- | M] () -- C:\WINDOWS\System32\c_74940.nl_
    [2011/10/11 18:07:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\2115398467
    [2011/10/07 14:43:37 | 000,048,016 | -HS- | C] () -- C:\WINDOWS\System32\c_74940.nl_
    [2009/07/31 23:58:22 | 000,032,768 | ---- | C] () -- C:\WINDOWS\AMove.exe
    @Alternate Data Stream - 816 bytes -> C:\WINDOWS\2115398467:3163875713.exe

    :Services

    :Reg

    :Files

    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.



Next:

Try to run again ComboFix. If it fails again, just tell me.

Download Combofix from any of the links below but rename it to explorer.com before saving it to your Desktop.

Link 1
Link 2
Link 3


==================================

Click Start --> Run, and enter this command exactly as shown:

"%userprofile%\desktop\explorer.com" /killall

When finished, it will produce a report for you.
Please post the C:\ComboFix.txt so we can continue cleaning the system.




Next:

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow AVP to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post


Now the Analysis

Rerun AVP and select the Manual Disinfection tab and press Start Gathering System Information

Posted Image

On completion click the link to locate the zip file to upload and attach to your next post

Posted Image
  • 0

#18
Ksavvy

Ksavvy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
AVG healed the C:\Documents and Settings\K\Application Data\auditsrvcfg.exe file as i was trying to upload it to virscan from my thumb drive. called it a trojan dropper. Is that log neccessary or did that tell you what you needed to know?

Combofix wouldnt do a full run again. Kept hanging at either step 48 or before it got started. tried a few times. first time that it went anywhere (to step 48 before freezing) it told me about the zero point infection again.

Tried to install the AVPTool, it stopped mid install during the first run, second run did the same thing, but told me i couldnt acess some temp folder, and the third time i tried it asked me what user i wanted to run the program as... i assume that means like administrator or the like? needless to say i couldnt do that one.

Here is the OTL Log
OTL logfile created on: 10/14/2011 9:55:43 AM - Run 7
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\K\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.87 Mb Total Physical Memory | 351.49 Mb Available Physical Memory | 34.67% Memory free
2.38 Gb Paging File | 1.85 Gb Available in Paging File | 77.74% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 139.04 Gb Total Space | 20.78 Gb Free Space | 14.94% Space Free | Partition Type: NTFS
Drive D: | 3.73 Gb Total Space | 2.84 Gb Free Space | 76.17% Space Free | Partition Type: FAT32

Computer Name: ACER-399B23EC8F | User Name: K | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found -- C:\WINDOWS\2115398467:3163875713.exe
PRC - [2011/09/29 14:21:54 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\K\Desktop\OTL.com
PRC - [2011/09/25 14:37:43 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.69\GoogleCrashHandler.exe
PRC - [2011/08/08 18:28:02 | 000,977,408 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
PRC - [2011/06/08 12:12:40 | 001,834,280 | ---- | M] (Dassault Systmes SolidWorks Corp.) -- C:\Program Files\Common Files\SolidWorks Installation Manager\BackgroundDownloading\sldBgDwld.exe
PRC - [2011/05/25 13:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\K\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2011/05/04 08:30:42 | 000,034,728 | ---- | M] (Arainia Solutions) -- C:\Program Files\Gizmo\gservice.exe
PRC - [2011/05/04 08:30:41 | 000,223,640 | ---- | M] (Arainia Solutions) -- C:\Program Files\Gizmo\gizmo.exe
PRC - [2011/03/21 14:10:00 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/10/06 19:57:42 | 000,071,432 | ---- | M] (Mentor Graphics Corporation) -- C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation (2)\binCFW\StandAloneSlv.exe
PRC - [2010/08/19 15:23:10 | 003,069,192 | ---- | M] (TechSmith Corporation) -- C:\Program Files\TechSmith\Jing\Jing.exe
PRC - [2010/03/23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2009/06/25 17:30:36 | 000,565,248 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\AcerVCM.exe
PRC - [2009/05/08 15:09:42 | 000,607,584 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2009/02/13 23:37:32 | 004,142,080 | ---- | M] () -- C:\Program Files\Qlock\qlock.exe
PRC - [2009/01/31 11:26:09 | 007,300,392 | ---- | M] (Dassault Systmes SolidWorks Corp.) -- C:\Program Files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe
PRC - [2008/12/30 00:09:54 | 000,875,016 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2008/07/03 15:58:22 | 000,094,208 | ---- | M] (sonix) -- C:\WINDOWS\PLFSetL.exe
PRC - [2008/04/15 17:54:42 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2008/04/15 17:54:40 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/04/14 05:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2011/08/10 14:13:39 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\77df2cd21a5b85a1605b335aa9ad9d44\System.Configuration.ni.dll
MOD - [2011/08/10 05:59:37 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\10154dcad2d62f226af2fd4211460a4b\System.Xml.ni.dll
MOD - [2011/08/10 05:59:12 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d00cc387e462e4c3cdcd112b137cac87\System.Windows.Forms.ni.dll
MOD - [2011/08/10 05:58:08 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7ed09623172a292eaee51e2e3bcaf784\System.Drawing.ni.dll
MOD - [2011/08/10 05:55:45 | 000,539,648 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\b7795999cc67f3a6cec40f5b24005e00\PresentationFramework.Luna.ni.dll
MOD - [2011/08/10 05:55:32 | 014,328,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\704556e34128441ea9f1a81cc89f8a79\PresentationFramework.ni.dll
MOD - [2011/08/10 05:53:55 | 012,215,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\5f332c48d03eca57419c4f0e884092ee\PresentationCore.ni.dll
MOD - [2011/08/10 05:52:42 | 003,325,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\fd6e0cd6f124a6d041ef1b4c9a5f080b\WindowsBase.ni.dll
MOD - [2011/08/10 05:52:11 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e6c79e1d71b0c9000afd7e5e439b5c54\System.ni.dll
MOD - [2011/06/21 18:50:36 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2011/05/04 08:30:42 | 000,404,384 | ---- | M] () -- C:\Program Files\Gizmo\gdatabase.dll
MOD - [2011/05/04 08:30:42 | 000,394,656 | ---- | M] () -- C:\Program Files\Gizmo\gdrive.dll
MOD - [2011/05/04 08:30:42 | 000,372,632 | ---- | M] () -- C:\Program Files\Gizmo\ghash.dll
MOD - [2011/05/04 08:30:42 | 000,339,864 | ---- | M] () -- C:\Program Files\Gizmo\gscript.dll
MOD - [2011/05/04 08:30:42 | 000,339,864 | ---- | M] () -- C:\Program Files\Gizmo\geditor.dll
MOD - [2011/05/04 08:30:41 | 000,315,800 | ---- | M] () -- C:\Program Files\Gizmo\gmanager.dll
MOD - [2011/05/04 08:30:41 | 000,166,816 | ---- | M] () -- C:\Program Files\Gizmo\gimage.dll
MOD - [2011/04/19 12:39:46 | 000,315,392 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libtidy.dll
MOD - [2011/04/19 12:39:44 | 000,433,664 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libxml2.dll
MOD - [2011/03/21 14:10:36 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/03/21 14:10:00 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2010/08/19 15:23:08 | 000,969,480 | ---- | M] () -- C:\Program Files\TechSmith\Jing\Recorder.dll
MOD - [2010/06/03 13:46:00 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010/03/24 21:17:36 | 008,794,464 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/03/23 13:26:48 | 000,201,512 | ---- | M] () -- C:\WINDOWS\system32\vpnapi.dll
MOD - [2010/03/15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2010/01/30 02:41:12 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2009/12/20 18:42:16 | 000,176,235 | ---- | M] () -- C:\WINDOWS\system32\Primomonnt.dll
MOD - [2009/05/08 15:08:42 | 002,854,976 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll
MOD - [2009/05/08 15:06:38 | 000,069,697 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2009/02/13 23:37:32 | 004,142,080 | ---- | M] () -- C:\Program Files\Qlock\qlock.exe
MOD - [2008/06/20 09:02:47 | 000,245,248 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/04/14 05:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/04/14 05:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2003/06/06 22:30:08 | 000,057,344 | ---- | M] () -- C:\Program Files\Launch Manager\PowerUtl.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Remote Solver for Flow Simulation 2011)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/07/18 23:19:56 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/05/04 08:30:42 | 000,034,728 | ---- | M] (Arainia Solutions) [Auto | Running] -- C:\Program Files\Gizmo\gservice.exe -- (Gizmo Central)
SRV - [2010/12/09 11:07:10 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2010/12/02 06:18:32 | 000,087,336 | ---- | M] (Dassault Systmes SolidWorks Corp.) [On_Demand | Stopped] -- C:\Program Files\SolidWorks Corp\SolidWorks (2)\swScheduler\DTSCoordinatorService.exe -- (CoordinatorServiceHost)
SRV - [2010/10/06 19:57:42 | 000,071,432 | ---- | M] (Mentor Graphics Corporation) [Auto | Running] -- C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation (2)\binCFW\StandAloneSlv.exe -- (Remote Solver for Flow Simulation 2010)
SRV - [2010/03/25 10:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/03/23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2009/02/05 08:14:56 | 000,237,568 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Program Files\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2008/04/15 17:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel®
SRV - [2005/09/23 07:01:16 | 002,799,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80)


========== Driver Services (SafeList) ==========

DRV - [2011/05/04 08:30:46 | 000,025,488 | ---- | M] (Arainia Solutions LLC) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\gizmodrv.sys -- (GizmoDrv)
DRV - [2010/03/23 13:15:36 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2009/06/21 21:59:26 | 001,574,112 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2009/05/10 22:01:30 | 000,056,992 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2009/05/06 18:15:38 | 001,759,744 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2009/04/15 03:13:34 | 000,991,136 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2009/03/01 22:03:48 | 000,038,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)
DRV - [2009/02/24 01:49:44 | 005,032,448 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/02/18 02:46:56 | 000,534,312 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2008/11/16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2008/10/30 14:19:14 | 000,047,272 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2008/08/05 05:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2007/11/14 19:05:16 | 000,394,952 | ---- | M] (Zone Labs, LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2007/01/18 20:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/11/02 06:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)
DRV - [2006/01/04 00:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...04wu45w8812314o

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...04wu45w8812314o
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {E0B8C461-F8FB-49b4-8373-FE32E9252800}:4.0.0.155231
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
FF - prefs.js..extensions.enabledItems: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}:2.3.1
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7550
FF - prefs.js..extensions.enabledItems: [email protected]:1.9
FF - prefs.js..extensions.enabledItems: {f759ca51-3a91-4dd1-ae78-9db5eee9ebf0}:5.6.9

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\K\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\K\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\K\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Documents and Settings\K\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\K\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/08/24 05:27:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/04/13 22:47:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/04/13 22:47:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/29 08:25:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/29 08:25:55 | 000,000,000 | ---D | M]

[2010/08/24 02:06:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\K\Application Data\Mozilla\Extensions
[2011/09/29 11:53:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\K\Application Data\Mozilla\Firefox\Profiles\tjyi1aio.default\extensions
[2011/08/12 18:05:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\K\Application Data\Mozilla\Firefox\Profiles\tjyi1aio.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/08/12 18:05:05 | 000,000,000 | ---D | M] (Delicious Bookmarks) -- C:\Documents and Settings\K\Application Data\Mozilla\Firefox\Profiles\tjyi1aio.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2011/08/12 18:05:05 | 000,000,000 | ---D | M] (FireFTP) -- C:\Documents and Settings\K\Application Data\Mozilla\Firefox\Profiles\tjyi1aio.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2011/08/12 18:05:07 | 000,000,000 | ---D | M] (Evernote Web Clipper) -- C:\Documents and Settings\K\Application Data\Mozilla\Firefox\Profiles\tjyi1aio.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}
[2011/08/14 14:28:33 | 000,000,000 | ---D | M] (UnMHT) -- C:\Documents and Settings\K\Application Data\Mozilla\Firefox\Profiles\tjyi1aio.default\extensions\{f759ca51-3a91-4dd1-ae78-9db5eee9ebf0}
[2011/08/14 14:28:34 | 000,000,000 | ---D | M] (Readability) -- C:\Documents and Settings\K\Application Data\Mozilla\Firefox\Profiles\tjyi1aio.default\extensions\[email protected]
[2011/10/03 11:57:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/06/29 06:22:52 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/04/13 22:47:03 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO
[2011/04/13 22:47:04 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA
[2010/08/24 05:27:06 | 000,000,000 | ---D | M] (Google Gears) -- C:\PROGRAM FILES\GOOGLE\GOOGLE GEARS\FIREFOX
File not found (No name found) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/08/26 15:38:33 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/05/16 16:52:28 | 000,258,560 | ---- | M] (Dassault Systmes SolidWorks Corp.) -- C:\Program Files\mozilla firefox\plugins\npEModelPlugin.dll

O1 HOSTS File: ([2011/10/07 12:25:51 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\Drivers\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PLFSetL] C:\WINDOWS\PLFSetL.exe (sonix)
O4 - HKLM..\Run: [snp2uvc] C:\WINDOWS\System32\csnp2uvc.dll ( )
O4 - HKLM..\Run: [SolidWorks_CheckForUpdates] C:\Program Files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe (Dassault Systmes SolidWorks Corp.)
O4 - HKCU..\Run: [GizmoDriveDelegate] C:\Program Files\Gizmo\gizmo.exe (Arainia Solutions)
O4 - HKCU..\Run: [Jing] C:\Program Files\TechSmith\Jing\Jing.exe (TechSmith Corporation)
O4 - HKLM..\RunOnce: [*edithostadv.exe] C:\Documents and Settings\K\Start Menu\Programs\edithostadv.exe (if systems)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acer VCM.lnk = C:\Program Files\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Gizmo.lnk = C:\Program Files\Gizmo\gizmo.exe (Arainia Solutions)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SolidWorks Background Downloader.lnk = C:\Program Files\Common Files\SolidWorks Installation Manager\BackgroundDownloading\sldBgDwld.exe (Dassault Systmes SolidWorks Corp.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\Icon3E5562ED7.ico ()
O4 - Startup: C:\Documents and Settings\K\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\K\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Documents and Settings\K\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O4 - Startup: C:\Documents and Settings\K\Start Menu\Programs\Startup\qlock.lnk = C:\Program Files\Qlock\qlock.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\K\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\K\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/31 23:55:07 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

File not found -- C:\WINDOWS\System32\
[2011/10/14 09:51:06 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\K\Desktop\OTL.com
[2011/10/14 09:20:36 | 000,171,520 | ---- | C] (if systems) -- C:\Documents and Settings\K\Start Menu\Programs\edithostadv.exe
[2011/10/11 18:05:30 | 000,000,000 | -HSD | C] -- C:\found.000
[2011/10/11 17:55:08 | 004,247,628 | ---- | C] (Swearware) -- C:\Documents and Settings\K\Desktop\Explorer.com
[2011/10/07 14:48:25 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\K\Desktop\aswMBR.exe
[2011/10/07 14:37:47 | 001,558,320 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\K\Desktop\tdsskiller(1).exe
[2011/10/07 13:46:58 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/10/07 12:30:25 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/10/07 12:21:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/10/07 10:42:48 | 004,247,628 | R--- | C] (Swearware) -- C:\Documents and Settings\K\Desktop\ComboFix.exe
[2011/10/07 10:17:24 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/10/03 21:38:04 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\K\Recent
[2011/10/02 14:39:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\K\Application Data\Qlock
[2011/10/02 14:05:23 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/10/02 14:05:23 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/10/02 14:05:23 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/10/02 14:05:23 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/10/02 14:05:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/10/02 14:04:53 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/02 14:04:39 | 000,000,000 | R--D | C] -- C:\Documents and Settings\K\Start Menu\Programs\Administrative Tools
[2011/10/02 14:03:08 | 001,548,080 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\K\Desktop\tdsskiller.exe
[2011/09/29 11:21:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/09/29 11:21:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/09/29 10:02:49 | 000,000,000 | ---D | C] -- C:\MGtools
[2011/09/29 08:28:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\K\Application Data\SUPERAntiSpyware.com
[2011/09/29 08:28:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/08/22 13:06:54 | 000,196,608 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll
[2010/08/22 06:51:46 | 000,225,280 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll
[2009/08/01 00:35:00 | 000,049,152 | ---- | C] ( ) -- C:\WINDOWS\Interop.IWshRuntimeLibrary.dll

========== Files - Modified Within 30 Days ==========

File not found -- C:\WINDOWS\System32\
[2011/10/14 09:52:54 | 000,437,616 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/10/14 09:52:54 | 000,069,676 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/10/14 09:49:10 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2011/10/14 09:48:51 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/14 09:48:49 | 000,000,000 | ---- | M] () -- C:\WINDOWS\2115398467
[2011/10/14 09:48:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/14 09:48:44 | 1063,194,624 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/14 09:42:46 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\{2521BB91-29B1-4d7e-9137-AC9875D77735}
[2011/10/14 09:42:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/14 09:28:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/10/14 08:48:06 | 000,000,962 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3207847200-596957751-681764103-1005UA.job
[2011/10/14 08:20:02 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/10/09 21:48:02 | 000,000,910 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3207847200-596957751-681764103-1005Core.job
[2011/10/07 12:25:51 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/10/07 09:05:28 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\K\Desktop\aswMBR.exe
[2011/10/07 09:04:00 | 001,558,320 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\K\Desktop\tdsskiller(1).exe
[2011/10/07 09:01:44 | 004,247,628 | R--- | M] (Swearware) -- C:\Documents and Settings\K\Desktop\ComboFix.exe
[2011/10/07 09:01:44 | 004,247,628 | ---- | M] (Swearware) -- C:\Documents and Settings\K\Desktop\Explorer.com
[2011/10/02 13:47:10 | 001,548,080 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\K\Desktop\tdsskiller.exe
[2011/09/30 23:41:30 | 000,027,754 | ---- | M] () -- C:\MGlogs.zip
[2011/09/29 14:22:20 | 000,582,656 | ---- | M] () -- C:\Documents and Settings\K\Desktop\OTL.exe
[2011/09/29 14:21:56 | 000,582,656 | ---- | M] () -- C:\Documents and Settings\K\Desktop\OTL.scr
[2011/09/29 14:21:54 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\K\Desktop\OTL.com
[2011/09/29 10:20:10 | 002,170,570 | ---- | M] () -- C:\Documents and Settings\K\My Documents\cc_20110929_101851.reg
[2011/09/29 08:28:00 | 017,217,688 | ---- | M] () -- C:\Documents and Settings\K\Desktop\SAS_09216917.COM
[2011/09/29 08:19:56 | 002,420,346 | ---- | M] () -- C:\MGtools.exe
[2011/09/29 08:19:56 | 002,420,346 | ---- | M] () -- C:\Documents and Settings\K\Desktop\MGtools.exe
[2011/09/29 07:47:36 | 009,851,496 | ---- | M] () -- C:\mdsbdsam-setup.exe
[2011/09/29 07:47:36 | 009,851,496 | ---- | M] () -- C:\Documents and Settings\K\Desktop\mdsbdsam-setup.exe
[2011/09/28 13:30:45 | 001,008,092 | ---- | M] () -- C:\Documents and Settings\K\Desktop\rkill.exe
[2011/09/23 11:04:45 | 000,000,686 | ---- | M] () -- C:\Documents and Settings\K\Desktop\Shortcut to Opti 597 - Technical Writing.lnk
[2011/09/16 10:48:16 | 000,000,591 | ---- | M] () -- C:\Documents and Settings\K\Desktop\Shortcut to Goodrich.lnk
[2011/09/15 10:10:12 | 000,002,453 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SolidWorks 2010.lnk

========== Files Created - No Company Name ==========

[2011/10/14 09:48:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\2115398467
[2011/10/14 09:44:48 | 000,582,656 | ---- | C] () -- C:\Documents and Settings\K\Desktop\OTL.scr
[2011/10/14 09:42:46 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\{2521BB91-29B1-4d7e-9137-AC9875D77735}
[2011/10/11 18:36:14 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/10/02 16:04:16 | 000,582,656 | ---- | C] () -- C:\Documents and Settings\K\Desktop\OTL.exe
[2011/10/02 14:05:23 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/10/02 14:05:23 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/10/02 14:05:23 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/10/02 14:05:23 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/10/02 14:05:23 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/09/29 12:23:12 | 009,851,496 | ---- | C] () -- C:\mdsbdsam-setup.exe
[2011/09/29 12:23:12 | 002,420,346 | ---- | C] () -- C:\MGtools.exe
[2011/09/29 10:19:18 | 002,170,570 | ---- | C] () -- C:\Documents and Settings\K\My Documents\cc_20110929_101851.reg
[2011/09/29 10:02:52 | 000,027,754 | ---- | C] () -- C:\MGlogs.zip
[2011/09/29 10:02:43 | 002,420,346 | ---- | C] () -- C:\Documents and Settings\K\Desktop\MGtools.exe
[2011/09/29 10:02:38 | 009,851,496 | ---- | C] () -- C:\Documents and Settings\K\Desktop\mdsbdsam-setup.exe
[2011/09/29 08:27:27 | 017,217,688 | ---- | C] () -- C:\Documents and Settings\K\Desktop\SAS_09216917.COM
[2011/09/28 13:30:42 | 001,008,092 | ---- | C] () -- C:\Documents and Settings\K\Desktop\rkill.exe
[2011/09/23 11:04:45 | 000,000,686 | ---- | C] () -- C:\Documents and Settings\K\Desktop\Shortcut to Opti 597 - Technical Writing.lnk
[2011/09/11 20:28:42 | 000,000,625 | ---- | C] () -- C:\WINDOWS\solvermfc.INI
[2011/02/10 19:28:31 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/12/09 11:18:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\eDrawingOfficeAutomator.INI
[2010/10/17 22:04:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\yap.INI
[2010/09/16 11:41:58 | 000,957,904 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/09/03 12:03:54 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2010/08/25 02:31:38 | 000,083,108 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/08/24 15:30:06 | 000,009,216 | ---- | C] () -- C:\Documents and Settings\K\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/24 02:05:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/08/22 13:06:54 | 001,759,744 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2010/08/22 13:06:54 | 000,028,544 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys
[2010/08/22 13:06:53 | 000,000,323 | ---- | C] () -- C:\WINDOWS\PidList.ini
[2010/03/23 13:26:48 | 000,201,512 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2010/03/23 13:17:40 | 000,197,416 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2009/12/20 18:42:18 | 000,000,314 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2009/08/01 03:01:06 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/08/01 01:48:57 | 000,090,772 | ---- | C] () -- C:\WINDOWS\System32\drivers\RtConvEQ.DAT
[2009/08/01 01:48:57 | 000,000,536 | ---- | C] () -- C:\WINDOWS\System32\drivers\RtHdatEx.dat
[2009/08/01 01:48:57 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTEQEX2.dat
[2009/08/01 01:48:57 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTEQEX1.dat
[2009/08/01 01:48:57 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTEQEX0.dat
[2009/08/01 01:48:57 | 000,000,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTHDAEQ0.dat
[2009/08/01 01:48:57 | 000,000,164 | ---- | C] () -- C:\WINDOWS\System32\drivers\SamSfPa.dat
[2009/08/01 01:48:57 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\rtkhdaud.dat
[2009/08/01 01:48:01 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009/08/01 00:34:51 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009/08/01 00:34:50 | 000,437,616 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2009/08/01 00:34:50 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2009/08/01 00:34:50 | 000,069,676 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2009/08/01 00:34:50 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2009/08/01 00:34:50 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2009/08/01 00:34:49 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2009/08/01 00:34:49 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2009/08/01 00:34:48 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2009/08/01 00:34:48 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2009/08/01 00:34:44 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2009/08/01 00:34:42 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2009/07/31 23:58:22 | 000,007,003 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2009/07/31 23:57:06 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/07/31 23:52:54 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/07/31 23:51:59 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2009/07/31 16:49:29 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/07/31 16:48:41 | 000,368,096 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/05/08 15:08:42 | 002,854,976 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2009/02/24 19:20:23 | 000,020,480 | ---- | C] () -- C:\WINDOWS\LauncheRyDiscCalc.exe
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== LOP Check ==========

[2011/05/25 11:12:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DassaultSystemes
[2009/08/01 02:33:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eSobi
[2010/08/24 16:05:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/08/22 13:14:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\.BitTornado
[2009/08/01 02:35:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Acer
[2009/08/01 02:07:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Acer GameZone Console
[2011/01/08 12:30:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\calibre
[2011/05/25 11:12:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\DassaultSystemes
[2011/10/14 09:50:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Dropbox
[2011/01/02 15:42:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\FreeOrion
[2011/05/04 08:30:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Gizmo
[2011/10/14 09:49:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\IM
[2011/03/02 20:18:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2010/10/14 06:58:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\MuPAD
[2010/11/24 22:25:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Paltalk
[2011/04/09 23:19:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\PrimoPDF
[2011/10/02 14:39:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Qlock
[2009/08/01 02:25:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Super-Cow

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 816 bytes -> C:\WINDOWS\2115398467:3163875713.exe

< End of report >
  • 0

#19
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hello

There's a stubborn rootkit that doesn't want to go...

Please follow these instructions in this order without a reboot, unless a tool forces the computer to reboot. If a tool forces a reboot, boot into safe mode. Instructions for this here



If some of these don't work, just move on and tell me which one failed

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    PRC - File not found -- C:\WINDOWS\2115398467:3163875713.exe
    O4 - HKLM..\RunOnce: [*edithostadv.exe] C:\Documents and Settings\K\Start Menu\Programs\edithostadv.exe (©if systems)
    [2011/10/14 09:48:49 | 000,000,000 | ---- | M] () -- C:\WINDOWS\2115398467
    [2011/10/14 09:42:46 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\{2521BB91-29B1-4d7e-9137-AC9875D77735}
    [2011/10/14 09:48:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\2115398467
    [2011/10/14 09:42:46 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\{2521BB91-29B1-4d7e-9137-AC9875D77735}
    @Alternate Data Stream - 816 bytes -> C:\WINDOWS\2115398467:3163875713.exe

    :Services

    :Reg

    :Files
    del "\\?\C:\WINDOWS\System32\" /c

    :Commands

  • Then click the Run Fix button at the top
  • Let the program run unhindered.



Next:

  • Double click on AntiZeroAccess to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
  • Type y and press enter to run the scan
  • Please post AntiZeroAccess_Log.txt contents in your next post. This file is saved in the same location as AntiZeroAccess program.


Next:

Run the 'Win32/Sirefef' stand-alone malware removal tool while in Normal Mode and follow the prompts as directed

Next:


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
  • 0

#20
Ksavvy

Ksavvy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Sorry for the delay, and yes it is a bit stubborn, i was thinking the same thing... Thank you for all your help.

First step with OTL didnt work, it said that "File not found - C:\Windows|2115398467:3163875713.exe" and then just hangs. I assume it didnt get to any of the steps following that. While it was hanging, I tried leaving it for an hour. tried it again. hangs again. moving on to antizeroaccess

Everything else seemed to work as expected.

I am attaching the antizero log and the TDSSKiller logs below.


Webroot AntiZeroAccess 0.8 Log File
Execution time: 16/10/2011 - 10:33
Host operation System: Windows Xp X86 version 5.1.2600 Service Pack 3
10:33:45 - CheckSystem - Begin to check system...
10:33:45 - OpenRootDrive - Opening system root volume and physical drive....
10:33:45 - C Root Drive: Disk number: 0 Start sector: 0x01402800 Partition Size: 0x11616800 sectors.
10:33:45 - PrevX Main driver extracted in "C:\WINDOWS\system32\drivers\ZeroAccess.sys".
10:33:45 - InstallAndStartDriver - Main driver was installed and now is running.
10:33:45 - CheckSystem - Disk class driver state is OK.
10:33:49 - StopAndRemoveDriver - AntiZeroAccess Driver is stopped and removed.
10:33:49 - StopAndRemoveDriver - File "ZeroAccess.sys" was deleted!
10:33:49 - Execution Ended!


10:35:17.0859 1712 TDSS rootkit removing tool 2.6.9.0 Oct 14 2011 11:33:24
10:35:17.0921 1712 ============================================================
10:35:17.0921 1712 Current date / time: 2011/10/16 10:35:17.0921
10:35:17.0921 1712 SystemInfo:
10:35:17.0921 1712
10:35:17.0921 1712 OS Version: 5.1.2600 ServicePack: 3.0
10:35:17.0921 1712 Product type: Workstation
10:35:17.0921 1712 ComputerName: ACER-399B23EC8F
10:35:17.0921 1712 UserName: K
10:35:17.0921 1712 Windows directory: C:\WINDOWS
10:35:17.0921 1712 System windows directory: C:\WINDOWS
10:35:17.0921 1712 Processor architecture: Intel x86
10:35:17.0921 1712 Number of processors: 2
10:35:17.0921 1712 Page size: 0x1000
10:35:17.0921 1712 Boot type: Normal boot
10:35:17.0921 1712 ============================================================
10:35:18.0468 1712 Initialize success
10:35:33.0921 2448 ============================================================
10:35:33.0921 2448 Scan started
10:35:33.0921 2448 Mode: Manual; SigCheck; TDLFS;
10:35:33.0921 2448 ============================================================
10:35:34.0156 2448 Abiosdsk - ok
10:35:34.0203 2448 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
10:35:34.0578 2448 abp480n5 - ok
10:35:34.0703 2448 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
10:35:35.0031 2448 ACPI - ok
10:35:35.0046 2448 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
10:35:35.0328 2448 ACPIEC - ok
10:35:35.0437 2448 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
10:35:35.0656 2448 adpu160m - ok
10:35:35.0687 2448 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
10:35:35.0890 2448 aec - ok
10:35:35.0968 2448 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
10:35:36.0046 2448 AFD - ok
10:35:36.0156 2448 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
10:35:36.0359 2448 agp440 - ok
10:35:36.0375 2448 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
10:35:36.0593 2448 agpCPQ - ok
10:35:36.0656 2448 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
10:35:36.0734 2448 Aha154x - ok
10:35:36.0750 2448 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
10:35:36.0953 2448 aic78u2 - ok
10:35:37.0093 2448 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
10:35:37.0296 2448 aic78xx - ok
10:35:37.0328 2448 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
10:35:37.0546 2448 AliIde - ok
10:35:37.0562 2448 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
10:35:37.0781 2448 alim1541 - ok
10:35:37.0890 2448 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys
10:35:38.0109 2448 Ambfilt - ok
10:35:38.0265 2448 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
10:35:38.0578 2448 amdagp - ok
10:35:38.0703 2448 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
10:35:38.0796 2448 amsint - ok
10:35:38.0906 2448 AR5416 (41074707ba49d02e240c7b960217aabe) C:\WINDOWS\system32\DRIVERS\athw.sys
10:35:39.0031 2448 AR5416 - ok
10:35:39.0156 2448 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
10:35:39.0437 2448 asc - ok
10:35:39.0453 2448 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
10:35:39.0531 2448 asc3350p - ok
10:35:39.0531 2448 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
10:35:39.0734 2448 asc3550 - ok
10:35:39.0765 2448 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
10:35:39.0984 2448 AsyncMac - ok
10:35:40.0187 2448 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
10:35:40.0406 2448 atapi - ok
10:35:40.0437 2448 Atdisk - ok
10:35:40.0468 2448 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
10:35:40.0703 2448 Atmarpc - ok
10:35:40.0765 2448 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
10:35:40.0984 2448 audstub - ok
10:35:41.0171 2448 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
10:35:41.0390 2448 Beep - ok
10:35:41.0500 2448 btaudio (2c04f295f7f40eb46f7accd3f6cdef4a) C:\WINDOWS\system32\drivers\btaudio.sys
10:35:41.0578 2448 btaudio - ok
10:35:41.0750 2448 BTKRNL (75130181fa2fd6cbe83083c5311abe78) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
10:35:41.0828 2448 BTKRNL - ok
10:35:41.0984 2448 btwhid (c51d50cf24da69a9c499e65b0edb3bb7) C:\WINDOWS\system32\DRIVERS\btwhid.sys
10:35:42.0000 2448 btwhid - ok
10:35:42.0046 2448 BTWUSB (6b622612fe21b59faee2ca4385959778) C:\WINDOWS\system32\Drivers\btwusb.sys
10:35:42.0062 2448 BTWUSB - ok
10:35:42.0125 2448 catchme - ok
10:35:42.0265 2448 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
10:35:42.0578 2448 cbidf - ok
10:35:42.0593 2448 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
10:35:42.0796 2448 cbidf2k - ok
10:35:42.0843 2448 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
10:35:43.0062 2448 CCDECODE - ok
10:35:43.0203 2448 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
10:35:43.0281 2448 cd20xrnt - ok
10:35:43.0359 2448 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
10:35:43.0546 2448 Cdaudio - ok
10:35:43.0656 2448 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
10:35:43.0937 2448 Cdfs - ok
10:35:43.0968 2448 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
10:35:44.0015 2448 Cdrom - ok
10:35:44.0062 2448 Changer - ok
10:35:44.0156 2448 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
10:35:44.0359 2448 CmBatt - ok
10:35:44.0421 2448 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
10:35:44.0656 2448 CmdIde - ok
10:35:44.0765 2448 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
10:35:44.0968 2448 Compbatt - ok
10:35:45.0109 2448 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
10:35:45.0312 2448 Cpqarray - ok
10:35:45.0421 2448 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
10:35:45.0453 2448 CVirtA - ok
10:35:45.0531 2448 CVPNDRVA (18994842386fd3039279d7865740abbd) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
10:35:45.0546 2448 CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning
10:35:45.0546 2448 CVPNDRVA - detected UnsignedFile.Multi.Generic (1)
10:35:45.0656 2448 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
10:35:45.0937 2448 dac2w2k - ok
10:35:45.0968 2448 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
10:35:46.0171 2448 dac960nt - ok
10:35:46.0281 2448 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
10:35:46.0484 2448 Disk - ok
10:35:46.0656 2448 DKbFltr (08d30af92c270f2e76787c81589dbad6) C:\WINDOWS\system32\DRIVERS\DKbFltr.sys
10:35:46.0703 2448 DKbFltr - ok
10:35:46.0796 2448 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
10:35:47.0078 2448 dmboot - ok
10:35:47.0234 2448 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
10:35:47.0468 2448 dmio - ok
10:35:47.0484 2448 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
10:35:47.0703 2448 dmload - ok
10:35:47.0765 2448 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
10:35:47.0968 2448 DMusic - ok
10:35:48.0109 2448 DNE (b5aa5aa5ac327bd7c1aec0c58f0c1144) C:\WINDOWS\system32\DRIVERS\dne2000.sys
10:35:48.0125 2448 DNE - ok
10:35:48.0187 2448 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
10:35:48.0390 2448 dpti2o - ok
10:35:48.0562 2448 DritekPortIO (5c918d413f5837e67a85775c9873775e) C:\PROGRA~1\LAUNCH~1\DPortIO.sys
10:35:48.0593 2448 DritekPortIO - ok
10:35:48.0734 2448 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
10:35:49.0015 2448 drmkaud - ok
10:35:49.0062 2448 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
10:35:49.0265 2448 Fastfat - ok
10:35:49.0312 2448 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
10:35:49.0515 2448 Fdc - ok
10:35:49.0671 2448 Fips (55162f6ebb5785bc1713e14d5d7c1b2f) C:\WINDOWS\system32\drivers\Fips.sys
10:35:49.0671 2448 Fips ( Rootkit.Win32.ZAccess.e ) - infected
10:35:49.0671 2448 Fips - detected Rootkit.Win32.ZAccess.e (0)
10:35:49.0734 2448 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
10:35:49.0921 2448 Flpydisk - ok
10:35:49.0968 2448 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
10:35:50.0171 2448 FltMgr - ok
10:35:50.0375 2448 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
10:35:50.0578 2448 Fs_Rec - ok
10:35:50.0671 2448 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
10:35:50.0921 2448 Ftdisk - ok
10:35:51.0078 2448 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
10:35:51.0093 2448 GEARAspiWDM - ok
10:35:51.0156 2448 GizmoDrv (e48da656df32eda6e5b9d06e3d410b49) C:\WINDOWS\system32\drivers\GizmoDrv.sys
10:35:51.0171 2448 GizmoDrv - ok
10:35:51.0218 2448 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
10:35:51.0421 2448 Gpc - ok
10:35:51.0593 2448 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
10:35:51.0875 2448 HDAudBus - ok
10:35:51.0937 2448 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
10:35:52.0187 2448 HidUsb - ok
10:35:52.0343 2448 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
10:35:52.0531 2448 hpn - ok
10:35:52.0593 2448 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
10:35:52.0625 2448 HTTP - ok
10:35:52.0765 2448 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
10:35:53.0015 2448 i2omgmt - ok
10:35:53.0062 2448 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
10:35:53.0250 2448 i2omp - ok
10:35:53.0296 2448 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
10:35:53.0468 2448 i8042prt - ok
10:35:53.0875 2448 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
10:35:54.0265 2448 ialm - ok
10:35:54.0421 2448 iaStor (db0cc620b27a928d968c1a1e9cd9cb87) C:\WINDOWS\system32\drivers\iaStor.sys
10:35:54.0453 2448 iaStor - ok
10:35:54.0500 2448 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
10:35:54.0703 2448 Imapi - ok
10:35:54.0875 2448 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
10:35:55.0078 2448 ini910u - ok
10:35:55.0359 2448 IntcAzAudAddService (cb1113029fae50c685198eabd9885161) C:\WINDOWS\system32\drivers\RtkHDAud.sys
10:35:55.0859 2448 IntcAzAudAddService - ok
10:35:56.0000 2448 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
10:35:56.0281 2448 IntelIde - ok
10:35:56.0328 2448 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
10:35:56.0531 2448 intelppm - ok
10:35:56.0671 2448 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
10:35:56.0875 2448 Ip6Fw - ok
10:35:56.0890 2448 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
10:35:57.0125 2448 IpFilterDriver - ok
10:35:57.0140 2448 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
10:35:57.0328 2448 IpInIp - ok
10:35:57.0375 2448 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
10:35:57.0593 2448 IpNat - ok
10:35:57.0781 2448 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
10:35:57.0968 2448 IPSec - ok
10:35:58.0015 2448 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
10:35:58.0109 2448 IRENUM - ok
10:35:58.0250 2448 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
10:35:58.0515 2448 isapnp - ok
10:35:58.0562 2448 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
10:35:58.0750 2448 Kbdclass - ok
10:35:58.0781 2448 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
10:35:58.0953 2448 kmixer - ok
10:35:59.0093 2448 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
10:35:59.0125 2448 KSecDD - ok
10:35:59.0187 2448 L1c (6c8658587e91ea25b0fd2e71781ad228) C:\WINDOWS\system32\DRIVERS\l1c51x86.sys
10:35:59.0218 2448 L1c - ok
10:35:59.0328 2448 lbrtfdc - ok
10:35:59.0421 2448 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
10:35:59.0687 2448 mnmdd - ok
10:35:59.0843 2448 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
10:36:00.0031 2448 Modem - ok
10:36:00.0125 2448 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys
10:36:00.0250 2448 Monfilt - ok
10:36:00.0390 2448 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
10:36:00.0578 2448 Mouclass - ok
10:36:00.0671 2448 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
10:36:00.0859 2448 mouhid - ok
10:36:01.0000 2448 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
10:36:01.0187 2448 MountMgr - ok
10:36:01.0250 2448 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
10:36:01.0453 2448 mraid35x - ok
10:36:01.0593 2448 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
10:36:01.0796 2448 MRxDAV - ok
10:36:01.0890 2448 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
10:36:01.0937 2448 MRxSmb - ok
10:36:02.0078 2448 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
10:36:02.0375 2448 Msfs - ok
10:36:02.0484 2448 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
10:36:02.0687 2448 MSKSSRV - ok
10:36:02.0875 2448 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
10:36:03.0156 2448 MSPCLOCK - ok
10:36:03.0187 2448 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
10:36:03.0359 2448 MSPQM - ok
10:36:03.0406 2448 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
10:36:03.0593 2448 mssmbios - ok
10:36:03.0781 2448 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
10:36:03.0968 2448 MSTEE - ok
10:36:04.0078 2448 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
10:36:04.0140 2448 Mup - ok
10:36:04.0281 2448 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
10:36:04.0468 2448 NABTSFEC - ok
10:36:04.0593 2448 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
10:36:04.0890 2448 NDIS - ok
10:36:05.0046 2448 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
10:36:05.0218 2448 NdisIP - ok
10:36:05.0281 2448 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
10:36:05.0312 2448 NdisTapi - ok
10:36:05.0468 2448 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
10:36:05.0734 2448 Ndisuio - ok
10:36:05.0781 2448 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:36:05.0968 2448 NdisWan - ok
10:36:06.0187 2448 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
10:36:06.0218 2448 NDProxy - ok
10:36:06.0250 2448 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
10:36:06.0453 2448 NetBIOS - ok
10:36:06.0593 2448 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
10:36:06.0859 2448 NetBT - ok
10:36:06.0937 2448 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
10:36:07.0140 2448 Npfs - ok
10:36:07.0296 2448 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
10:36:07.0546 2448 Ntfs - ok
10:36:07.0703 2448 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
10:36:07.0734 2448 NuidFltr - ok
10:36:07.0781 2448 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
10:36:08.0000 2448 Null - ok
10:36:08.0031 2448 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
10:36:08.0234 2448 NwlnkFlt - ok
10:36:08.0390 2448 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
10:36:08.0578 2448 NwlnkFwd - ok
10:36:08.0703 2448 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
10:36:08.0875 2448 Parport - ok
10:36:09.0015 2448 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
10:36:09.0218 2448 PartMgr - ok
10:36:09.0250 2448 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
10:36:09.0437 2448 ParVdm - ok
10:36:09.0453 2448 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
10:36:09.0640 2448 PCI - ok
10:36:09.0656 2448 PCIDump - ok
10:36:09.0671 2448 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
10:36:09.0843 2448 PCIIde - ok
10:36:09.0875 2448 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
10:36:10.0062 2448 Pcmcia - ok
10:36:10.0187 2448 PDCOMP - ok
10:36:10.0203 2448 PDFRAME - ok
10:36:10.0218 2448 PDRELI - ok
10:36:10.0234 2448 PDRFRAME - ok
10:36:10.0296 2448 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
10:36:10.0484 2448 perc2 - ok
10:36:10.0687 2448 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
10:36:10.0953 2448 perc2hib - ok
10:36:11.0031 2448 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
10:36:11.0296 2448 PptpMiniport - ok
10:36:11.0437 2448 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
10:36:11.0625 2448 PSched - ok
10:36:11.0640 2448 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
10:36:11.0812 2448 Ptilink - ok
10:36:11.0875 2448 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
10:36:11.0890 2448 PxHelp20 - ok
10:36:12.0031 2448 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
10:36:12.0250 2448 ql1080 - ok
10:36:12.0265 2448 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
10:36:12.0562 2448 Ql10wnt - ok
10:36:12.0578 2448 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
10:36:12.0765 2448 ql12160 - ok
10:36:12.0781 2448 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
10:36:12.0968 2448 ql1240 - ok
10:36:13.0109 2448 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
10:36:13.0296 2448 ql1280 - ok
10:36:13.0328 2448 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
10:36:13.0500 2448 RasAcd - ok
10:36:13.0562 2448 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
10:36:13.0734 2448 Rasl2tp - ok
10:36:13.0906 2448 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:36:14.0078 2448 RasPppoe - ok
10:36:14.0093 2448 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
10:36:14.0328 2448 Raspti - ok
10:36:14.0468 2448 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
10:36:14.0656 2448 Rdbss - ok
10:36:14.0687 2448 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
10:36:14.0875 2448 RDPCDD - ok
10:36:15.0093 2448 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
10:36:15.0281 2448 rdpdr - ok
10:36:15.0343 2448 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
10:36:15.0359 2448 RDPWD - ok
10:36:15.0500 2448 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
10:36:15.0765 2448 redbook - ok
10:36:15.0812 2448 RSUSBSTOR - ok
10:36:15.0843 2448 Rts516xIR - ok
10:36:15.0984 2448 SASDIFSV - ok
10:36:15.0984 2448 SASKUTIL - ok
10:36:16.0156 2448 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
10:36:16.0218 2448 Secdrv - ok
10:36:16.0265 2448 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
10:36:16.0453 2448 Serial - ok
10:36:16.0546 2448 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
10:36:16.0750 2448 Sfloppy - ok
10:36:16.0875 2448 Simbad - ok
10:36:16.0906 2448 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
10:36:17.0093 2448 sisagp - ok
10:36:17.0156 2448 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
10:36:17.0437 2448 SLIP - ok
10:36:17.0640 2448 SNP2UVC (c792610f7d2009352721c1ae38da0619) C:\WINDOWS\system32\DRIVERS\snp2uvc.sys
10:36:17.0765 2448 SNP2UVC - ok
10:36:17.0906 2448 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
10:36:18.0000 2448 Sparrow - ok
10:36:18.0031 2448 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
10:36:18.0312 2448 splitter - ok
10:36:18.0468 2448 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
10:36:18.0578 2448 sr - ok
10:36:18.0750 2448 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
10:36:18.0796 2448 Srv - ok
10:36:18.0859 2448 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
10:36:19.0109 2448 streamip - ok
10:36:19.0281 2448 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
10:36:19.0468 2448 swenum - ok
10:36:19.0500 2448 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
10:36:19.0671 2448 swmidi - ok
10:36:19.0750 2448 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
10:36:19.0921 2448 symc810 - ok
10:36:20.0093 2448 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
10:36:20.0281 2448 symc8xx - ok
10:36:20.0296 2448 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
10:36:20.0484 2448 sym_hi - ok
10:36:20.0500 2448 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
10:36:20.0718 2448 sym_u3 - ok
10:36:20.0765 2448 SynTP (5c3e900f41426a372de60675afc8aa07) C:\WINDOWS\system32\DRIVERS\SynTP.sys
10:36:20.0781 2448 SynTP - ok
10:36:20.0921 2448 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
10:36:21.0125 2448 sysaudio - ok
10:36:21.0203 2448 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
10:36:21.0265 2448 Tcpip - ok
10:36:21.0421 2448 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
10:36:21.0687 2448 TDPIPE - ok
10:36:21.0703 2448 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
10:36:22.0000 2448 TDTCP - ok
10:36:22.0031 2448 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
10:36:22.0218 2448 TermDD - ok
10:36:22.0390 2448 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
10:36:22.0562 2448 TosIde - ok
10:36:22.0656 2448 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
10:36:22.0859 2448 Udfs - ok
10:36:23.0000 2448 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
10:36:23.0093 2448 ultra - ok
10:36:23.0140 2448 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
10:36:23.0343 2448 Update - ok
10:36:23.0500 2448 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
10:36:23.0781 2448 usbaudio - ok
10:36:23.0828 2448 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
10:36:24.0015 2448 usbccgp - ok
10:36:24.0156 2448 USBCCID - ok
10:36:24.0187 2448 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
10:36:24.0375 2448 usbehci - ok
10:36:24.0468 2448 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
10:36:24.0734 2448 usbhub - ok
10:36:24.0890 2448 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
10:36:25.0078 2448 USBSTOR - ok
10:36:25.0187 2448 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
10:36:25.0359 2448 usbuhci - ok
10:36:25.0500 2448 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
10:36:25.0718 2448 usbvideo - ok
10:36:25.0796 2448 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
10:36:26.0062 2448 VgaSave - ok
10:36:26.0156 2448 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
10:36:26.0343 2448 viaagp - ok
10:36:26.0359 2448 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
10:36:26.0531 2448 ViaIde - ok
10:36:26.0562 2448 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
10:36:26.0750 2448 VolSnap - ok
10:36:26.0828 2448 vsdatant (0354ba3a5ba5e28cc247eb5f5dd8793c) C:\WINDOWS\system32\vsdatant.sys
10:36:26.0906 2448 vsdatant - ok
10:36:27.0062 2448 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:36:27.0265 2448 Wanarp - ok
10:36:27.0312 2448 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
10:36:27.0359 2448 Wdf01000 - ok
10:36:27.0484 2448 WDICA - ok
10:36:27.0531 2448 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
10:36:27.0718 2448 wdmaud - ok
10:36:27.0906 2448 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
10:36:28.0203 2448 WmiAcpi - ok
10:36:28.0281 2448 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
10:36:28.0453 2448 WSTCODEC - ok
10:36:28.0562 2448 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
10:36:28.0656 2448 \Device\Harddisk0\DR0 - ok
10:36:28.0656 2448 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR3
10:36:30.0890 2448 \Device\Harddisk1\DR3 - ok
10:36:30.0906 2448 Boot (0x1200) (30c5b47a751e97f75229bbf6f716e73c) \Device\Harddisk0\DR0\Partition0
10:36:30.0906 2448 \Device\Harddisk0\DR0\Partition0 - ok
10:36:30.0921 2448 Boot (0x1200) (ed34c9b478e91a7d3dd1f241bb5a8426) \Device\Harddisk1\DR3\Partition0
10:36:30.0921 2448 \Device\Harddisk1\DR3\Partition0 - ok
10:36:30.0921 2448 ============================================================
10:36:30.0921 2448 Scan finished
10:36:30.0921 2448 ============================================================
10:36:31.0046 1676 Detected object count: 2
10:36:31.0046 1676 Actual detected object count: 2
10:38:54.0843 1676 CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user
10:38:54.0843 1676 CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:38:55.0000 1676 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\fips.sys) error 1813
10:38:55.0593 1676 Backup copy found, using it..
10:38:55.0609 1676 C:\WINDOWS\system32\drivers\Fips.sys - will be cured on reboot
10:38:55.0609 1676 Fips ( Rootkit.Win32.ZAccess.e ) - User select action: Cure
10:39:22.0218 3628 Deinitialize success
  • 0

#21
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
OK, let's see if that worked.

Delete the copy of Combofix you have and download a fresh one:


Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**



Next:

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

  • 0

#22
Ksavvy

Ksavvy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Hey just so you know, i rebooted into safe mode from the tdsskiller cure. should i continue everything in safemode right now?
  • 0

#23
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hello,

No, reboot into normal mode, open ComboFix and if it asks you to update select yes and run it. After it has finished (successfully or not), run OTL and post the log :)
  • 0

#24
Ksavvy

Ksavvy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
It actually ran... and created a log! :)




ComboFix 11-10-15.04 - K 10/16/2011 12:16:32.8.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.271 [GMT -7:00]
Running from: c:\documents and settings\K\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\
c:\windows\TEMP\SolidWorksLicTemp.0001
c:\windows\TEMP\SolidWorksLicTemp.0001.dir.0000\~defebe.tmp
c:\windows\TEMP\SolidWorksLicTemp.0001.dir.0000\~df394b.tmp
.
-- Previous Run --
.
Infected copy of c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{577E2158-88B0-493A-BDB5-E2EE0FE6AC39}\RP128\A0040147.exe
.
Infected copy of c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{577E2158-88B0-493A-BDB5-E2EE0FE6AC39}\RP128\A0040147.exe
.
Infected copy of c:\program files\Bonjour\mDNSResponder.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{577E2158-88B0-493A-BDB5-E2EE0FE6AC39}\RP128\A0040149.exe
.
Infected copy of c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{577E2158-88B0-493A-BDB5-E2EE0FE6AC39}\RP128\A0040147.exe
.
Infected copy of c:\program files\Bonjour\mDNSResponder.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{577E2158-88B0-493A-BDB5-E2EE0FE6AC39}\RP128\A0040149.exe
.
Infected copy of c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{577E2158-88B0-493A-BDB5-E2EE0FE6AC39}\RP128\A0040157.exe
.
Infected copy of c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{577E2158-88B0-493A-BDB5-E2EE0FE6AC39}\RP128\A0040147.exe
.
Infected copy of c:\program files\Bonjour\mDNSResponder.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{577E2158-88B0-493A-BDB5-E2EE0FE6AC39}\RP128\A0040149.exe
.
Infected copy of c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{577E2158-88B0-493A-BDB5-E2EE0FE6AC39}\RP128\A0040157.exe
.
Infected copy of c:\program files\Cisco Systems\VPN Client\cvpnd.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{577E2158-88B0-493A-BDB5-E2EE0FE6AC39}\RP128\A0040150.exe
.
Infected copy of c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{577E2158-88B0-493A-BDB5-E2EE0FE6AC39}\RP128\A0040147.exe
.
Infected copy of c:\program files\Bonjour\mDNSResponder.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{577E2158-88B0-493A-BDB5-E2EE0FE6AC39}\RP128\A0040149.exe
.
Infected copy of c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{577E2158-88B0-493A-BDB5-E2EE0FE6AC39}\RP128\A0040157.exe
.
Infected copy of c:\program files\Cisco Systems\VPN Client\cvpnd.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{577E2158-88B0-493A-BDB5-E2EE0FE6AC39}\RP128\A0040150.exe
.
Infected copy of c:\program files\Gizmo\gservice.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{577E2158-88B0-493A-BDB5-E2EE0FE6AC39}\RP128\A0040151.exe
.
Infected copy of c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{577E2158-88B0-493A-BDB5-E2EE0FE6AC39}\RP128\A0040147.exe
.
Infected copy of c:\program files\Bonjour\mDNSResponder.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{577E2158-88B0-493A-BDB5-E2EE0FE6AC39}\RP128\A0040149.exe
.
Infected copy of c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{577E2158-88B0-493A-BDB5-E2EE0FE6AC39}\RP128\A0040157.exe
.
Infected copy of c:\program files\Cisco Systems\VPN Client\cvpnd.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{577E2158-88B0-493A-BDB5-E2EE0FE6AC39}\RP128\A0040150.exe
.
Infected copy of c:\program files\Gizmo\gservice.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{577E2158-88B0-493A-BDB5-E2EE0FE6AC39}\RP128\A0040151.exe
.
Infected copy of c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{577E2158-88B0-493A-BDB5-E2EE0FE6AC39}\RP128\A0040152.exe
.
Infected copy of c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{577E2158-88B0-493A-BDB5-E2EE0FE6AC39}\RP128\A0040147.exe
.
Infected copy of c:\program files\Bonjour\mDNSResponder.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{577E2158-88B0-493A-BDB5-E2EE0FE6AC39}\RP128\A0040149.exe
.
Infected copy of c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{577E2158-88B0-493A-BDB5-E2EE0FE6AC39}\RP128\A0040157.exe
.
Infected copy of c:\program files\Cisco Systems\VPN Client\cvpnd.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{577E2158-88B0-493A-BDB5-E2EE0FE6AC39}\RP128\A0040150.exe
.
Infected copy of c:\program files\Gizmo\gservice.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{577E2158-88B0-493A-BDB5-E2EE0FE6AC39}\RP128\A0040151.exe
.
Infected copy of c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{577E2158-88B0-493A-BDB5-E2EE0FE6AC39}\RP128\A0040152.exe
.
Infected copy of c:\program files\iPod\bin\iPodService.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{577E2158-88B0-493A-BDB5-E2EE0FE6AC39}\RP128\A0040158.exe
.
Infected copy of c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{577E2158-88B0-493A-BDB5-E2EE0FE6AC39}\RP128\A0040147.exe
.
Infected copy of c:\program files\Bonjour\mDNSResponder.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{577E2158-88B0-493A-BDB5-E2EE0FE6AC39}\RP128\A0040149.exe
.
Infected copy of c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{577E2158-88B0-493A-BDB5-E2EE0FE6AC39}\RP128\A0040157.exe
.
Infected copy of c:\program files\Cisco Systems\VPN Client\cvpnd.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{577E2158-88B0-493A-BDB5-E2EE0FE6AC39}\RP128\A0040150.exe
.
Infected copy of c:\program files\Gizmo\gservice.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{577E2158-88B0-493A-BDB5-E2EE0FE6AC39}\RP128\A0040151.exe
.
Infected copy of c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{577E2158-88B0-493A-BDB5-E2EE0FE6AC39}\RP128\A0040152.exe
.
Infected copy of c:\program files\iPod\bin\iPodService.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{577E2158-88B0-493A-BDB5-E2EE0FE6AC39}\RP128\A0040158.exe
.
Infected copy of c:\program files\Java\jre6\bin\jqs.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{577E2158-88B0-493A-BDB5-E2EE0FE6AC39}\RP128\A0040153.exe
.
Infected copy of c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{577E2158-88B0-493A-BDB5-E2EE0FE6AC39}\RP128\A0040147.exe
.
Infected copy of c:\program files\Bonjour\mDNSResponder.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{577E2158-88B0-493A-BDB5-E2EE0FE6AC39}\RP128\A0040149.exe
.
Infected copy of c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{577E2158-88B0-493A-BDB5-E2EE0FE6AC39}\RP128\A0040157.exe
.
Infected copy of c:\program files\Cisco Systems\VPN Client\cvpnd.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{577E2158-88B0-493A-BDB5-E2EE0FE6AC39}\RP128\A0040150.exe
.
Infected copy of c:\program files\Gizmo\gservice.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{577E2158-88B0-493A-BDB5-E2EE0FE6AC39}\RP128\A0040151.exe
.
Infected copy of c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{577E2158-88B0-493A-BDB5-E2EE0FE6AC39}\RP128\A0040152.exe
.
Infected copy of c:\program files\iPod\bin\iPodService.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{577E2158-88B0-493A-BDB5-E2EE0FE6AC39}\RP128\A0040158.exe
.
Infected copy of c:\program files\Java\jre6\bin\jqs.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{577E2158-88B0-493A-BDB5-E2EE0FE6AC39}\RP128\A0040153.exe
.
Infected copy of c:\program files\SolidWorks Corp\SolidWorks Flow Simulation (2)\binCFW\StandAloneSlv.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{577E2158-88B0-493A-BDB5-E2EE0FE6AC39}\RP128\A0040154.exe
.
Infected copy of c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{577E2158-88B0-493A-BDB5-E2EE0FE6AC39}\RP128\A0040147.exe
.
Infected copy of c:\program files\Bonjour\mDNSResponder.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{577E2158-88B0-493A-BDB5-E2EE0FE6AC39}\RP128\A0040149.exe
.
Infected copy of c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{577E2158-88B0-493A-BDB5-E2EE0FE6AC39}\RP128\A0040157.exe
.
Infected copy of c:\program files\Cisco Systems\VPN Client\cvpnd.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{577E2158-88B0-493A-BDB5-E2EE0FE6AC39}\RP128\A0040150.exe
.
Infected copy of c:\program files\Gizmo\gservice.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{577E2158-88B0-493A-BDB5-E2EE0FE6AC39}\RP128\A0040151.exe
.
Infected copy of c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{577E2158-88B0-493A-BDB5-E2EE0FE6AC39}\RP128\A0040152.exe
.
Infected copy of c:\program files\iPod\bin\iPodService.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{577E2158-88B0-493A-BDB5-E2EE0FE6AC39}\RP128\A0040158.exe
.
Infected copy of c:\program files\Java\jre6\bin\jqs.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{577E2158-88B0-493A-BDB5-E2EE0FE6AC39}\RP128\A0040153.exe
.
Infected copy of c:\program files\SolidWorks Corp\SolidWorks Flow Simulation (2)\binCFW\StandAloneSlv.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{577E2158-88B0-493A-BDB5-E2EE0FE6AC39}\RP128\A0040154.exe
.
Infected copy of c:\program files\Acer\Acer VCM\RS_Service.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{577E2158-88B0-493A-BDB5-E2EE0FE6AC39}\RP128\A0040156.exe
.
--------
.
Infected copy of c:\windows\system32\wuauclt.exe was found and disinfected
Restored copy from - c:\windows\system32\dllcache\wuauclt.exe
.
Infected copy of c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{577E2158-88B0-493A-BDB5-E2EE0FE6AC39}\RP135\A0042843.exe
.
Infected copy of c:\program files\Bonjour\mDNSResponder.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{577E2158-88B0-493A-BDB5-E2EE0FE6AC39}\RP135\A0042844.exe
.
Infected copy of c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{577E2158-88B0-493A-BDB5-E2EE0FE6AC39}\RP135\A0042849.exe
.
Infected copy of c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{577E2158-88B0-493A-BDB5-E2EE0FE6AC39}\RP136\A0043266.exe
.
Infected copy of c:\program files\Cisco Systems\VPN Client\cvpnd.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{577E2158-88B0-493A-BDB5-E2EE0FE6AC39}\RP135\A0042845.exe
.
Infected copy of c:\program files\Gizmo\gservice.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{577E2158-88B0-493A-BDB5-E2EE0FE6AC39}\RP135\A0042846.exe
.
Infected copy of c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{577E2158-88B0-493A-BDB5-E2EE0FE6AC39}\RP135\A0042847.exe
.
Infected copy of c:\program files\iPod\bin\iPodService.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{577E2158-88B0-493A-BDB5-E2EE0FE6AC39}\RP135\A0042850.exe
.
Infected copy of c:\program files\SolidWorks Corp\SolidWorks Flow Simulation (2)\binCFW\StandAloneSlv.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{577E2158-88B0-493A-BDB5-E2EE0FE6AC39}\RP135\A0042848.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_.afd
-------\Service_436b167e
.
.
((((((((((((((((((((((((( Files Created from 2011-09-16 to 2011-10-16 )))))))))))))))))))))))))))))))
.
.
2011-10-16 17:41 . 2011-10-16 17:41 -------- d-----w- c:\documents and settings\Administrator
2011-10-12 01:05 . 2011-10-12 01:05 -------- d-----w- C:\found.000
2011-10-07 17:17 . 2011-10-07 17:17 -------- d-----w- C:\_OTL
2011-10-02 21:39 . 2011-10-02 21:39 -------- d-----w- c:\documents and settings\K\Application Data\Qlock
2011-09-29 19:23 . 2011-09-29 14:47 9851496 ----a-w- C:\mdsbdsam-setup.exe
2011-09-29 18:23 . 2011-09-29 18:23 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-09-29 17:02 . 2011-10-01 06:41 -------- d-----w- C:\MGtools
2011-09-29 15:28 . 2011-09-29 15:28 -------- d-----w- c:\documents and settings\K\Application Data\SUPERAntiSpyware.com
2011-09-29 15:28 . 2011-09-29 15:28 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-16 17:40 . 2009-08-01 07:34 44544 ----a-w- c:\windows\system32\drivers\fips.sys
2011-10-01 06:41 . 2011-09-29 17:02 27754 ----a-w- C:\MGlogs.zip
2011-09-26 18:41 . 2009-08-01 07:34 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 18:41 . 2008-07-30 02:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 18:41 . 2009-08-01 07:34 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-09 09:12 . 2009-08-01 07:34 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20 . 2009-08-01 07:34 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-22 23:48 . 2009-08-01 07:34 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48 . 2009-08-01 07:34 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48 . 2009-08-01 07:34 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2009-08-01 07:34 385024 ----a-w- c:\windows\system32\html.iec
2011-08-17 13:49 . 2009-08-01 07:34 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-08-02 12:18 . 2011-06-24 14:29 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2010-08-24 12:37 . 2010-08-24 12:37 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((( [email protected]_18.03.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-01 07:34 . 2011-10-16 19:00 69678 c:\windows\system32\perfc009.dat
- 2009-08-01 07:34 . 2011-06-23 18:36 66560 c:\windows\system32\mshtmled.dll
+ 2009-08-01 07:34 . 2011-08-22 23:48 66560 c:\windows\system32\mshtmled.dll
- 2009-03-08 11:31 . 2011-06-23 18:36 55296 c:\windows\system32\msfeedsbs.dll
+ 2009-03-08 11:31 . 2011-08-22 23:48 55296 c:\windows\system32\msfeedsbs.dll
- 2009-08-01 07:34 . 2011-06-23 18:36 25600 c:\windows\system32\jsproxy.dll
+ 2009-08-01 07:34 . 2011-08-22 23:48 25600 c:\windows\system32\jsproxy.dll
+ 2010-08-22 13:49 . 2008-10-30 21:19 47272 c:\windows\system32\drivers\btwusb.sys
+ 2010-08-22 13:49 . 2008-09-26 00:30 91176 c:\windows\system32\drivers\btwsecfl.sys
+ 2010-08-24 09:07 . 2011-08-22 23:48 12800 c:\windows\system32\dllcache\xpshims.dll
- 2010-08-24 09:07 . 2011-06-23 18:36 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2009-08-01 07:34 . 2011-09-26 18:41 20480 c:\windows\system32\dllcache\oleaccrc.dll
+ 2009-08-01 07:34 . 2011-08-22 23:48 66560 c:\windows\system32\dllcache\mshtmled.dll
- 2009-08-01 07:34 . 2011-06-23 18:36 66560 c:\windows\system32\dllcache\mshtmled.dll
- 2010-08-24 09:07 . 2011-06-23 18:36 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2010-08-24 09:07 . 2011-08-22 23:48 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2009-08-01 07:34 . 2011-06-23 18:36 43520 c:\windows\system32\dllcache\licmgr10.dll
+ 2009-08-01 07:34 . 2011-08-22 23:48 43520 c:\windows\system32\dllcache\licmgr10.dll
- 2009-08-01 07:34 . 2011-06-23 18:36 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2009-08-01 07:34 . 2011-08-22 23:48 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2011-10-15 22:41 . 2011-06-23 18:36 12800 c:\windows\ie8updates\KB2586448-IE8\xpshims.dll
+ 2011-10-15 22:41 . 2011-06-23 18:36 66560 c:\windows\ie8updates\KB2586448-IE8\mshtmled.dll
+ 2011-10-15 22:41 . 2011-06-23 18:36 55296 c:\windows\ie8updates\KB2586448-IE8\msfeedsbs.dll
+ 2011-10-15 22:41 . 2011-06-23 18:36 43520 c:\windows\ie8updates\KB2586448-IE8\licmgr10.dll
+ 2011-10-15 22:41 . 2011-06-23 18:36 25600 c:\windows\ie8updates\KB2586448-IE8\jsproxy.dll
+ 2011-10-15 22:55 . 2011-10-15 22:55 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\888b745ca99d39692c2e9af222e5eae8\UIAutomationProvider.ni.dll
+ 2011-10-16 19:26 . 2011-10-16 19:26 44032 c:\windows\assembly\NativeImages_v2.0.50727_32\stdole\095500d1130c8a84eaa3256a7c73926f\stdole.ni.dll
+ 2011-10-16 19:34 . 2011-10-16 19:34 27136 c:\windows\assembly\NativeImages_v2.0.50727_32\SldServiceClients\a75ff60f248a56f3f24d46042b79b521\SldServiceClients.ni.dll
+ 2011-10-16 19:34 . 2011-10-16 19:34 25088 c:\windows\assembly\NativeImages_v2.0.50727_32\SldService\7392ae2a9be1efa570fe7ef713123461\SldService.ni.dll
+ 2011-10-16 19:34 . 2011-10-16 19:34 40960 c:\windows\assembly\NativeImages_v2.0.50727_32\SldJobs\aab87bce806079d2145f0146a3cfe9c4\SldJobs.ni.dll
+ 2011-10-16 19:24 . 2011-10-16 19:24 76288 c:\windows\assembly\NativeImages_v2.0.50727_32\SketchWPF\3cb9871b69e94eb3c18bab1850ab5cae\SketchWPF.ni.dll
+ 2011-10-16 19:24 . 2011-10-16 19:24 45568 c:\windows\assembly\NativeImages_v2.0.50727_32\SketchUI\e3dc573373ae471c375f433cc137542c\SketchUI.ni.dll
+ 2011-10-16 19:24 . 2011-10-16 19:24 22528 c:\windows\assembly\NativeImages_v2.0.50727_32\SketchOperation\4e6c2f82e3d2303558c8df58712f465d\SketchOperation.ni.dll
+ 2011-10-16 19:27 . 2011-10-16 19:27 62464 c:\windows\assembly\NativeImages_v2.0.50727_32\SheetMetalWPF\37f0b174bbc08f6a4a89d17f5d1c6d18\SheetMetalWPF.ni.dll
+ 2011-10-16 19:27 . 2011-10-16 19:27 77312 c:\windows\assembly\NativeImages_v2.0.50727_32\SheetMetalUi\7cffde4c2055196d7fdbcc4e05f811af\SheetMetalUi.ni.dll
+ 2011-10-16 19:25 . 2011-10-16 19:25 17408 c:\windows\assembly\NativeImages_v2.0.50727_32\sheetmetaloperation\0921a84cb1ba1c943c23590638c0fecc\SheetMetalOperation.ni.dll
+ 2011-10-16 19:27 . 2011-10-16 19:27 68608 c:\windows\assembly\NativeImages_v2.0.50727_32\RefPlaneWPF\55c1331ee226a40afaf0c43abe61a8d6\RefPlaneWPF.ni.dll
+ 2011-10-16 19:27 . 2011-10-16 19:27 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\RefGeomUI\5e6346bc96cc28ed07e118d6a13b6559\RefGeomUI.ni.dll
+ 2011-10-16 19:25 . 2011-10-16 19:25 17920 c:\windows\assembly\NativeImages_v2.0.50727_32\RefGeomOperation\a958018900fb6540a4a04902fa60bd16\RefGeomOperation.ni.dll
+ 2011-10-15 22:51 . 2011-10-15 22:51 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\66873b557d5c7013e4c630361473b0c2\PresentationFontCache.ni.exe
+ 2011-10-15 22:49 . 2011-10-15 22:49 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\5b30652a7b802199984f93b5e414260f\PresentationCFFRasterizer.ni.dll
+ 2011-10-16 19:23 . 2011-10-16 19:23 38912 c:\windows\assembly\NativeImages_v2.0.50727_32\OperationBase\4395fc238501095b60c200975972eb30\OperationBase.ni.dll
+ 2011-10-16 19:35 . 2011-10-16 19:35 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\eaa8d72317e5b8047e413939cc71ffba\Microsoft.Vsa.ni.dll
+ 2011-10-16 19:01 . 2011-10-16 19:01 84992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\f828e21419072b099f1be36b6c43be62\Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0.ni.dll
+ 2011-10-16 19:01 . 2011-10-16 19:01 28672 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\f56fa961accf8b6c7d9ab47c3c467dc2\Microsoft.VisualStudio.Tools.Office.Contract.v10.0.ni.dll
+ 2011-10-16 19:01 . 2011-10-16 19:01 28160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\cbd15cbb5eacaf606d052b4267e97640\Microsoft.VisualStudio.Tools.Applications.Contract.v10.0.ni.dll
+ 2011-10-16 19:01 . 2011-10-16 19:01 54784 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\b98ee6317d6fd485c7a22abdb520a2b8\Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0.ni.dll
+ 2011-10-16 19:01 . 2011-10-16 19:01 58368 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\892d03284e9e3e7dc3f902b702169f29\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10.0.ni.dll
+ 2011-10-16 19:01 . 2011-10-16 19:01 42496 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\779bdfba4d94de16bbda0cf353af1d28\Microsoft.VisualStudio.Tools.Office.Word.AddInAdapter.v9.0.ni.dll
+ 2011-10-16 19:01 . 2011-10-16 19:01 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\7106aefbb0fb707283b37d9cedc30461\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0.ni.dll
+ 2011-10-16 19:01 . 2011-10-16 19:01 35328 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\46d1d2e105ca9a4e833077305feda17c\Microsoft.VisualStudio.Tools.Applications.Contract.v9.0.ni.dll
+ 2011-10-16 19:01 . 2011-10-16 19:01 42496 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\38c7bec5a6f041476b1e473af4f00604\Microsoft.VisualStudio.Tools.Office.Excel.AddInAdapter.v9.0.ni.dll
+ 2011-10-16 19:03 . 2011-10-16 19:03 15872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\a140509b1342934fc5e58ae22ac9696c\Microsoft.VisualC.ni.dll
+ 2011-10-16 19:36 . 2011-10-16 19:36 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\aefe683674c97a998f4e908c1a7ee7c6\Microsoft.Build.Framework.ni.dll
+ 2011-10-16 19:23 . 2011-10-16 19:23 21504 c:\windows\assembly\NativeImages_v2.0.50727_32\Manipulator\79c83f885b9d40d5c6c6c20e35b769f3\Manipulator.ni.dll
+ 2011-10-16 19:36 . 2011-10-16 19:36 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\ipdmctrl\84d2a811b7c0329e2bdbbf2526757fbc\ipdmctrl.ni.dll
+ 2011-10-16 19:25 . 2011-10-16 19:25 78336 c:\windows\assembly\NativeImages_v2.0.50727_32\FeatureWPF\fb8ab0db9878e746b9ef71e2cb6b61c0\FeatureWPF.ni.dll
+ 2011-10-16 19:25 . 2011-10-16 19:25 51712 c:\windows\assembly\NativeImages_v2.0.50727_32\FeatureUI\371c588ef255af8318e5afcc1639581f\FeatureUI.ni.dll
+ 2011-10-16 19:24 . 2011-10-16 19:24 20480 c:\windows\assembly\NativeImages_v2.0.50727_32\FeatureOperation\b22ac8053d3d789a577b153554a5fd6c\FeatureOperation.ni.dll
+ 2011-10-16 19:27 . 2011-10-16 19:27 31744 c:\windows\assembly\NativeImages_v2.0.50727_32\EnvironmentWPF\b3e180aaa5fb790d3d7d0d16099614b3\EnvironmentWPF.ni.dll
+ 2011-10-16 19:27 . 2011-10-16 19:27 22528 c:\windows\assembly\NativeImages_v2.0.50727_32\EnvironmentUI\d2b2f22d11098514ddccfdfa59506356\EnvironmentUI.ni.dll
+ 2011-10-16 19:27 . 2011-10-16 19:27 15872 c:\windows\assembly\NativeImages_v2.0.50727_32\EnvironmentOperation\e1c2d4cb6f7881bcaf19e3422b33d9ce\EnvironmentOperation.ni.dll
+ 2011-10-16 19:26 . 2011-10-16 19:26 64512 c:\windows\assembly\NativeImages_v2.0.50727_32\environmentcplu\7f42a52e14db9524ebd76f94feaffcb7\environmentcplu.ni.dll
+ 2011-10-16 19:23 . 2011-10-16 19:23 29696 c:\windows\assembly\NativeImages_v2.0.50727_32\EnvironmentCore\dd4c0186ae01cc16ae44996efa48b394\EnvironmentCore.ni.dll
+ 2011-10-16 19:23 . 2011-10-16 19:23 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\DveSupport\404daa0f3ee582778b651dd7267ba236\DveSupport.ni.dll
+ 2011-10-16 19:35 . 2011-10-16 19:35 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\ab7ce2d94ca725c3889a4e3c1ee88ece\dfsvc.ni.exe
+ 2011-10-16 19:23 . 2011-10-16 19:23 36352 c:\windows\assembly\NativeImages_v2.0.50727_32\DebugControls\56c5a4c5e8f2f5f8752b4a08edc157bd\DebugControls.ni.dll
+ 2011-10-16 19:21 . 2011-10-16 19:21 40448 c:\windows\assembly\NativeImages_v2.0.50727_32\CoreInterface\52803c436fa3a337f60dffec926bb008\CoreInterface.ni.dll
+ 2011-10-16 19:26 . 2011-10-16 19:26 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\ContentWPF\158464ca7a272d7433d5e6709b2aee83\ContentWPF.ni.dll
+ 2011-10-16 19:26 . 2011-10-16 19:26 25088 c:\windows\assembly\NativeImages_v2.0.50727_32\ContentUI\0a78111f6d0614fe07ec76ab448c2a9a\ContentUI.ni.dll
+ 2011-10-16 19:26 . 2011-10-16 19:26 18432 c:\windows\assembly\NativeImages_v2.0.50727_32\ContentOperation\9b5eb90dff93b0e6e419a16ca0009f99\ContentOperation.ni.dll
+ 2011-10-16 19:26 . 2011-10-16 19:26 72192 c:\windows\assembly\NativeImages_v2.0.50727_32\clrloadu\8ff3696cc82c6cbf577a88cb9d52d715\clrloadu.ni.dll
+ 2011-10-16 19:25 . 2011-10-16 19:25 40448 c:\windows\assembly\NativeImages_v2.0.50727_32\asmfeaturewpf\0c9c2a7a720ab5374a732f0985b3d3ce\asmfeaturewpf.ni.dll
+ 2011-10-16 19:25 . 2011-10-16 19:25 27648 c:\windows\assembly\NativeImages_v2.0.50727_32\asmfeatureui\b147db0c56f63b0463f250e6c1132b03\asmfeatureui.ni.dll
+ 2011-10-16 19:24 . 2011-10-16 19:24 19456 c:\windows\assembly\NativeImages_v2.0.50727_32\AsmFeatureOperation\c7920aeb6c4691440e171c2c4590b5a2\AsmFeatureOperation.ni.dll
+ 2011-10-16 19:23 . 2011-10-16 19:23 20992 c:\windows\assembly\NativeImages_v2.0.50727_32\AnnotationUI\1db343da7bf9ed6978f5fe12b68672e7\AnnotationUI.ni.dll
+ 2011-10-16 19:23 . 2011-10-16 19:23 16896 c:\windows\assembly\NativeImages_v2.0.50727_32\AnnotationOperation\9fded93fabb7391df29f1e93840ee489\AnnotationOperation.ni.dll
+ 2011-10-16 19:01 . 2011-10-16 19:01 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d86a3346c3d90ff12d0df9d7726f3ece\Accessibility.ni.dll
+ 2011-10-15 22:47 . 2011-10-15 22:47 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2011-08-10 12:48 . 2011-08-10 12:48 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2011-08-10 12:47 . 2011-08-10 12:47 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2011-10-15 22:46 . 2011-10-15 22:46 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2011-08-10 12:48 . 2011-08-10 12:48 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2011-10-15 22:47 . 2011-10-15 22:47 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2011-10-15 22:47 . 2011-10-15 22:47 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2011-08-10 12:48 . 2011-08-10 12:48 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2011-08-10 12:48 . 2011-08-10 12:48 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2011-10-15 22:47 . 2011-10-15 22:47 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2011-10-15 22:47 . 2011-10-15 22:47 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2011-08-10 12:48 . 2011-08-10 12:48 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2011-08-10 12:48 . 2011-08-10 12:48 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2011-10-15 22:47 . 2011-10-15 22:47 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2011-10-15 22:47 . 2011-10-15 22:47 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2011-08-10 12:48 . 2011-08-10 12:48 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2011-08-10 12:48 . 2011-08-10 12:48 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2011-10-15 22:47 . 2011-10-15 22:47 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2011-10-15 22:47 . 2011-10-15 22:47 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2011-08-10 12:48 . 2011-08-10 12:48 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2011-10-15 22:47 . 2011-10-15 22:47 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2011-08-10 12:48 . 2011-08-10 12:48 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2011-10-15 22:47 . 2011-10-15 22:47 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2011-08-10 12:48 . 2011-08-10 12:48 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2011-08-10 12:48 . 2011-08-10 12:48 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2011-10-15 22:47 . 2011-10-15 22:47 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2011-08-10 12:48 . 2011-08-10 12:48 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2011-10-15 22:47 . 2011-10-15 22:47 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2011-08-10 12:48 . 2011-08-10 12:48 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2011-10-15 22:47 . 2011-10-15 22:47 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2011-10-15 22:47 . 2011-10-15 22:47 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2011-08-10 12:48 . 2011-08-10 12:48 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2011-08-10 12:48 . 2011-08-10 12:48 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2011-10-15 22:47 . 2011-10-15 22:47 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2011-10-15 22:47 . 2011-10-15 22:47 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2011-10-15 22:47 . 2011-10-15 22:47 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2011-08-10 12:48 . 2011-08-10 12:48 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2011-10-15 22:47 . 2011-10-15 22:47 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2011-08-10 12:48 . 2011-08-10 12:48 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2009-08-01 07:34 . 2011-08-22 23:48 105984 c:\windows\system32\url.dll
- 2009-08-01 07:34 . 2011-06-23 18:36 105984 c:\windows\system32\url.dll
+ 2009-08-01 07:34 . 2011-10-16 19:00 437618 c:\windows\system32\perfh009.dat
+ 2009-08-01 07:34 . 2011-08-22 23:48 206848 c:\windows\system32\occache.dll
- 2009-08-01 07:34 . 2011-06-23 18:36 206848 c:\windows\system32\occache.dll
+ 2009-08-01 07:34 . 2011-08-22 23:48 611840 c:\windows\system32\mstime.dll
- 2009-08-01 07:34 . 2011-06-23 18:36 611840 c:\windows\system32\mstime.dll
- 2009-03-08 11:32 . 2011-06-23 18:36 602112 c:\windows\system32\msfeeds.dll
+ 2009-03-08 11:32 . 2011-08-22 23:48 602112 c:\windows\system32\msfeeds.dll
- 2009-08-01 07:34 . 2011-06-23 18:36 184320 c:\windows\system32\iepeers.dll
+ 2009-08-01 07:34 . 2011-08-22 23:48 184320 c:\windows\system32\iepeers.dll
+ 2009-08-01 07:34 . 2011-08-22 23:48 387584 c:\windows\system32\iedkcs32.dll
- 2009-08-01 07:34 . 2011-06-23 18:36 387584 c:\windows\system32\iedkcs32.dll
+ 2009-08-01 07:34 . 2011-08-22 11:56 174080 c:\windows\system32\ie4uinit.exe
+ 2009-07-31 23:48 . 2011-10-16 17:40 368096 c:\windows\system32\FNTCACHE.DAT
- 2009-07-31 23:48 . 2011-07-14 12:22 368096 c:\windows\system32\FNTCACHE.DAT
- 2009-08-01 07:34 . 2011-06-23 18:36 916480 c:\windows\system32\dllcache\wininet.dll
+ 2009-08-01 07:34 . 2011-08-22 23:48 916480 c:\windows\system32\dllcache\wininet.dll
- 2009-08-01 07:34 . 2011-06-23 18:36 105984 c:\windows\system32\dllcache\url.dll
+ 2009-08-01 07:34 . 2011-08-22 23:48 105984 c:\windows\system32\dllcache\url.dll
+ 2009-08-01 07:34 . 2011-09-26 18:41 220160 c:\windows\system32\dllcache\oleacc.dll
- 2009-08-01 07:34 . 2011-06-23 18:36 206848 c:\windows\system32\dllcache\occache.dll
+ 2009-08-01 07:34 . 2011-08-22 23:48 206848 c:\windows\system32\dllcache\occache.dll
- 2009-08-01 07:34 . 2011-06-23 18:36 611840 c:\windows\system32\dllcache\mstime.dll
+ 2009-08-01 07:34 . 2011-08-22 23:48 611840 c:\windows\system32\dllcache\mstime.dll
+ 2010-08-24 09:07 . 2011-08-22 23:48 602112 c:\windows\system32\dllcache\msfeeds.dll
- 2010-08-24 09:07 . 2011-06-23 18:36 602112 c:\windows\system32\dllcache\msfeeds.dll
+ 2010-08-24 09:07 . 2011-08-22 23:48 247808 c:\windows\system32\dllcache\ieproxy.dll
- 2010-08-24 09:07 . 2011-06-23 18:36 247808 c:\windows\system32\dllcache\ieproxy.dll
- 2009-08-01 07:34 . 2011-06-23 18:36 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2009-08-01 07:34 . 2011-08-22 23:48 184320 c:\windows\system32\dllcache\iepeers.dll
- 2010-08-24 09:07 . 2011-06-23 18:36 743424 c:\windows\system32\dllcache\iedvtool.dll
+ 2010-08-24 09:07 . 2011-08-22 23:48 743424 c:\windows\system32\dllcache\iedvtool.dll
+ 2009-08-01 07:34 . 2011-08-22 23:48 387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2009-08-01 07:34 . 2011-06-23 18:36 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2009-08-01 07:34 . 2011-08-22 11:56 174080 c:\windows\system32\dllcache\ie4uinit.exe
+ 2009-08-01 07:34 . 2011-08-17 13:49 138496 c:\windows\system32\dllcache\afd.sys
- 2009-08-01 07:34 . 2011-02-16 13:22 138496 c:\windows\system32\dllcache\afd.sys
- 2011-03-25 13:15 . 2011-03-25 13:15 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2011-07-07 12:18 . 2011-07-07 12:18 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
- 2011-03-25 13:15 . 2011-03-25 13:15 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2011-07-07 12:18 . 2011-07-07 12:18 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2011-10-15 22:41 . 2011-06-23 18:36 916480 c:\windows\ie8updates\KB2586448-IE8\wininet.dll
+ 2011-10-15 22:41 . 2011-06-23 18:36 105984 c:\windows\ie8updates\KB2586448-IE8\url.dll
+ 2011-10-15 22:41 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2586448-IE8\spuninst\updspapi.dll
+ 2011-10-15 22:41 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2586448-IE8\spuninst\spuninst.exe
+ 2011-10-15 22:41 . 2011-06-23 18:36 206848 c:\windows\ie8updates\KB2586448-IE8\occache.dll
+ 2011-10-15 22:41 . 2011-06-23 18:36 611840 c:\windows\ie8updates\KB2586448-IE8\mstime.dll
+ 2011-10-15 22:41 . 2011-06-23 18:36 602112 c:\windows\ie8updates\KB2586448-IE8\msfeeds.dll
+ 2011-10-15 22:41 . 2011-06-23 18:36 247808 c:\windows\ie8updates\KB2586448-IE8\ieproxy.dll
+ 2011-10-15 22:41 . 2011-06-23 18:36 184320 c:\windows\ie8updates\KB2586448-IE8\iepeers.dll
+ 2011-10-15 22:41 . 2011-06-23 18:36 743424 c:\windows\ie8updates\KB2586448-IE8\iedvtool.dll
+ 2011-10-15 22:41 . 2011-06-23 18:36 387584 c:\windows\ie8updates\KB2586448-IE8\iedkcs32.dll
+ 2011-10-15 22:41 . 2011-06-23 12:05 173568 c:\windows\ie8updates\KB2586448-IE8\ie4uinit.exe
+ 2011-10-16 19:36 . 2011-10-16 19:36 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\c8627df7adb416722d8e0f05c57fef6b\WsatConfig.ni.exe
+ 2011-10-16 19:23 . 2011-10-16 19:23 221696 c:\windows\assembly\NativeImages_v2.0.50727_32\wpfsupport\779c853f1afabbdd9be57b31f5171d2b\wpfsupport.ni.dll
+ 2011-10-16 19:23 . 2011-10-16 19:23 460800 c:\windows\assembly\NativeImages_v2.0.50727_32\WPFRes\beb3cc5a152cd313773d82f6a6f59255\WPFRes.ni.dll
+ 2011-10-15 22:55 . 2011-10-15 22:55 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\a2c1bb3c5b1447b398e72c56091ca571\WindowsFormsIntegration.ni.dll
+ 2011-10-16 19:23 . 2011-10-16 19:23 118784 c:\windows\assembly\NativeImages_v2.0.50727_32\UiBase\faca0b71ae2e28688c2a8c09fa1e2bfb\UiBase.ni.dll
+ 2011-10-15 22:55 . 2011-10-15 22:55 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\f102afdffdbe2565bcedb7fa0626b865\UIAutomationTypes.ni.dll
+ 2011-10-15 22:55 . 2011-10-15 22:55 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\ba55240b7753047f8d1b03ef473bf74e\UIAutomationClient.ni.dll
+ 2011-10-16 19:13 . 2011-10-16 19:13 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\018b6e48c32d5b5d78086998e3505f1c\System.Web.RegularExpressions.ni.dll
+ 2011-10-16 19:03 . 2011-10-16 19:03 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\8efcd633af87989355382b5039f1b7df\System.Transactions.ni.dll
+ 2011-10-16 19:13 . 2011-10-16 19:13 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll
+ 2011-10-16 19:03 . 2011-10-16 19:03 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\36c12de583ee81e9c99acb72b09d77ac\System.Security.ni.dll
+ 2011-10-16 19:12 . 2011-10-16 19:12 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\81096bfe85eb0da5f05e8a127ffa43b2\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2011-10-16 19:03 . 2011-10-16 19:03 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\36bf3d5f05a40c9e3cadca5789c8a469\System.Runtime.Remoting.ni.dll
+ 2011-10-16 19:34 . 2011-10-16 19:34 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\8acd508fd65801747e89bb5ab7e981e4\System.Messaging.ni.dll
+ 2011-10-16 19:35 . 2011-10-16 19:35 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\90b90e700e59d73d6d692cf74e1ba16e\System.Management.ni.dll
+ 2011-10-16 19:01 . 2011-10-16 19:01 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\20a77c41ee12362d303fb2574fcd5a24\System.IO.Log.ni.dll
+ 2011-10-16 19:01 . 2011-10-16 19:01 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\41c3a2fcffc58b20023c7d54e57ea956\System.IdentityModel.Selectors.ni.dll
+ 2011-10-16 19:03 . 2011-10-16 19:03 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\69792bef8a100a055db88848836a7d88\System.EnterpriseServices.Wrapper.dll
+ 2011-10-16 19:03 . 2011-10-16 19:03 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\69792bef8a100a055db88848836a7d88\System.EnterpriseServices.ni.dll
+ 2011-10-15 22:54 . 2011-10-15 22:54 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\896eca06e2d9377b2dc4fad56ce49b07\System.Drawing.Design.ni.dll
+ 2011-10-16 19:13 . 2011-10-16 19:13 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\33e9b0c368c31ef37a2ec7b5a181044b\System.DirectoryServices.Protocols.ni.dll
+ 2011-10-16 19:03 . 2011-10-16 19:03 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll
+ 2011-10-16 19:13 . 2011-10-16 19:13 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\29d7091f6eab0ec61c4eb625ed221b73\System.Configuration.Install.ni.dll
+ 2011-10-16 19:01 . 2011-10-16 19:01 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\3048737e9e3bf5173121a084337256bc\System.AddIn.ni.dll
+ 2011-10-16 19:36 . 2011-10-16 19:36 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\6e45cf503f025c5fe814ea7e52f62a78\SMSvcHost.ni.exe
+ 2011-10-16 19:34 . 2011-10-16 19:34 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\474a341340f687bcbd7777f2820a8c7a\SMDiagnostics.ni.dll
+ 2011-10-16 19:24 . 2011-10-16 19:24 749568 c:\windows\assembly\NativeImages_v2.0.50727_32\Sketchcplu\db284d4995ded86a50ad08f803a27d97\Sketchcplu.ni.dll
+ 2011-10-16 19:27 . 2011-10-16 19:27 311808 c:\windows\assembly\NativeImages_v2.0.50727_32\sheetmetalcplu\9e0b07a2e624023859c0d43c193e9afb\sheetmetalcplu.ni.dll
+ 2011-10-16 19:36 . 2011-10-16 19:36 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\f2df1ca28301bfe7e1d52b86c8394217\ServiceModelReg.ni.exe
+ 2011-10-16 19:27 . 2011-10-16 19:27 176640 c:\windows\assembly\NativeImages_v2.0.50727_32\refgeomcplu\c51e48ce8879b48ab1d53e80d6355d60\refgeomcplu.ni.dll
+ 2011-10-15 22:52 . 2011-10-15 22:52 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c2ebcc8d60422f224b4088f3d7a2ac1f\PresentationFramework.Luna.ni.dll
+ 2011-10-15 22:52 . 2011-10-15 22:52 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\94cfc00ad448575bfb0e67c53b514cd5\PresentationFramework.Aero.ni.dll
+ 2011-10-15 22:52 . 2011-10-15 22:52 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\478d57d96f3d8d5fc15c7ac635a4a6a1\PresentationFramework.Classic.ni.dll
+ 2011-10-15 22:52 . 2011-10-15 22:52 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\23c5852ff8ed973ff9b63ce9ba7f91f0\PresentationFramework.Royale.ni.dll
+ 2011-10-16 19:36 . 2011-10-16 19:36 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\04595f414c49cf2a65b349648ba23e62\MSBuild.ni.exe
+ 2011-10-16 19:01 . 2011-10-16 19:01 183808 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\ec944ce29f369b5894d50d3bb6a9ae76\Microsoft.VisualStudio.Tools.Office.Excel.HostAdapter.v10.0.ni.dll
+ 2011-10-16 19:01 . 2011-10-16 19:01 215040 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\a5868910ebb3469dd54b790121793a30\Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0.ni.dll
+ 2011-10-16 19:01 . 2011-10-16 19:01 112128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\6eb568dffe76c0790c45056530aaa500\Microsoft.VisualStudio.Tools.Office.Contract.v9.0.ni.dll
+ 2011-10-16 19:01 . 2011-10-16 19:01 133120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\1880ca8ad0f132cb8e0a683c54b0e66f\Microsoft.VisualStudio.Tools.Applications.Runtime.v9.0.ni.dll
+ 2011-10-16 19:01 . 2011-10-16 19:01 146432 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\142b1fff489c0e436058208d5d4043e7\Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0.ni.dll
+ 2011-10-16 19:01 . 2011-10-16 19:01 192000 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\082cc1f531a8709ba5c630c1fae49951\Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0.ni.dll
+ 2011-10-16 19:26 . 2011-10-16 19:26 119808 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vbe.Inter#\5fd9a78687287395f2de45147aa237b3\Microsoft.Vbe.Interop.ni.dll
+ 2011-10-16 19:36 . 2011-10-16 19:36 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\4cbd7ed9fbf9f1b3cbdf23906cc0f5a3\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2011-10-16 19:01 . 2011-10-16 19:01 152064 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.To#\68ed4302550f9a73a35efaa184d5694d\Microsoft.Office.Tools.v9.0.ni.dll
+ 2011-10-16 19:36 . 2011-10-16 19:36 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\dc278e1123086ae32fec8f7e9751db14\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2011-10-16 19:25 . 2011-10-16 19:25 200704 c:\windows\assembly\NativeImages_v2.0.50727_32\featurecplu\06fba2010cb0d9c1f977b0830a10c864\featurecplu.ni.dll
+ 2011-10-16 19:36 . 2011-10-16 19:36 276480 c:\windows\assembly\NativeImages_v2.0.50727_32\EnvDTE80\49ae31763c5d5e529376bc0386477f71\EnvDTE80.ni.dll
+ 2011-10-16 19:01 . 2011-10-16 19:01 573440 c:\windows\assembly\NativeImages_v2.0.50727_32\EnvDTE\2fa4a5bff86e931467b0b566700b3ad7\EnvDTE.ni.dll
+ 2011-10-16 19:35 . 2011-10-16 19:35 105984 c:\windows\assembly\NativeImages_v2.0.50727_32\eDrawingsGraphicsCa#\2aef457cd656c99f5dceba83288eb64e\eDrawingsGraphicsCardClient.ni.dll
+ 2011-10-16 19:36 . 2011-10-16 19:36 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\3e6deccf191ab943d3a0812a38ab5c97\CustomMarshalers.ni.dll
+ 2011-10-16 19:20 . 2011-10-16 19:20 961536 c:\windows\assembly\NativeImages_v2.0.50727_32\couplingBase\90d2c18729de9ce7ae3c6aaed38cdae9\couplingBase.ni.dll
+ 2011-10-16 19:23 . 2011-10-16 19:23 441344 c:\windows\assembly\NativeImages_v2.0.50727_32\Controls\92199162569347e0a85acc76769fc9bc\Controls.ni.dll
+ 2011-10-16 19:26 . 2011-10-16 19:26 341504 c:\windows\assembly\NativeImages_v2.0.50727_32\contentcplu\8c992337b0357ddfa306b846369db838\contentcplu.ni.dll
+ 2011-10-16 19:26 . 2011-10-16 19:26 624128 c:\windows\assembly\NativeImages_v2.0.50727_32\ContentBase\aca21aa0b6b5f602b0369d005103b657\ContentBase.ni.dll
+ 2011-10-16 19:35 . 2011-10-16 19:35 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\4e68d5df30b197ff72c75f1c3c24b949\ComSvcConfig.ni.exe
+ 2011-10-16 19:23 . 2011-10-16 19:23 154112 c:\windows\assembly\NativeImages_v2.0.50727_32\CmdInterface\7ce8fd457d9db48f502e63901e5e5eca\CmdInterface.ni.dll
+ 2011-10-16 19:01 . 2011-10-16 19:01 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\e1bcee92f5af50d560d577c0a99ea3bd\AspNetMMCExt.ni.dll
+ 2011-10-16 19:25 . 2011-10-16 19:25 371200 c:\windows\assembly\NativeImages_v2.0.50727_32\asmfeaturecplu\e2f609428922be99330556bac1f508af\asmfeaturecplu.ni.dll
+ 2011-10-16 19:24 . 2011-10-16 19:24 947712 c:\windows\assembly\NativeImages_v2.0.50727_32\apicoupleru\81e198e26b9eb4e58740e8d9fb50ee99\apicoupleru.ni.dll
+ 2011-10-16 19:24 . 2011-10-16 19:24 168448 c:\windows\assembly\NativeImages_v2.0.50727_32\AnnotationWPF\f0bc322bc5d217eb5ed46413e32395e9\AnnotationWPF.ni.dll
+ 2011-10-16 19:03 . 2011-10-16 19:03 198144 c:\windows\assembly\NativeImages_v2.0.50727_32\annotationcplu\d69ea9a1dc572ceda27db9b7201bd203\annotationcplu.ni.dll
+ 2011-10-15 22:47 . 2011-10-15 22:47 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2011-08-10 12:48 . 2011-08-10 12:48 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2011-10-15 22:47 . 2011-10-15 22:47 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2011-08-10 12:48 . 2011-08-10 12:48 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2011-08-10 12:48 . 2011-08-10 12:48 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2011-10-15 22:47 . 2011-10-15 22:47 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2011-10-15 22:47 . 2011-10-15 22:47 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2011-08-10 12:48 . 2011-08-10 12:48 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2011-10-15 22:47 . 2011-10-15 22:47 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2011-08-10 12:48 . 2011-08-10 12:48 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2011-08-10 12:48 . 2011-08-10 12:48 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2011-10-15 22:47 . 2011-10-15 22:47 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2011-08-10 12:48 . 2011-08-10 12:48 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2011-10-15 22:47 . 2011-10-15 22:47 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2011-08-10 12:48 . 2011-08-10 12:48 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2011-10-15 22:47 . 2011-10-15 22:47 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2011-08-10 12:48 . 2011-08-10 12:48 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2011-10-15 22:47 . 2011-10-15 22:47 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2011-08-10 12:48 . 2011-08-10 12:48 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2011-10-15 22:47 . 2011-10-15 22:47 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2011-10-15 22:47 . 2011-10-15 22:47 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2011-08-10 12:48 . 2011-08-10 12:48 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2011-10-15 22:47 . 2011-10-15 22:47 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2011-08-10 12:49 . 2011-08-10 12:49 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2011-08-10 12:48 . 2011-08-10 12:48 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2011-10-15 22:47 . 2011-10-15 22:47 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2011-08-10 12:48 . 2011-08-10 12:48 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2011-10-15 22:47 . 2011-10-15 22:47 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2011-10-15 22:47 . 2011-10-15 22:47 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2011-08-10 12:48 . 2011-08-10 12:48 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2011-10-15 22:47 . 2011-10-15 22:47 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2011-08-10 12:48 . 2011-08-10 12:48 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2011-08-10 12:48 . 2011-08-10 12:48 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2011-10-15 22:47 . 2011-10-15 22:47 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2011-08-10 12:48 . 2011-08-10 12:48 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2011-10-15 22:47 . 2011-10-15 22:47 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2011-08-10 12:48 . 2011-08-10 12:48 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2011-10-15 22:47 . 2011-10-15 22:47 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2011-08-10 12:48 . 2011-08-10 12:48 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2011-10-15 22:47 . 2011-10-15 22:47 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2011-08-10 12:48 . 2011-08-10 12:48 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2011-10-15 22:47 . 2011-10-15 22:47 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2011-08-10 12:47 . 2011-08-10 12:47 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2011-10-15 22:46 . 2011-10-15 22:46 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2011-10-15 22:47 . 2011-10-15 22:47 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2011-08-10 12:48 . 2011-08-10 12:48 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2011-10-15 22:47 . 2011-10-15 22:47 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2011-10-15 22:47 . 2011-10-15 22:47 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2011-10-15 22:47 . 2011-10-15 22:47 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2011-08-10 12:48 . 2011-08-10 12:48 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2009-08-01 07:34 . 2011-08-22 23:48 1212416 c:\windows\system32\urlmon.dll
- 2009-08-01 07:34 . 2011-06-23 18:36 1212416 c:\windows\system32\urlmon.dll
+ 2009-08-01 07:34 . 2011-10-03 08:35 5971456 c:\windows\system32\mshtml.dll
+ 2009-03-08 11:32 . 2011-08-22 23:48 2000384 c:\windows\system32\iertutil.dll
- 2009-08-01 07:34 . 2011-06-02 14:02 1858944 c:\windows\system32\dllcache\win32k.sys
+ 2009-08-01 07:34 . 2011-09-06 13:20 1858944 c:\windows\system32\dllcache\win32k.sys
+ 2009-08-01 07:34 . 2011-08-22 23:48 1212416 c:\windows\system32\dllcache\urlmon.dll
- 2009-08-01 07:34 . 2011-06-23 18:36 1212416 c:\windows\system32\dllcache\urlmon.dll
+ 2009-08-01 07:34 . 2011-10-03 08:35 5971456 c:\windows\system32\dllcache\mshtml.dll
+ 2010-08-24 09:07 . 2011-08-22 23:48 2000384 c:\windows\system32\dllcache\iertutil.dll
+ 2011-07-07 12:18 . 2011-07-07 12:18 5912400 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
- 2011-03-25 13:15 . 2011-03-25 13:15 5912400 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2011-07-07 12:18 . 2011-07-07 12:18 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
- 2011-03-25 13:15 . 2011-03-25 13:15 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2011-10-15 22:41 . 2011-06-23 18:36 1212416 c:\windows\ie8updates\KB2586448-IE8\urlmon.dll
+ 2011-10-15 22:41 . 2011-07-25 15:17 5969920 c:\windows\ie8updates\KB2586448-IE8\mshtml.dll
+ 2011-10-15 22:41 . 2011-06-23 18:36 1991680 c:\windows\ie8updates\KB2586448-IE8\iertutil.dll
+ 2011-10-15 22:50 . 2011-10-15 22:50 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1adc4ae51a5ac63e896a1402749ca495\WindowsBase.ni.dll
+ 2011-10-15 22:55 . 2011-10-15 22:55 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\55d4813580b1e5d268ff0564942cee9c\UIAutomationClientsideProviders.ni.dll
+ 2011-10-15 22:49 . 2011-10-15 22:49 7950848 c:\windows\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
+ 2011-10-15 22:55 . 2011-10-15 22:55 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
+ 2011-10-16 19:12 . 2011-10-16 19:12 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\6303e256d2ac0843c3e4c24172c90544\System.Web.Services.ni.dll
+ 2011-10-15 22:54 . 2011-10-15 22:54 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\10d7daa3d1e62a0e40587cdc707be93f\System.Speech.ni.dll
+ 2011-10-16 19:01 . 2011-10-16 19:01 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\afd6134c090faf8c29cd64d4835142b2\System.Runtime.Serialization.ni.dll
+ 2011-10-15 22:54 . 2011-10-15 22:54 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\0f8e14bfdb27645fb1a92ce26f9bf521\System.Printing.ni.dll
+ 2011-10-16 19:01 . 2011-10-16 19:01 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\d14065ede44df8e9b5d6b60c5ddccc69\System.IdentityModel.ni.dll
+ 2011-10-15 22:54 . 2011-10-15 22:54 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll
+ 2011-10-16 19:03 . 2011-10-16 19:03 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\91cd88a803768151c6262853d3454ba7\System.DirectoryServices.ni.dll
+ 2011-10-16 19:12 . 2011-10-16 19:12 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\cc5ac99e8af2738e85cda5525fdd944f\System.Deployment.ni.dll
+ 2011-10-15 22:53 . 2011-10-15 22:53 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\ec323cf1df697cc0a45f67de685db90c\System.Data.ni.dll
+ 2011-10-16 19:03 . 2011-10-16 19:03 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\ef748704f543a8791e23387652d34dfb\System.Data.SqlXml.ni.dll
+ 2011-10-16 19:13 . 2011-10-16 19:13 1115136 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\5d5aa4b926ae422607ea833d934665c2\System.Data.OracleClient.ni.dll
+ 2011-10-15 22:53 . 2011-10-15 22:53 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\d96a94076acb8e0c5a96a1b2de4b3a7a\System.Data.Linq.ni.dll
+ 2011-10-15 22:52 . 2011-10-15 22:52 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\d507b9e0e50e453793ee5e01c07a5485\System.Core.ni.dll
+ 2011-10-16 19:21 . 2011-10-16 19:21 4904448 c:\windows\assembly\NativeImages_v2.0.50727_32\sldcoreu\ebb6c8ffe2bce3f612b4ff73197d5fce\sldcoreu.ni.dll
+ 2011-10-15 22:52 . 2011-10-15 22:52 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\714e9504255565bd9076fe13628e104a\ReachFramework.ni.dll
+ 2011-10-16 19:26 . 2011-10-16 19:26 1334272 c:\windows\assembly\NativeImages_v2.0.50727_32\propertiesManagerWPF\f9be30f2fe90f0ee0ff965e9542ef8d8\propertiesManagerWPF.ni.dll
+ 2011-10-15 22:52 . 2011-10-15 22:52 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\7dc6ee14234b0686182ced75f7dae990\PresentationUI.ni.dll
+ 2011-10-15 22:49 . 2011-10-15 22:49 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\b42ad515bb20ec1f1250c040371c6730\PresentationBuildTasks.ni.dll
+ 2011-10-16 19:26 . 2011-10-16 19:26 1017344 c:\windows\assembly\NativeImages_v2.0.50727_32\office\673357b622af60875b9ebfd677511885\office.ni.dll
+ 2011-10-16 19:34 . 2011-10-16 19:34 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\ce1ecd602ca089eb13a9b428dc7f0449\Microsoft.Transactions.Bridge.ni.dll
+ 2011-10-16 19:26 . 2011-10-16 19:26 3336704 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.In#\319be313ab991fcfc75b9d02b4b6ed11\Microsoft.Office.Interop.Excel.ni.dll
+ 2011-10-16 19:35 . 2011-10-16 19:35 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\8ad32b72258899177c07dc5912b5b748\Microsoft.JScript.ni.dll
+ 2011-10-16 19:36 . 2011-10-16 19:36 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\eea7bcc8d356e3f2dcb4f36dfc1c6bc0\Microsoft.Build.Engine.ni.dll
+ 2011-10-15 22:47 . 2011-10-15 22:47 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2011-08-10 12:49 . 2011-08-10 12:49 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2011-10-15 22:47 . 2011-10-15 22:47 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2011-08-10 12:49 . 2011-08-10 12:49 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2011-08-10 12:47 . 2011-08-10 12:47 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2011-10-15 22:46 . 2011-10-15 22:46 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2011-08-10 12:47 . 2011-08-10 12:48 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2011-10-15 22:46 . 2011-10-15 22:46 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2011-08-10 12:47 . 2011-08-10 12:47 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2011-10-15 22:46 . 2011-10-15 22:46 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2011-08-10 12:48 . 2011-08-10 12:48 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2011-10-15 22:47 . 2011-10-15 22:47 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2011-06-22 01:48 . 2011-08-10 12:48 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2011-06-22 01:48 . 2011-10-15 22:47 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2009-03-08 11:39 . 2011-06-23 18:36 11081728 c:\windows\system32\ieframe.dll
+ 2009-03-08 11:39 . 2011-08-24 00:48 11081728 c:\windows\system32\ieframe.dll
+ 2010-06-25 00:51 . 2011-08-24 00:48 11081728 c:\windows\system32\dllcache\ieframe.dll
- 2010-06-25 00:51 . 2011-06-23 18:36 11081728 c:\windows\system32\dllcache\ieframe.dll
+ 2011-07-12 03:43 . 2011-07-12 03:43 11641344 c:\windows\Installer\66a6612.msp
+ 2011-10-15 22:41 . 2011-06-23 18:36 11081728 c:\windows\ie8updates\KB2586448-IE8\ieframe.dll
+ 2011-10-15 22:55 . 2011-10-15 22:55 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll
+ 2011-10-16 19:04 . 2011-10-16 19:04 11800576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\60df958ca96c9b8945f836759b6abd34\System.Web.ni.dll
+ 2011-10-16 19:02 . 2011-10-16 19:02 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\ceadaf3b3d017c7a1ef10a06f8009f6f\System.ServiceModel.ni.dll
+ 2011-10-15 22:54 . 2011-10-15 22:54 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\c6374d32e4af7b7e3e46b32176f76558\System.Design.ni.dll
+ 2011-10-15 22:52 . 2011-10-15 22:52 14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\054488924fcc579cce9fa0209dafe28b\PresentationFramework.ni.dll
+ 2011-10-15 22:51 . 2011-10-15 22:51 12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\b2f0318713eca304eaa9d86fc17edb96\PresentationCore.ni.dll
+ 2011-10-15 22:49 . 2011-10-15 22:49 11490816 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\K\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\K\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\K\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\K\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Jing"="c:\program files\TechSmith\Jing\Jing.exe" [2010-08-19 3069192]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-06-15 15141768]
"GizmoDriveDelegate"="c:\program files\Gizmo\gizmo.exe" [2011-05-04 223640]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-12-30 875016]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"RTHDCPL"="RTHDCPL.EXE" [2009-02-24 17529856]
"AzMixerSel"="c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe" [2006-01-25 53248]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-24 30192]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"snp2uvc"="c:\windows\system32\csnp2uvc.dll" [2009-02-17 196608]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-06 1430824]
"PLFSetL"="c:\windows\PLFSetL.exe" [2008-07-03 94208]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"SolidWorks_CheckForUpdates"="c:\program files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe" [2009-01-31 7300392]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"*edithostadv.exe"="c:\documents and settings\K\Start Menu\Programs\edithostadv.exe" [2011-10-14 171520]
.
c:\documents and settings\K\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\K\Application Data\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
EvernoteClipper.lnk - c:\program files\Evernote\Evernote\EvernoteClipper.exe [2011-8-8 977408]
qlock.lnk - c:\program files\Qlock\qlock.exe [2009-2-13 4142080]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2009-8-1 565248]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-5-8 607584]
Gizmo.lnk - c:\program files\Gizmo\gizmo.exe [2011-5-4 223640]
SolidWorks Background Downloader.lnk - c:\program files\Common Files\SolidWorks Installation Manager\BackgroundDownloading\sldBgDwld.exe [2011-7-18 1834280]
VPN Client.lnk - c:\windows\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\Icon3E5562ED7.ico [2010-10-12 6144]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\K\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\FreeOrion\\freeoriond.exe"=
"c:\\Documents and Settings\\K\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\ImageJ\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\DivX\\DivX Update\\DivXUpdate.exe"=
"c:\\Documents and Settings\\K\\Local Settings\\Application Data\\Google\\Update\\GoogleUpdate.exe"=
"c:\\Program Files\\Common Files\\SolidWorks Installation Manager\\BackgroundDownloading\\sldBgDwld.exe"=
"c:\\Program Files\\TechSmith\\Jing\\Jing.exe"=
"c:\\Program Files\\Google\\Update\\GoogleUpdate.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"d:\\Cleanup\\iExplore.exe"=
"c:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe"=
.
R1 GizmoDrv;Gizmo Device Driver;c:\windows\system32\drivers\gizmodrv.sys [5/4/2011 8:30 AM 25488]
R2 Gizmo Central;Gizmo Central;c:\program files\Gizmo\gservice.exe [5/4/2011 8:30 AM 34728]
R2 Remote Solver for Flow Simulation 2010;Remote Solver for Flow Simulation 2010;c:\program files\SolidWorks Corp\SolidWorks Flow Simulation (2)\binCFW\StandAloneSlv.exe [10/6/2010 7:57 PM 71432]
R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [8/1/2009 2:35 AM 237568]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [8/1/2009 12:35 AM 38912]
S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\K\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\K\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\K\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS --> c:\docume~1\K\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/24/2010 1:56 AM 135664]
S2 Remote Solver for Flow Simulation 2011;Remote Solver for Flow Simulation 2011;"c:\program files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe" --> c:\program files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [8/1/2009 1:48 AM 1684736]
S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\SolidWorks Corp\SolidWorks (2)\swScheduler\DTSCoordinatorService.exe [12/2/2010 6:18 AM 87336]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [8/1/2009 1:50 AM 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [8/24/2010 1:56 AM 135664]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [3/25/2010 10:25 AM 30969208]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 9:37 PM 4640000]
S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTS5121.sys --> c:\windows\system32\Drivers\RTS5121.sys [?]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [9/23/2005 7:01 AM 2799808]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
inetsvcs REG_MULTI_SZ intelpower
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 18:50]
.
2011-10-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-24 08:55]
.
2011-10-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-24 08:55]
.
2011-10-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3207847200-596957751-681764103-1005Core.job
- c:\documents and settings\K\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-02 01:26]
.
2011-10-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3207847200-596957751-681764103-1005UA.job
- c:\documents and settings\K\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-02 01:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_one&r=0xph08104205l0304wu45w8812314o
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_one&r=0xph08104205l0304wu45w8812314o
uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe" //mailurl:mailto:[email protected]
uInternet Settings,ProxyOverride = *.local
IE: Add to Evernote 4.0 - c:\program files\Evernote\Evernote\EvernoteIE.dll/204
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files\Evernote\Evernote\EvernoteIE.dll/204
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\K\Application Data\Mozilla\Firefox\Profiles\tjyi1aio.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Google Gears: {000a9d1c-beef-4f90-9363-039d445309b8} - c:\program files\Google\Google Gears\Firefox
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Evernote Web Clipper: {E0B8C461-F8FB-49b4-8373-FE32E9252800} - %profile%\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}
FF - Ext: FireFTP: {a7c6cf7f-112c-4500-a7ea-39801a327e5f} - %profile%\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
FF - Ext: Delicious Bookmarks: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9} - %profile%\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
FF - Ext: Readability: [email protected] - %profile%\extensions\[email protected]
FF - Ext: UnMHT: {f759ca51-3a91-4dd1-ae78-9db5eee9ebf0} - %profile%\extensions\{f759ca51-3a91-4dd1-ae78-9db5eee9ebf0}
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-77903650.sys
SafeBoot-83147909.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-16 12:39
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3396)
c:\windows\system32\WININET.dll
c:\documents and settings\K\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~2\Office14\1033\GrooveIntlResource.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\ieframe.dll
c:\program files\Gizmo\ghook.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Google\Update\1.3.21.69\GoogleCrashHandler.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\igfxext.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\Acer.scr
c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
.
**************************************************************************
.
Completion time: 2011-10-16 12:45:47 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-16 19:45
.
Pre-Run: 21,680,156,672 bytes free
Post-Run: 21,616,402,432 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=C:\wubildr.mbr
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
C:\wubildr.mbr = "Jolicloud"
.
- - End Of File - - A2FD24D036D00E339DA3FBC7B6BB5440



OTL logfile created on: 10/16/2011 12:59:14 PM - Run 8
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\K\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.87 Mb Total Physical Memory | 225.32 Mb Available Physical Memory | 22.22% Memory free
2.38 Gb Paging File | 1.76 Gb Available in Paging File | 73.66% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 139.04 Gb Total Space | 20.03 Gb Free Space | 14.40% Space Free | Partition Type: NTFS
Drive D: | 3.73 Gb Total Space | 2.68 Gb Free Space | 71.96% Space Free | Partition Type: FAT32

Computer Name: ACER-399B23EC8F | User Name: K | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/16 11:48:06 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\K\Desktop\OTL(1).exe
PRC - [2011/09/25 14:37:43 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.69\GoogleCrashHandler.exe
PRC - [2011/08/08 18:28:02 | 000,977,408 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
PRC - [2011/06/08 12:12:40 | 001,834,280 | ---- | M] (Dassault Systmes SolidWorks Corp.) -- C:\Program Files\Common Files\SolidWorks Installation Manager\BackgroundDownloading\sldBgDwld.exe
PRC - [2011/05/25 13:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\K\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2011/05/04 08:30:42 | 000,034,728 | ---- | M] (Arainia Solutions) -- C:\Program Files\Gizmo\gservice.exe
PRC - [2011/05/04 08:30:41 | 000,223,640 | ---- | M] (Arainia Solutions) -- C:\Program Files\Gizmo\gizmo.exe
PRC - [2011/03/21 14:10:00 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/10/06 19:57:42 | 000,071,432 | ---- | M] (Mentor Graphics Corporation) -- C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation (2)\binCFW\StandAloneSlv.exe
PRC - [2010/08/19 15:23:10 | 003,069,192 | ---- | M] (TechSmith Corporation) -- C:\Program Files\TechSmith\Jing\Jing.exe
PRC - [2010/03/23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2009/06/25 17:30:36 | 000,565,248 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\AcerVCM.exe
PRC - [2009/05/08 15:09:42 | 000,607,584 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2009/02/13 23:37:32 | 004,142,080 | ---- | M] () -- C:\Program Files\Qlock\qlock.exe
PRC - [2009/02/05 08:14:56 | 000,237,568 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\RS_Service.exe
PRC - [2009/01/31 11:26:09 | 007,300,392 | ---- | M] (Dassault Systmes SolidWorks Corp.) -- C:\Program Files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe
PRC - [2008/12/30 00:09:54 | 000,875,016 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2008/07/03 15:58:22 | 000,094,208 | ---- | M] (sonix) -- C:\WINDOWS\PLFSetL.exe
PRC - [2008/04/15 17:54:42 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2008/04/15 17:54:40 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/04/14 05:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/15 15:47:35 | 002,048,000 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2011/10/15 15:47:34 | 003,182,592 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2011/10/15 15:47:31 | 000,425,984 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2011/10/15 15:47:26 | 004,550,656 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
MOD - [2011/10/15 15:47:21 | 000,626,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2011/10/15 15:46:56 | 005,025,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2011/05/04 08:30:42 | 000,404,384 | ---- | M] () -- C:\Program Files\Gizmo\gdatabase.dll
MOD - [2011/05/04 08:30:42 | 000,394,656 | ---- | M] () -- C:\Program Files\Gizmo\gdrive.dll
MOD - [2011/05/04 08:30:42 | 000,372,632 | ---- | M] () -- C:\Program Files\Gizmo\ghash.dll
MOD - [2011/05/04 08:30:42 | 000,339,864 | ---- | M] () -- C:\Program Files\Gizmo\gscript.dll
MOD - [2011/05/04 08:30:42 | 000,339,864 | ---- | M] () -- C:\Program Files\Gizmo\geditor.dll
MOD - [2011/05/04 08:30:41 | 000,315,800 | ---- | M] () -- C:\Program Files\Gizmo\gmanager.dll
MOD - [2011/05/04 08:30:41 | 000,166,816 | ---- | M] () -- C:\Program Files\Gizmo\gimage.dll
MOD - [2011/04/19 12:39:46 | 000,315,392 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libtidy.dll
MOD - [2011/04/19 12:39:44 | 000,433,664 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libxml2.dll
MOD - [2011/03/21 14:10:36 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/03/21 14:10:00 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2010/08/25 03:25:39 | 001,249,280 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
MOD - [2010/08/25 03:25:38 | 005,279,744 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
MOD - [2010/08/25 03:25:36 | 004,210,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
MOD - [2010/08/24 02:36:19 | 000,397,312 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.Luna\3.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
MOD - [2010/08/24 02:36:09 | 000,098,304 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\UIAutomationTypes\3.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
MOD - [2010/08/19 15:23:08 | 000,969,480 | ---- | M] () -- C:\Program Files\TechSmith\Jing\Recorder.dll
MOD - [2010/06/03 13:46:00 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010/03/24 21:17:36 | 008,794,464 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/03/23 13:26:48 | 000,201,512 | ---- | M] () -- C:\WINDOWS\system32\vpnapi.dll
MOD - [2010/01/30 02:41:12 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2009/12/20 18:42:16 | 000,176,235 | ---- | M] () -- C:\WINDOWS\system32\Primomonnt.dll
MOD - [2009/05/08 15:08:42 | 002,854,976 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll
MOD - [2009/05/08 15:06:38 | 000,069,697 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2009/02/13 23:37:32 | 004,142,080 | ---- | M] () -- C:\Program Files\Qlock\qlock.exe
MOD - [2008/04/14 05:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/04/14 05:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2003/06/06 22:30:08 | 000,057,344 | ---- | M] () -- C:\Program Files\Launch Manager\PowerUtl.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Remote Solver for Flow Simulation 2011)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/07/18 23:19:56 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/05/04 08:30:42 | 000,034,728 | ---- | M] (Arainia Solutions) [Auto | Running] -- C:\Program Files\Gizmo\gservice.exe -- (Gizmo Central)
SRV - [2010/12/09 11:07:10 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2010/12/02 06:18:32 | 000,087,336 | ---- | M] (Dassault Systmes SolidWorks Corp.) [On_Demand | Stopped] -- C:\Program Files\SolidWorks Corp\SolidWorks (2)\swScheduler\DTSCoordinatorService.exe -- (CoordinatorServiceHost)
SRV - [2010/10/06 19:57:42 | 000,071,432 | ---- | M] (Mentor Graphics Corporation) [Auto | Running] -- C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation (2)\binCFW\StandAloneSlv.exe -- (Remote Solver for Flow Simulation 2010)
SRV - [2010/03/25 10:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/03/23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2009/02/05 08:14:56 | 000,237,568 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2008/04/15 17:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel®
SRV - [2005/09/23 07:01:16 | 002,799,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2011/05/04 08:30:46 | 000,025,488 | ---- | M] (Arainia Solutions LLC) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\gizmodrv.sys -- (GizmoDrv)
DRV - [2010/03/23 13:15:36 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2009/06/21 21:59:26 | 001,574,112 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2009/05/10 22:01:30 | 000,056,992 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2009/05/06 18:15:38 | 001,759,744 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2009/04/15 03:13:34 | 000,991,136 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2009/03/01 22:03:48 | 000,038,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)
DRV - [2009/02/24 01:49:44 | 005,032,448 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/02/18 02:46:56 | 000,534,312 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2008/11/16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2008/10/30 14:19:14 | 000,047,272 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2008/08/05 05:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2007/11/14 19:05:16 | 000,394,952 | ---- | M] (Zone Labs, LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2007/01/18 20:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/11/02 06:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)
DRV - [2006/01/04 00:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...04wu45w8812314o

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...04wu45w8812314o
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {E0B8C461-F8FB-49b4-8373-FE32E9252800}:4.0.0.155231
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
FF - prefs.js..extensions.enabledItems: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}:2.3.1
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7550
FF - prefs.js..extensions.enabledItems: [email protected]:1.9
FF - prefs.js..extensions.enabledItems: {f759ca51-3a91-4dd1-ae78-9db5eee9ebf0}:5.6.9

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\K\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\K\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\K\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Documents and Settings\K\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\K\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/08/24 05:27:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/04/13 22:47:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/04/13 22:47:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/29 08:25:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/29 08:25:55 | 000,000,000 | ---D | M]

[2010/08/24 02:06:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\K\Application Data\Mozilla\Extensions
[2011/09/29 11:53:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\K\Application Data\Mozilla\Firefox\Profiles\tjyi1aio.default\extensions
[2011/08/12 18:05:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\K\Application Data\Mozilla\Firefox\Profiles\tjyi1aio.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/08/12 18:05:05 | 000,000,000 | ---D | M] (Delicious Bookmarks) -- C:\Documents and Settings\K\Application Data\Mozilla\Firefox\Profiles\tjyi1aio.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2011/08/12 18:05:05 | 000,000,000 | ---D | M] (FireFTP) -- C:\Documents and Settings\K\Application Data\Mozilla\Firefox\Profiles\tjyi1aio.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2011/08/12 18:05:07 | 000,000,000 | ---D | M] (Evernote Web Clipper) -- C:\Documents and Settings\K\Application Data\Mozilla\Firefox\Profiles\tjyi1aio.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}
[2011/08/14 14:28:33 | 000,000,000 | ---D | M] (UnMHT) -- C:\Documents and Settings\K\Application Data\Mozilla\Firefox\Profiles\tjyi1aio.default\extensions\{f759ca51-3a91-4dd1-ae78-9db5eee9ebf0}
[2011/08/14 14:28:34 | 000,000,000 | ---D | M] (Readability) -- C:\Documents and Settings\K\Application Data\Mozilla\Firefox\Profiles\tjyi1aio.default\extensions\[email protected]
[2011/10/03 11:57:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/06/29 06:22:52 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/04/13 22:47:03 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO
[2011/04/13 22:47:04 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA
[2010/08/24 05:27:06 | 000,000,000 | ---D | M] (Google Gears) -- C:\PROGRAM FILES\GOOGLE\GOOGLE GEARS\FIREFOX
File not found (No name found) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/08/26 15:38:33 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/05/16 16:52:28 | 000,258,560 | ---- | M] (Dassault Systmes SolidWorks Corp.) -- C:\Program Files\mozilla firefox\plugins\npEModelPlugin.dll

O1 HOSTS File: ([2011/10/16 12:39:10 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\Drivers\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PLFSetL] C:\WINDOWS\PLFSetL.exe (sonix)
O4 - HKLM..\Run: [snp2uvc] C:\WINDOWS\System32\csnp2uvc.dll ( )
O4 - HKLM..\Run: [SolidWorks_CheckForUpdates] C:\Program Files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe (Dassault Systmes SolidWorks Corp.)
O4 - HKCU..\Run: [GizmoDriveDelegate] C:\Program Files\Gizmo\gizmo.exe (Arainia Solutions)
O4 - HKCU..\Run: [Jing] C:\Program Files\TechSmith\Jing\Jing.exe (TechSmith Corporation)
O4 - HKLM..\RunOnce: [*edithostadv.exe] C:\Documents and Settings\K\Start Menu\Programs\edithostadv.exe (if systems)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acer VCM.lnk = C:\Program Files\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Gizmo.lnk = C:\Program Files\Gizmo\gizmo.exe (Arainia Solutions)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SolidWorks Background Downloader.lnk = C:\Program Files\Common Files\SolidWorks Installation Manager\BackgroundDownloading\sldBgDwld.exe (Dassault Systmes SolidWorks Corp.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\Icon3E5562ED7.ico ()
O4 - Startup: C:\Documents and Settings\K\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\K\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Documents and Settings\K\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O4 - Startup: C:\Documents and Settings\K\Start Menu\Programs\Startup\qlock.lnk = C:\Program Files\Qlock\qlock.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{698AAFBC-E2FC-49F8-A30F-84A1EC6145C5}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\K\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\K\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/31 23:55:07 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/16 12:10:00 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/10/16 11:57:41 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\K\Desktop\OTL(1).exe
[2011/10/16 10:20:13 | 000,187,464 | ---- | C] (Webroot) -- C:\Documents and Settings\K\Desktop\antizeroaccess.exe
[2011/10/16 10:20:13 | 000,105,672 | ---- | C] (ESET) -- C:\Documents and Settings\K\Desktop\ESETSirefefRemover.exe
[2011/10/14 12:52:22 | 004,260,579 | ---- | C] (Swearware) -- C:\Documents and Settings\K\Desktop\Explorer.com
[2011/10/14 10:37:56 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/10/14 10:37:56 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/10/14 10:37:56 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/10/14 10:37:56 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/10/14 09:20:36 | 000,171,520 | ---- | C] (if systems) -- C:\Documents and Settings\K\Start Menu\Programs\edithostadv.exe
[2011/10/11 18:05:30 | 000,000,000 | ---D | C] -- C:\found.000
[2011/10/07 14:48:25 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\K\Desktop\aswMBR.exe
[2011/10/07 12:21:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/10/07 10:42:48 | 004,261,887 | R--- | C] (Swearware) -- C:\Documents and Settings\K\Desktop\ComboFix.exe
[2011/10/07 10:17:24 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/10/03 21:38:04 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\K\Recent
[2011/10/02 14:39:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\K\Application Data\Qlock
[2011/10/02 14:05:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/10/02 14:04:53 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/02 14:04:39 | 000,000,000 | R--D | C] -- C:\Documents and Settings\K\Start Menu\Programs\Administrative Tools
[2011/10/02 14:03:08 | 001,548,080 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\K\Desktop\tdsskiller.exe
[2011/09/29 11:21:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/09/29 11:21:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/09/29 10:02:49 | 000,000,000 | ---D | C] -- C:\MGtools
[2011/09/29 08:28:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\K\Application Data\SUPERAntiSpyware.com
[2011/09/29 08:28:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/08/22 13:06:54 | 000,196,608 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll
[2010/08/22 06:51:46 | 000,225,280 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll
[2009/08/01 00:35:00 | 000,049,152 | ---- | C] ( ) -- C:\WINDOWS\Interop.IWshRuntimeLibrary.dll

========== Files - Modified Within 30 Days ==========

[2011/10/16 12:48:15 | 000,000,962 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3207847200-596957751-681764103-1005UA.job
[2011/10/16 12:43:42 | 000,437,618 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/10/16 12:43:42 | 000,069,678 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/10/16 12:42:16 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/16 12:39:30 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2011/10/16 12:39:10 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/10/16 12:38:58 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/16 12:38:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/16 12:38:52 | 1063,194,624 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/16 12:10:08 | 000,000,328 | RHS- | M] () -- C:\boot.ini
[2011/10/16 11:48:54 | 004,261,887 | R--- | M] (Swearware) -- C:\Documents and Settings\K\Desktop\ComboFix.exe
[2011/10/16 11:48:06 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\K\Desktop\OTL(1).exe
[2011/10/16 10:40:24 | 000,368,096 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/16 10:08:52 | 000,187,464 | ---- | M] (Webroot) -- C:\Documents and Settings\K\Desktop\antizeroaccess.exe
[2011/10/16 10:08:36 | 000,105,672 | ---- | M] (ESET) -- C:\Documents and Settings\K\Desktop\ESETSirefefRemover.exe
[2011/10/16 10:05:06 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/10/14 10:07:38 | 004,260,579 | ---- | M] (Swearware) -- C:\Documents and Settings\K\Desktop\Explorer.com
[2011/10/14 09:42:46 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\{2521BB91-29B1-4d7e-9137-AC9875D77735}
[2011/10/14 09:28:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/10/14 08:39:04 | 097,971,376 | ---- | M] () -- C:\Documents and Settings\K\Desktop\setup_11.0.0.1245.x01_2011_10_14_17_38.exe
[2011/10/09 21:48:02 | 000,000,910 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3207847200-596957751-681764103-1005Core.job
[2011/10/07 09:05:28 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\K\Desktop\aswMBR.exe
[2011/10/02 13:47:10 | 001,548,080 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\K\Desktop\tdsskiller.exe
[2011/09/30 23:41:30 | 000,027,754 | ---- | M] () -- C:\MGlogs.zip
[2011/09/29 14:22:20 | 000,582,656 | ---- | M] () -- C:\Documents and Settings\K\Desktop\OTL.exe
[2011/09/29 14:21:56 | 000,582,656 | ---- | M] () -- C:\Documents and Settings\K\Desktop\OTL.scr
[2011/09/29 10:20:10 | 002,170,570 | ---- | M] () -- C:\Documents and Settings\K\My Documents\cc_20110929_101851.reg
[2011/09/29 08:28:00 | 017,217,688 | ---- | M] () -- C:\Documents and Settings\K\Desktop\SAS_09216917.COM
[2011/09/29 08:19:56 | 002,420,346 | ---- | M] () -- C:\MGtools.exe
[2011/09/29 08:19:56 | 002,420,346 | ---- | M] () -- C:\Documents and Settings\K\Desktop\MGtools.exe
[2011/09/29 07:47:36 | 009,851,496 | ---- | M] () -- C:\mdsbdsam-setup.exe
[2011/09/29 07:47:36 | 009,851,496 | ---- | M] () -- C:\Documents and Settings\K\Desktop\mdsbdsam-setup.exe
[2011/09/28 13:30:45 | 001,008,092 | ---- | M] () -- C:\Documents and Settings\K\Desktop\rkill.exe
[2011/09/23 11:04:45 | 000,000,686 | ---- | M] () -- C:\Documents and Settings\K\Desktop\Shortcut to Opti 597 - Technical Writing.lnk

========== Files Created - No Company Name ==========

[2011/10/16 12:10:08 | 000,000,212 | ---- | C] () -- C:\Boot.bak
[2011/10/16 12:10:02 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/10/16 11:56:35 | 1063,194,624 | -HS- | C] () -- C:\hiberfil.sys
[2011/10/14 12:48:47 | 097,971,376 | ---- | C] () -- C:\Documents and Settings\K\Desktop\setup_11.0.0.1245.x01_2011_10_14_17_38.exe
[2011/10/14 10:37:56 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/10/14 10:37:56 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/10/14 10:37:56 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/10/14 10:37:56 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/10/14 10:37:56 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/10/14 09:44:48 | 000,582,656 | ---- | C] () -- C:\Documents and Settings\K\Desktop\OTL.scr
[2011/10/14 09:42:46 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\{2521BB91-29B1-4d7e-9137-AC9875D77735}
[2011/10/11 18:36:14 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/10/02 16:04:16 | 000,582,656 | ---- | C] () -- C:\Documents and Settings\K\Desktop\OTL.exe
[2011/09/29 12:23:12 | 009,851,496 | ---- | C] () -- C:\mdsbdsam-setup.exe
[2011/09/29 12:23:12 | 002,420,346 | ---- | C] () -- C:\MGtools.exe
[2011/09/29 10:19:18 | 002,170,570 | ---- | C] () -- C:\Documents and Settings\K\My Documents\cc_20110929_101851.reg
[2011/09/29 10:02:52 | 000,027,754 | ---- | C] () -- C:\MGlogs.zip
[2011/09/29 10:02:43 | 002,420,346 | ---- | C] () -- C:\Documents and Settings\K\Desktop\MGtools.exe
[2011/09/29 10:02:38 | 009,851,496 | ---- | C] () -- C:\Documents and Settings\K\Desktop\mdsbdsam-setup.exe
[2011/09/29 08:27:27 | 017,217,688 | ---- | C] () -- C:\Documents and Settings\K\Desktop\SAS_09216917.COM
[2011/09/28 13:30:42 | 001,008,092 | ---- | C] () -- C:\Documents and Settings\K\Desktop\rkill.exe
[2011/09/23 11:04:45 | 000,000,686 | ---- | C] () -- C:\Documents and Settings\K\Desktop\Shortcut to Opti 597 - Technical Writing.lnk
[2011/09/11 20:28:42 | 000,000,625 | ---- | C] () -- C:\WINDOWS\solvermfc.INI
[2011/02/10 19:28:31 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/12/09 11:18:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\eDrawingOfficeAutomator.INI
[2010/10/17 22:04:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\yap.INI
[2010/09/16 11:41:58 | 000,957,904 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/09/03 12:03:54 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2010/08/25 02:31:38 | 000,083,108 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/08/24 15:30:06 | 000,009,216 | ---- | C] () -- C:\Documents and Settings\K\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/24 02:05:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/08/22 13:06:54 | 001,759,744 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2010/08/22 13:06:54 | 000,028,544 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys
[2010/08/22 13:06:53 | 000,000,323 | ---- | C] () -- C:\WINDOWS\PidList.ini
[2010/03/23 13:26:48 | 000,201,512 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2010/03/23 13:17:40 | 000,197,416 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2009/12/20 18:42:18 | 000,000,314 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2009/08/01 03:01:06 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/08/01 01:48:57 | 000,090,772 | ---- | C] () -- C:\WINDOWS\System32\drivers\RtConvEQ.DAT
[2009/08/01 01:48:57 | 000,000,536 | ---- | C] () -- C:\WINDOWS\System32\drivers\RtHdatEx.dat
[2009/08/01 01:48:57 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTEQEX2.dat
[2009/08/01 01:48:57 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTEQEX1.dat
[2009/08/01 01:48:57 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTEQEX0.dat
[2009/08/01 01:48:57 | 000,000,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTHDAEQ0.dat
[2009/08/01 01:48:57 | 000,000,164 | ---- | C] () -- C:\WINDOWS\System32\drivers\SamSfPa.dat
[2009/08/01 01:48:57 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\rtkhdaud.dat
[2009/08/01 01:48:01 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009/08/01 00:34:51 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009/08/01 00:34:50 | 000,437,618 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2009/08/01 00:34:50 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2009/08/01 00:34:50 | 000,069,678 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2009/08/01 00:34:50 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2009/08/01 00:34:50 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2009/08/01 00:34:49 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2009/08/01 00:34:49 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2009/08/01 00:34:48 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2009/08/01 00:34:48 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2009/08/01 00:34:44 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2009/08/01 00:34:42 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2009/07/31 23:58:22 | 000,007,003 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2009/07/31 23:57:06 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/07/31 23:52:54 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/07/31 23:51:59 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2009/07/31 16:49:29 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/07/31 16:48:41 | 000,368,096 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/05/08 15:08:42 | 002,854,976 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2009/02/24 19:20:23 | 000,020,480 | ---- | C] () -- C:\WINDOWS\LauncheRyDiscCalc.exe
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== LOP Check ==========

[2011/05/25 11:12:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DassaultSystemes
[2009/08/01 02:33:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eSobi
[2010/08/24 16:05:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/08/22 13:14:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\.BitTornado
[2009/08/01 02:35:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Acer
[2009/08/01 02:07:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Acer GameZone Console
[2011/01/08 12:30:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\calibre
[2011/05/25 11:12:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\DassaultSystemes
[2011/10/16 12:46:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Dropbox
[2011/01/02 15:42:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\FreeOrion
[2011/05/04 08:30:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Gizmo
[2011/10/16 12:39:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\IM
[2011/03/02 20:18:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2010/10/14 06:58:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\MuPAD
[2010/11/24 22:25:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Paltalk
[2011/04/09 23:19:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\PrimoPDF
[2011/10/02 14:39:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Qlock
[2009/08/01 02:25:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Super-Cow

========== Purity Check ==========



< End of report >
  • 0

#25
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hello
The good news is that the rootkit is most probably gone. However I see some things that I don't like

Are you sure you have AVG installed? I can't see any traces of it in the logs or in the programs list...

If you do have AVG, I suggest you uninstall it and install Avast, as AVG may be damaged and Avast is a very good & free antivirus.

Avast! Home Edition - a very good free AntiVirus.

Next:

File Scanner
There are some files I need you to upload for checking

  • Make sure to use Internet Explorer for this
  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:
    • C:\WINDOWS\explorer.exe
  • Click on the Upload button
  • If a pop-up appears saying the file has been scanned already, please select the ReScan button.
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.

Follow the same procedure with:
  • C:\Windows\System32\winlogon.exe
  • C:\WINDOWS\system32\userinit.exe
  • C:\Documents and Settings\K\Start Menu\Programs\edithostadv.exe


Note:Disable your antivirus before uploading these files and after you finish re-enable it



Next:

Delete the copy of ComboFix you have on your Desktop and follow these:



Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**



Next:

If you know what these two files are and you want them, delete the following lines from the OTL script:

[2011/09/29 07:47:36 | 009,851,496 | ---- | M] () -- C:\mdsbdsam-setup.exe
[2011/09/29 07:47:36 | 009,851,496 | ---- | M] () -- C:\Documents and Settings\K\Desktop\mdsbdsam-setup.exe




Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O4 - HKLM..\RunOnce: [*edithostadv.exe] C:\Documents and Settings\K\Start Menu\Programs\edithostadv.exe (if systems)
    [2011/10/14 09:42:46 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\{2521BB91-29B1-4d7e-9137-AC9875D77735}
    [2011/09/29 07:47:36 | 009,851,496 | ---- | M] () -- C:\mdsbdsam-setup.exe
    [2011/09/29 07:47:36 | 009,851,496 | ---- | M] () -- C:\Documents and Settings\K\Desktop\mdsbdsam-setup.exe
    [2011/10/14 09:42:46 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\{2521BB91-29B1-4d7e-9137-AC9875D77735}

    :Services

    :Reg

    :Files

    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again.
  • Under Extra Registry select Use Safelist
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    netsvcs
    %SYSTEMDRIVE%\*.exe
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %SYSTEMDRIVE%\*.exe
    %ALLUSERSPROFILE%\Application Data\*.exe
    %APPDATA%\*.
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    CREATERESTOREPOINT

  • Click the Run Scan button. Post the log it produces in your next reply.


Next:

Did you install Wubi Ubuntu at your computer? I'm asking this because I saw this line in your boot.ini file:

C:\wubildr.mbr = "Jolicloud"


  • 0

Advertisements


#26
Ksavvy

Ksavvy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Running Combofix and OTL scans now. Here are 3 files from virscan.org, the first one (edithostadv.exe) i tried i thought i had disabled avg, but was mistaken, so i wont be able to get that scan for you until i get to another computer. I can tell you right now though, it (edithostadv.exe) had red malware, trojan downloader, and spyware all over it (i scanned it at a friends house before their computer shut down while i was posting here)

Thank you again for all your help. Good news that the Rootkit is gone, now just to round up whatever other critters are still around...

Oh, and i did install Jolicloud, yet i was planning to uninstall it after getting all this taken care of.



VirSCAN.org Scanned Report :
Scanned time : 2008/04/28 05:50:23 (MST)
Scanner results: 3% Scanner(s) (1/36) found malware!
File Name : explorer.exe
File Size : 1033728 byte
File Type : MS-DOS executable (EXE), OS/2 or MS Windows
MD5 : 12896823fb95bfb3dc9b46bcaedc9923
SHA1 : 9d2bf84874abc5b6e9a2744b7865c193c08d362f
Online report : http://r.virscan.org...18b094b5da3a210

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 3.5.0.16 2008.04.27 2008-04-27 3.84 -
AhnLab V3 2008.04.28.00 2008.04.28 2008-04-28 1.13 -
AntiVir 7.8.0.10 7.0.3.220 2008-04-28 2.78 -
Arcavir 1.0.4 200804271350 2008-04-27 2.30 -
AVAST! 1.0.8 080428-0 2008-04-28 3.06 -
AVG 7.5.51.442 269.23.5/1401 2008-04-28 2.87 -
BitDefender 7.60825.1184481 7.18704 2008-04-28 4.08 -
CA (VET) 9.0.0.143 31.3.5741 2008-04-28 6.55 -
ClamAV 0.93 6863 2008-04-21 0.27 -
Comodo 2.11 2.0.0.509 2008-04-28 1.03 -
CP Secure 1.1.0.715 2008.04.28 2008-04-28 7.54 -
Dr.Web 4.44.0.9170 2008.04.28 2008-04-28 6.33 -
ewido 4.0.0.2 2008.04.28 2008-04-28 2.55 -
F-Prot 4.4.1.52 20080427 2008-04-27 1.60 -
F-Secure 5.51.6100 2008.04.28.01 2008-04-28 5.04 -
Fortinet 2.81-3.11 9.25 2008-04-28 2.31 -
ViRobot 20080428 2008.04.28 2008-04-28 0.39 -
Ikarus T3.1.01.26 2008.04.28.70668 2008-04-28 2.51 -
JiangMin 10.00.650 2008.04.28 2008-04-28 1.53 -
Kaspersky 5.5.10 2008.04.28 2008-04-28 10.89 -
KingSoft 2007.6.20.249 2008.4.28 2008-04-28 1.18 -
McAfee 5.2.00 5282 2008-04-25 6.31 -
Microsoft 1.3408 2008.04.24 2008-04-24 7.22 -
mks_vir 2.01 2008.04.28 2008-04-28 5.72 -
Norman 5.91.10 5.90 2008-04-22 16.99 -
Panda 9.04.03.0001 2008.04.27 2008-04-27 9.46 -
Trend Micro 8.500-1001 5.244.03 2008-04-28 0.04 -
Prevx V2 20080428 2008-04-28 8.40 TROJAN.DOWNLOADER.GEN
Quick Heal 9.00 2008.04.26 2008-04-26 6.32 -
Rising 20.0 20.42.01.00 2008-04-28 2.57 -
Sophos 2.72.0 4.28 2008-04-28 18.16 -
Symantec 1.3.0.24 20080427.009 2008-04-27 0.62 -
nProtect 2008-04-28.00 1437905 2008-04-28 13.80 -
The Hacker 6.2.92 v00294 2008-04-26 3.66 -
VBA32 3.12.6.5 20080428.0807 2008-04-28 5.85 -
VirusBuster 4.3.19:9 9.126.6/11.0 2008-04-27 6.81 -


VirSCAN.org Scanned Report :
Scanned time : 2011/10/17 23:50:04 (MST)
Scanner results: Scanners did not find malware!
File Name : userinit.exe
File Size : 26112 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : a93aee1928a9d7ce3e16d24ec7380f89
SHA1 : 513f8bdf67a5a9e09803cfb61f590b39f2683853
Online report : http://r.virscan.org...ab20cdecb6be3f9

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.1.0.4 20111018100135 2011-10-18 0.42 -
AhnLab V3 2011.10.18.00 2011.10.18 2011-10-18 2.40 -
AntiVir 8.2.6.84 7.11.16.29 2011-10-17 0.64 -
Antiy 2.0.18 20111017.13306130 2011-10-17 0.20 -
Arcavir 2011 201110171500 2011-10-17 3.35 -
Authentium 5.1.1 201110172233 2011-10-17 1.67 -
AVAST! 4.7.4 111017-1 2011-10-17 0.01 -
AVG 8.5.850 271.1.1/3941 2011-10-06 0.27 -
BitDefender 7.90123.9302815 7.39528 2011-10-18 6.78 -
ClamAV 0.97.1 13813 2011-10-18 0.00 -
Comodo 5.1 10482 2011-10-18 2.05 -
CP Secure 1.3.0.5 2011.10.18 2011-10-18 0.06 -
Dr.Web 5.0.2.3300 2011.10.18 2011-10-18 22.46 -
F-Prot 4.6.2.117 20111017 2011-10-17 0.81 -
F-Secure 7.02.73807 2011.10.18.01 2011-10-18 0.35 -
Fortinet 4.2.257 14.247 2011-10-17 0.18 -
GData 22.2462 20111018 2011-10-18 0.20 -
ViRobot 20111017 2011.10.17 2011-10-17 0.44 -
Ikarus T3.1.32.20.0 2011.10.18.79603 2011-10-18 5.81 -
JiangMin 13.0.900 2011.10.17 2011-10-17 2.12 -
Kaspersky 5.5.10 2011.10.17 2011-10-17 0.18 -
KingSoft 2009.2.5.15 2011.10.18.9 2011-10-18 1.30 -
McAfee 5400.1158 6502 2011-10-17 11.24 -
Microsoft 1.7702 2011.10.18 2011-10-18 3.62 -
NOD32 3.0.21 6545 2011-10-15 0.01 -
Norman 6.07.11 6.07.00 2011-09-17 22.04 -
Panda 9.05.01 2011.10.17 2011-10-17 3.06 -
Trend Micro 9.500-1005 8.504.08 2011-10-17 0.12 -
Quick Heal 11.00 2011.10.18 2011-10-18 1.05 -
Rising 20.0 23.80.01.01 2011-10-18 2.50 -
Sophos 3.24.4 4.70 2011-10-18 4.54 -
Sunbelt 3.9.2514.2 10795 2011-10-17 0.77 -
Symantec 1.3.0.24 20111017.003 2011-10-17 0.06 -
nProtect 20111017.01 13003106 2011-10-17 1.22 -
The Hacker 6.7.0.1 v00325 2011-10-16 0.53 -
VBA32 3.12.16.4 20111016.1836 2011-10-16 7.36 -
VirusBuster 5.4.0.7 14.1.16.0/6540609 2011-10-17 0.00 -



VirSCAN.org Scanned Report :
Scanned time : 2011/10/17 23:53:52 (MST)
Scanner results: Scanners did not find malware!
File Name : winlogon.exe
File Size : 507904 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : ed0ef0a136dec83df69f04118870003e
SHA1 : f77a7cd78877527023ebfb35e83b75ef59d3df07
Online report : http://r.virscan.org...ff66276c8280f6d

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.1.0.4 20111018100135 2011-10-18 0.34 -
AhnLab V3 2011.10.18.00 2011.10.18 2011-10-18 2.47 -
AntiVir 8.2.6.84 7.11.16.29 2011-10-17 0.32 -
Antiy 2.0.18 20111017.13306130 2011-10-17 0.02 -
Arcavir 2011 201110171500 2011-10-17 2.88 -
Authentium 5.1.1 201110172233 2011-10-17 1.67 -
AVAST! 4.7.4 111017-1 2011-10-17 0.05 -
AVG 8.5.850 271.1.1/3941 2011-10-06 0.27 -
BitDefender 7.90123.9302815 7.39528 2011-10-18 4.65 -
ClamAV 0.97.1 13813 2011-10-18 0.12 -
Comodo 5.1 10482 2011-10-18 1.89 -
CP Secure 1.3.0.5 2011.10.18 2011-10-18 0.10 -
Dr.Web 5.0.2.3300 2011.10.18 2011-10-18 15.83 -
F-Prot 4.6.2.117 20111017 2011-10-17 0.79 -
F-Secure 7.02.73807 2011.10.18.01 2011-10-18 0.31 -
Fortinet 4.2.257 14.247 2011-10-17 0.18 -
GData 22.2462 20111018 2011-10-18 0.11 -
ViRobot 20111017 2011.10.17 2011-10-17 0.39 -
Ikarus T3.1.32.20.0 2011.10.18.79603 2011-10-18 5.02 -
JiangMin 13.0.900 2011.10.17 2011-10-17 1.83 -
Kaspersky 5.5.10 2011.10.17 2011-10-17 0.18 -
KingSoft 2009.2.5.15 2011.10.18.9 2011-10-18 0.88 -
McAfee 5400.1158 6502 2011-10-17 11.19 -
Microsoft 1.7702 2011.10.18 2011-10-18 3.48 -
NOD32 3.0.21 6545 2011-10-15 0.01 -
Norman 6.07.11 6.07.00 2011-09-17 4.01 -
Panda 9.05.01 2011.10.17 2011-10-17 2.17 -
Trend Micro 9.500-1005 8.504.08 2011-10-17 0.04 -
Quick Heal 11.00 2011.10.18 2011-10-18 1.09 -
Rising 20.0 23.80.01.01 2011-10-18 2.41 -
Sophos 3.24.4 4.70 2011-10-18 4.45 -
Sunbelt 3.9.2514.2 10795 2011-10-17 0.68 -
Symantec 1.3.0.24 20111017.003 2011-10-17 0.07 -
nProtect 20111017.01 13003106 2011-10-17 1.58 -
The Hacker 6.7.0.1 v00325 2011-10-16 0.54 -
VBA32 3.12.16.4 20111016.1836 2011-10-16 4.84 -
VirusBuster 5.4.0.7 14.1.16.0/6540609 2011-10-17 0.00 -


ComboFix 11-10-17.02 - K 10/17/2011 23:44:20.9.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.267 [GMT -7:00]
Running from: c:\documents and settings\K\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-09-18 to 2011-10-18 )))))))))))))))))))))))))))))))
.
.
2011-10-16 17:41 . 2011-10-16 17:41 -------- d-----w- c:\documents and settings\Administrator
2011-10-12 01:05 . 2011-10-12 01:05 -------- d-----w- C:\found.000
2011-10-07 17:17 . 2011-10-07 17:17 -------- d-----w- C:\_OTL
2011-10-02 21:39 . 2011-10-02 21:39 -------- d-----w- c:\documents and settings\K\Application Data\Qlock
2011-09-29 19:23 . 2011-09-29 14:47 9851496 ----a-w- C:\mdsbdsam-setup.exe
2011-09-29 18:23 . 2011-09-29 18:23 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-09-29 17:02 . 2011-10-01 06:41 -------- d-----w- C:\MGtools
2011-09-29 15:28 . 2011-09-29 15:28 -------- d-----w- c:\documents and settings\K\Application Data\SUPERAntiSpyware.com
2011-09-29 15:28 . 2011-09-29 15:28 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-16 17:40 . 2009-08-01 07:34 44544 ----a-w- c:\windows\system32\drivers\fips.sys
2011-10-01 06:41 . 2011-09-29 17:02 27754 ----a-w- C:\MGlogs.zip
2011-09-26 18:41 . 2009-08-01 07:34 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 18:41 . 2008-07-30 02:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 18:41 . 2009-08-01 07:34 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-09 09:12 . 2009-08-01 07:34 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20 . 2009-08-01 07:34 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-22 23:48 . 2009-08-01 07:34 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48 . 2009-08-01 07:34 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48 . 2009-08-01 07:34 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2009-08-01 07:34 385024 ----a-w- c:\windows\system32\html.iec
2011-08-17 13:49 . 2009-08-01 07:34 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-08-02 12:18 . 2011-06-24 14:29 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2010-08-24 12:37 . 2010-08-24 12:37 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2011-10-16_19.39.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-01 07:34 . 2011-10-17 19:59 69678 c:\windows\system32\perfc009.dat
- 2009-08-01 07:34 . 2011-10-16 19:00 69678 c:\windows\system32\perfc009.dat
+ 2011-10-16 19:54 . 2011-10-16 19:54 98816 c:\windows\assembly\NativeImages_v2.0.50727_32\VSLangProj\57823761e3f2c54cee7fc53acefcc893\VSLangProj.ni.dll
+ 2011-10-16 19:53 . 2011-10-16 19:53 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\6c334564da041df8fb75415f2d503224\System.Windows.Presentation.ni.dll
+ 2011-10-16 19:53 . 2011-10-16 19:53 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\a54a122f1070ab71931dd9679ddd8e90\System.Web.DynamicData.Design.ni.dll
+ 2011-10-16 19:50 . 2011-10-16 19:50 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\ac92806d5bd508eb25f1b4b73a36b101\System.ComponentModel.DataAnnotations.ni.dll
+ 2011-10-16 19:50 . 2011-10-16 19:50 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\e6a9cd66d11a21776dbf425e8e28099c\System.AddIn.Contract.ni.dll
+ 2011-10-16 19:49 . 2011-10-16 19:49 22016 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\db4f8f1c2468988697b19fde758e4d5c\Microsoft.VisualStudio.Designer.Interfaces.ni.dll
+ 2011-10-16 19:50 . 2011-10-16 19:50 66560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\710038107829842461d82b979e8bca6e\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v10.0.ni.dll
+ 2011-10-16 19:48 . 2011-10-16 19:48 19968 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.In#\02af0ddfacf0bfcbc95058e324bf09e7\Microsoft.Office.InfoPath.Permission.ni.dll
+ 2011-10-16 19:47 . 2011-10-16 19:47 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\aefe683674c97a998f4e908c1a7ee7c6\Microsoft.Build.Framework.ni.dll
- 2011-10-16 19:36 . 2011-10-16 19:36 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\aefe683674c97a998f4e908c1a7ee7c6\Microsoft.Build.Framework.ni.dll
+ 2011-10-16 19:47 . 2011-10-16 19:47 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\845eef4d09f28da6ee05d99f93c90f6e\Microsoft.Build.Framework.ni.dll
- 2011-10-16 19:36 . 2011-10-16 19:36 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\ipdmctrl\84d2a811b7c0329e2bdbbf2526757fbc\ipdmctrl.ni.dll
+ 2011-10-16 19:47 . 2011-10-16 19:47 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\ipdmctrl\84d2a811b7c0329e2bdbbf2526757fbc\ipdmctrl.ni.dll
+ 2009-08-01 07:34 . 2011-10-17 19:59 437618 c:\windows\system32\perfh009.dat
- 2009-08-01 07:34 . 2011-10-16 19:00 437618 c:\windows\system32\perfh009.dat
+ 2011-10-16 19:47 . 2011-10-16 19:47 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\c8627df7adb416722d8e0f05c57fef6b\WsatConfig.ni.exe
- 2011-10-16 19:36 . 2011-10-16 19:36 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\c8627df7adb416722d8e0f05c57fef6b\WsatConfig.ni.exe
+ 2011-10-16 19:54 . 2011-10-16 19:54 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\566b2e11e7f3f6d973b17b86cf42f9bc\System.Xml.Linq.ni.dll
+ 2011-10-16 19:53 . 2011-10-16 19:53 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\3533d614ebecd4344efbee619dd11a74\System.Web.Routing.ni.dll
+ 2011-10-16 19:53 . 2011-10-16 19:53 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\d93514a764a83b18f6f3547b59cc8ae9\System.Web.Extensions.Design.ni.dll
+ 2011-10-16 19:53 . 2011-10-16 19:53 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\93b5d1b77a74b76ac73cbf51ec871c01\System.Web.Entity.ni.dll
+ 2011-10-16 19:53 . 2011-10-16 19:53 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\d06a7d5872bbe85795f947f6c75d38c6\System.Web.Entity.Design.ni.dll
+ 2011-10-16 19:53 . 2011-10-16 19:53 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\ad0851438a18bf730d974c9b2f5f776a\System.Web.DynamicData.ni.dll
+ 2011-10-16 19:53 . 2011-10-16 19:53 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\734ab0ea87d7dfd5c583eea535c05878\System.Web.Abstractions.ni.dll
+ 2011-10-16 19:53 . 2011-10-16 19:53 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\b2a84980f206431821d85d5155d5916f\System.Net.ni.dll
+ 2011-10-16 19:53 . 2011-10-16 19:53 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\f36eded354122da9555a6c7cdbdb5431\System.Management.Instrumentation.ni.dll
+ 2011-10-16 19:52 . 2011-10-16 19:52 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\11cdd1c0d65428cd3505d3813d36638c\System.DirectoryServices.AccountManagement.ni.dll
+ 2011-10-16 19:52 . 2011-10-16 19:52 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\e5ada332a9bc3c982e6aede6ba354196\System.Data.Services.Client.ni.dll
+ 2011-10-16 19:52 . 2011-10-16 19:52 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\3f179f373f31817a914b639a56cc0497\System.Data.Services.Design.ni.dll
+ 2011-10-16 19:52 . 2011-10-16 19:52 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\fee1a48b769a8c4beb335ee5ce006091\System.Data.Entity.Design.ni.dll
+ 2011-10-16 19:50 . 2011-10-16 19:50 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\b9d9ff5d03e90ede1116794f2c7dd6da\System.Data.DataSetExtensions.ni.dll
+ 2011-10-16 19:47 . 2011-10-16 19:47 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\6e45cf503f025c5fe814ea7e52f62a78\SMSvcHost.ni.exe
- 2011-10-16 19:36 . 2011-10-16 19:36 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\6e45cf503f025c5fe814ea7e52f62a78\SMSvcHost.ni.exe
+ 2011-10-16 19:44 . 2011-10-16 19:44 355328 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\fbb073920624bbdcf436fc312eaebe9f\ServiceModelReg.ni.exe
- 2011-10-16 19:36 . 2011-10-16 19:36 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\04595f414c49cf2a65b349648ba23e62\MSBuild.ni.exe
+ 2011-10-16 19:47 . 2011-10-16 19:47 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\04595f414c49cf2a65b349648ba23e62\MSBuild.ni.exe
+ 2011-10-16 19:50 . 2011-10-16 19:50 161280 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\f8aff594f6f2921bd947927d24f12488\Microsoft.VisualStudio.Tools.Office.Word.AddInProxy.v9.0.ni.dll
+ 2011-10-16 19:50 . 2011-10-16 19:50 337920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\e018f495298c7e932a777009a4c70e79\Microsoft.VisualStudio.Tools.Applications.ServerDocument.v9.0.ni.dll
+ 2011-10-16 19:49 . 2011-10-16 19:49 306176 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\d393526c651354e50ba490d2d299c509\Microsoft.VisualStudio.OLE.Interop.ni.dll
+ 2011-10-16 19:50 . 2011-10-16 19:50 365056 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\bd6a0a542d90b9f0dee78153e214e774\Microsoft.VisualStudio.Tools.Applications.Hosting.v10.0.ni.dll
+ 2011-10-16 19:50 . 2011-10-16 19:50 664064 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\b93f2154d61a824040fc489dc0a61cbb\Microsoft.VisualStudio.Tools.Applications.ServerDocument.v10.0.ni.dll
+ 2011-10-16 19:50 . 2011-10-16 19:50 146432 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\b4200110135de15b76573dbfb338afde\Microsoft.VisualStudio.Tools.Office.ContainerControl.v10.0.ni.dll
+ 2011-10-16 19:49 . 2011-10-16 19:49 369664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\b1953157e935fa670e34a2f4efab5683\Microsoft.VisualStudio.Shell.Interop.8.0.ni.dll
+ 2011-10-16 19:49 . 2011-10-16 19:49 664576 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\8669b7a8152e3248b5ff60ce38bdeed6\Microsoft.VisualStudio.ni.dll
+ 2011-10-16 19:50 . 2011-10-16 19:50 161792 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\6c50f04d344395f23a8bc4fd7d41e4c4\Microsoft.VisualStudio.Tools.Office.Excel.AddInProxy.v9.0.ni.dll
+ 2011-10-16 19:49 . 2011-10-16 19:49 823808 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\5bb795cc831574bfcbd2d08a950e756e\Microsoft.VisualStudio.Shell.ni.dll
+ 2011-10-16 19:49 . 2011-10-16 19:49 595968 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\47201f80c4663ef96d3a3ad5038917d7\Microsoft.VisualStudio.Shell.Design.ni.dll
+ 2011-10-16 19:50 . 2011-10-16 19:50 622080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\4566c7477fb3c01050267737da059f19\Microsoft.VisualStudio.Tools.Office.Runtime.v10.0.ni.dll
+ 2011-10-16 19:50 . 2011-10-16 19:50 285184 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\3b8073fe91eadf2a670f83009d663c67\Microsoft.VisualStudio.Tools.Applications.Hosting.v9.0.ni.dll
+ 2011-10-16 19:50 . 2011-10-16 19:50 303104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\20bfe9361e7d7f64c8d531c8760ea096\Microsoft.VisualStudio.Tools.Office.AppInfoDocument.v9.0.ni.dll
+ 2011-10-16 19:50 . 2011-10-16 19:50 819712 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\1c356619d4c19932e741121680fdcfe2\Microsoft.VisualStudio.Windows.Forms.ni.dll
+ 2011-10-16 19:49 . 2011-10-16 19:49 220160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\01c745016668ad80e107d25e889c3eeb\Microsoft.VisualStudio.Configuration.ni.dll
+ 2011-10-16 19:49 . 2011-10-16 19:49 167424 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.To#\94fee35dec99cd25aed3668e7be2bc8f\Microsoft.Office.Tools.Outlook.v9.0.ni.dll
+ 2011-10-16 19:49 . 2011-10-16 19:49 815616 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.To#\82cb865cd1da4f31fab81db2b2ab7fef\Microsoft.Office.Tools.Common.v9.0.ni.dll
+ 2011-10-16 19:49 . 2011-10-16 19:49 854528 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.To#\54fa844b02cc606a4c25c7ef2411f5c2\Microsoft.Office.Tools.Word.v9.0.ni.dll
+ 2011-10-16 19:48 . 2011-10-16 19:48 375808 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.In#\fc131a2a34e764b964ebf75a1c7cd536\Microsoft.Office.Interop.InfoPath.ni.dll
+ 2011-10-16 19:48 . 2011-10-16 19:48 206848 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.In#\af97a63f9934f2f16550edda7b06fc30\Microsoft.Office.InfoPath.Client.Internal.Host.Interop.ni.dll
+ 2011-10-16 19:48 . 2011-10-16 19:48 114688 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.In#\9651efa72fdb37d4ae245feec649a85b\Microsoft.Office.InfoPath.ni.dll
+ 2011-10-16 19:47 . 2011-10-16 19:47 268800 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.Bu#\c4b36597480eb30b5eaf7d4920e5cdcb\Microsoft.Office.BusinessApplications.Diagnostics.ni.dll
+ 2011-10-16 19:47 . 2011-10-16 19:47 343040 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.BusinessD#\6ffbd1eac4fb533e28e5808df3b1b2ef\Microsoft.BusinessData.ni.dll
+ 2011-10-16 19:47 . 2011-10-16 19:47 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\ff6d4892775fd1f9b137f7c92ea453f2\Microsoft.Build.Utilities.ni.dll
+ 2011-10-16 19:47 . 2011-10-16 19:47 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\47ff0720cb80a0fc0bbd15ddc3d12adc\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2011-10-16 19:47 . 2011-10-16 19:47 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\da112c5757e3c68d6369b6aa46cc9682\Microsoft.Build.Engine.ni.dll
+ 2011-10-16 19:47 . 2011-10-16 19:47 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\dc278e1123086ae32fec8f7e9751db14\Microsoft.Build.Conversion.v3.5.ni.dll
- 2011-10-16 19:36 . 2011-10-16 19:36 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\dc278e1123086ae32fec8f7e9751db14\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2011-10-16 19:47 . 2011-10-16 19:47 276480 c:\windows\assembly\NativeImages_v2.0.50727_32\EnvDTE80\49ae31763c5d5e529376bc0386477f71\EnvDTE80.ni.dll
- 2011-10-16 19:36 . 2011-10-16 19:36 276480 c:\windows\assembly\NativeImages_v2.0.50727_32\EnvDTE80\49ae31763c5d5e529376bc0386477f71\EnvDTE80.ni.dll
+ 2011-10-16 19:47 . 2011-10-16 19:47 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\3e6deccf191ab943d3a0812a38ab5c97\CustomMarshalers.ni.dll
- 2011-10-16 19:36 . 2011-10-16 19:36 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\3e6deccf191ab943d3a0812a38ab5c97\CustomMarshalers.ni.dll
+ 2011-10-16 19:54 . 2011-10-16 19:54 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\17902fdb0e0d3bc8b49bce693415fe7e\System.WorkflowServices.ni.dll
+ 2011-10-16 19:54 . 2011-10-16 19:54 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\f72c5f649951b0403e62bfab6c453e6f\System.Workflow.Runtime.ni.dll
+ 2011-10-16 19:54 . 2011-10-16 19:54 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\0aa4f4174204c93cc5181df4a6b2fb09\System.Workflow.ComponentModel.ni.dll
+ 2011-10-16 19:54 . 2011-10-16 19:54 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\921629dc69a5a895101097c88ae67897\System.Workflow.Activities.ni.dll
+ 2011-10-16 19:53 . 2011-10-16 19:53 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\f5dac0448a1dbe2687a5df92904d6274\System.Web.Mobile.ni.dll
+ 2011-10-16 19:53 . 2011-10-16 19:53 2405376 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\ccaf6bdd256a9b5079fedadcc8993327\System.Web.Extensions.ni.dll
+ 2011-10-16 19:53 . 2011-10-16 19:53 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\9ec7da53380a754b4ad97709df0dd7e7\System.ServiceModel.Web.ni.dll
+ 2011-10-16 19:52 . 2011-10-16 19:52 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\541142d8742e6e88f1e729fafee04e71\System.Data.Services.ni.dll
+ 2011-10-16 19:52 . 2011-10-16 19:52 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\a3ce22c2a84fdcb008d72d230ee0b2c0\System.Data.Entity.ni.dll
+ 2011-10-16 19:49 . 2011-10-16 19:49 1831936 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\9f852b99a0394374aa1c0abb52e6733a\Microsoft.VisualStudio.CommonIDE.ni.dll
+ 2011-10-16 19:49 . 2011-10-16 19:49 1116160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\6d4c6f1797bd15bf126c25fac2108e86\Microsoft.VisualStudio.Design.ni.dll
+ 2011-10-16 19:49 . 2011-10-16 19:49 3929600 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\539524d432614598ac67b9ac214d4030\Microsoft.VisualStudio.Editors.ni.dll
+ 2011-10-16 19:50 . 2011-10-16 19:50 1301504 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\50e6ba25e8216c9738c5af2ac2bc6006\Microsoft.VisualStudio.Tools.Applications.Adapter.v9.0.ni.dll
+ 2011-10-16 19:49 . 2011-10-16 19:49 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\24331b719aa25ac2b21099e32232840c\Microsoft.VisualBasic.ni.dll
+ 2011-10-16 19:49 . 2011-10-16 19:49 1354240 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.To#\3f098d1aefafe2995b06e052e4ae0bf5\Microsoft.Office.Tools.Excel.v9.0.ni.dll
+ 2011-10-16 19:48 . 2011-10-16 19:48 1787904 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.In#\9fb012663a6d7c785ce28d96d106ad3c\Microsoft.Office.InfoPath.Client.Internal.Host.ni.dll
+ 2011-10-16 19:48 . 2011-10-16 19:48 1184256 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.In#\38e276a5c5ee1173b699a299d7cf425d\Microsoft.Office.Interop.InfoPath.SemiTrust.ni.dll
+ 2011-10-16 19:48 . 2011-10-16 19:48 2091008 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.Bu#\e2d22f21f4bcd5c8c5c1ea4237fc1a5b\Microsoft.Office.BusinessApplications.RuntimeUi.ni.dll
+ 2011-10-16 19:47 . 2011-10-16 19:47 1563136 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.Bu#\a79a1e05738f15394641f779845c5c43\Microsoft.Office.BusinessApplications.Runtime.ni.dll
+ 2011-10-16 19:48 . 2011-10-16 19:48 4751360 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.Bu#\8ace6f86e1a162db0e56614ad84d7599\Microsoft.Office.BusinessApplications.SyncServices.ni.dll
+ 2011-10-16 19:48 . 2011-10-16 19:48 3235840 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.Bu#\443addf4f4e64dbb694f43212b490328\Microsoft.Office.BusinessData.ni.dll
+ 2011-10-16 19:47 . 2011-10-16 19:47 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\50e7c5eb58c982dba7b21cd10a69b095\Microsoft.Build.Tasks.ni.dll
+ 2011-10-16 19:47 . 2011-10-16 19:47 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\415cef6abab5bb959f200f6c537bc289\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2011-10-16 19:47 . 2011-10-16 19:47 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\eea7bcc8d356e3f2dcb4f36dfc1c6bc0\Microsoft.Build.Engine.ni.dll
- 2011-10-16 19:36 . 2011-10-16 19:36 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\eea7bcc8d356e3f2dcb4f36dfc1c6bc0\Microsoft.Build.Engine.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\K\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\K\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\K\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\K\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Jing"="c:\program files\TechSmith\Jing\Jing.exe" [2010-08-19 3069192]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-06-15 15141768]
"GizmoDriveDelegate"="c:\program files\Gizmo\gizmo.exe" [2011-05-04 223640]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-12-30 875016]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"RTHDCPL"="RTHDCPL.EXE" [2009-02-24 17529856]
"AzMixerSel"="c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe" [2006-01-25 53248]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-24 30192]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"snp2uvc"="c:\windows\system32\csnp2uvc.dll" [2009-02-17 196608]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-06 1430824]
"PLFSetL"="c:\windows\PLFSetL.exe" [2008-07-03 94208]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"SolidWorks_CheckForUpdates"="c:\program files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe" [2009-01-31 7300392]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"*edithostadv.exe"="c:\documents and settings\K\Start Menu\Programs\edithostadv.exe" [2011-10-14 171520]
.
c:\documents and settings\K\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\K\Application Data\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
EvernoteClipper.lnk - c:\program files\Evernote\Evernote\EvernoteClipper.exe [2011-8-8 977408]
qlock.lnk - c:\program files\Qlock\qlock.exe [2009-2-13 4142080]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2009-8-1 565248]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-5-8 607584]
Gizmo.lnk - c:\program files\Gizmo\gizmo.exe [2011-5-4 223640]
SolidWorks Background Downloader.lnk - c:\program files\Common Files\SolidWorks Installation Manager\BackgroundDownloading\sldBgDwld.exe [2011-7-18 1834280]
VPN Client.lnk - c:\windows\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\Icon3E5562ED7.ico [2010-10-12 6144]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\K\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\FreeOrion\\freeoriond.exe"=
"c:\\Documents and Settings\\K\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\ImageJ\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\DivX\\DivX Update\\DivXUpdate.exe"=
"c:\\Documents and Settings\\K\\Local Settings\\Application Data\\Google\\Update\\GoogleUpdate.exe"=
"c:\\Program Files\\Common Files\\SolidWorks Installation Manager\\BackgroundDownloading\\sldBgDwld.exe"=
"c:\\Program Files\\TechSmith\\Jing\\Jing.exe"=
"c:\\Program Files\\Google\\Update\\GoogleUpdate.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe"=
.
R1 GizmoDrv;Gizmo Device Driver;c:\windows\system32\drivers\gizmodrv.sys [5/4/2011 8:30 AM 25488]
R2 Gizmo Central;Gizmo Central;c:\program files\Gizmo\gservice.exe [5/4/2011 8:30 AM 34728]
R2 Remote Solver for Flow Simulation 2010;Remote Solver for Flow Simulation 2010;c:\program files\SolidWorks Corp\SolidWorks Flow Simulation (2)\binCFW\StandAloneSlv.exe [10/6/2010 7:57 PM 71432]
R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [8/1/2009 2:35 AM 237568]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [8/1/2009 12:35 AM 38912]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 9:37 PM 4640000]
S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\K\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\K\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\K\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS --> c:\docume~1\K\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/24/2010 1:56 AM 135664]
S2 Remote Solver for Flow Simulation 2011;Remote Solver for Flow Simulation 2011;"c:\program files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe" --> c:\program files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [8/1/2009 1:48 AM 1684736]
S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\SolidWorks Corp\SolidWorks (2)\swScheduler\DTSCoordinatorService.exe [12/2/2010 6:18 AM 87336]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [8/1/2009 1:50 AM 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [8/24/2010 1:56 AM 135664]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [3/25/2010 10:25 AM 30969208]
S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTS5121.sys --> c:\windows\system32\Drivers\RTS5121.sys [?]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [9/23/2005 7:01 AM 2799808]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
inetsvcs REG_MULTI_SZ intelpower
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 18:50]
.
2011-10-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-24 08:55]
.
2011-10-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-24 08:55]
.
2011-10-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3207847200-596957751-681764103-1005Core.job
- c:\documents and settings\K\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-02 01:26]
.
2011-10-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3207847200-596957751-681764103-1005UA.job
- c:\documents and settings\K\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-02 01:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_one&r=0xph08104205l0304wu45w8812314o
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_one&r=0xph08104205l0304wu45w8812314o
uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe" //mailurl:mailto:[email protected]
uInternet Settings,ProxyOverride = *.local
IE: Add to Evernote 4.0 - c:\program files\Evernote\Evernote\EvernoteIE.dll/204
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files\Evernote\Evernote\EvernoteIE.dll/204
FF - ProfilePath - c:\documents and settings\K\Application Data\Mozilla\Firefox\Profiles\tjyi1aio.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Google Gears: {000a9d1c-beef-4f90-9363-039d445309b8} - c:\program files\Google\Google Gears\Firefox
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Evernote Web Clipper: {E0B8C461-F8FB-49b4-8373-FE32E9252800} - %profile%\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}
FF - Ext: FireFTP: {a7c6cf7f-112c-4500-a7ea-39801a327e5f} - %profile%\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
FF - Ext: Delicious Bookmarks: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9} - %profile%\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
FF - Ext: Readability: [email protected] - %profile%\extensions\[email protected]
FF - Ext: UnMHT: {f759ca51-3a91-4dd1-ae78-9db5eee9ebf0} - %profile%\extensions\{f759ca51-3a91-4dd1-ae78-9db5eee9ebf0}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-18 00:00
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1180)
c:\windows\system32\igfxdev.dll
.
- - - - - - - > 'explorer.exe'(7444)
c:\windows\system32\WININET.dll
c:\documents and settings\K\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~2\Office14\1033\GrooveIntlResource.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\ieframe.dll
c:\program files\Gizmo\ghook.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2011-10-18 00:04:28
ComboFix-quarantined-files.txt 2011-10-18 07:04
ComboFix2.txt 2011-10-16 19:45
.
Pre-Run: 21,695,684,608 bytes free
Post-Run: 21,677,260,800 bytes free
.
- - End Of File - - 92F370C7CD2E9B57535FCB323D9D961C


All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\*edithostadv.exe deleted successfully.
Invalid CLSID key: *edithostadv.exe
C:\Documents and Settings\K\Start Menu\Programs\edithostadv.exe moved successfully.
C:\WINDOWS\{2521BB91-29B1-4d7e-9137-AC9875D77735} moved successfully.
C:\mdsbdsam-setup.exe moved successfully.
File C:\Documents and Settings\K\Desktop\mdsbdsam-setup.exe not found.
File C:\WINDOWS\{2521BB91-29B1-4d7e-9137-AC9875D77735} not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 16384 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: K
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 470937 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 5934892 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32835 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1955719 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 8.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: K
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 10182011_000826

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...




OTL logfile created on: 10/18/2011 12:12:32 AM - Run 10
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\K\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.87 Mb Total Physical Memory | 385.91 Mb Available Physical Memory | 38.06% Memory free
2.38 Gb Paging File | 1.90 Gb Available in Paging File | 79.53% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 139.04 Gb Total Space | 20.24 Gb Free Space | 14.55% Space Free | Partition Type: NTFS
Drive D: | 3.73 Gb Total Space | 2.62 Gb Free Space | 70.31% Space Free | Partition Type: FAT32

Computer Name: ACER-399B23EC8F | User Name: K | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/16 11:48:06 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\K\Desktop\OTL(1).exe
PRC - [2011/09/25 14:37:43 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.69\GoogleCrashHandler.exe
PRC - [2011/08/08 18:28:02 | 000,977,408 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
PRC - [2011/06/08 12:12:40 | 001,834,280 | ---- | M] (Dassault Systmes SolidWorks Corp.) -- C:\Program Files\Common Files\SolidWorks Installation Manager\BackgroundDownloading\sldBgDwld.exe
PRC - [2011/05/25 13:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\K\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2011/05/04 08:30:42 | 000,034,728 | ---- | M] (Arainia Solutions) -- C:\Program Files\Gizmo\gservice.exe
PRC - [2011/05/04 08:30:41 | 000,223,640 | ---- | M] (Arainia Solutions) -- C:\Program Files\Gizmo\gizmo.exe
PRC - [2011/03/21 14:10:00 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/10/06 19:57:42 | 000,071,432 | ---- | M] (Mentor Graphics Corporation) -- C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation (2)\binCFW\StandAloneSlv.exe
PRC - [2010/08/19 15:23:10 | 003,069,192 | ---- | M] (TechSmith Corporation) -- C:\Program Files\TechSmith\Jing\Jing.exe
PRC - [2010/03/23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2009/06/25 17:30:36 | 000,565,248 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\AcerVCM.exe
PRC - [2009/05/08 15:09:42 | 000,607,584 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2009/02/13 23:37:32 | 004,142,080 | ---- | M] () -- C:\Program Files\Qlock\qlock.exe
PRC - [2009/02/05 08:14:56 | 000,237,568 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\RS_Service.exe
PRC - [2009/01/31 11:26:09 | 007,300,392 | ---- | M] (Dassault Systmes SolidWorks Corp.) -- C:\Program Files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe
PRC - [2008/12/30 00:09:54 | 000,875,016 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2008/07/03 15:58:22 | 000,094,208 | ---- | M] (sonix) -- C:\WINDOWS\PLFSetL.exe
PRC - [2008/04/15 17:54:42 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2008/04/15 17:54:40 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/04/14 05:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/14 05:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\savedump.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/16 12:03:21 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll
MOD - [2011/10/15 15:55:22 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
MOD - [2011/10/15 15:55:03 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll
MOD - [2011/10/15 15:54:11 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll
MOD - [2011/10/15 15:52:24 | 000,539,648 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c2ebcc8d60422f224b4088f3d7a2ac1f\PresentationFramework.Luna.ni.dll
MOD - [2011/10/15 15:52:16 | 014,328,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\054488924fcc579cce9fa0209dafe28b\PresentationFramework.ni.dll
MOD - [2011/10/15 15:51:03 | 012,215,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\b2f0318713eca304eaa9d86fc17edb96\PresentationCore.ni.dll
MOD - [2011/10/15 15:50:09 | 003,325,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\1adc4ae51a5ac63e896a1402749ca495\WindowsBase.ni.dll
MOD - [2011/10/15 15:49:48 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2011/10/15 15:49:24 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/05/04 08:30:42 | 000,404,384 | ---- | M] () -- C:\Program Files\Gizmo\gdatabase.dll
MOD - [2011/05/04 08:30:42 | 000,394,656 | ---- | M] () -- C:\Program Files\Gizmo\gdrive.dll
MOD - [2011/05/04 08:30:42 | 000,372,632 | ---- | M] () -- C:\Program Files\Gizmo\ghash.dll
MOD - [2011/05/04 08:30:42 | 000,339,864 | ---- | M] () -- C:\Program Files\Gizmo\gscript.dll
MOD - [2011/05/04 08:30:42 | 000,339,864 | ---- | M] () -- C:\Program Files\Gizmo\geditor.dll
MOD - [2011/05/04 08:30:41 | 000,315,800 | ---- | M] () -- C:\Program Files\Gizmo\gmanager.dll
MOD - [2011/05/04 08:30:41 | 000,166,816 | ---- | M] () -- C:\Program Files\Gizmo\gimage.dll
MOD - [2011/04/19 12:39:46 | 000,315,392 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libtidy.dll
MOD - [2011/04/19 12:39:44 | 000,433,664 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libxml2.dll
MOD - [2011/03/21 14:10:36 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/03/21 14:10:00 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2010/08/19 15:23:08 | 000,969,480 | ---- | M] () -- C:\Program Files\TechSmith\Jing\Recorder.dll
MOD - [2010/06/03 13:46:00 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010/03/24 21:17:36 | 008,794,464 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/03/23 13:26:48 | 000,201,512 | ---- | M] () -- C:\WINDOWS\system32\vpnapi.dll
MOD - [2010/01/30 02:41:12 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2009/12/20 18:42:16 | 000,176,235 | ---- | M] () -- C:\WINDOWS\system32\Primomonnt.dll
MOD - [2009/05/08 15:08:42 | 002,854,976 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll
MOD - [2009/05/08 15:06:38 | 000,069,697 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2009/02/13 23:37:32 | 004,142,080 | ---- | M] () -- C:\Program Files\Qlock\qlock.exe
MOD - [2008/04/14 05:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/04/14 05:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2003/06/06 22:30:08 | 000,057,344 | ---- | M] () -- C:\Program Files\Launch Manager\PowerUtl.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Remote Solver for Flow Simulation 2011)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/07/18 23:19:56 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/05/04 08:30:42 | 000,034,728 | ---- | M] (Arainia Solutions) [Auto | Running] -- C:\Program Files\Gizmo\gservice.exe -- (Gizmo Central)
SRV - [2010/12/09 11:07:10 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2010/12/02 06:18:32 | 000,087,336 | ---- | M] (Dassault Systmes SolidWorks Corp.) [On_Demand | Stopped] -- C:\Program Files\SolidWorks Corp\SolidWorks (2)\swScheduler\DTSCoordinatorService.exe -- (CoordinatorServiceHost)
SRV - [2010/10/06 19:57:42 | 000,071,432 | ---- | M] (Mentor Graphics Corporation) [Auto | Running] -- C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation (2)\binCFW\StandAloneSlv.exe -- (Remote Solver for Flow Simulation 2010)
SRV - [2010/03/25 10:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/03/23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2009/02/05 08:14:56 | 000,237,568 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2008/04/15 17:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel®
SRV - [2005/09/23 07:01:16 | 002,799,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80)


========== Driver Services (SafeList) ==========

DRV - [2011/05/04 08:30:46 | 000,025,488 | ---- | M] (Arainia Solutions LLC) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\gizmodrv.sys -- (GizmoDrv)
DRV - [2010/03/23 13:15:36 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2009/06/21 21:59:26 | 001,574,112 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2009/05/10 22:01:30 | 000,056,992 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2009/05/06 18:15:38 | 001,759,744 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2009/04/15 03:13:34 | 000,991,136 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2009/03/01 22:03:48 | 000,038,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)
DRV - [2009/02/24 01:49:44 | 005,032,448 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/02/18 02:46:56 | 000,534,312 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2008/11/16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2008/10/30 14:19:14 | 000,047,272 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2008/08/05 05:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2007/11/14 19:05:16 | 000,394,952 | ---- | M] (Zone Labs, LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2007/01/18 20:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/11/02 06:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)
DRV - [2006/01/04 00:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...04wu45w8812314o

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...04wu45w8812314o
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: {E0B8C461-F8FB-49b4-8373-FE32E9252800}:4.0.0.155231
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
FF - prefs.js..extensions.enabledItems: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}:2.3.1
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7550
FF - prefs.js..extensions.enabledItems: [email protected]:1.9
FF - prefs.js..extensions.enabledItems: {f759ca51-3a91-4dd1-ae78-9db5eee9ebf0}:5.6.9

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\K\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\K\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\K\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Documents and Settings\K\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\K\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/08/24 05:27:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/04/13 22:47:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/04/13 22:47:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/29 08:25:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/29 08:25:55 | 000,000,000 | ---D | M]

[2010/08/24 02:06:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\K\Application Data\Mozilla\Extensions
[2011/09/29 11:53:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\K\Application Data\Mozilla\Firefox\Profiles\tjyi1aio.default\extensions
[2011/08/12 18:05:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\K\Application Data\Mozilla\Firefox\Profiles\tjyi1aio.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/08/12 18:05:05 | 000,000,000 | ---D | M] (Delicious Bookmarks) -- C:\Documents and Settings\K\Application Data\Mozilla\Firefox\Profiles\tjyi1aio.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2011/08/12 18:05:05 | 000,000,000 | ---D | M] (FireFTP) -- C:\Documents and Settings\K\Application Data\Mozilla\Firefox\Profiles\tjyi1aio.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2011/08/12 18:05:07 | 000,000,000 | ---D | M] (Evernote Web Clipper) -- C:\Documents and Settings\K\Application Data\Mozilla\Firefox\Profiles\tjyi1aio.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}
[2011/08/14 14:28:33 | 000,000,000 | ---D | M] (UnMHT) -- C:\Documents and Settings\K\Application Data\Mozilla\Firefox\Profiles\tjyi1aio.default\extensions\{f759ca51-3a91-4dd1-ae78-9db5eee9ebf0}
[2011/08/14 14:28:34 | 000,000,000 | ---D | M] (Readability) -- C:\Documents and Settings\K\Application Data\Mozilla\Firefox\Profiles\tjyi1aio.default\extensions\[email protected]
[2011/10/17 20:29:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/06/29 06:22:52 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/04/13 22:47:03 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO
[2011/04/13 22:47:04 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA
[2010/08/24 05:27:06 | 000,000,000 | ---D | M] (Google Gears) -- C:\PROGRAM FILES\GOOGLE\GOOGLE GEARS\FIREFOX
[2010/08/26 15:38:33 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/05/16 16:52:28 | 000,258,560 | ---- | M] (Dassault Systmes SolidWorks Corp.) -- C:\Program Files\mozilla firefox\plugins\npEModelPlugin.dll

O1 HOSTS File: ([2011/10/16 12:39:10 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\Drivers\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PLFSetL] C:\WINDOWS\PLFSetL.exe (sonix)
O4 - HKLM..\Run: [snp2uvc] C:\WINDOWS\System32\csnp2uvc.dll ( )
O4 - HKLM..\Run: [SolidWorks_CheckForUpdates] C:\Program Files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe (Dassault Systmes SolidWorks Corp.)
O4 - HKCU..\Run: [GizmoDriveDelegate] C:\Program Files\Gizmo\gizmo.exe (Arainia Solutions)
O4 - HKCU..\Run: [Jing] C:\Program Files\TechSmith\Jing\Jing.exe (TechSmith Corporation)
O4 - HKLM..\RunOnce: [*acctadmqueue.exe] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\acctadmqueue.exe (if systems)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\acctadmqueue.exe (if systems)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acer VCM.lnk = C:\Program Files\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Gizmo.lnk = C:\Program Files\Gizmo\gizmo.exe (Arainia Solutions)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SolidWorks Background Downloader.lnk = C:\Program Files\Common Files\SolidWorks Installation Manager\BackgroundDownloading\sldBgDwld.exe (Dassault Systmes SolidWorks Corp.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\Icon3E5562ED7.ico ()
O4 - Startup: C:\Documents and Settings\K\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\K\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Documents and Settings\K\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O4 - Startup: C:\Documents and Settings\K\Start Menu\Programs\Startup\qlock.lnk = C:\Program Files\Qlock\qlock.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\K\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\K\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/31 23:55:07 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: mcmscsvc - Service
SafeBootMin: MCODS - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: AppMgmt - File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: mcmscsvc - Service
SafeBootNet: MCODS - Service
SafeBootNet: MpfService - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/10/18 00:08:31 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/10/18 00:08:30 | 000,171,520 | ---- | C] (if systems) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\acctadmqueue.exe
[2011/10/18 00:07:07 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\K\Desktop\OTL(1).exe
[2011/10/17 23:42:40 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/10/17 23:37:36 | 004,263,508 | R--- | C] (Swearware) -- C:\Documents and Settings\K\Desktop\ComboFix.exe
[2011/10/16 12:10:00 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/10/14 10:37:56 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/10/14 10:37:56 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/10/14 10:37:56 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/10/14 10:37:56 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/10/11 18:05:30 | 000,000,000 | ---D | C] -- C:\found.000
[2011/10/07 12:21:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/10/07 10:17:24 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/10/03 21:38:04 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\K\Recent
[2011/10/02 14:39:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\K\Application Data\Qlock
[2011/10/02 14:05:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/10/02 14:04:53 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/02 14:04:39 | 000,000,000 | R--D | C] -- C:\Documents and Settings\K\Start Menu\Programs\Administrative Tools
[2011/09/29 11:21:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/09/29 11:21:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/09/29 10:02:49 | 000,000,000 | ---D | C] -- C:\MGtools
[2011/09/29 08:28:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\K\Application Data\SUPERAntiSpyware.com
[2011/09/29 08:28:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/08/22 13:06:54 | 000,196,608 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll
[2010/08/22 06:51:46 | 000,225,280 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll
[2009/08/01 00:35:00 | 000,049,152 | ---- | C] ( ) -- C:\WINDOWS\Interop.IWshRuntimeLibrary.dll

========== Files - Modified Within 30 Days ==========

[2011/10/18 00:14:05 | 000,437,618 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/10/18 00:14:05 | 000,069,678 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/10/18 00:10:23 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2011/10/18 00:09:33 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/18 00:09:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/18 00:09:27 | 1063,194,624 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/18 00:08:30 | 000,171,520 | ---- | M] (if systems) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\acctadmqueue.exe
[2011/10/17 23:42:17 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/17 23:36:24 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/10/17 20:49:48 | 004,263,508 | R--- | M] (Swearware) -- C:\Documents and Settings\K\Desktop\ComboFix.exe
[2011/10/17 20:43:58 | 059,854,808 | ---- | M] () -- C:\Documents and Settings\K\Desktop\setup_av_free_cnet.exe
[2011/10/17 13:48:06 | 000,000,962 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3207847200-596957751-681764103-1005UA.job
[2011/10/16 21:48:00 | 000,000,910 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3207847200-596957751-681764103-1005Core.job
[2011/10/16 12:39:10 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/10/16 12:10:08 | 000,000,328 | RHS- | M] () -- C:\boot.ini
[2011/10/16 11:48:06 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\K\Desktop\OTL(1).exe
[2011/10/16 10:40:24 | 000,368,096 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/14 09:28:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/10/03 01:35:11 | 005,971,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2011/09/30 23:41:30 | 000,027,754 | ---- | M] () -- C:\MGlogs.zip
[2011/09/29 14:22:20 | 000,582,656 | ---- | M] () -- C:\Documents and Settings\K\Desktop\OTL.exe
[2011/09/29 14:21:56 | 000,582,656 | ---- | M] () -- C:\Documents and Settings\K\Desktop\OTL.scr
[2011/09/29 10:20:10 | 002,170,570 | ---- | M] () -- C:\Documents and Settings\K\My Documents\cc_20110929_101851.reg
[2011/09/29 08:19:56 | 002,420,346 | ---- | M] () -- C:\MGtools.exe
[2011/09/26 11:41:20 | 000,611,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\uiautomationcore.dll
[2011/09/26 11:41:20 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oleacc.dll
[2011/09/26 11:41:14 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\oleaccrc.dll
[2011/09/26 11:41:14 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oleaccrc.dll

========== Files Created - No Company Name ==========

[2011/10/17 21:09:11 | 059,854,808 | ---- | C] () -- C:\Documents and Settings\K\Desktop\setup_av_free_cnet.exe
[2011/10/16 12:10:08 | 000,000,212 | ---- | C] () -- C:\Boot.bak
[2011/10/16 12:10:02 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/10/16 11:56:35 | 1063,194,624 | -HS- | C] () -- C:\hiberfil.sys
[2011/10/14 10:37:56 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/10/14 10:37:56 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/10/14 10:37:56 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/10/14 10:37:56 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/10/14 10:37:56 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/10/14 09:44:48 | 000,582,656 | ---- | C] () -- C:\Documents and Settings\K\Desktop\OTL.scr
[2011/10/11 18:36:14 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/10/02 16:04:16 | 000,582,656 | ---- | C] () -- C:\Documents and Settings\K\Desktop\OTL.exe
[2011/09/29 12:23:12 | 002,420,346 | ---- | C] () -- C:\MGtools.exe
[2011/09/29 10:19:18 | 002,170,570 | ---- | C] () -- C:\Documents and Settings\K\My Documents\cc_20110929_101851.reg
[2011/09/29 10:02:52 | 000,027,754 | ---- | C] () -- C:\MGlogs.zip
[2011/09/11 20:28:42 | 000,000,625 | ---- | C] () -- C:\WINDOWS\solvermfc.INI
[2011/02/10 19:28:31 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/12/09 11:18:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\eDrawingOfficeAutomator.INI
[2010/10/17 22:04:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\yap.INI
[2010/09/16 11:41:58 | 000,957,904 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/09/03 12:03:54 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2010/08/25 02:31:38 | 000,083,108 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/08/24 15:30:06 | 000,009,216 | ---- | C] () -- C:\Documents and Settings\K\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/24 02:05:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/08/22 13:06:54 | 001,759,744 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2010/08/22 13:06:54 | 000,028,544 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys
[2010/08/22 13:06:53 | 000,000,323 | ---- | C] () -- C:\WINDOWS\PidList.ini
[2010/03/23 13:26:48 | 000,201,512 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2010/03/23 13:17:40 | 000,197,416 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2009/12/20 18:42:18 | 000,000,314 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2009/08/01 03:01:06 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/08/01 01:48:57 | 000,090,772 | ---- | C] () -- C:\WINDOWS\System32\drivers\RtConvEQ.DAT
[2009/08/01 01:48:57 | 000,000,536 | ---- | C] () -- C:\WINDOWS\System32\drivers\RtHdatEx.dat
[2009/08/01 01:48:57 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTEQEX2.dat
[2009/08/01 01:48:57 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTEQEX1.dat
[2009/08/01 01:48:57 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTEQEX0.dat
[2009/08/01 01:48:57 | 000,000,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTHDAEQ0.dat
[2009/08/01 01:48:57 | 000,000,164 | ---- | C] () -- C:\WINDOWS\System32\drivers\SamSfPa.dat
[2009/08/01 01:48:57 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\rtkhdaud.dat
[2009/08/01 01:48:01 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009/08/01 00:34:51 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009/08/01 00:34:50 | 000,437,618 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2009/08/01 00:34:50 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2009/08/01 00:34:50 | 000,069,678 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2009/08/01 00:34:50 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2009/08/01 00:34:50 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2009/08/01 00:34:49 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2009/08/01 00:34:49 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2009/08/01 00:34:48 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2009/08/01 00:34:48 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2009/08/01 00:34:44 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2009/08/01 00:34:42 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2009/07/31 23:58:22 | 000,007,003 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2009/07/31 23:57:06 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/07/31 23:52:54 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/07/31 23:51:59 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2009/07/31 16:49:29 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/07/31 16:48:41 | 000,368,096 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/05/08 15:08:42 | 002,854,976 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2009/02/24 19:20:23 | 000,020,480 | ---- | C] () -- C:\WINDOWS\LauncheRyDiscCalc.exe
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== Custom Scans ==========


< >

< >

< %SYSTEMDRIVE%\*.exe >
[2011/09/29 08:19:56 | 002,420,346 | ---- | M] () -- C:\MGtools.exe

< %SYSTEMDRIVE%\*.exe >
[2011/09/29 08:19:56 | 002,420,346 | ---- | M] () -- C:\MGtools.exe

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2010/08/22 13:14:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\.BitTornado
[2009/08/01 02:35:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Acer
[2009/08/01 02:07:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Acer GameZone Console
[2011/10/02 14:29:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Adobe
[2011/08/04 12:35:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Apple Computer
[2011/03/01 05:39:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\ArcSoft
[2011/01/08 12:30:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\calibre
[2011/05/25 11:12:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\DassaultSystemes
[2011/08/04 08:54:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\DivX
[2011/10/17 20:31:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Dropbox
[2011/01/02 15:42:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\FreeOrion
[2011/05/04 08:30:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Gizmo
[2010/08/24 01:57:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Google
[2009/07/31 23:58:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Identities
[2011/10/18 00:10:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\IM
[2009/08/01 01:43:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\InstallShield
[2009/08/01 02:32:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Macromedia
[2011/03/02 20:18:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2010/08/26 17:36:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\MathWorks
[2011/07/22 10:00:47 | 000,000,000 | --SD | M] -- C:\Documents and Settings\K\Application Data\Microsoft
[2010/10/17 22:22:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\MiKTeX
[2011/09/15 00:49:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Mozilla
[2010/10/14 06:58:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\MuPAD
[2010/11/24 22:25:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Paltalk
[2011/04/09 23:19:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\PrimoPDF
[2011/10/02 14:39:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Qlock
[2011/10/18 00:10:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Skype
[2011/06/29 06:21:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\skypePM
[2011/09/15 10:10:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\SolidWorks
[2011/06/02 13:47:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\SolidWorks 2009
[2011/09/12 01:28:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\SolidWorks 2010
[2010/08/26 15:35:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Sun
[2009/08/01 02:25:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Super-Cow
[2011/09/29 08:28:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\SUPERAntiSpyware.com
[2011/07/12 18:05:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\vlc
[2010/12/27 18:36:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\WinRAR


< MD5 for: EXPLORER.EXE >
[2008/04/14 05:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/14 05:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 05:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 05:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/14 05:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008/04/14 05:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/04/14 05:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/14 05:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/14 05:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2008/04/14 05:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/14 05:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/14 05:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/09/29 08:25:51 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/09/29 08:25:51 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/09/29 08:25:51 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/09/29 08:25:48 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/09/29 08:25:48 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/09/29 08:25:48 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/08/22 04:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/08/22 04:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/08/22 04:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/09/29 08:25:51 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/09/29 08:25:51 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/09/29 08:25:51 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/09/29 08:25:48 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/09/29 08:25:48 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/09/29 08:25:48 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/08/22 04:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/08/22 04:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/08/22 04:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< End of report >






OTL logfile created on: 10/18/2011 12:12:32 AM - Run 10
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\K\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.87 Mb Total Physical Memory | 385.91 Mb Available Physical Memory | 38.06% Memory free
2.38 Gb Paging File | 1.90 Gb Available in Paging File | 79.53% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 139.04 Gb Total Space | 20.24 Gb Free Space | 14.55% Space Free | Partition Type: NTFS
Drive D: | 3.73 Gb Total Space | 2.62 Gb Free Space | 70.31% Space Free | Partition Type: FAT32

Computer Name: ACER-399B23EC8F | User Name: K | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/16 11:48:06 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\K\Desktop\OTL(1).exe
PRC - [2011/09/25 14:37:43 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.69\GoogleCrashHandler.exe
PRC - [2011/08/08 18:28:02 | 000,977,408 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
PRC - [2011/06/08 12:12:40 | 001,834,280 | ---- | M] (Dassault Systmes SolidWorks Corp.) -- C:\Program Files\Common Files\SolidWorks Installation Manager\BackgroundDownloading\sldBgDwld.exe
PRC - [2011/05/25 13:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\K\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2011/05/04 08:30:42 | 000,034,728 | ---- | M] (Arainia Solutions) -- C:\Program Files\Gizmo\gservice.exe
PRC - [2011/05/04 08:30:41 | 000,223,640 | ---- | M] (Arainia Solutions) -- C:\Program Files\Gizmo\gizmo.exe
PRC - [2011/03/21 14:10:00 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/10/06 19:57:42 | 000,071,432 | ---- | M] (Mentor Graphics Corporation) -- C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation (2)\binCFW\StandAloneSlv.exe
PRC - [2010/08/19 15:23:10 | 003,069,192 | ---- | M] (TechSmith Corporation) -- C:\Program Files\TechSmith\Jing\Jing.exe
PRC - [2010/03/23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2009/06/25 17:30:36 | 000,565,248 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\AcerVCM.exe
PRC - [2009/05/08 15:09:42 | 000,607,584 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2009/02/13 23:37:32 | 004,142,080 | ---- | M] () -- C:\Program Files\Qlock\qlock.exe
PRC - [2009/02/05 08:14:56 | 000,237,568 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\RS_Service.exe
PRC - [2009/01/31 11:26:09 | 007,300,392 | ---- | M] (Dassault Systmes SolidWorks Corp.) -- C:\Program Files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe
PRC - [2008/12/30 00:09:54 | 000,875,016 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2008/07/03 15:58:22 | 000,094,208 | ---- | M] (sonix) -- C:\WINDOWS\PLFSetL.exe
PRC - [2008/04/15 17:54:42 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2008/04/15 17:54:40 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/04/14 05:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/14 05:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\savedump.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/16 12:03:21 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll
MOD - [2011/10/15 15:55:22 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
MOD - [2011/10/15 15:55:03 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll
MOD - [2011/10/15 15:54:11 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll
MOD - [2011/10/15 15:52:24 | 000,539,648 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c2ebcc8d60422f224b4088f3d7a2ac1f\PresentationFramework.Luna.ni.dll
MOD - [2011/10/15 15:52:16 | 014,328,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\054488924fcc579cce9fa0209dafe28b\PresentationFramework.ni.dll
MOD - [2011/10/15 15:51:03 | 012,215,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\b2f0318713eca304eaa9d86fc17edb96\PresentationCore.ni.dll
MOD - [2011/10/15 15:50:09 | 003,325,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\1adc4ae51a5ac63e896a1402749ca495\WindowsBase.ni.dll
MOD - [2011/10/15 15:49:48 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2011/10/15 15:49:24 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/05/04 08:30:42 | 000,404,384 | ---- | M] () -- C:\Program Files\Gizmo\gdatabase.dll
MOD - [2011/05/04 08:30:42 | 000,394,656 | ---- | M] () -- C:\Program Files\Gizmo\gdrive.dll
MOD - [2011/05/04 08:30:42 | 000,372,632 | ---- | M] () -- C:\Program Files\Gizmo\ghash.dll
MOD - [2011/05/04 08:30:42 | 000,339,864 | ---- | M] () -- C:\Program Files\Gizmo\gscript.dll
MOD - [2011/05/04 08:30:42 | 000,339,864 | ---- | M] () -- C:\Program Files\Gizmo\geditor.dll
MOD - [2011/05/04 08:30:41 | 000,315,800 | ---- | M] () -- C:\Program Files\Gizmo\gmanager.dll
MOD - [2011/05/04 08:30:41 | 000,166,816 | ---- | M] () -- C:\Program Files\Gizmo\gimage.dll
MOD - [2011/04/19 12:39:46 | 000,315,392 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libtidy.dll
MOD - [2011/04/19 12:39:44 | 000,433,664 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libxml2.dll
MOD - [2011/03/21 14:10:36 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/03/21 14:10:00 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2010/08/19 15:23:08 | 000,969,480 | ---- | M] () -- C:\Program Files\TechSmith\Jing\Recorder.dll
MOD - [2010/06/03 13:46:00 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010/03/24 21:17:36 | 008,794,464 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/03/23 13:26:48 | 000,201,512 | ---- | M] () -- C:\WINDOWS\system32\vpnapi.dll
MOD - [2010/01/30 02:41:12 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2009/12/20 18:42:16 | 000,176,235 | ---- | M] () -- C:\WINDOWS\system32\Primomonnt.dll
MOD - [2009/05/08 15:08:42 | 002,854,976 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll
MOD - [2009/05/08 15:06:38 | 000,069,697 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2009/02/13 23:37:32 | 004,142,080 | ---- | M] () -- C:\Program Files\Qlock\qlock.exe
MOD - [2008/04/14 05:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/04/14 05:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2003/06/06 22:30:08 | 000,057,344 | ---- | M] () -- C:\Program Files\Launch Manager\PowerUtl.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Remote Solver for Flow Simulation 2011)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/07/18 23:19:56 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/05/04 08:30:42 | 000,034,728 | ---- | M] (Arainia Solutions) [Auto | Running] -- C:\Program Files\Gizmo\gservice.exe -- (Gizmo Central)
SRV - [2010/12/09 11:07:10 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2010/12/02 06:18:32 | 000,087,336 | ---- | M] (Dassault Systmes SolidWorks Corp.) [On_Demand | Stopped] -- C:\Program Files\SolidWorks Corp\SolidWorks (2)\swScheduler\DTSCoordinatorService.exe -- (CoordinatorServiceHost)
SRV - [2010/10/06 19:57:42 | 000,071,432 | ---- | M] (Mentor Graphics Corporation) [Auto | Running] -- C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation (2)\binCFW\StandAloneSlv.exe -- (Remote Solver for Flow Simulation 2010)
SRV - [2010/03/25 10:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/03/23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2009/02/05 08:14:56 | 000,237,568 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2008/04/15 17:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel®
SRV - [2005/09/23 07:01:16 | 002,799,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80)


========== Driver Services (SafeList) ==========

DRV - [2011/05/04 08:30:46 | 000,025,488 | ---- | M] (Arainia Solutions LLC) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\gizmodrv.sys -- (GizmoDrv)
DRV - [2010/03/23 13:15:36 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2009/06/21 21:59:26 | 001,574,112 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2009/05/10 22:01:30 | 000,056,992 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2009/05/06 18:15:38 | 001,759,744 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2009/04/15 03:13:34 | 000,991,136 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2009/03/01 22:03:48 | 000,038,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)
DRV - [2009/02/24 01:49:44 | 005,032,448 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/02/18 02:46:56 | 000,534,312 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2008/11/16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2008/10/30 14:19:14 | 000,047,272 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2008/08/05 05:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2007/11/14 19:05:16 | 000,394,952 | ---- | M] (Zone Labs, LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2007/01/18 20:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/11/02 06:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)
DRV - [2006/01/04 00:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...04wu45w8812314o

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...04wu45w8812314o
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: {E0B8C461-F8FB-49b4-8373-FE32E9252800}:4.0.0.155231
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
FF - prefs.js..extensions.enabledItems: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}:2.3.1
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7550
FF - prefs.js..extensions.enabledItems: [email protected]:1.9
FF - prefs.js..extensions.enabledItems: {f759ca51-3a91-4dd1-ae78-9db5eee9ebf0}:5.6.9

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\K\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\K\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\K\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Documents and Settings\K\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\K\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/08/24 05:27:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/04/13 22:47:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/04/13 22:47:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/29 08:25:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/29 08:25:55 | 000,000,000 | ---D | M]

[2010/08/24 02:06:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\K\Application Data\Mozilla\Extensions
[2011/09/29 11:53:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\K\Application Data\Mozilla\Firefox\Profiles\tjyi1aio.default\extensions
[2011/08/12 18:05:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\K\Application Data\Mozilla\Firefox\Profiles\tjyi1aio.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/08/12 18:05:05 | 000,000,000 | ---D | M] (Delicious Bookmarks) -- C:\Documents and Settings\K\Application Data\Mozilla\Firefox\Profiles\tjyi1aio.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2011/08/12 18:05:05 | 000,000,000 | ---D | M] (FireFTP) -- C:\Documents and Settings\K\Application Data\Mozilla\Firefox\Profiles\tjyi1aio.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2011/08/12 18:05:07 | 000,000,000 | ---D | M] (Evernote Web Clipper) -- C:\Documents and Settings\K\Application Data\Mozilla\Firefox\Profiles\tjyi1aio.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}
[2011/08/14 14:28:33 | 000,000,000 | ---D | M] (UnMHT) -- C:\Documents and Settings\K\Application Data\Mozilla\Firefox\Profiles\tjyi1aio.default\extensions\{f759ca51-3a91-4dd1-ae78-9db5eee9ebf0}
[2011/08/14 14:28:34 | 000,000,000 | ---D | M] (Readability) -- C:\Documents and Settings\K\Application Data\Mozilla\Firefox\Profiles\tjyi1aio.default\extensions\[email protected]
[2011/10/17 20:29:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/06/29 06:22:52 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/04/13 22:47:03 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO
[2011/04/13 22:47:04 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA
[2010/08/24 05:27:06 | 000,000,000 | ---D | M] (Google Gears) -- C:\PROGRAM FILES\GOOGLE\GOOGLE GEARS\FIREFOX
[2010/08/26 15:38:33 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/05/16 16:52:28 | 000,258,560 | ---- | M] (Dassault Systmes SolidWorks Corp.) -- C:\Program Files\mozilla firefox\plugins\npEModelPlugin.dll

O1 HOSTS File: ([2011/10/16 12:39:10 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\Drivers\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PLFSetL] C:\WINDOWS\PLFSetL.exe (sonix)
O4 - HKLM..\Run: [snp2uvc] C:\WINDOWS\System32\csnp2uvc.dll ( )
O4 - HKLM..\Run: [SolidWorks_CheckForUpdates] C:\Program Files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe (Dassault Systmes SolidWorks Corp.)
O4 - HKCU..\Run: [GizmoDriveDelegate] C:\Program Files\Gizmo\gizmo.exe (Arainia Solutions)
O4 - HKCU..\Run: [Jing] C:\Program Files\TechSmith\Jing\Jing.exe (TechSmith Corporation)
O4 - HKLM..\RunOnce: [*acctadmqueue.exe] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\acctadmqueue.exe (if systems)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\acctadmqueue.exe (if systems)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acer VCM.lnk = C:\Program Files\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Gizmo.lnk = C:\Program Files\Gizmo\gizmo.exe (Arainia Solutions)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SolidWorks Background Downloader.lnk = C:\Program Files\Common Files\SolidWorks Installation Manager\BackgroundDownloading\sldBgDwld.exe (Dassault Systmes SolidWorks Corp.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\Icon3E5562ED7.ico ()
O4 - Startup: C:\Documents and Settings\K\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\K\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Documents and Settings\K\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O4 - Startup: C:\Documents and Settings\K\Start Menu\Programs\Startup\qlock.lnk = C:\Program Files\Qlock\qlock.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\K\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\K\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/31 23:55:07 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: mcmscsvc - Service
SafeBootMin: MCODS - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: AppMgmt - File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: mcmscsvc - Service
SafeBootNet: MCODS - Service
SafeBootNet: MpfService - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/10/18 00:08:31 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/10/18 00:08:30 | 000,171,520 | ---- | C] (if systems) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\acctadmqueue.exe
[2011/10/18 00:07:07 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\K\Desktop\OTL(1).exe
[2011/10/17 23:42:40 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/10/17 23:37:36 | 004,263,508 | R--- | C] (Swearware) -- C:\Documents and Settings\K\Desktop\ComboFix.exe
[2011/10/16 12:10:00 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/10/14 10:37:56 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/10/14 10:37:56 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/10/14 10:37:56 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/10/14 10:37:56 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/10/11 18:05:30 | 000,000,000 | ---D | C] -- C:\found.000
[2011/10/07 12:21:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/10/07 10:17:24 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/10/03 21:38:04 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\K\Recent
[2011/10/02 14:39:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\K\Application Data\Qlock
[2011/10/02 14:05:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/10/02 14:04:53 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/02 14:04:39 | 000,000,000 | R--D | C] -- C:\Documents and Settings\K\Start Menu\Programs\Administrative Tools
[2011/09/29 11:21:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/09/29 11:21:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/09/29 10:02:49 | 000,000,000 | ---D | C] -- C:\MGtools
[2011/09/29 08:28:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\K\Application Data\SUPERAntiSpyware.com
[2011/09/29 08:28:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/08/22 13:06:54 | 000,196,608 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll
[2010/08/22 06:51:46 | 000,225,280 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll
[2009/08/01 00:35:00 | 000,049,152 | ---- | C] ( ) -- C:\WINDOWS\Interop.IWshRuntimeLibrary.dll

========== Files - Modified Within 30 Days ==========

[2011/10/18 00:14:05 | 000,437,618 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/10/18 00:14:05 | 000,069,678 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/10/18 00:10:23 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2011/10/18 00:09:33 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/18 00:09:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/18 00:09:27 | 1063,194,624 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/18 00:08:30 | 000,171,520 | ---- | M] (if systems) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\acctadmqueue.exe
[2011/10/17 23:42:17 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/17 23:36:24 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/10/17 20:49:48 | 004,263,508 | R--- | M] (Swearware) -- C:\Documents and Settings\K\Desktop\ComboFix.exe
[2011/10/17 20:43:58 | 059,854,808 | ---- | M] () -- C:\Documents and Settings\K\Desktop\setup_av_free_cnet.exe
[2011/10/17 13:48:06 | 000,000,962 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3207847200-596957751-681764103-1005UA.job
[2011/10/16 21:48:00 | 000,000,910 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3207847200-596957751-681764103-1005Core.job
[2011/10/16 12:39:10 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/10/16 12:10:08 | 000,000,328 | RHS- | M] () -- C:\boot.ini
[2011/10/16 11:48:06 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\K\Desktop\OTL(1).exe
[2011/10/16 10:40:24 | 000,368,096 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/14 09:28:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/10/03 01:35:11 | 005,971,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2011/09/30 23:41:30 | 000,027,754 | ---- | M] () -- C:\MGlogs.zip
[2011/09/29 14:22:20 | 000,582,656 | ---- | M] () -- C:\Documents and Settings\K\Desktop\OTL.exe
[2011/09/29 14:21:56 | 000,582,656 | ---- | M] () -- C:\Documents and Settings\K\Desktop\OTL.scr
[2011/09/29 10:20:10 | 002,170,570 | ---- | M] () -- C:\Documents and Settings\K\My Documents\cc_20110929_101851.reg
[2011/09/29 08:19:56 | 002,420,346 | ---- | M] () -- C:\MGtools.exe
[2011/09/26 11:41:20 | 000,611,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\uiautomationcore.dll
[2011/09/26 11:41:20 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oleacc.dll
[2011/09/26 11:41:14 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\oleaccrc.dll
[2011/09/26 11:41:14 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oleaccrc.dll

========== Files Created - No Company Name ==========

[2011/10/17 21:09:11 | 059,854,808 | ---- | C] () -- C:\Documents and Settings\K\Desktop\setup_av_free_cnet.exe
[2011/10/16 12:10:08 | 000,000,212 | ---- | C] () -- C:\Boot.bak
[2011/10/16 12:10:02 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/10/16 11:56:35 | 1063,194,624 | -HS- | C] () -- C:\hiberfil.sys
[2011/10/14 10:37:56 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/10/14 10:37:56 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/10/14 10:37:56 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/10/14 10:37:56 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/10/14 10:37:56 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/10/14 09:44:48 | 000,582,656 | ---- | C] () -- C:\Documents and Settings\K\Desktop\OTL.scr
[2011/10/11 18:36:14 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/10/02 16:04:16 | 000,582,656 | ---- | C] () -- C:\Documents and Settings\K\Desktop\OTL.exe
[2011/09/29 12:23:12 | 002,420,346 | ---- | C] () -- C:\MGtools.exe
[2011/09/29 10:19:18 | 002,170,570 | ---- | C] () -- C:\Documents and Settings\K\My Documents\cc_20110929_101851.reg
[2011/09/29 10:02:52 | 000,027,754 | ---- | C] () -- C:\MGlogs.zip
[2011/09/11 20:28:42 | 000,000,625 | ---- | C] () -- C:\WINDOWS\solvermfc.INI
[2011/02/10 19:28:31 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/12/09 11:18:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\eDrawingOfficeAutomator.INI
[2010/10/17 22:04:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\yap.INI
[2010/09/16 11:41:58 | 000,957,904 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/09/03 12:03:54 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2010/08/25 02:31:38 | 000,083,108 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/08/24 15:30:06 | 000,009,216 | ---- | C] () -- C:\Documents and Settings\K\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/24 02:05:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/08/22 13:06:54 | 001,759,744 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2010/08/22 13:06:54 | 000,028,544 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys
[2010/08/22 13:06:53 | 000,000,323 | ---- | C] () -- C:\WINDOWS\PidList.ini
[2010/03/23 13:26:48 | 000,201,512 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2010/03/23 13:17:40 | 000,197,416 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2009/12/20 18:42:18 | 000,000,314 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2009/08/01 03:01:06 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/08/01 01:48:57 | 000,090,772 | ---- | C] () -- C:\WINDOWS\System32\drivers\RtConvEQ.DAT
[2009/08/01 01:48:57 | 000,000,536 | ---- | C] () -- C:\WINDOWS\System32\drivers\RtHdatEx.dat
[2009/08/01 01:48:57 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTEQEX2.dat
[2009/08/01 01:48:57 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTEQEX1.dat
[2009/08/01 01:48:57 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTEQEX0.dat
[2009/08/01 01:48:57 | 000,000,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTHDAEQ0.dat
[2009/08/01 01:48:57 | 000,000,164 | ---- | C] () -- C:\WINDOWS\System32\drivers\SamSfPa.dat
[2009/08/01 01:48:57 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\rtkhdaud.dat
[2009/08/01 01:48:01 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009/08/01 00:34:51 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009/08/01 00:34:50 | 000,437,618 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2009/08/01 00:34:50 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2009/08/01 00:34:50 | 000,069,678 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2009/08/01 00:34:50 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2009/08/01 00:34:50 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2009/08/01 00:34:49 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2009/08/01 00:34:49 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2009/08/01 00:34:48 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2009/08/01 00:34:48 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2009/08/01 00:34:44 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2009/08/01 00:34:42 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2009/07/31 23:58:22 | 000,007,003 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2009/07/31 23:57:06 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/07/31 23:52:54 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/07/31 23:51:59 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2009/07/31 16:49:29 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/07/31 16:48:41 | 000,368,096 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/05/08 15:08:42 | 002,854,976 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2009/02/24 19:20:23 | 000,020,480 | ---- | C] () -- C:\WINDOWS\LauncheRyDiscCalc.exe
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== Custom Scans ==========


< >

< >

< %SYSTEMDRIVE%\*.exe >
[2011/09/29 08:19:56 | 002,420,346 | ---- | M] () -- C:\MGtools.exe

< %SYSTEMDRIVE%\*.exe >
[2011/09/29 08:19:56 | 002,420,346 | ---- | M] () -- C:\MGtools.exe

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2010/08/22 13:14:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\.BitTornado
[2009/08/01 02:35:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Acer
[2009/08/01 02:07:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Acer GameZone Console
[2011/10/02 14:29:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Adobe
[2011/08/04 12:35:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Apple Computer
[2011/03/01 05:39:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\ArcSoft
[2011/01/08 12:30:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\calibre
[2011/05/25 11:12:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\DassaultSystemes
[2011/08/04 08:54:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\DivX
[2011/10/17 20:31:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Dropbox
[2011/01/02 15:42:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\FreeOrion
[2011/05/04 08:30:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Gizmo
[2010/08/24 01:57:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Google
[2009/07/31 23:58:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Identities
[2011/10/18 00:10:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\IM
[2009/08/01 01:43:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\InstallShield
[2009/08/01 02:32:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Macromedia
[2011/03/02 20:18:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2010/08/26 17:36:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\MathWorks
[2011/07/22 10:00:47 | 000,000,000 | --SD | M] -- C:\Documents and Settings\K\Application Data\Microsoft
[2010/10/17 22:22:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\MiKTeX
[2011/09/15 00:49:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Mozilla
[2010/10/14 06:58:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\MuPAD
[2010/11/24 22:25:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Paltalk
[2011/04/09 23:19:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\PrimoPDF
[2011/10/02 14:39:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Qlock
[2011/10/18 00:10:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Skype
[2011/06/29 06:21:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\skypePM
[2011/09/15 10:10:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\SolidWorks
[2011/06/02 13:47:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\SolidWorks 2009
[2011/09/12 01:28:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\SolidWorks 2010
[2010/08/26 15:35:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Sun
[2009/08/01 02:25:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Super-Cow
[2011/09/29 08:28:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\SUPERAntiSpyware.com
[2011/07/12 18:05:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\vlc
[2010/12/27 18:36:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\WinRAR


< MD5 for: EXPLORER.EXE >
[2008/04/14 05:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/14 05:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 05:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 05:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/14 05:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008/04/14 05:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/04/14 05:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/14 05:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/14 05:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2008/04/14 05:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/14 05:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/14 05:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/09/29 08:25:51 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/09/29 08:25:51 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/09/29 08:25:51 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/09/29 08:25:48 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/09/29 08:25:48 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/09/29 08:25:48 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/08/22 04:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/08/22 04:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/08/22 04:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/09/29 08:25:51 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/09/29 08:25:51 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/09/29 08:25:51 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/09/29 08:25:48 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/09/29 08:25:48 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/09/29 08:25:48 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/08/22 04:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/08/22 04:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/08/22 04:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< End of report >
  • 0

#27
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hello

I know that edithostadv.exe is malware, but I'm trying to find the name of the infection as it's a stubborn one

You have posted OTL log twice, but didn't post the Extras log. Can you please post it too? It should be in the directory of OTL


Next:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KillAll:

File::
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\acctadmqueue.exe


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.



Next:

Delete AVPTool you previously downloaded and download the newer version:

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow AVP to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post


Now the Analysis

Rerun AVP and select the Manual Disinfection tab and press Start Gathering System Information

Posted Image

On completion click the link to locate the zip file to upload and attach to your next post

Posted Image


Next:

1. Open the Start Menu.

2. Click on All Programs and Accessories, then right click on Command Prompt and click on Run as administrator. (See screenshot below)
Posted Image

3. In the elevated command prompt, type sfc /scannow and press Enter. (see screenshot below)
NOTE: This may take a little bit to finish.
Posted Image

4. When the scan is complete, copy the line below and paste it at the command prompt. Then press Enter

findstr /c:"[SR]" %windir%\Logs\CBS\CBS.log >%userprofile%\Desktop\sfcdetails.txt


5. The file sfcdetails.txt will now be on your desktop. Please open it , Edit | select all | copy and paste it in your next reply.

Then do this:

Click Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sigverif

Press Start in the new window. This will check your drivers. If you just get a few when it finishes tell me what they are. If you get a lot just look for those with newish dates (since about the time the problem started.)
  • 0

#28
Ksavvy

Ksavvy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Here is the log file, sorry about that.


I haven't taken every step yet, but the command prompt and "Run as administrator" step caught my attention so i tried just pulling it up, and i only have the option to run it as "Current user" or another user that requires username and password... one user is called test... and ive never tested that, anyway. long story short im not sure if "Current user" (Owner / K) is the administrator anymore... another thing that tipped me about this was because i tried to delete an old OTL.exe and an old OTL.src off my desktop to make room for new, and it says i dont have permission to delete them.

Do you want me to proceed with the command prompt step as "current user"?



OTL Extras logfile created on: 10/18/2011 12:12:32 AM - Run 10
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\K\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.87 Mb Total Physical Memory | 385.91 Mb Available Physical Memory | 38.06% Memory free
2.38 Gb Paging File | 1.90 Gb Available in Paging File | 79.53% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 139.04 Gb Total Space | 20.24 Gb Free Space | 14.55% Space Free | Partition Type: NTFS
Drive D: | 3.73 Gb Total Space | 2.62 Gb Free Space | 70.31% Space Free | Partition Type: FAT32

Computer Name: ACER-399B23EC8F | User Name: K | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Documents and Settings\K\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\K\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"C:\Program Files\FreeOrion\freeoriond.exe" = C:\Program Files\FreeOrion\freeoriond.exe:*:Enabled:freeoriond -- ()
"C:\Documents and Settings\K\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\K\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Program Files\ImageJ\jre\bin\javaw.exe" = C:\Program Files\ImageJ\jre\bin\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\DivX\DivX Update\DivXUpdate.exe" = C:\Program Files\DivX\DivX Update\DivXUpdate.exe:*:Disabled:DivX Update -- ()
"C:\Program Files\Common Files\SolidWorks Installation Manager\BackgroundDownloading\sldBgDwld.exe" = C:\Program Files\Common Files\SolidWorks Installation Manager\BackgroundDownloading\sldBgDwld.exe:*:Disabled:sldBgDwldresu -- (Dassault Systmes SolidWorks Corp.)
"C:\Program Files\TechSmith\Jing\Jing.exe" = C:\Program Files\TechSmith\Jing\Jing.exe:*:Disabled:Jing -- (TechSmith Corporation)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{15041B8B-AC63-41DF-91D2-2118CE39E8D9}" = SolidWorks Flow Simulation 2010 SP05
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2AD738DC-FC24-4342-A2DA-BB6DCCF6B048}" = Jing
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = WebCam
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3E5CBADD-2E51-47C1-BBE2-B802DB6DA56A}" = FXCM MT4 powered by BT 4.00
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{51F026FA-5146-4232-A8BA-1364740BD053}" = Acer Crystal Eye webcam
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{736D2DAD-3D87-4CAA-8646-83D238AD68E0}" = PhotoView 360
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{82705358-3BD6-3CD5-AA9A-B8F058BE3A29}" = Google Talk Plugin
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B0CBE5D-33AE-4C85-8F52-E53DAE76BA5C}" = SolidWorks Flow Simulation 2011 SP04
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-00A4-0409-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components
"{90140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
"{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
"{92D9E57D-73A5-4329-9888-FBBC16ED8944}_is1" = UN.CO.VER. 2.0
"{9402DAC1-447E-49C9-979D-BD5838E709D7}" = SolidWorks eDrawings 2011 SP04
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = USB2.0 Card Reader Software
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2B6CEF9-F05B-4E6A-97CB-4241C1155F77}" = TweetAttacks
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AF2066F6-7C57-46A1-A306-077EBBFC7B2B}" = SolidWorks 2010 SP05
"{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}" = Cisco Systems VPN Client 5.0.07.0290
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{C00F32AF-E350-43CC-80EB-F0D961A5C9BD}" = calibre
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0D3BFE5-5215-41BD-B82E-81D7FB6A9166}" = SolidWorks 2011 SP04
"{D31220EB-925B-4D3D-ACDD-1389DA6D2EF3}" = SolidWorks eDrawings 2010
"{D481EA96-2313-4A7C-98EE-710D1AF884AC}" = Microsoft Visual Studio 2005 Tools for Applications - ENU
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype 5.3
"{DBAC1413-D5AE-4c89-AE9A-B330B02DBAB0}" = eVoice Player 1.0
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.5
"{F82AA7DA-F49B-CA39-C3FC-DDC983B3E223}" = Market Samurai
"Acer Screensaver" = Acer ScreenSaver
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DivX Setup.divx.com" = DivX Setup
"DjVuLibre+DjView" = DjVuLibre+DjView
"FreeOrion" = FreeOrion 0.3.15
"Gizmo Central" = Gizmo Central
"Google Desktop" = Google Desktop
"HDMI" = Intel® Graphics Media Accelerator Driver
"ie8" = Windows Internet Explorer 8
"ImageJ_is1" = ImageJ 1.44p
"Jolicloudexpress" = Jolicloud
"LManager" = Launch Manager
"MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1" = Market Samurai
"MatlabR2010a" = MATLAB R2010a
"Mendeley Desktop" = Mendeley Desktop 0.9.8.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual Studio 2005 Tools for Applications - ENU" = Microsoft Visual Studio 2005 Tools for Applications - ENU
"MiKTeX 2.9" = MiKTeX 2.9
"Mnemosyne_is1" = Mnemosyne 1.2.2
"Mozilla Firefox (3.6.23)" = Mozilla Firefox (3.6.23)
"MWSnap 3" = MWSnap 3
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OpenTTD" = OpenTTD 1.0.5
"PalTalk8.2" = PaltalkScene
"PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software
"Qlock" = Qlock Lite
"Scrivener for Windows Beta 1.6" = Scrivener for Windows Beta
"SolidWorks Installation Manager 20100-40500-1100-200" = SolidWorks 2010 SP05
"SolidWorks Installation Manager 20110-40400-1100-200" = SolidWorks 2011 SP04
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"The Rosetta Stone" = The Rosetta Stone
"thinkorswim" = thinkorswim
"VLC media player" = VLC media player 1.1.3
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"WinRAR archiver" = WinRAR archiver
"YTdetect" = Yahoo! Detect

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/17/2011 6:46:26 PM | Computer Name = ACER-399B23EC8F | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6917328

Error - 10/17/2011 6:46:42 PM | Computer Name = ACER-399B23EC8F | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 10/17/2011 6:46:42 PM | Computer Name = ACER-399B23EC8F | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6932968

Error - 10/17/2011 6:46:42 PM | Computer Name = ACER-399B23EC8F | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6932968

Error - 10/18/2011 2:19:06 AM | Computer Name = ACER-399B23EC8F | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 10/18/2011 2:19:06 AM | Computer Name = ACER-399B23EC8F | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6917703

Error - 10/18/2011 2:19:06 AM | Computer Name = ACER-399B23EC8F | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6917703

Error - 10/18/2011 2:19:21 AM | Computer Name = ACER-399B23EC8F | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 10/18/2011 2:19:21 AM | Computer Name = ACER-399B23EC8F | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6933328

Error - 10/18/2011 2:19:21 AM | Computer Name = ACER-399B23EC8F | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6933328

[ System Events ]
Error - 10/18/2011 3:08:27 AM | Computer Name = ACER-399B23EC8F | Source = Service Control Manager | ID = 7034
Description = The Cisco Systems, Inc. VPN Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 10/18/2011 3:08:28 AM | Computer Name = ACER-399B23EC8F | Source = Service Control Manager | ID = 7034
Description = The Gizmo Central service terminated unexpectedly. It has done this
1 time(s).

Error - 10/18/2011 3:08:28 AM | Computer Name = ACER-399B23EC8F | Source = Service Control Manager | ID = 7034
Description = The Intel® Matrix Storage Event Monitor service terminated unexpectedly.
It has done this 1 time(s).

Error - 10/18/2011 3:08:28 AM | Computer Name = ACER-399B23EC8F | Source = Service Control Manager | ID = 7034
Description = The Remote Solver for Flow Simulation 2010 service terminated unexpectedly.
It has done this 1 time(s).

Error - 10/18/2011 3:08:28 AM | Computer Name = ACER-399B23EC8F | Source = Service Control Manager | ID = 7034
Description = The Raw Socket Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 10/18/2011 3:08:28 AM | Computer Name = ACER-399B23EC8F | Source = Service Control Manager | ID = 7031
Description = The Bluetooth Service service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 10/18/2011 3:08:30 AM | Computer Name = ACER-399B23EC8F | Source = Service Control Manager | ID = 7034
Description = The iPod Service service terminated unexpectedly. It has done this
1 time(s).

Error - 10/18/2011 3:09:36 AM | Computer Name = ACER-399B23EC8F | Source = Service Control Manager | ID = 7000
Description = The Remote Solver for Flow Simulation 2011 service failed to start
due to the following error: %%2

Error - 10/18/2011 3:09:38 AM | Computer Name = ACER-399B23EC8F | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASDIFSV SASKUTIL

Error - 10/18/2011 3:10:50 AM | Computer Name = ACER-399B23EC8F | Source = System Error | ID = 1003
Description = Error code 000000ea, parameter1 8651c488, parameter2 85ed2008, parameter3
8628ae50, parameter4 00000001.


< End of report >
  • 0

#29
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hello,
Sorry, the Run as Administrator command is for Vista/7 OS. In XP, you can run the programs without selecting run as Administrator. :)

As for the programs that can't be deleted, it's because the rootkit stripped their permissions off.
Download Inherit and save it to your desktop
Drag each of the exe files that you are unable to run into Inherit.exe (must be the exe - not the shortcut)
Then wait for it to say "OK" and they'll be normal again
  • 0

#30
Ksavvy

Ksavvy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Combofix Worked

Kasperspy wouldnt install, a command prompt opened for a split second and closed and then nothing happend every time.

The command prompt scan, opened something and scanned for a long time, finished, but when i went to do the fetch function, it said that the CBS.log file couldn't be found, and that sfcdetails.txt couldn't be found either.

I am attaching Combofix below and the Signature Verification Results are:

Primopdf.ppd
ps5ui.dll
pscript5.dll
sendtoonenote.gpd
sendtoonenote.ini
sendtoonenotefilter.gpd
sendtoonenotenames.gpd
sendtoonenote-pipelineconfig.xml

all modified before 2010

let me know if you want any more details from this screen on these.

The log.txt file was messed up, and so was combofix.txt until i saved it as a random file name, both messed up versions are saved below the good one.

ComboFix 11-10-17.02 - K 10/19/2011 19:10:02.12.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.236 [GMT -7:00]
Running from: c:\documents and settings\K\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\K\Desktop\CFScript.txt
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\GAC_MSIL\desktop.ini
c:\windows\system32\d3d9caps.dat
.
.
((((((((((((((((((((((((( Files Created from 2011-09-20 to 2011-10-20 )))))))))))))))))))))))))))))))
.
.
2011-10-16 17:41 . 2011-10-16 17:41 -------- d-----w- c:\documents and settings\Administrator
2011-10-12 01:05 . 2011-10-12 01:05 -------- d-----w- C:\found.000
2011-10-07 17:17 . 2011-10-07 17:17 -------- d-----w- C:\_OTL
2011-10-02 21:39 . 2011-10-02 21:39 -------- d-----w- c:\documents and settings\K\Application Data\Qlock
2011-09-29 18:23 . 2011-09-29 18:23 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-09-29 17:02 . 2011-10-01 06:41 -------- d-----w- C:\MGtools
2011-09-29 15:28 . 2011-09-29 15:28 -------- d-----w- c:\documents and settings\K\Application Data\SUPERAntiSpyware.com
2011-09-29 15:28 . 2011-09-29 15:28 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-16 17:40 . 2009-08-01 07:34 44544 ----a-w- c:\windows\system32\drivers\fips.sys
2011-10-01 06:41 . 2011-09-29 17:02 27754 ----a-w- C:\MGlogs.zip
2011-09-26 18:41 . 2009-08-01 07:34 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 18:41 . 2008-07-30 02:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 18:41 . 2009-08-01 07:34 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-09 09:12 . 2009-08-01 07:34 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20 . 2009-08-01 07:34 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-22 23:48 . 2009-08-01 07:34 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48 . 2009-08-01 07:34 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48 . 2009-08-01 07:34 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2009-08-01 07:34 385024 ----a-w- c:\windows\system32\html.iec
2011-08-17 13:49 . 2009-08-01 07:34 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-08-02 12:18 . 2011-06-24 14:29 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2010-08-24 12:37 . 2010-08-24 12:37 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2011-10-18_07.00.13 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-01 07:34 . 2011-10-18 07:14 69678 c:\windows\system32\perfc009.dat
- 2009-08-01 07:34 . 2011-10-17 19:59 69678 c:\windows\system32\perfc009.dat
+ 2009-08-01 07:34 . 2011-10-18 07:14 437618 c:\windows\system32\perfh009.dat
- 2009-08-01 07:34 . 2011-10-17 19:59 437618 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\K\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\K\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\K\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\K\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Jing"="c:\program files\TechSmith\Jing\Jing.exe" [2010-08-19 3069192]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-06-15 15141768]
"GizmoDriveDelegate"="c:\program files\Gizmo\gizmo.exe" [2011-05-04 223640]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-12-30 875016]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"RTHDCPL"="RTHDCPL.EXE" [2009-02-24 17529856]
"AzMixerSel"="c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe" [2006-01-25 53248]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-24 30192]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"snp2uvc"="c:\windows\system32\csnp2uvc.dll" [2009-02-17 196608]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-06 1430824]
"PLFSetL"="c:\windows\PLFSetL.exe" [2008-07-03 94208]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"SolidWorks_CheckForUpdates"="c:\program files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe" [2009-01-31 7300392]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"*acctadmqueue.exe"="c:\documents and settings\All Users\Start Menu\Programs\Startup\acctadmqueue.exe" [2011-10-18 171520]
.
c:\documents and settings\K\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\K\Application Data\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
EvernoteClipper.lnk - c:\program files\Evernote\Evernote\EvernoteClipper.exe [2011-8-8 977408]
qlock.lnk - c:\program files\Qlock\qlock.exe [2009-2-13 4142080]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
acctadmqueue.exe [2011-10-18 171520]
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2009-8-1 565248]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-5-8 607584]
Gizmo.lnk - c:\program files\Gizmo\gizmo.exe [2011-5-4 223640]
SolidWorks Background Downloader.lnk - c:\program files\Common Files\SolidWorks Installation Manager\BackgroundDownloading\sldBgDwld.exe [2011-7-18 1834280]
VPN Client.lnk - c:\windows\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\Icon3E5562ED7.ico [2010-10-12 6144]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\K\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\FreeOrion\\freeoriond.exe"=
"c:\\Documents and Settings\\K\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\ImageJ\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\DivX\\DivX Update\\DivXUpdate.exe"=
"c:\\Documents and Settings\\K\\Local Settings\\Application Data\\Google\\Update\\GoogleUpdate.exe"=
"c:\\Program Files\\Common Files\\SolidWorks Installation Manager\\BackgroundDownloading\\sldBgDwld.exe"=
"c:\\Program Files\\TechSmith\\Jing\\Jing.exe"=
"c:\\Program Files\\Google\\Update\\GoogleUpdate.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe"=
.
R1 GizmoDrv;Gizmo Device Driver;c:\windows\system32\drivers\gizmodrv.sys [5/4/2011 8:30 AM 25488]
R2 Gizmo Central;Gizmo Central;c:\program files\Gizmo\gservice.exe [5/4/2011 8:30 AM 34728]
R2 Remote Solver for Flow Simulation 2010;Remote Solver for Flow Simulation 2010;c:\program files\SolidWorks Corp\SolidWorks Flow Simulation (2)\binCFW\StandAloneSlv.exe [10/6/2010 7:57 PM 71432]
R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [8/1/2009 2:35 AM 237568]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [8/1/2009 12:35 AM 38912]
S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\K\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\K\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\K\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS --> c:\docume~1\K\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/24/2010 1:56 AM 135664]
S2 Remote Solver for Flow Simulation 2011;Remote Solver for Flow Simulation 2011;"c:\program files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe" --> c:\program files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [8/1/2009 1:48 AM 1684736]
S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\SolidWorks Corp\SolidWorks (2)\swScheduler\DTSCoordinatorService.exe [12/2/2010 6:18 AM 87336]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [8/1/2009 1:50 AM 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [8/24/2010 1:56 AM 135664]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [3/25/2010 10:25 AM 30969208]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 9:37 PM 4640000]
S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTS5121.sys --> c:\windows\system32\Drivers\RTS5121.sys [?]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [9/23/2005 7:01 AM 2799808]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
inetsvcs REG_MULTI_SZ intelpower
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 18:50]
.
2011-10-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-24 08:55]
.
2011-10-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-24 08:55]
.
2011-10-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3207847200-596957751-681764103-1005Core.job
- c:\documents and settings\K\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-02 01:26]
.
2011-10-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3207847200-596957751-681764103-1005UA.job
- c:\documents and settings\K\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-02 01:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_one&r=0xph08104205l0304wu45w8812314o
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_one&r=0xph08104205l0304wu45w8812314o
uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe" //mailurl:mailto:[email protected]
uInternet Settings,ProxyOverride = *.local
IE: Add to Evernote 4.0 - c:\program files\Evernote\Evernote\EvernoteIE.dll/204
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files\Evernote\Evernote\EvernoteIE.dll/204
FF - ProfilePath - c:\documents and settings\K\Application Data\Mozilla\Firefox\Profiles\tjyi1aio.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Google Gears: {000a9d1c-beef-4f90-9363-039d445309b8} - c:\program files\Google\Google Gears\Firefox
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Evernote Web Clipper: {E0B8C461-F8FB-49b4-8373-FE32E9252800} - %profile%\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}
FF - Ext: FireFTP: {a7c6cf7f-112c-4500-a7ea-39801a327e5f} - %profile%\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
FF - Ext: Delicious Bookmarks: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9} - %profile%\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
FF - Ext: Readability: [email protected] - %profile%\extensions\[email protected]
FF - Ext: UnMHT: {f759ca51-3a91-4dd1-ae78-9db5eee9ebf0} - %profile%\extensions\{f759ca51-3a91-4dd1-ae78-9db5eee9ebf0}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-19 19:53
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1176)
c:\windows\system32\igfxdev.dll
.
Completion time: 2011-10-19 19:57:53
ComboFix-quarantined-files.txt 2011-10-20 02:57
ComboFix2.txt 2011-10-18 07:04
ComboFix3.txt 2011-10-16 19:45
.
Pre-Run: 21,550,989,312 bytes free
Post-Run: 21,530,779,648 bytes free
.
- - End Of File - - 0983F7BAD4DF350CA9687890293C3D80


nsݷ3O6t&ocg}}ݷݷEԽ'xoGhZ}쾝uߎۍY#v/w}较U׎{{Ew;;*v߁;;Xwqtat⢻8u]u{ hZ]\vg].κDwqNq3+pwzg;$gmGIN)$B[{ޱjNi]B.!p'pj]N஘&HwI]
Q z~MwS}_;;Qݲn緉o]8ߍY} mԗK^} Q_WDAJ%P_B֗`%P_¨/A} c#{s{pU;{;аZE{=辇uߋ{{Kg{߫v+7x'д^}/.uc$zv%_R$@I'P2枆G%!PR
ߤ(C@I4J2J1}TL<@ߵsoހ&H1)c1 H@H B H 8'@eKJ4AH L  @(Cθ( m
rHq$R(%J1R(ebA!pO 'û?5p芟[email protected]$}>g}xE^~]1w\[email protected]e~o@F^Dxvp]T @FA?`ߥAOA! &x^ΔdRM 4dAAC!!xxH<DvCNhI!)x1!!xX|{xX<LKN{# < sxx <
G#BO! qDI)x0G!!̣IWݏRwvuݏFw=дQ(^r_õ(5eݏQ1~ vsݏQ-Pc~Lv?ƺCcFcqt?ft?.<NwmX{+q!8 T#x<Z4Ax\
<1sΫxx <
'B O ! 䫩 < [email protected]$'L <a<[4\OObI<дI$$4dOI)MSjS)ki)Ttu?dS)t?et?źFSF^7FnnVފZ<O#x:鑀&HOKI |ӆL<m<#xgNqD!=I) x0g!!XϪkY,~?뺟>g~g,~ω;S}]x?纟yFEXs~~uFs'']^Qr믞z
J<[SZN2VV{^+W^T*(c/)c/+c(c*c)c+co(co*co)co+c(c*c)c+c(cJXeeceeSޙɥi'UwriKN?gz<F;ɥ㥱K;4eKg22B'PF;z9(I H2L e@Y1
B'PV%B5P %[email protected]$R,( @Y&<=/{x^<]P_[;I.z2 Ryvxx @9!PN r$P9rѝ$P@9&P rL3^U zxAϭ
5x.<
[email protected]$ 컪 !( B( I ;ѝO4A(/3(og/B!x5|QEOE!" |Hx IJ/BE)"ŋxx T@!PAT*
$ *8
=t4A *0
`T`/A!/}t^^/x I[email protected]$Kb/ _W
 xxY,^^/Qm
^&Ÿ&!x
+xx{5 ?վ~}EtWڑuB(5.iQ+tbtº_E+F1AݯW{aSx_cJ4-~Uvʺ_EF5tjtuc5oſ&^Êoלk=t$^U טxxl< =ׅ87^wGw h$x 
יxxCtAӚkk
F4-~Cv~~u77c>$~S~St-~3sDM&4doM-#Λx2Ԏ[N %bw޼ xx;F۞BmoѽG -foCmCm&6w<w;$P&x'bG@)x0w!!. Q.xW +.hwѝ/4AxW
ޅL=k'y H`\km
ދvA&HI{xx  g=$PwGx_
>
x@| >>@ |ݣ[email protected]$L|`|*BCG T jkݣT! @E)P T@EC"
BCOC!!vA;m
|>Sz) RC&!>4>dACC#!%<G$&y$>_1JȸfR_$+yD}%+Q=|9Q}%Y_WB}%JF}eXʢ2A;]}e_>8啀&Ge}e+Q_F]zETv?vS7?QǨX?FFǬlR'^~D~7;jGI=ՀBO'O kOŵ:x?ݟRwN1uݙ[email protected]ӢOeStjtʺ?C5+UgWhO(]GrmؗXe+ekee[e;e{ee22VMIP~Q~U~S~WPTRVQUXTYL\mY,z*#֟ygN g3?2N ;3?~=4)ϰ?3vgl'q(|.>>0Us'yt= Rs&9>7>g[email protected]sC !xB|Av_8/bo4AB
|^LK|a|.|R}RtIWhGKet_)u/eUKtitɺK订vWUjǻO[email protected]Ӣ*
뮂*Fw_DWx^Y7x庿?n-נּE_XWuEjעk|]ѽs5_5_߈O߈37!
o7$0%o4AF
|p@C&-1
o=o8uFwѽI[)-2 ;w;;Q~ӽsE;Cw;V3cߣ;{{QWԎ>w/gߣ{{V7A\WO\/QvWEF}UWU*c_WrQ}UWUY}UW5ꫲQ_ըѫqG%?RڱO[email protected]eT_js ?GGV_
?jzjB'PMT#Whǿ=&Hդ@5&P
 jL'T3~? $~»|U''S$M~? @udT.{Յ@uN: U@uTՙ@uT73!PY,^~??m
~*0 Rg
3~6~f5 qk^}
Q_O5Ft_GMkk5X/a"^P}ڱ~_+/Ũ__O}_q t|_]s*4-Uv>__YoMtv&ó[\oS*4-MvƺCoFowtft.#]]t'ԺwݿGwQ]vκGFtnt!P GԺu!`'0O O?w4AS
72 !K %“+kk/'WI/%bA/C/&72-5C4.4 Ro&76f@oC+1<0L CX #a@C&/1 Dz
qpM_'/ \
[email protected]$$0hg
/5eqkI~1@\IG;8 IK8C nę@ !~KI ! p 3[email protected]$@
$P/"17I 0&P^& 6k^}MQ_tFhǿItCO&G5e}MV_5kץyu)T[B߈^+PK~2VGS+c
X#e2Dk5Sƚ+c-X+e2FkS+cX'e2E몌uSƺ+c=l,ܥ]\v12]3oŵ.Wvq-kEw.]\KZdh~vq-cb6vq-,^/4FBw@mOomGi@N ԖIAK1mbo@mC6چ@!PG:*P ԉ$: @)P ԁ@C :X]|geץz흉~k}]Q_Y]$T_ue}]?ۺOr%&5zkz^}=Q_ˍzs hrT_OcP_Ϩ룾S=}Iit}H'P_'zU=ۀ&H@}ȷ'& 73o4
@O[email protected]jc8ѳ h$@
4`
hB!АԟH(@
=B! Nat 4@C)Аw
@#44 FB'H4k* 4"> @#)Ј 4@#Ch F@z!X4 x 4vI P/MKL1@46 4M<&B ՙ 4qMH=!&h"0&hb4aM!h*
@S!Ϙ :$mU 4M@S452fhjhFe~XHD}3oׁoEw䨾oꛡQߌ7G}3Wߜ;U Ԅ^}sQc7DQ\74?>eon7g-PX-BZx'4I;-@jMZHLZ-@K0Z
$ h)ZbLZ:$0奛皟 -Iާ7Vm
@KC%htH YOKDP[Jzr_g2lVhm%[[Q u
V5Z[hmڵ[email protected]Bekk֬
Z[+M7
Xmheӷ꫱x+hCjg6NMt=MH6$|m%h6@&m Bh mWihڒ@<h R-h @[&m
v_@;q~o H* ̯Ih hC!^=B=v=]hG'IhC!О t@{N|3tz wZ}W߁;?LPAwzO+V|dX#;WQwj}GWߑwx~
hrTQwdQѨ;;Q=~ q$:5`& t" tH`??N@'& B t'Q:GW@gt@gt6:3.lt]H ]Ѓ]"D}@'Ѕ~/^= @)Ѕ0P ]@Wt1of& t]=B+^fikJj[email protected]$R+
@W&
]
nB so@7OwB5nN[tMIn8nyOfL Mftc!N; @w!TN{R;@w&
B ov@Oׂ9@'#J&H=@\[?[email protected]!Ѓ @@O^=Y=&G=e}OV={׮J׮\w׫_M dG1ڕ^5>X_e2_
T)c!Pel26\TF)c1Xel26^MT&)c)Tel26]T]^&Ž]K^x/3W;rWt] Žh?UnZIvq/cb7vq/,[& &z $lvzG3' @o)ЛN
+Uѡ@o6z3>m}@O3|m
q}H :׿MH>L}@_1
B'W%@_'7$}@_&}
L@?!'@@?'/zT< @?)Џ @?C~7qOo7EkjߵVe Pk^7]㰵?ZY 7ZG : +[mZP+h [h``:Xcw_(^z+{HiN``lMJn   4 AB`'0H "bm
r
h$0H
b 0C`!0$6,c`` m0 6!B`'0D }&0 I`@`!0 C`JtJ 
8/:$:MJ$pO>
PC`(0XuwIÄ0O`]T;sâg;0 Ø0 31f w=B`8^ ik`=[email protected]$R`8b8Ù 7F$0BF˵50 yS/ )0 C` H!0!0)FFkk<D#!0R
$OKzZP`$F#(4F m$QB`'0Jk
M`sW? ()0 (C`
Qh!0ZF xGRFG5h$0Z
f!0@`!0oIc_pxcت
qc;6H` H1/8c 0B`!0Vc=B`, Jƒ mI`B`!0 XC` ټc@` { Ky8(Z{-E_7
h$0N
#yrP`x3 B`'0^'50 #/3og 0@5I`+O`@'0!s[email protected]$ R`+L0&0`LDO`Hjk`ݻ$ D)0 LDC`"$!0ͣ 0$&$'0ŸJ4 $)0R[email protected]P`&dL2& B`'0YL.X Lv{H`2&KL`2&L6ܯ& L xS(^D.5 h$0E
La @`!0 LC`* ^v$0UL
$rv&F.5h$0U
LeS!0A`!0MLyӄ4s9iѓpH`Ii4L31fL'S!I` LIFM`MKL`:ә L7f$@\f '07Z4A!fe1gp̀ C` Lq&)fz3Llf:=L$03L&03
L 3ZZr] ZDYlel26WW(c Ebel2T[-WV(c+Ujel2V[W6(cMfel2UۦmWvp_&(^(vr"曵WDi'Vm4ɉr''WDDc''< ;98"rU<YB`曵s,'0+c[email protected]$YR`Y,&0 B`t7-fY[50 ̎E!0[
ffC`!0 ́lC` I` sH Vm
qsH& )0 ́C` 9\!0W
$0WF[email protected]$R`. \&0stឝ_p<q<~MQ=]CDP?OcC<~yF|~]G hrT?_gQ?ߨ~P|'8x Hܮ8$prWkI`X\ & B`X , ;5 ,C !P
,d !XA`
ߤH|]/>N~_ݳ!Q"Y}]EF"V^bQث_,͝_S=z{ǀ&GebVŬ~  _ sV%!]_/L8CK D
,a\%&K $@& ,K=B`)vnM`XJtmA&HKR&K
L`˄2q\ ,w.U`XF-g|I`X΀ XC`!\,=B`9^h˝UXR`9Xr&
B`8V$mv&\V ]\%
) [email protected]`!
C`% wI+JO`XIjk`Xݵ5 J) JC`%X*!J Wy*}*'*g[@$UR`;*C`X
U{{բ~WZԯ'ZjW:˃W~_W~QկAj~W髠j_կk5~
nկk~گ/z~
kXZԯ1VZ
Z!:ѓvz4AX+2Xke X' u:!29u uX'1uXgc!^|ޫ_/c^׻3Gz49_/׳oCף~Q[email protected]z~WAo7
T_v7
]~oXo07`T$
KZI~A!6zF<o& lC!Q
l$< <P`#6&l46 MB`'Il"q&')[email protected]$MR`M&& ]f`'YlkM`LÏB} l{llf[ "-!j[H` H-L` [Vl1 }$U z[VtT{FB
h$U
leg­jle &*Ml mpL[ۜ6/ 6) l6C`mv!].cv'+R`;'r;ۙl7v ="b;O`؁ׂvDBh$C
`; vB`qK[=t믳Eel2OۯP*ce2vL;PN*ce2vN;]P.*ce2vMPs9;^;݉w2'ߝѝ|^wά) ܿ;ww'ۿwg]MOݻ]{şܻ\=ޅ]{ޅ]F.ֽݻ^7Fnp흹w {R;ΥMvK$aڵ҅!@`!/{<=B` |vJ[{AMH=10c{^O`KNkk`=9B`B`! ^C`O| H`* v&H>Yv~3 FBzFF1»g)v&I
~

L 
axW[email protected] dgup #8 ׃8``!p8(zA!pOU:=|C A42C8h|yȻwF!!pG{N!찀&H!v!218d B8ϳ5p ~[email protected]$R08 Æa&p
#wGϲG<8#IH#108bowOGWģB(W:K$pGQ&pG
LDŽ1'pLû1'p,[email protected]$cR{Wt  cL8Džq!p8.y8G!p\
g!p8[email protected]!pBW{N$PN8F4A8!N[email protected]!p C+I!p8)N◴5p v&H'I&p'
LN)x.̓)O8E.kk88SRڶfBS8eb!px5<8-O{Ei<vO?OQ՟AiWF|.<՟g+ڱ?DO?>A ?3?+>w
XW5Nlt Y)pzg
L9!p8')״p 7. 9)p 9C8s8/<_<?g|@< yԟ7ϳ ?o_/ ^QϠ BL>  FVQ(VEO'ЎE'p1[email protected]$R"[!p.A!pI\<KByC[莿M.IKL.e\2.[email protected]{˞e!pOLVDYI}$pe2.\6+B'pE\.H \qWUN
h$pE
\aW pB!pU;UOwBvU'pc&4A*]UC*5|,I \N(9kѽO$p
פ5&p
 kL:ׅujx.[ g6% u)p^uC:
ߟL!nx7
삔n@x"|[email protected]$R
&,!/׹\Lv]-}Ky=Bre,2RKV(citXze,2QˤeVƲ(cYlXve,2S˥V(cy|X~e2VP+VƊ(cEu.wr%ܺ%,ӤeondIWNN@;27%N975o''N9<%'g5$=B 9 K˒; iMKL 9ə@
$7Rx5?)H?$NAg;E[email protected]Ӣ;ENat`)ѝ?٧2jOlI)ZSbVyJך2[email protected]֔5%kM֔FkJ֚
)5\\kX*kOT>՗NT>DJPJ֧JߵB}*>OT
OM2i
Ԣ;5uLԮ;u;[email protected]ӢԲ;5uׅ
S;ѝuAwj;Nvi[:xqi]IM4;
iXwZt1V{Zo=ӊTtz>OKE/>-lE}Z>-OF}:>Oէhzmͧs3f49O'ӱtOgԧcQXŚO]^tfuOphZԝ^vOIFwz֝ ;ڝAtg3j;@ԝdw֝ ;#3=3&gV{FQfԎzFW1{7'Q}FY1|Fg43Lhg3L^}&Q k>v3L M3L>3X}fg2|fg8'wϜ d&v3; d$@;ldfY 8YHv"xYD},>Kn^@,> ς,F}VY^}~}V>Jh?J>ϚwY>ټl>WMgûڱQ}곡>곡>QgG}6[vW/?e٩ugVHgw٣u Pkvٚ}zˎFkvٍ֚\j6|]k{zѝeӎqםß[email protected]Ӣ;΁Fw֝9^7Fu'9US=vs:$@@N9NrB ! @Nc^s\^}.Qf׎.W+M(Q}.YB}.>ύ\F}n>&VNp-hrT[fQۨ>o&o&xy@S[y@*K y7y B !Wy=B / d˥N oB B ! @^C xI@ 'O#F5 Kp"-
h$O
#{rP @~3 B '_'skk O?/B!_
g!
@ !PoI@!P 5P Hp"- h$[email protected]
`
@!P @C((
z@AG[@w&H@A&P
L
H [email protected]^'PH"X^M(-I PH
b@!C( B@a!PX
W@a V4A(,
3(lfE P(Bt=L@񙯈'PD.ȧ"N W4A("|E P(B!PIoIE@QO(J@Q'P) E@Q?ܪj8 "&ġl8tEwww74
J(\1֜kk10HrWyN'q3P<4ӿ{Gsy'J-RK2(J-RˬԲ(J-Rˮr(HRj9Z.[QjyZ>_PjZ!VXQjEZ1V\Pj%y'b$G`$~~!FrFwkYC74#HH.*a]?A#9l$a\B [email protected]&V
ijBui#ӱh JL - 52t$H'EwG  =sX4@໣ӑ@:C HOOpӋӋ>KR
S2}z>=OoOg3ޟ!>H釦z>C[Ow6C 2}3P F ,}FJw $1 Qd@T2BXߧsh 2JXw!I ! d"@&!Id
dh@&')
L$I
dbH ! d&L@f|+dd!?2;̑n7h 2K2@ldY@@!i4,N KB,,R BY ,L + d1yY鷝o;YE}4Y'ȝrg?;+jrgYDljl"w6䎉w6;[[Ez1Bl2w6;frgٌ|L@.C eZgw!K.Ţ.Gd'@v&9@!# C䠾V9@H{r@) @&I9 H<K8@]#2 )"!08"@d?X4R I@$@!@BB  =LAW˱h BR B$2BL ' B )rB* @Cm$R 'I9
L  4sAgD\D\tA\\n
ݕX4sX\>>K2-zrsSϨ.}nWc8-fw=)}n#}n>mGHGσg3j>KX4yX<>>K1
wMHWϋ3i>K{G>L72kZ^JHG3ڹW}!}>>K3cS|FSEtY;]~Ͽ!}~>?{ꑟ7g PƧ^1g
8Z$ R  @&P
@A!P0 PP@(
FǢ((
2$P(
@ACPU((($
(ȪBNSZ|B(FA!(dbI!PX@aDg@a'P6@a(,
3$P(@aCEE@]E@xz}#
@)P"$P(@C(*
ؗ]E@QX4E@Q&PE@1(j  SW'Qϡb.w1rdblub1]].NEtݏrw9oŢY]\.rōYRB+%@ ND'X4%@ 6 0J0$P()J
B$>P +A$ %@I(idQ$PҘT7I>
)RRjZVVSjZVQURjZVU



+P7bzdC(Q\m{o|Ci5FP6(j\džEÄ0nX
sJFä0&0Øpf ]p!0gk}`B`ꇓpC`8A
9!0" 0B&ZF@#a`#I`!0Rk)FBPSt#Q $0R
dkI#
L` 4~cH?*~H?ejK?_C~L?EGG)(#@"@"h5~K?;e,hJ?H?CG>3F chZ;A` ccacI`!0VccX):z=4cX)8c8kq0NH?NG;8~҇;J!8~5ҏ3ҏcSqFEE[j~K?/uaOY~~<K?ҏ7zwU rO=[jg}=_C{=@'')#D{{=vl.Dsݩ,(sOd'RF,$==I\&ݤ@$&^"5IN`6H`ĮvH`!0 L&Id!0YLLi/Zߟ&{@LdlLfSH`!0E"_M LSh76ZTSyh H)bLaSI`!0ULSSTW:*UL%R`*JS
L` L5>>駉莧vӐ,M8&OcQiFi,tJ?8B`[email protected]`Nw=? LƔO?ixh KL`: L73$0PS!rϠڙrW2! =CSAgg3) #L{{=j.L5jf!L{&=r4rdgQFYsfz,!0|:h=~ *C!0K
bsf,C`M Yl!0; 0[̦;ZfC l-f3$0lC`v sht'0W,I硁#@ղ{DŽC`Ks B`+ҝO'usU|=4s\&0s<k<5yN` H`~G yL`> 3{|!0쬍N`>—5<4|{> 73$0X B`.ZX2zh HL` ,00$X(<  BB'_C!P
,d3yBC`!XD
EB`XX$("'S H`X"C`XL h1f _H`[email protected]`XL*wb'_C!X
,'6T/*,Xl,K!ݴ> ,׫,%R` XBK %L`) ,1 <'Y?|.K,y,K˔rBTjjFUjzAmTjfEmUj۔vRۡ>Pj;.[}>Rj+=JR۫e/wuK#yKjn$/wH^J#yK]RKe4ײeB`XX&ռv5_A Y=4ˤ2&˘rXf,h,Wl,ӝLv旻ˑ;sY6B2rdc9^n^rˍ+Dj"
1^r!
ʽB^r++X{{e 7U/+=~XI=vW:/C!R
dܯ$J&VϰWaWүW؞_үqHJ_үXՔ~~u j
nu j~5S;]HI_MW7Ք~~5Kү6z55B`
^_{Ezh H5L`
10$X+{kZ{-rg譝.Z>M{C{̽]RF,:ʽ~X.p׉h/p5:~үdul]:JH_Oүү~}>ޥ_qH^_үY
~7
bolh6kQsyh 6H
lo
&6F!1 Ql}4j}`$Q
ldI`! l"&!I<$6A 69M*MR`{r6fdlT `UL}T
i$6;P8RP*FBaT6fCa3SB

-`K`$P+l
[hhkRH-l4l!-
[VU(l
[iD V_C#U*le
[Ia)l#Ƨ61 mB`<Pۜ6|mR`
H`! l'mF?.v](l
h;cPN
ۥv
ۙPx_(xMPxF /އB߼.FB}>{>)o(vC(
;ڋyv8POUC#C*`
;Ha)|@
; >}BlP>p
zh > |`|vNqS ;i?!HvA`' ;NidH`!K l']]B`Xr}<4./4*a]$v.C`7·wn!; [Xv!~mIR`7M
LCm|(> f/#
i?fO:!;/|HJ!˖JO
>$
G$!y?
|$>Q0T9NE<4IgG$!>2>  i NcSQ
Rc&1 |l|dž@ii{aZ=.+K){#saO P=F=,'{5'"'prWCSSS);>\;ߟܟ뛊{hr*s]^xZ8S#,^{ȽWͽWK-^{ R2^{/kr{,ßm(<Of<xn-)JR;)JR;Ԏ)ϕJR;ԾTj_)JR;(JR;.(JRZ]VjWURVɲO|RHGWly%< 4}r$ch$3F>6?ϸ}&>>igN3nydϤgL3 ' ZϮ"~W];2re3{?or@RFɬDGkz Y+oH<4YȬX z0tY1zA >Z;]H7!A  ?h?~HCB[email protected]8D+c  @ !8dbI!pXw H4Va
ji
a)p9L
L 6FoGD#GD#4jKS!K1aR#FG\ͣGEHtK_G)Q(y5eQF?&IDŽ1 ?VC!pL
cH!p |N υbυt3^;!~4]Bs)9s |A_r¯__Ў>O_R v
0`I C8. 㴯Dw=4ǥq&pǙ 8n' !pL 'pS?ࡁ8!N0$p8$BK![email protected]K!%>I_:/_2/IKCK& |i|%* FdM+'衁J
|E |e|NWI!pR 'i(8NQ+yh NJL$ 4N2S$pҸ:6tJ|
?%ҟ0E;\S*dS?e?ҟOOiW)ڹ?ҟס"iJZ?ҟY3ψoBgw33B }L'p>ˬ⡁8#ΰgH!p %3?.pV?HV?KO}iKc!Y,Kҟ5ҟeQFs>Iω?];\sH_7ҟds=rGwҟ3ҟcSsF?/zy!p> p^7>y'pyh KL< 73 $p .;  Bg</p \@%B.CH lg/
B"E'p_$pQ
\dI!p \"@%uK"%^r_W,$s_b^ܗܗX)%?fYYYZ֯]֯z5=4YYfY_YfY/S֯]e_{z@,_4]>zH_/S
+W˔2K_6z1Ư@ +?++B
u׫塁"@t7GLM/|$WUb\WՀU!pӜNિrBUC*@ yE.[email protected]!
i&_UC! |C0oIC[!-0_76 7Uor%o4zZC  o
o5֘y*w{

7\S\Wj)JRԾWj?(mRYQjw/JWR]Sj(?}R[=Pj(CH=VjO<kI'EQk|Mk{Bm$_s#檁|Mkl$_|HN#q-.C \u!pvZ \w]zh KW~aT  u& \7 .rUww{";' #wL; %N
X;7\ȍ<4 o7;{R|#}r0rDO;d>7]n{I{ .M'p_]C!pS
d7I!p " U/sS{n [t7D-!n-p
m|Jw
 [-=)2kI*\{P%TS)|?j⡑P^*|'
[email protected]!<~xF({.*L >M=4?HhT|N H??B9OdG)O%~
?[UNj<4
?Jp%w:L6)h(
mp[(ܦkWNᶿ

ITnmC6Sn
?A!eYQ%6>(?A!} \+~_sC! O*C* $!YYL#A Lg !
;ۿwe/lJ(JMEwD;WjwV}rߑ k, G"#.c+rUsR_r,+seRF,/ƅ/*>+E{/ެ
~@"~_,#!! ~1~
_
_iuW'𫿓~%_LW FeCg{D݃k{ZkMAdߐ'$LG"oFX)oY;8gjhwwߨ6ܿܿܿSߍܿ(F{T ?7z=!pzZs} pI{ H31?H!w+CCAuNC! A0?ICO!'zd3 F*_C!m5v ?
?}%>]VB"@"}YGzzCLOQu/mDz
//J{MAֿdֿuBRG"_FֿXֿ)_F_Y}Myoo٠]:xhr-srM6rr?(蝲\,[email protected]W{#~`1wе65F?&I8}:zh @c?(#!!1

⛴>'B_)/5eI_C|{½< <il:>ixHC\\յeq$#xh<#!ޱEx:{h IGL <21$xD!gA[email protected]xL@xC oi⡁x,Cx<mw-#!xcCx"'4
jW'N.OHxC   [email protected]?!M9 Уx +=4I 0KYNի#!!JD=WYI;q.AqBrNA\O+J-R{Q%Rj/)JeD^Uj)וJMTVjɔ;J-R{WPj)J-RK҄\p 8!>ㄞqB|$ ὰHH~:w5aa$?H~7'aH~zX`$ǥ,.
$Xqq@\ܮ uq!p/x7
@\)ݩĔ#!@\C 0~% @<dx_:+#xR G xLg ^/ pVx C) =4/H &Txx ' $_!0xvO ć@Joxh KL > 73$H @ /C]  @D|N 0  H H 5*@C HH !h $  @B@ @Bobzxh JL ! $42I !x1ޯqxQ;>x1vL顁xQ
o5 
@"xH
a> $@"ܥ $rBn!@") $"D@"& $2^/A <O4 [email protected]%!/9BnU/
KR%,=[8//1$!Nq3H瑫G?>HFn-}b>17
v!}b>1ҷYg5q$'6'f_/ҿ,ҿHH2}|]_v_XH2YҿlOB_6')}O-W 2ID$HC'q =8O"'A~Z8铰P$FW__ Ec>ҿҿrzhҿ"ӿҿB_1ҿҿJ_1|"=)L+߫!v^ҵcMU'*p
WIU)j]GBUCU& j&^^A`*x-V"@&^ckkLuxxa |,Y.x]N`v| r+{h ^Cz/Hn
7BB
$Do87Bn 7L
xx IooB IogÌBMDo:7!~j>kBM)&v8vuq$4dIIMC )9%NI@Ҁ@R!?@R'4衁H*2$H"[oA Q}rrY÷~K~ HKp$re~~re~mmj]Cn BeY)FYdm#w@nscV<=>HF}@2',V-
@$ 8yQY[ǑHf$c@2CMCH![email protected]!]?q܊%CHw;$!HNɅ@r`eHH.o@r'x4C!\
$@%نn GB ! K
w!9I]![email protected]]!.:ujX
R]&. kR@
!
:k>) ?Hr;yR =/kա1
q$R){$xOR xO=>xxޓA`{wbs7‘xx $ B HH)RBAM Hrzh RJL % 4R2T$H0R!* J@C@*'*vF桁H%RA ]E%n#!HR@*C H-RR ء
vCnR@j) &Ԇ@j&Ri H
0ÿt i v%L@}p
@)l58i 4L 9. "gs\"iZ:^ePjZ&YeQjYZ6]PjJ-r*\J-Rˣ*|J-R+
*BJR+Ԋ*bJR+J*s\"H#9"0#HHNtDErkNGxhr$GA#9l$a\Ҋyڐ{#ͻ!6 V*
էHKi@Zܯ'Mp$i@:Hk<OGOӓt"}@t"}:?Oҧ }Fzhҧӱ(}:#}:>=OgOH>vyGҧӽ1-}z>}5C>Lrp$ҧ7ҧg3PFπ{ B [email protected] @I d 4@@&2@F`d jeZWD=T+ȝ`>|F;#rJpf!wF;#r?<l#;;#˝rg?r[}_bY3L.k&d1dL,k&ʚȚeLY3Y3?`"kfdv^3u/'53e,fkHdld̲fYԟPfY?rgq 7~YȝErgYYX;;k 7U¹z\ɲdY@V'4N kȭ硁*S^-]  @V&d٨OlH9DEOMFq5}6>[ȭ/El>L
˪8鳱)}6#}@"}@"}vo>K=ߍ8.ggSF,}JH9D=9s9+årk&xhs }Ϸkx㯖8ss>>2>R #~Wڹt#CnW42}$KI#,}GWc"jwBA   BnD
@H
0;‘!&B@N!S 9!r:z&yh rJL ' 4r2\$ht 1OQϧ%BzA\>L ǥvq$2bsS\F܁E܁EH_>K;M8-fsSF,}JyBuޟjXyy@g4<N O5C!G
@)NhGB ! %<K?^>o }^>/Ѯ~y]HyS=4yY>>/K5 r;bV;\|$G%Ój#>>K3z~7R/ i@~_vB @~C ?(@
7oڨ 7]5w*if!w rgTmp$r0r` RƷ;[=ZPd-HZւ.kAeւ,kAZZe-DY cNWғFE߇{ޗ]H/q.hWB.}!G8/$B'^0
DBFB,}aJ_ᅑgnOc((,
C`v!kL
@a)P &†@a&P
E@~s&""BZ(@ @("ڣF]
@C(JEP[email protected][ECͨw(}@"}Q_Qb!}Q(;}-mq$5eQFbDbDbHRM_̥/xh2C㐾L_/F鋱)}1Gz<qkA8Fq)!PkM(r;A8 !0r׈oGB!P @ !PB%3&P W_@%@ (a`%I!PG@ɐi= %!T(Jzh JJ?GB!P D@IcI7旄<?^Ay Q܀RJR+*rJR**JJRԪ*jJRj*ZJR*zJRk*FJRkԚ*fJRk9#9JH#9
#^&ʍ(%)Fr(9He(6KH2e }֚@) /vy4JJ Rv-+JA Kyh JIRxxSWH2J1$P(-J B4^J;!|
@i)P &҆@i&PJe'zn$P& PF{o42N eH(q^9Z=@C (Ke{ڲtOےiˊeˊeK__GC㐾L_/K˲(}Y#}@rH'(}@r"}9Vs!= =4h2]l#K_җ3zѱ B|@(Ov;j:'R<(O
L 7*
^ W **
pM@̟"
@)Pf^~3{vp$*@E`T =(**
4
k}r;-@T@EhTdH!P) ~tware Update\SoftwareUpdate.exe [2009-10-22 18:50]
.
2011-10-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-24 08:55]
.
2011-10-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-24 08:55]
.
2011-10-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3207847200-596957751-681764103-1005Core.job
- c:\documents and settings\K\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-02 01:26]
.
2011-10-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3207847200-596957751-681764103-1005UA.job
- c:\documents and settings\K\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-02 01:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_one&r=0xph08104205l0304wu45w8812314o
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_one&r=0xph08104205l0304wu45w8812314o
uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe" //mailurl:mailto:[email protected]
uInternet Settings,ProxyOverride = *.local
IE: Add to Evernote 4.0 - c:\program files\Evernote\Evernote\EvernoteIE.dll/204
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files\Evernote\Evernote\EvernoteIE.dll/204
FF - ProfilePath - c:\documents and settings\K\Application Data\Mozilla\Firefox\Profiles\tjyi1aio.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Google Gears: {000a9d1c-beef-4f90-9363-039d445309b8} - c:\program files\Google\Google Gears\Firefox
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Evernote Web Clipper: {E0B8C461-F8FB-49b4-8373-FE32E9252800} - %profile%\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}
FF - Ext: FireFTP: {a7c6cf7f-112c-4500-a7ea-39801a327e5f} - %profile%\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
FF - Ext: Delicious Bookmarks: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9} - %profile%\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
FF - Ext: Readability: [email protected] - %profile%\extensions\[email protected]
FF - Ext: UnMHT: {f759ca51-3a91-4dd1-ae78-9db5eee9ebf0} - %profile%\extensions\{f759ca51-3a91-4dd1-ae78-9db5eee9ebf0}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-19 19:53
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1176)
c:\windows\system32\igfxdev.dll
.
Completion time: 2011-10-19 19:57:53
ComboFix-quarantined-files.txt 2011-10-20 02:57
ComboFix2.txt 2011-10-18 07:04
ComboFix3.txt 2011-10-16 19:45
.
Pre-Run: 21,550,989,312 bytes free
Post-Run: 21,530,779,648 bytes free
.
- - End Of File - - 0983F7BAD4DF350CA9687890293C3D80



nsݷ3O6t&ocg}}ݷݷEԽ'xoGhZ}쾝uߎۍY#v/w}较U׎{{Ew;;*v߁;;Xwqtat⢻8u]u{ hZ]\vg].κDwqNq3+pwzg;$gmGIN)$B[{ޱjNi]B.!p'pj]N஘&HwI]
Q z~MwS}_;;Qݲn緉o]8ߍY} mԗK^} Q_WDAJ%P_B֗`%P_¨/A} c#{s{pU;{;аZE{=辇uߋ{{Kg{߫v+7x'д^}/.uc$zv%_R$@I'P2枆G%!PR
ߤ(C@I4J2J1}TL<@ߵsoހ&H1)c1 H@H B H 8'@eKJ4AH L  @(Cθ( m
rHq$R(%J1R(ebA!pO 'û?5p芟[email protected]$}>g}xE^~]1w\[email protected]e~o@F^Dxvp]T @FA?`ߥAOA! &x^ΔdRM 4dAAC!!xxH<DvCNhI!)x1!!xX|{xX<LKN{# < sxx <
G#BO! qDI)x0G!!̣IWݏRwvuݏFw=дQ(^r_õ(5eݏQ1~ vsݏQ-Pc~Lv?ƺCcFcqt?ft?.<NwmX{+q!8 T#x<Z4Ax\
<1sΫxx <
'B O ! 䫩 < [email protected]$'L <a<[4\OObI<дI$$4dOI)MSjS)ki)Ttu?dS)t?et?źFSF^7FnnVފZ<O#x:鑀&HOKI |ӆL<m<#xgNqD!=I) x0g!!XϪkY,~?뺟>g~g,~ω;S}]x?纟yFEXs~~uFs'']^Qr믞z
J<[SZN2VV{^+W^T*(c/)c/+c(c*c)c+co(co*co)co+c(c*c)c+c(cJXeeceeSޙɥi'UwriKN?gz<F;ɥ㥱K;4eKg22B'PF;z9(I H2L e@Y1
B'PV%B5P %[email protected]$R,( @Y&<=/{x^<]P_[;I.z2 Ryvxx @9!PN r$P9rѝ$P@9&P rL3^U zxAϭ
5x.<
[email protected]$ 컪 !( B( I ;ѝO4A(/3(og/B!x5|QEOE!" |Hx IJ/BE)"ŋxx T@!PAT*
$ *8
=t4A *0
`T`/A!/}t^^/x I[email protected]$Kb/ _W
 xxY,^^/Qm
^&Ÿ&!x
+xx{5 ?վ~}EtWڑuB(5.iQ+tbtº_E+F1AݯW{aSx_cJ4-~Uvʺ_EF5tjtuc5oſ&^Êoלk=t$^U טxxl< =ׅ87^wGw h$x 
יxxCtAӚkk
F4-~Cv~~u77c>$~S~St-~3sDM&4doM-#Λx2Ԏ[N %bw޼ xx;F۞BmoѽG -foCmCm&6w<w;$P&x'bG@)x0w!!. Q.xW +.hwѝ/4AxW
ޅL=k'y H`\km
ދvA&HI{xx  g=$PwGx_
>
x@| >>@ |ݣ[email protected]$L|`|*BCG T jkݣT! @E)P T@EC"
BCOC!!vA;m
|>Sz) RC&!>4>dACC#!%<G$&y$>_1JȸfR_$+yD}%+Q=|9Q}%Y_WB}%JF}eXʢ2A;]}e_>8啀&Ge}e+Q_F]zETv?vS7?QǨX?FFǬlR'^~D~7;jGI=ՀBO'O kOŵ:x?ݟRwN1uݙ[email protected]ӢOeStjtʺ?C5+UgWhO(]GrmؗXe+ekee[e;e{ee22VMIP~Q~U~S~WPTRVQUXTYL\mY,z*#֟ygN g3?2N ;3?~=4)ϰ?3vgl'q(|.>>0Us'yt= Rs&9>7>g[email protected]sC !xB|Av_8/bo4AB
|^LK|a|.|R}RtIWhGKet_)u/eUKtitɺK订vWUjǻO[email protected]Ӣ*
뮂*Fw_DWx^Y7x庿?n-נּE_XWuEjעk|]ѽs5_5_߈O߈37!
o7$0%o4AF
|p@C&-1
o=o8uFwѽI[)-2 ;w;;Q~ӽsE;Cw;V3cߣ;{{QWԎ>w/gߣ{{V7A\WO\/QvWEF}UWU*c_WrQ}UWUY}UW5ꫲQ_ըѫqG%?RڱO[email protected]eT_js ?GGV_
?jzjB'PMT#Whǿ=&Hդ@5&P
 jL'T3~? $~»|U''S$M~? @udT.{Յ@uN: U@uTՙ@uT73!PY,^~??m
~*0 Rg
3~6~f5 qk^}
Q_O5Ft_GMkk5X/a"^P}ڱ~_+/Ũ__O}_q t|_]s*4-Uv>__YoMtv&ó[\oS*4-MvƺCoFowtft.#]]t'ԺwݿGwQ]vκGFtnt!P GԺu!`'0O O?w4AS
72 !K %“+kk/'WI/%bA/C/&72-5C4.4 Ro&76f@oC+1<0L CX #a@C&/1 Dz
qpM_'/ \
[email protected]$$0hg
/5eqkI~1@\IG;8 IK8C nę@ !~KI ! p 3[email protected]$@
$P/"17I 0&P^& 6k^}MQ_tFhǿItCO&G5e}MV_5kץyu)T[B߈^+PK~2VGS+c
X#e2Dk5Sƚ+c-X+e2FkS+cX'e2E몌uSƺ+c=l,ܥ]\v12]3oŵ.Wvq-kEw.]\KZdh~vq-cb6vq-,^/4FBw@mOomGi@N ԖIAK1mbo@mC6چ@!PG:*P ԉ$: @)P ԁ@C :X]|geץz흉~k}]Q_Y]$T_ue}]?ۺOr%&5zkz^}=Q_ˍzs hrT_OcP_Ϩ룾S=}Iit}H'P_'zU=ۀ&H@}ȷ'& 73o4
@O[email protected]jc8ѳ h$@
4`
hB!АԟH(@
=B! Nat 4@C)Аw
@#44 FB'H4k* 4"> @#)Ј 4@#Ch F@z!X4 x 4vI P/MKL1@46 4M<&B ՙ 4qMH=!&h"0&hb4aM!h*
@S!Ϙ :$mU 4M@S452fhjhFe~XHD}3oׁoEw䨾oꛡQߌ7G}3Wߜ;U Ԅ^}sQc7DQ\74?>eon7g-PX-BZx'4I;-@jMZHLZ-@K0Z
$ h)ZbLZ:$0奛皟 -Iާ7Vm
@KC%htH YOKDP[Jzr_g2lVhm%[[Q u
V5Z[hmڵ[email protected]Bekk֬
Z[+M7
Xmheӷ꫱x+hCjg6NMt=MH6$|m%h6@&m Bh mWihڒ@<h R-h @[&m
v_@;q~o H* ̯Ih hC!^=B=v=]hG'IhC!О t@{N|3tz wZ}W߁;?LPAwzO+V|dX#;WQwj}GWߑwx~
hrTQwdQѨ;;Q=~ q$:5`& t" tH`??N@'& B t'Q:GW@gt@gt6:3.lt]H ]Ѓ]"D}@'Ѕ~/^= @)Ѕ0P ]@Wt1of& t]=B+^fikJj[email protected]$R+
@W&
]
nB so@7OwB5nN[tMIn8nyOfL Mftc!N; @w!TN{R;@w&
B ov@Oׂ9@'#J&H=@\[?[email protected]!Ѓ @@O^=Y=&G=e}OV={׮J׮\w׫_M dG1ڕ^5>X_e2_
T)c!Pel26\TF)c1Xel26^MT&)c)Tel26]T]^&Ž]K^x/3W;rWt] Žh?UnZIvq/cb7vq/,[& &z $lvzG3' @o)ЛN
+Uѡ@o6z3>m}@O3|m
q}H :׿MH>L}@_1
B'W%@_'7$}@_&}
L@?!'@@?'/zT< @?)Џ @?C~7qOo7EkjߵVe Pk^7]㰵?ZY 7ZG : +[mZP+h [h``:Xcw_(^z+{HiN``lMJn   4 AB`'0H "bm
r
h$0H
b 0C`!0$6,c`` m0 6!B`'0D }&0 I`@`!0 C`JtJ 
8/:$:MJ$pO>
PC`(0XuwIÄ0O`]T;sâg;0 Ø0 31f w=B`8^ ik`=[email protected]$R`8b8Ù 7F$0BF˵50 yS/ )0 C` H!0!0)FFkk<D#!0R
$OKzZP`$F#(4F m$QB`'0Jk
M`sW? ()0 (C`
Qh!0ZF xGRFG5h$0Z
f!0@`!0oIc_pxcت
qc;6H` H1/8c 0B`!0Vc=B`, Jƒ mI`B`!0 XC` ټc@` { Ky8(Z{-E_7
h$0N
#yrP`x3 B`'0^'50 #/3og 0@5I`+O`@'0!s[email protected]$ R`+L0&0`LDO`Hjk`ݻ$ D)0 LDC`"$!0ͣ 0$&$'0ŸJ4 $)0R[email protected]P`&dL2& B`'0YL.X Lv{H`2&KL`2&L6ܯ& L xS(^D.5 h$0E
La @`!0 LC`* ^v$0UL
$rv&F.5h$0U
LeS!0A`!0MLyӄ4s9iѓpH`Ii4L31fL'S!I` LIFM`MKL`:ә L7f$@\f '07Z4A!fe1gp̀ C` Lq&)fz3Llf:=L$03L&03
L 3ZZr] ZDYlel26WW(c Ebel2T[-WV(c+Ujel2V[W6(cMfel2UۦmWvp_&(^(vr"曵WDi'Vm4ɉr''WDDc''< ;98"rU<YB`曵s,'0+c[email protected]$YR`Y,&0 B`t7-fY[50 ̎E!0[
ffC`!0 ́lC` I` sH Vm
qsH& )0 ́C` 9\!0W
$0WF[email protected]$R`. \&0stឝ_p<q<~MQ=]CDP?OcC<~yF|~]G hrT?_gQ?ߨ~P|'8x Hܮ8$prWkI`X\ & B`X , ;5 ,C !P
,d !XA`
ߤH|]/>N~_ݳ!Q"Y}]EF"V^bQث_,͝_S=z{ǀ&GebVŬ~  _ sV%!]_/L8CK D
,a\%&K $@& ,K=B`)vnM`XJtmA&HKR&K
L`˄2q\ ,w.U`XF-g|I`X΀ XC`!\,=B`9^h˝UXR`9Xr&
B`8V$mv&\V ]\%
) [email protected]`!
C`% wI+JO`XIjk`Xݵ5 J) JC`%X*!J Wy*}*'*g[@$UR`;*C`X
U{{բ~WZԯ'ZjW:˃W~_W~QկAj~W髠j_կk5~
nկk~گ/z~
kXZԯ1VZ
Z!:ѓvz4AX+2Xke X' u:!29u uX'1uXgc!^|ޫ_/c^׻3Gz49_/׳oCף~Q[email protected]z~WAo7
T_v7
]~oXo07`T$
KZI~A!6zF<o& lC!Q
l$< <P`#6&l46 MB`'Il"q&')[email protected]$MR`M&& ]f`'YlkM`LÏB} l{llf[ "-!j[H` H-L` [Vl1 }$U z[VtT{FB
h$U
leg­jle &*Ml mpL[ۜ6/ 6) l6C`mv!].cv'+R`;'r;ۙl7v ="b;O`؁ׂvDBh$C
`; vB`qK[=t믳Eel2OۯP*ce2vL;PN*ce2vN;]P.*ce2vMPs9;^;݉w2'ߝѝ|^wά) ܿ;ww'ۿwg]MOݻ]{şܻ\=ޅ]{ޅ]F.ֽݻ^7Fnp흹w {R;ΥMvK$aڵ҅!@`!/{<=B` |vJ[{AMH=10c{^O`KNkk`=9B`B`! ^C`O| H`* v&H>Yv~3 FBzFF1»g)v&I
~

L 
axW[email protected] dgup #8 ׃8``!p8(zA!pOU:=|C A42C8h|yȻwF!!pG{N!찀&H!v!218d B8ϳ5p ~[email protected]$R08 Æa&p
#wGϲG<8#IH#108bowOGWģB(W:K$pGQ&pG
LDŽ1'pLû1'p,[email protected]$cR{Wt  cL8Džq!p8.y8G!p\
g!p8[email protected]!pBW{N$PN8F4A8!N[email protected]!p C+I!p8)N◴5p v&H'I&p'
LN)x.̓)O8E.kk88SRڶfBS8eb!px5<8-O{Ei<vO?OQ՟AiWF|.<՟g+ڱ?DO?>A ?3?+>w
XW5Nlt Y)pzg
L9!p8')״p 7. 9)p 9C8s8/<_<?g|@< yԟ7ϳ ?o_/ ^QϠ BL>  FVQ(VEO'ЎE'p1[email protected]$R"[!p.A!pI\<KByC[莿M.IKL.e\2.[email protected]{˞e!pOLVDYI}$pe2.\6+B'pE\.H \qWUN
h$pE
\aW pB!pU;UOwBvU'pc&4A*]UC*5|,I \N(9kѽO$p
פ5&p
 kL:ׅujx.[ g6% u)p^uC:
ߟL!nx7
삔n@x"|[email protected]$R
&,!/׹\Lv]-}Ky=Bre,2RKV(citXze,2QˤeVƲ(cYlXve,2S˥V(cy|X~e2VP+VƊ(cEu.wr%ܺ%,ӤeondIWNN@;27%N975o''N9<%'g5$=B 9 K˒; iMKL 9ə@
$7Rx5?)H?$NAg;E[email protected]Ӣ;ENat`)ѝ?٧2jOlI)ZSbVyJך2[email protected]֔5%kM֔FkJ֚
)5\\kX*kOT>՗NT>DJPJ֧JߵB}*>OT
OM2i
Ԣ;5uLԮ;u;[email protected]ӢԲ;5uׅ
S;ѝuAwj;Nvi[:xqi]IM4;
iXwZt1V{Zo=ӊTtz>OKE/>-lE}Z>-OF}:>Oէhzmͧs3f49O'ӱtOgԧcQXŚO]^tfuOphZԝ^vOIFwz֝ ;ڝAtg3j;@ԝdw֝ ;#3=3&gV{FQfԎzFW1{7'Q}FY1|Fg43Lhg3L^}&Q k>v3L M3L>3X}fg2|fg8'wϜ d&v3; d$@;ldfY 8YHv"xYD},>Kn^@,> ς,F}VY^}~}V>Jh?J>ϚwY>ټl>WMgûڱQ}곡>곡>QgG}6[vW/?e٩ugVHgw٣u Pkvٚ}zˎFkvٍ֚\j6|]k{zѝeӎqםß[email protected]Ӣ;΁Fw֝9^7Fu'9US=vs:$@@N9NrB ! @Nc^s\^}.Qf׎.W+M(Q}.YB}.>ύ\F}n>&VNp-hrT[fQۨ>o&o&xy@S[y@*K y7y B !Wy=B / d˥N oB B ! @^C xI@ 'O#F5 Kp"-
h$O
#{rP @~3 B '_'skk O?/B!_
g!
@ !PoI@!P 5P Hp"- h$[email protected]
`
@!P @C((
z@AG[@w&H@A&P
L
H [email protected]^'PH"X^M(-I PH
b@!C( B@a!PX
W@a V4A(,
3(lfE P(Bt=L@񙯈'PD.ȧ"N W4A("|E P(B!PIoIE@QO(J@Q'P) E@Q?ܪj8 "&ġl8tEwww74
J(\1֜kk10HrWyN'q3P<4ӿ{Gsy'J-RK2(J-RˬԲ(J-Rˮr(HRj9Z.[QjyZ>_PjZ!VXQjEZ1V\Pj%y'b$G`$~~!FrFwkYC74#HH.*a]?A#9l$a\B [email protected]&V
ijBui#ӱh JL - 52t$H'EwG  =sX4@໣ӑ@:C HOOpӋӋ>KR
S2}z>=OoOg3ޟ!>H釦z>C[Ow6C 2}3P F ,}FJw $1 Qd@T2BXߧsh 2JXw!I ! d"@&!Id
dh@&')
L$I
dbH ! d&L@f|+dd!?2;̑n7h 2K2@ldY@@!i4,N KB,,R BY ,L + d1yY鷝o;YE}4Y'ȝrg?;+jrgYDljl"w6䎉w6;[[Ez1Bl2w6;frgٌ|L@.C eZgw!K.Ţ.Gd'@v&9@!# C䠾V9@H{r@) @&I9 H<K8@]#2 )"!08"@d?X4R I@$@!@BB  =LAW˱h BR B$2BL ' B )rB* @Cm$R 'I9
L  4sAgD\D\tA\\n
ݕX4sX\>>K2-zrsSϨ.}nWc8-fw=)}n#}n>mGHGσg3j>KX4yX<>>K1
wMHWϋ3i>K{G>L72kZ^JHG3ڹW}!}>>K3cS|FSEtY;]~Ͽ!}~>?{ꑟ7g PƧ^1g
8Z$ R  @&P
@A!P0 PP@(
FǢ((
2$P(
@ACPU((($
(ȪBNSZ|B(FA!(dbI!PX@aDg@a'P6@a(,
3$P(@aCEE@]E@xz}#
@)P"$P(@C(*
ؗ]E@QX4E@Q&PE@1(j  SW'Qϡb.w1rdblub1]].NEtݏrw9oŢY]\.rōYRB+%@ ND'X4%@ 6 0J0$P()J
B$>P +A$ %@I(idQ$PҘT7I>
)RRjZVVSjZVQURjZVU

p
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP