Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Computer takes long time to boot and shut down, also sluggish

Started by jumbokid , Sep 05 2012 06:14 AM

Please log in to reply

#1
jumbokid

Posted 05 September 2012 - 06:14 AM

New Member

Member
9 posts

For the last few months, my computer takes a long time to boot, is fairly slow, and takes a lot of time to shut down. The problem started when I was trying to remove something that Kaspersky had flagged (I forget what). After that, the computer was refusing to boot. Somehow that got resolved on its own, but ever since, the machine takes very long time to boot and is noticeably slow. To be more specific, the windows logo itself comes up after about 1-2 minutes, the subsequent booting is also slow. I have used multiple online scanners (F-secure, ESET, Bitdefender), MBAM, Super antispyware etc, but no infection has been detected. I have also tried freeing up space, moving pagefile.sys to free up C-drive, and so on, nothing has helped. So I would be grateful if you could tell me if there is a malware in this or not.

EDIT: Forgot to add couple of things:
a) The wallpaper on my desktop goes off with an alarming regularity, and the entire background turns blue. I have to manually reset the wallpaper.
b) Recently, firefox refused to go to any google site (mail, search, sites) and would redirect me to a MIT website. However, the problem lasted for about 5-10 minutes, after which things were back to normal.

No idea if these are relevant or not, but thought that it might be better to mention anyway.

Thanks
JumboKid

OTL logfile created on: 9/5/2012 5:16:51 PM - Run 8
OTL by OldTimer - Version 3.2.61.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.84 Gb Available Physical Memory | 61.43% Memory free
7.33 Gb Paging File | 5.88 Gb Available in Paging File | 80.15% Paging File free
Paging file location(s): F:\pagefile.sys 4606 5606 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.36 Gb Total Space | 2.82 Gb Free Space | 9.60% Space Free | Partition Type: NTFS
Drive D: | 10.22 Gb Total Space | 3.62 Gb Free Space | 35.41% Space Free | Partition Type: NTFS
Drive E: | 19.69 Gb Total Space | 2.10 Gb Free Space | 10.68% Space Free | Partition Type: NTFS
Drive F: | 81.29 Gb Total Space | 19.88 Gb Free Space | 24.45% Space Free | Partition Type: NTFS
Drive G: | 8.49 Gb Total Space | 0.58 Gb Free Space | 6.82% Space Free | Partition Type: NTFS

Computer Name: MINDBLOWER | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/05 17:05:20 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2012/09/05 16:38:52 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2012/08/29 19:02:55 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/07/09 03:26:16 | 001,961,984 | ---- | M] (www.mipony.net) -- F:\ProgramsOnF\MiPony\MiPony.exe
PRC - [2012/03/25 23:43:18 | 000,329,312 | ---- | M] (BillP Studios) -- F:\ProgramsOnF\WinPatrol\WinPatrol.exe
PRC - [2012/03/08 20:12:02 | 000,281,880 | ---- | M] (http://tortoisesvn.net) -- F:\ProgramsOnF\TortoiseSVN\bin\TSVNCache.exe
PRC - [2011/11/20 23:48:04 | 004,555,776 | ---- | M] () -- F:\ProgramsOnF\Flashnote\Flashnote.exe
PRC - [2011/07/12 03:18:10 | 001,595,520 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winamp.exe
PRC - [2011/04/24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
PRC - [2011/04/24 23:12:42 | 000,131,472 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtblfs.exe
PRC - [2011/03/24 16:54:34 | 000,072,936 | ---- | M] (SANDBOXIE L.T.D) -- F:\ProgramsOnF\Sandboxie\SbieSvc.exe
PRC - [2010/05/15 23:26:38 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2010/05/10 11:33:42 | 000,110,592 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2010/05/10 11:32:36 | 001,858,048 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
PRC - [2010/05/10 11:32:06 | 000,482,304 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
PRC - [2010/04/03 14:05:46 | 000,380,928 | ---- | M] () -- F:\ProgramsOnF\Launchy\Launchy\Launchy.exe
PRC - [2010/03/03 20:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009/12/14 10:49:07 | 000,221,184 | ---- | M] (SnoopFree Software) -- C:\WINDOWS\SnoopFreeUI.exe
PRC - [2009/12/14 10:49:07 | 000,090,112 | ---- | M] () -- C:\WINDOWS\system32\SnoopFreeSvc.exe
PRC - [2009/11/09 00:18:00 | 000,065,216 | ---- | M] (WordWeb Software) -- C:\Program Files\WordWeb\wweb32.exe
PRC - [2009/08/22 16:01:06 | 005,148,672 | ---- | M] () -- C:\Program Files\Rainlendar2\Rainlendar2.exe
PRC - [2009/05/26 22:57:08 | 000,411,108 | ---- | M] (Old McDonald's Farm) -- F:\ProgramsOnF\Autorun Eater\billy.exe
PRC - [2009/05/26 22:54:10 | 000,549,400 | ---- | M] (Old McDonald's Farm) -- F:\ProgramsOnF\Autorun Eater\oldmcdonald.exe
PRC - [2009/03/13 06:48:48 | 000,602,624 | ---- | M] () -- F:\ProgramsOnF\Everything\Everything.exe
PRC - [2008/09/24 14:32:48 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2008/04/14 05:42:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/21 02:20:46 | 000,018,944 | ---- | M] () -- C:\Program Files\StatSoft\STATISTICA Version Manager\rgSTr.exe
PRC - [2007/05/08 21:08:46 | 000,540,448 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsvc.exe
PRC - [2007/04/27 23:28:58 | 000,221,184 | ---- | M] (SafeBoot International) -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
PRC - [2007/01/24 14:28:58 | 000,124,928 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\accelerometerST.exe
PRC - [2007/01/10 04:22:32 | 000,145,184 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
PRC - [2007/01/04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006/12/04 16:13:16 | 000,292,384 | R--- | M] (Sierra Wireless Inc.) -- C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe
PRC - [2006/10/09 23:53:06 | 000,697,976 | ---- | M] () -- C:\WINDOWS\SMINST\Scheduler.exe
PRC - [2006/10/01 16:50:28 | 000,334,848 | ---- | M] () -- F:\ProgramsOnF\Free Desktop Clock\DesktopClock.exe
PRC - [2000/05/20 17:23:48 | 000,086,016 | ---- | M] () -- C:\WINDOWS\StartupMonitor.exe

========== Modules (No Company Name) ==========

MOD - [2012/08/29 19:02:54 | 002,242,528 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/08/24 11:04:37 | 009,813,704 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll
MOD - [2012/07/06 18:54:47 | 000,170,496 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\IsdiInterop\376f50398538ba8bd2f6268d93f3a21f\IsdiInterop.ni.dll
MOD - [2012/07/06 18:54:45 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\9080c8e8e7b6dfb502c1328673d636f8\System.Management.ni.dll
MOD - [2012/07/06 18:54:39 | 000,627,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\29bce0113d611084a9329349e33528ac\System.EnterpriseServices.ni.dll
MOD - [2012/07/06 18:54:38 | 000,627,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\41f6f6dd0c8427d4a8e6fd3915505a6b\System.Transactions.ni.dll
MOD - [2012/07/06 18:54:30 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\92d58f840f549f9bd880783d43db7e3c\System.Runtime.Remoting.ni.dll
MOD - [2012/07/06 18:54:29 | 000,453,120 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\IAStorUtil\622607546fd59dc29861d64cd13296c8\IAStorUtil.ni.dll
MOD - [2012/07/06 18:54:29 | 000,176,128 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\IAStorDataMgr\f81cd4ce5995e58cd97033f579ae7c9d\IAStorDataMgr.ni.dll
MOD - [2012/07/06 18:54:23 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
MOD - [2012/07/06 18:54:22 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll
MOD - [2012/07/06 18:54:21 | 000,019,968 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\IAStorDataMgrSvc\3fd9b9e3d91914329f8416fd8a5fc449\IAStorDataMgrSvc.ni.exe
MOD - [2012/07/06 18:05:48 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012/07/06 18:05:44 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll
MOD - [2012/07/06 18:05:33 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll
MOD - [2012/07/06 18:05:21 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\12c6fe8d4dd78f9bddf847d3b2821c03\System.Data.ni.dll
MOD - [2012/07/06 18:03:46 | 003,325,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\6d8bef0d008389874e55c0308f0c18e5\WindowsBase.ni.dll
MOD - [2012/07/06 18:03:36 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012/07/06 18:03:28 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2012/07/06 17:40:34 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2012/07/06 17:40:15 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2012/06/18 20:54:30 | 000,260,096 | ---- | M] () -- F:\ProgramsOnF\Notepad++\NppShell_05.dll
MOD - [2012/06/01 01:44:00 | 000,357,184 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nview\nvShell.dll
MOD - [2012/03/08 20:11:36 | 000,070,424 | ---- | M] () -- F:\ProgramsOnF\TortoiseSVN\bin\libsasl32.dll
MOD - [2011/11/20 23:48:04 | 004,555,776 | ---- | M] () -- F:\ProgramsOnF\Flashnote\Flashnote.exe
MOD - [2011/11/09 02:16:02 | 000,093,696 | ---- | M] () -- F:\ProgramsOnF\FileZilla FTP Client\fzshellext.dll
MOD - [2011/10/31 21:44:00 | 000,559,244 | ---- | M] () -- F:\ProgramsOnF\Flashnote\sqlite3.dll
MOD - [2011/10/26 17:41:20 | 000,325,120 | ---- | M] () -- F:\ProgramsOnF\TeraCopy\TeraCopy.dll
MOD - [2011/10/26 17:41:20 | 000,305,664 | ---- | M] () -- F:\ProgramsOnF\TeraCopy\TeraCopyExt.dll
MOD - [2011/10/08 21:25:52 | 000,623,616 | ---- | M] () -- C:\Program Files\Winamp\System\jnetlib.w5s
MOD - [2011/10/08 21:25:52 | 000,174,080 | ---- | M] () -- C:\Program Files\Winamp\System\auth.w5s
MOD - [2011/10/08 21:25:52 | 000,154,624 | ---- | M] () -- C:\Program Files\Winamp\System\jpeg.w5s
MOD - [2011/10/08 21:25:52 | 000,103,936 | ---- | M] () -- C:\Program Files\Winamp\System\png.w5s
MOD - [2011/10/08 21:25:52 | 000,090,112 | ---- | M] () -- C:\Program Files\Winamp\System\xml.w5s
MOD - [2011/10/08 21:25:52 | 000,084,480 | ---- | M] () -- C:\Program Files\Winamp\System\playlist.w5s
MOD - [2011/10/08 21:25:52 | 000,083,968 | ---- | M] () -- C:\Program Files\Winamp\tataki.dll
MOD - [2011/10/08 21:25:52 | 000,047,616 | ---- | M] () -- C:\Program Files\Winamp\zlib.dll
MOD - [2011/10/08 21:25:52 | 000,044,544 | ---- | M] () -- C:\Program Files\Winamp\System\devices.w5s
MOD - [2011/10/08 21:25:52 | 000,035,328 | ---- | M] () -- C:\Program Files\Winamp\System\timer.w5s
MOD - [2011/10/08 21:25:52 | 000,023,040 | ---- | M] () -- C:\Program Files\Winamp\System\albumart.w5s
MOD - [2011/10/08 21:25:52 | 000,021,504 | ---- | M] () -- C:\Program Files\Winamp\System\tagz.w5s
MOD - [2011/10/08 21:25:52 | 000,019,456 | ---- | M] () -- C:\Program Files\Winamp\System\gif.w5s
MOD - [2011/10/08 21:25:52 | 000,019,456 | ---- | M] () -- C:\Program Files\Winamp\System\bmp.w5s
MOD - [2011/10/08 21:25:52 | 000,016,896 | ---- | M] () -- C:\Program Files\Winamp\System\dlmgr.w5s
MOD - [2011/10/08 21:25:52 | 000,016,384 | ---- | M] () -- C:\Program Files\Winamp\System\gracenote.w5s
MOD - [2011/10/08 21:25:52 | 000,014,336 | ---- | M] () -- C:\Program Files\Winamp\System\filereader.w5s
MOD - [2011/10/08 21:25:52 | 000,013,824 | ---- | M] () -- C:\Program Files\Winamp\System\primo.w5s
MOD - [2011/10/08 21:25:51 | 000,293,376 | ---- | M] () -- C:\Program Files\Winamp\Plugins\ml_local.dll
MOD - [2011/10/08 21:25:51 | 000,249,856 | ---- | M] () -- C:\Program Files\Winamp\Plugins\ml_devices.dll
MOD - [2011/10/08 21:25:51 | 000,240,640 | ---- | M] () -- C:\Program Files\Winamp\Plugins\ml_pmp.dll
MOD - [2011/10/08 21:25:51 | 000,200,192 | ---- | M] () -- C:\Program Files\Winamp\Plugins\ml_disc.dll
MOD - [2011/10/08 21:25:51 | 000,170,496 | ---- | M] () -- C:\Program Files\Winamp\Plugins\pmp_ipod.dll
MOD - [2011/10/08 21:25:51 | 000,124,928 | ---- | M] () -- C:\Program Files\Winamp\Plugins\ml_online.dll
MOD - [2011/10/08 21:25:51 | 000,118,272 | ---- | M] () -- C:\Program Files\Winamp\Plugins\pmp_p4s.dll
MOD - [2011/10/08 21:25:51 | 000,113,152 | ---- | M] () -- C:\Program Files\Winamp\Plugins\pmp_wifi.dll
MOD - [2011/10/08 21:25:51 | 000,083,456 | ---- | M] () -- C:\Program Files\Winamp\Plugins\ml_plg.dll
MOD - [2011/10/08 21:25:51 | 000,082,944 | ---- | M] () -- C:\Program Files\Winamp\Plugins\ml_playlists.dll
MOD - [2011/10/08 21:25:51 | 000,060,928 | ---- | M] () -- C:\Program Files\Winamp\Plugins\pmp_android.dll
MOD - [2011/10/08 21:25:51 | 000,057,344 | ---- | M] () -- C:\Program Files\Winamp\Plugins\ml_impex.dll
MOD - [2011/10/08 21:25:51 | 000,053,760 | ---- | M] () -- C:\Program Files\Winamp\Plugins\pmp_usb.dll
MOD - [2011/10/08 21:25:51 | 000,052,224 | ---- | M] () -- C:\Program Files\Winamp\Plugins\out_ds.dll
MOD - [2011/10/08 21:25:51 | 000,052,224 | ---- | M] () -- C:\Program Files\Winamp\Plugins\ml_history.dll
MOD - [2011/10/08 21:25:51 | 000,033,792 | ---- | M] () -- C:\Program Files\Winamp\Plugins\ml_rg.dll
MOD - [2011/10/08 21:25:51 | 000,031,744 | ---- | M] () -- C:\Program Files\Winamp\Plugins\ml_transcode.dll
MOD - [2011/10/08 21:25:51 | 000,022,528 | ---- | M] () -- C:\Program Files\Winamp\Plugins\out_disk.dll
MOD - [2011/10/08 21:25:51 | 000,020,480 | ---- | M] () -- C:\Program Files\Winamp\Plugins\pmp_njb.dll
MOD - [2011/10/08 21:25:51 | 000,018,432 | ---- | M] () -- C:\Program Files\Winamp\Plugins\out_wave.dll
MOD - [2011/10/08 21:25:50 | 001,737,728 | ---- | M] () -- C:\Program Files\Winamp\Plugins\gen_ff.dll
MOD - [2011/10/08 21:25:50 | 000,313,344 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_wm.dll
MOD - [2011/10/08 21:25:50 | 000,312,832 | ---- | M] () -- C:\Program Files\Winamp\Plugins\gen_ml.dll
MOD - [2011/10/08 21:25:50 | 000,285,696 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_mp3.dll
MOD - [2011/10/08 21:25:50 | 000,252,416 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_vorbis.dll
MOD - [2011/10/08 21:25:50 | 000,183,808 | ---- | M] () -- C:\Program Files\Winamp\Plugins\gen_jumpex.dll
MOD - [2011/10/08 21:25:50 | 000,165,376 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_mod.dll
MOD - [2011/10/08 21:25:50 | 000,109,568 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_midi.dll
MOD - [2011/10/08 21:25:50 | 000,102,400 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_cdda.dll
MOD - [2011/10/08 21:25:50 | 000,074,752 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_nsv.dll
MOD - [2011/10/08 21:25:50 | 000,072,192 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_dshow.dll
MOD - [2011/10/08 21:25:50 | 000,068,608 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_avi.dll
MOD - [2011/10/08 21:25:50 | 000,060,928 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_flac.dll
MOD - [2011/10/08 21:25:50 | 000,057,344 | ---- | M] () -- C:\Program Files\Winamp\Plugins\gen_orgler.dll
MOD - [2011/10/08 21:25:50 | 000,050,688 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_mp4.dll
MOD - [2011/10/08 21:25:50 | 000,049,152 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_mkv.dll
MOD - [2011/10/08 21:25:50 | 000,043,008 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_flv.dll
MOD - [2011/10/08 21:25:50 | 000,028,672 | ---- | M] () -- C:\Program Files\Winamp\Plugins\ml_autotag.dll
MOD - [2011/10/08 21:25:50 | 000,027,648 | ---- | M] () -- C:\Program Files\Winamp\Plugins\ml_bookmarks.dll
MOD - [2011/10/08 21:25:50 | 000,027,648 | ---- | M] () -- C:\Program Files\Winamp\Plugins\gen_hotkeys.dll
MOD - [2011/10/08 21:25:50 | 000,025,600 | ---- | M] () -- C:\Program Files\Winamp\Plugins\gen_tray.dll
MOD - [2011/10/08 21:25:50 | 000,023,552 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_swf.dll
MOD - [2011/10/08 21:25:50 | 000,016,896 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_wave.dll
MOD - [2011/10/08 21:25:50 | 000,007,168 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_linein.dll
MOD - [2011/10/08 21:25:49 | 000,869,376 | ---- | M] () -- C:\Program Files\Winamp\Plugins\gen_dropbox.dll
MOD - [2011/10/08 21:25:49 | 000,410,624 | ---- | M] () -- C:\Program Files\Winamp\nsutil.dll
MOD - [2011/10/08 21:25:48 | 000,253,440 | ---- | M] () -- C:\Program Files\Winamp\libsndfile.dll
MOD - [2011/10/08 21:25:48 | 000,078,848 | ---- | M] () -- C:\Program Files\Winamp\nde.dll
MOD - [2011/04/24 23:13:30 | 007,008,656 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtgui4.dll
MOD - [2011/04/24 23:13:28 | 000,192,912 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtsql4.dll
MOD - [2011/04/24 23:13:26 | 001,270,160 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtscript4.dll
MOD - [2011/04/24 23:13:26 | 000,758,160 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtnetwork4.dll
MOD - [2011/04/24 23:13:24 | 002,118,032 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtcore4.dll
MOD - [2011/04/24 23:13:24 | 002,089,360 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtdeclarative4.dll
MOD - [2011/04/20 19:56:28 | 000,025,088 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll
MOD - [2011/04/15 06:31:33 | 000,548,854 | ---- | M] () -- F:\ProgramsOnF\WinPatrol\sqlite3.dll
MOD - [2011/03/15 20:03:07 | 000,022,800 | ---- | M] () -- C:\Program Files\WordWeb\WUCNT.dll
MOD - [2010/05/10 11:32:36 | 001,858,048 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
MOD - [2010/05/10 11:32:06 | 000,482,304 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
MOD - [2010/04/03 14:06:02 | 000,094,208 | ---- | M] () -- F:\ProgramsOnF\Launchy\Launchy\plugins\runner.dll
MOD - [2010/04/03 14:05:46 | 000,380,928 | ---- | M] () -- F:\ProgramsOnF\Launchy\Launchy\Launchy.exe
MOD - [2010/04/03 14:05:22 | 000,090,112 | ---- | M] () -- F:\ProgramsOnF\Launchy\Launchy\plugins\controly.dll
MOD - [2010/03/03 20:08:58 | 000,058,880 | ---- | M] () -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
MOD - [2009/12/17 01:18:48 | 000,233,472 | ---- | M] () -- F:\ProgramsOnF\Launchy\Launchy\imageformats\qmng4.dll
MOD - [2009/12/16 23:13:02 | 008,314,880 | ---- | M] () -- F:\ProgramsOnF\Launchy\Launchy\QtGui4.dll
MOD - [2009/12/16 22:56:22 | 000,712,704 | ---- | M] () -- F:\ProgramsOnF\Launchy\Launchy\QtNetwork4.dll
MOD - [2009/12/16 22:54:46 | 002,236,416 | ---- | M] () -- F:\ProgramsOnF\Launchy\Launchy\QtCore4.dll
MOD - [2009/12/14 10:49:07 | 000,090,112 | ---- | M] () -- C:\WINDOWS\system32\SnoopFreeSvc.exe
MOD - [2009/12/14 10:49:07 | 000,045,056 | ---- | M] () -- C:\WINDOWS\SnoopFreeDll.dll
MOD - [2009/11/05 07:39:40 | 000,087,552 | ---- | M] () -- C:\WINDOWS\system32\cpwmon2k.dll
MOD - [2009/08/22 16:02:50 | 000,724,992 | ---- | M] () -- C:\Program Files\Rainlendar2\plugins\iCalendarPlugin.dll
MOD - [2009/08/22 16:01:06 | 005,148,672 | ---- | M] () -- C:\Program Files\Rainlendar2\Rainlendar2.exe
MOD - [2009/03/13 06:48:48 | 000,602,624 | ---- | M] () -- F:\ProgramsOnF\Everything\Everything.exe
MOD - [2008/11/08 01:30:46 | 000,009,216 | ---- | M] () -- C:\Program Files\Rainlendar2\lfs.dll
MOD - [2008/11/08 01:29:08 | 000,131,072 | ---- | M] () -- C:\Program Files\Rainlendar2\lua51.dll
MOD - [2008/09/16 20:18:06 | 000,132,608 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2008/02/21 02:20:46 | 000,018,944 | ---- | M] () -- C:\Program Files\StatSoft\STATISTICA Version Manager\rgSTr.exe
MOD - [2007/04/30 21:01:14 | 000,274,432 | ---- | M] () -- C:\WINDOWS\system32\flcdlmsg.dll
MOD - [2007/02/16 05:07:00 | 000,446,464 | ---- | M] () -- C:\WINDOWS\SMINST\naspp.dll
MOD - [2006/10/09 23:53:06 | 000,697,976 | ---- | M] () -- C:\WINDOWS\SMINST\Scheduler.exe
MOD - [2006/10/01 16:50:28 | 000,334,848 | ---- | M] () -- F:\ProgramsOnF\Free Desktop Clock\DesktopClock.exe
MOD - [2005/09/07 11:03:16 | 000,062,464 | ---- | M] () -- F:\ProgramsOnF\Free Desktop Clock\Clock.dll
MOD - [2000/05/20 17:23:48 | 000,086,016 | ---- | M] () -- C:\WINDOWS\StartupMonitor.exe

========== Services (SafeList) ==========

SRV - [2012/09/05 16:38:52 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/08/29 19:02:54 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/08/24 11:04:38 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011/04/24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP)
SRV - [2011/03/24 16:54:34 | 000,072,936 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- F:\ProgramsOnF\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2010/05/15 23:26:38 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [Auto | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/05/10 11:33:42 | 000,110,592 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2010/05/10 11:32:36 | 001,858,048 | ---- | M] () [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe -- (WDFME)
SRV - [2010/05/10 11:32:06 | 000,482,304 | ---- | M] () [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe -- (WDSC)
SRV - [2010/03/03 20:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/01/25 10:00:54 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper)
SRV - [2009/12/14 10:49:07 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\SnoopFreeSvc.exe -- (SnoopFreeSvc)
SRV - [2009/11/09 21:46:24 | 000,073,728 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service)
SRV - [2008/09/24 14:32:48 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2008/02/21 02:20:46 | 000,018,944 | ---- | M] () [Auto | Running] -- C:\Program Files\StatSoft\STATISTICA Version Manager\rgSTr.exe -- (STATISTICA Version Manager)
SRV - [2007/05/08 21:08:46 | 000,540,448 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2007/04/30 20:58:34 | 000,172,131 | ---- | M] (Hewlett-Packard Ltd) [On_Demand | Stopped] -- C:\WINDOWS\system32\flcdlock.exe -- (FLCDLOCK)
SRV - [2007/04/27 23:28:58 | 000,221,184 | ---- | M] (SafeBoot International) [Auto | Running] -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService)
SRV - [2007/02/07 07:00:00 | 000,074,240 | R--- | M] (Cognizance Corporation) [Auto | Running] -- C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll -- (ASBroker)
SRV - [2007/01/04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/12/04 16:13:16 | 000,292,384 | R--- | M] (Sierra Wireless Inc.) [Auto | Running] -- C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe -- (SWIHPWMI)
SRV - [2006/10/01 18:07:42 | 000,016,384 | ---- | M] () [On_Demand | Stopped] -- F:\ProgramsOnF\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2006/06/22 10:44:00 | 000,131,584 | R--- | M] (Cognizance Corporation) [Auto | Running] -- C:\Program Files\Hewlett-Packard\IAM\Bin\ASChnl.dll -- (ASChannel)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2011/08/17 09:56:32 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2011/08/17 09:56:30 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011/08/17 09:56:26 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2011/08/17 09:56:22 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2011/08/14 13:33:39 | 000,023,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hitmanpro35.sys -- (hitmanpro35)
DRV - [2011/04/20 14:50:22 | 000,565,552 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2011/03/24 16:54:30 | 000,126,696 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- F:\ProgramsOnF\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2011/03/10 18:34:46 | 000,034,608 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2011/03/04 13:23:20 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl2.sys -- (kl2)
DRV - [2011/03/04 13:23:14 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1)
DRV - [2010/05/28 16:34:52 | 000,014,896 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2009/12/14 10:49:07 | 000,009,472 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SnopFree.sys -- (SnoopFree)
DRV - [2009/11/02 20:27:24 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009/06/30 10:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2009/02/13 12:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/12/23 20:54:26 | 000,581,120 | ---- | M] (PixArt Imaging Incorporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\GUCI_AVS.sys -- (GUCI_AVS)
DRV - [2008/05/08 19:32:52 | 000,203,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST)
DRV - [2008/04/14 00:09:44 | 000,092,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC)
DRV - [2007/05/07 06:30:06 | 000,988,032 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/05/07 06:30:06 | 000,731,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/05/07 06:30:06 | 000,210,816 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007/04/27 07:53:36 | 000,005,808 | ---- | M] (SafeBoot International) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\rsvlock.sys -- (RsvLock)
DRV - [2007/04/27 07:53:06 | 000,100,095 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\SafeBoot.sys -- (SafeBoot)
DRV - [2007/04/24 01:43:44 | 000,030,008 | ---- | M] (Hewlett-Packard Development Company L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DAMDrv.sys -- (DAMDrv)
DRV - [2007/04/11 04:25:28 | 000,140,808 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atswpdrv.sys -- (ATSWPDRV)
DRV - [2007/04/05 00:46:20 | 000,041,216 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2007/04/03 15:14:24 | 002,203,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32)
DRV - [2007/04/03 15:14:06 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2007/03/30 05:24:00 | 000,013,696 | ---- | M] (SafeBoot International) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\SbFsLock.sys -- (SbFsLock)
DRV - [2007/02/24 20:12:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/02/14 19:51:00 | 000,067,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2007/02/14 19:50:58 | 000,868,298 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2007/02/14 19:50:58 | 000,149,123 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2007/02/14 19:50:58 | 000,030,459 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2007/02/14 19:50:56 | 000,530,861 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2007/02/13 22:59:04 | 000,019,345 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMPR5.sys -- (MREMPR5)
DRV - [2007/02/13 22:59:04 | 000,018,003 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5)
DRV - [2006/12/20 06:38:00 | 000,047,616 | ---- | M] (RICOH Company, Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rismc32.sys -- (rismc32)
DRV - [2006/11/30 23:54:58 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2006/10/10 02:01:46 | 000,044,720 | ---- | M] (SafeBoot N.V.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\SbAlg.sys -- (SbAlg)
DRV - [2006/10/01 18:07:02 | 000,026,624 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tap0801.sys -- (tap0801)
DRV - [2006/07/24 00:00:04 | 000,022,016 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2006/07/24 00:00:04 | 000,017,920 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\hpdskflt.sys -- (hpdskflt)
DRV - [2006/06/28 23:24:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2005/07/25 10:04:08 | 000,048,640 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2001/08/18 00:40:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search...p={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2465030
IE - HKCU\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://aa.yhs.search...p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;127.0.0.1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 172.16.1.1:3128

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.iiserpune.ac.in/"
FF - prefs.js..extensions.enabledAddons: [email protected]:3.0.8
FF - prefs.js..extensions.enabledAddons: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:12.8
FF - prefs.js..extensions.enabledAddons: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.2
FF - prefs.js..extensions.enabledAddons: {5384767E-00D9-40E9-B72F-9CC39D655D6F}:1.4.2.1
FF - prefs.js..extensions.enabledAddons: {5C46D283-ABDE-4dce-B83C-08881401921C}:2.1.7.1
FF - prefs.js..extensions.enabledAddons: {64161300-e22b-11db-8314-0800200c9a66}:0.9.6.8
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.9
FF - prefs.js..extensions.enabledAddons: {dc572301-7619-498c-a57d-39143191b318}:0.4.0.3
FF - prefs.js..extensions.enabledAddons: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.119
FF - prefs.js..extensions.enabledAddons: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.5.3
FF - prefs.js..extensions.enabledAddons: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20120827
FF - prefs.js..extensions.enabledAddons: [email protected]:4.1.2
FF - prefs.js..extensions.enabledAddons: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.14
FF - prefs.js..extensions.enabledAddons: [email protected]:12.0.0.477
FF - prefs.js..extensions.enabledAddons: [email protected]:12.0.0.477
FF - prefs.js..extensions.enabledAddons: [email protected]:12.0.0.477
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.5
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.13
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.9
FF - prefs.js..extensions.enabledItems: [email protected]:0.7.3
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.4.1
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.2
FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.9.6.4
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20120302
FF - prefs.js..extensions.enabledItems: [email protected]:4.0.6
FF - prefs.js..extensions.enabledItems: [email protected]:3.0.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.114
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:3.3.3.2
FF - prefs.js..extensions.enabledItems: [email protected]:11.0.2.579
FF - prefs.js..extensions.enabledItems: [email protected]:11.0.2.579
FF - prefs.js..extensions.enabledItems: [email protected]:11.0.2.579
FF - prefs.js..extensions.enabledItems: [email protected]:0.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}:7.0
FF - prefs.js..network.proxy.backup.ftp: "192.168.1.50"
FF - prefs.js..network.proxy.backup.ftp_port: 3128
FF - prefs.js..network.proxy.backup.gopher: "192.168.1.50"
FF - prefs.js..network.proxy.backup.gopher_port: 3128
FF - prefs.js..network.proxy.backup.socks: "192.168.1.50"
FF - prefs.js..network.proxy.backup.socks_port: 3128
FF - prefs.js..network.proxy.backup.ssl: "192.168.1.50"
FF - prefs.js..network.proxy.backup.ssl_port: 3128
FF - prefs.js..network.proxy.ftp: "192.168.1.50"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.gopher: "192.168.1.50"
FF - prefs.js..network.proxy.gopher_port: 3128
FF - prefs.js..network.proxy.http: "192.168.1.50"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "192.168.1.50"
FF - prefs.js..network.proxy.socks_port: 3128
FF - prefs.js..network.proxy.ssl: "192.168.1.50"
FF - prefs.js..network.proxy.ssl_port: 3128
FF - prefs.js..network.proxy.type: 1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: F:\ProgramsOnF\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: F:\ProgramsOnF\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@sony.com/eBookLibrary: F:\ProgramsOnF\Reader Library\Data\bin\npebldetectmoz.dll (Sony Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: F:\ProgramsOnF\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.67\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.67\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\[email protected] [2012/09/03 18:32:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\[email protected] [2012/09/03 18:32:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\[email protected] [2012/09/03 18:32:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\WordWeb\WCaptureMoz [2011/06/27 18:09:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/08/29 19:02:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/15 00:02:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.0.6\extensions\\Components: F:\ProgramsOnF\SeaMonkey\components [2010/09/07 21:06:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.0.6\extensions\\Plugins: F:\ProgramsOnF\SeaMonkey\plugins [2011/10/08 21:06:55 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{E0CC257A-4D42-4ED7-AFAF-0AE6422F60D0}: F:\ProgramsOnF\Copernic Desktop Search - Home\Firefox36Connector

[2010/09/07 21:06:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/03/14 17:34:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/09/07 21:06:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a}
[2012/09/01 22:45:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\b1gsegen.default\extensions
[2010/04/29 19:16:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\b1gsegen.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/02/04 16:50:11 | 000,000,000 | ---D | M] (PDF Download) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\b1gsegen.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2012/06/06 15:38:36 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\b1gsegen.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2012/08/22 10:49:44 | 000,000,000 | ---D | M] (mipony-plugin Community Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\b1gsegen.default\extensions\{90d46c30-9f25-4104-aea9-35c3f84477ff}
[2012/08/30 19:45:09 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\b1gsegen.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012/03/30 13:19:36 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\b1gsegen.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/06/28 17:11:10 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\b1gsegen.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2012/08/28 15:56:49 | 000,000,000 | ---D | M] (Page Speed) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\b1gsegen.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
[2012/03/29 09:15:54 | 000,000,000 | ---D | M] (FoxTab) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\b1gsegen.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2011/03/25 08:26:43 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\b1gsegen.default\extensions\[email protected]
[2012/09/01 22:45:25 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\b1gsegen.default\extensions\[email protected]
[2010/05/11 21:02:02 | 000,000,000 | ---D | M] (Incredible Bookmarks) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\b1gsegen.default\extensions\[email protected]
[2011/07/17 23:36:09 | 000,000,000 | ---D | M] (Thomson Reuters Master Journal List) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\b1gsegen.default\extensions\[email protected]
[2012/07/18 19:08:26 | 000,000,000 | ---D | M] (Zotero) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\b1gsegen.default\extensions\[email protected]
[2011/02/22 19:14:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\SeaMonkey\Profiles\d14uwuwv.default\extensions
[2010/12/25 10:43:39 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\SeaMonkey\Profiles\d14uwuwv.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2010/12/25 10:43:41 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\SeaMonkey\Profiles\d14uwuwv.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/09/08 00:10:58 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\SeaMonkey\Profiles\d14uwuwv.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/09/08 00:10:57 | 000,000,000 | ---D | M] ("BetterPrivacy") -- C:\Documents and Settings\Administrator\Application Data\Mozilla\SeaMonkey\Profiles\d14uwuwv.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2010/09/08 00:10:58 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\SeaMonkey\Profiles\d14uwuwv.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/12/25 10:43:39 | 000,000,000 | ---D | M] (JavaScript Debugger) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\SeaMonkey\Profiles\d14uwuwv.default\extensions\{f13b157f-b174-47e7-a34d-4815ddfdfeb8}
[2010/12/25 10:43:39 | 000,000,000 | ---D | M] (DOM Inspector) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\SeaMonkey\Profiles\d14uwuwv.default\extensions\[email protected]
[2012/09/01 20:43:18 | 001,625,368 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\b1gsegen.default\extensions\[email protected]
[2012/07/26 15:18:55 | 000,599,034 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\b1gsegen.default\extensions\[email protected]
[2012/07/11 18:50:47 | 000,223,394 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\b1gsegen.default\extensions\[email protected]
[2012/07/27 19:26:04 | 000,324,456 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\b1gsegen.default\extensions\[email protected]
[2012/08/27 18:22:29 | 000,084,654 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\b1gsegen.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}.xpi
[2012/05/12 21:11:38 | 000,372,140 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\b1gsegen.default\extensions\{5C46D283-ABDE-4dce-B83C-08881401921C}.xpi
[2012/07/25 10:02:42 | 000,276,167 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\b1gsegen.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi
[2012/08/30 19:45:09 | 000,527,328 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\b1gsegen.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012/07/31 17:02:42 | 000,375,811 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\b1gsegen.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}.xpi
[2012/07/25 15:18:56 | 000,741,958 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\b1gsegen.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/07/23 14:37:07 | 000,702,524 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\b1gsegen.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
[2012/09/01 22:45:25 | 000,699,353 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\b1gsegen.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2012/05/12 20:22:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/08 21:29:33 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011/04/27 08:34:09 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]_bak
[2011/03/02 16:34:15 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]_bak
[2012/09/03 18:32:25 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2012\FFEXT\[email protected]
[2012/09/03 18:32:26 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2012\FFEXT\[email protected]
[2012/09/03 18:32:26 | 000,000,000 | ---D | M] (Kaspersky Virtual Keyboard) -- C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2012\FFEXT\[email protected]
[2012/08/29 19:02:55 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/08/29 19:02:51 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/08/29 19:02:51 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.iiserpune.ac.in/
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.151\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.151\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.151\pdf.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Documents and Settings\Administrator\Application Data\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Documents and Settings\Administrator\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
CHR - plugin: getPlusPlus for Adobe 16260 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.67\npGoogleUpdate3.dll
CHR - plugin: Panda ActiveScan 2.0 (Enabled) = C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Picasa (Enabled) = F:\ProgramsOnF\Picasa3\npPicasa3.dll
CHR - plugin: Reader Library (Enabled) = F:\ProgramsOnF\Reader Library\Data\bin\npebldetectmoz.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Mini Notepad = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apjhdoaiejppfmijnkopdcpjcngdlffj\5.0.5_0\
CHR - Extension: WOT = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.3.1_0\
CHR - Extension: Adblock Plus (Beta) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
CHR - Extension: Kaspersky URL Advisor = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\
CHR - Extension: Notepad = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ephkoffkhkiignlofebbfhhahddofkmg\1.1_0\
CHR - Extension: AdBlock = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.42_0\
CHR - Extension: Virtual Keyboard = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\
CHR - Extension: Zotero Connector = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jciblakmllnhbhjjgkbkeihelcndmgnh\3.0.8.1_0\
CHR - Extension: Anti-Banner = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\

O1 HOSTS File: ([2012/03/19 16:50:57 | 000,000,789 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\accelerometerST.exe (Hewlett-Packard Corporation)
O4 - HKLM..\Run: [Autorun Eater] F:\ProgramsOnF\Autorun Eater\oldmcdonald.exe (Old McDonald's Farm)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [Everything] F:\ProgramsOnF\Everything\Everything.exe ()
O4 - HKLM..\Run: [HPWWANGSAssistant] c:\SWSetup\HPQWWAN\HPWWanGSAssistant.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [MsmqIntCert] C:\WINDOWS\System32\mqrt.dll (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Run StartupMonitor] C:\WINDOWS\StartupMonitor.exe ()
O4 - HKLM..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe ()
O4 - HKLM..\Run: [SnoopFreeUI] C:\WINDOWS\SnoopFreeUI.exe (SnoopFree Software)
O4 - HKLM..\Run: [WinPatrol] F:\ProgramsOnF\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKLM..\Run: [WordWeb] C:\Program Files\WordWeb\wweb32.exe (WordWeb Software)
O4 - HKCU..\Run: [Flashnote] F:\ProgramsOnF\Flashnote\Flashnote.exe ()
O4 - HKCU..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe ()
O4 - HKCU..\Run: [SkinClock] F:\ProgramsOnF\Free Desktop Clock\DesktopClock.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Launchy.lnk = F:\ProgramsOnF\Launchy\Launchy\Launchy.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 351
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Download with Mipony - F:\ProgramsOnF\MiPony\Browser\IEContext.htm ()
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe File not found
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\ProgramsOnD\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1341481201656 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1341480422937 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.130 218.248.240.208 218.248.240.135
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{54BD177B-0108-466B-AF34-F9395F8AC4F6}: DhcpNameServer = 192.168.1.130 218.248.240.208 218.248.240.135
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BD4F0CC1-171E-4B52-A002-173AE5D29439}: NameServer = 192.168.1.130,218.248.240.208
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\sspng {1E8068DE-05AD-11D4-ACC8-EF447469245E} - F:\ProgramsOnF\Internet Researcher\SspNG.dll (Zylox Software)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\DeviceNP: DllName - () - File not found
O20 - Winlogon\Notify\klogon: DllName - (C:\WINDOWS\system32\klogon.dll) - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO)
O20 - Winlogon\Notify\OneCard: DllName - () - File not found
O20 - Winlogon\Notify\SensLogn: DllName - () - File not found
O20 - Winlogon\Notify\termsrv: DllName - () - File not found
O20 - Winlogon\Notify\wlballoon: DllName - () - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/04/11 14:48:33 | 000,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2008/05/02 19:59:50 | 000,000,000 | R--D | M] - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2008/05/02 19:59:50 | 000,000,000 | R--D | M] - E:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2008/05/02 19:59:50 | 000,000,000 | R--D | M] - F:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 04:37:00 | 000,000,000 | -HS- | M] () - G:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/06/20 12:22:12 | 000,000,000 | ---D | M] - G:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{26afb474-4208-11df-9343-001a4b7a6ef6}\Shell - "" = AutoRun
O33 - MountPoints2\{26afb474-4208-11df-9343-001a4b7a6ef6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{26afb474-4208-11df-9343-001a4b7a6ef6}\Shell\AutoRun\command - "" = "I:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{283fc243-7e7a-11df-93f0-001a4b7a6ef6}\Shell - "" = AutoRun
O33 - MountPoints2\{283fc243-7e7a-11df-93f0-001a4b7a6ef6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{283fc243-7e7a-11df-93f0-001a4b7a6ef6}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{3cc6b15e-b473-11e1-84de-001a73dc85ff}\Shell - "" = AutoRun
O33 - MountPoints2\{3cc6b15e-b473-11e1-84de-001a73dc85ff}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3cc6b15e-b473-11e1-84de-001a73dc85ff}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{4a91a2ef-af48-11df-9488-001a4b7a6ef6}\Shell - "" = AutoRun
O33 - MountPoints2\{4a91a2ef-af48-11df-9488-001a4b7a6ef6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4a91a2ef-af48-11df-9488-001a4b7a6ef6}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{9fce2092-2f63-11e0-95fb-001a4b7a6ef6}\Shell - "" = AutoRun
O33 - MountPoints2\{9fce2092-2f63-11e0-95fb-001a4b7a6ef6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9fce2092-2f63-11e0-95fb-001a4b7a6ef6}\Shell\AutoRun\command - "" = "I:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{a0834776-4fc9-11e0-9664-001a4b7a6ef6}\Shell - "" = AutoRun
O33 - MountPoints2\{a0834776-4fc9-11e0-9664-001a4b7a6ef6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a0834776-4fc9-11e0-9664-001a4b7a6ef6}\Shell\AutoRun\command - "" = "I:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{a350c56e-ce4d-11df-94f4-001a73dc85ff}\Shell - "" = AutoRun
O33 - MountPoints2\{a350c56e-ce4d-11df-94f4-001a73dc85ff}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a350c56e-ce4d-11df-94f4-001a73dc85ff}\Shell\AutoRun\command - "" = "I:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{b9750c62-913e-11e1-848f-001a4b7a6ef6}\Shell - "" = AutoRun
O33 - MountPoints2\{b9750c62-913e-11e1-848f-001a4b7a6ef6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b9750c62-913e-11e1-848f-001a4b7a6ef6}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{cbd1e626-6650-11e0-968d-001a4b7a6ef6}\Shell - "" = AutoRun
O33 - MountPoints2\{cbd1e626-6650-11e0-968d-001a4b7a6ef6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{cbd1e626-6650-11e0-968d-001a4b7a6ef6}\Shell\AutoRun\command - "" = "I:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{de2f8018-90f0-11e1-848e-001a73dc85ff}\Shell - "" = AutoRun
O33 - MountPoints2\{de2f8018-90f0-11e1-848e-001a73dc85ff}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{de2f8018-90f0-11e1-848e-001a73dc85ff}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/05 17:05:20 | 000,599,040 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012/09/05 16:43:14 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2012/08/20 22:00:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\ScummVM
[2012/08/15 00:02:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Oracle
[2012/08/13 22:33:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Thoughts on various issues
[2012/08/13 19:57:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\PANCARD Related
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Administrator\My Documents\*.tmp files -> C:\Documents and Settings\Administrator\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/09/05 17:22:44 | 000,729,246 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\KeyScrambler_Setup.exe.part
[2012/09/05 17:21:53 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\KeyScrambler_Setup.exe
[2012/09/05 17:11:00 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4180217190-714296794-1052857462-500UA.job
[2012/09/05 17:05:20 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012/09/05 16:45:40 | 000,035,980 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cc_20120905_164537.reg
[2012/09/05 16:32:50 | 000,282,881 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2012/09/05 16:32:50 | 000,282,881 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2012/09/05 16:29:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/09/05 16:28:00 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/05 15:29:45 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/09/05 14:28:00 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/05 10:40:18 | 000,000,324 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2012/09/05 10:40:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/09/04 21:11:00 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4180217190-714296794-1052857462-500Core.job
[2012/09/01 20:10:27 | 000,086,016 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/09/01 00:59:49 | 000,000,674 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Qiqqa.lnk
[2012/08/27 19:49:11 | 000,000,114 | ---- | M] () -- C:\WINDOWS\System32\prsgrc.tgz
[2012/08/27 19:49:10 | 000,000,100 | ---- | M] () -- C:\WINDOWS\System32\prsgrc.dll
[2012/08/27 19:49:10 | 000,000,086 | ---- | M] () -- C:\WINDOWS\System32\ssprs.tgz
[2012/08/23 15:57:44 | 000,229,376 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\diff decline.JNB
[2012/08/22 19:07:00 | 000,000,546 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\MiPony.lnk
[2012/08/19 19:17:20 | 000,000,710 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\TreeDBNotes 4.lnk
[2012/08/15 16:52:24 | 000,594,160 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/08/14 00:23:19 | 000,009,071 | ---- | M] () -- C:\WINDOWS\Q-Dir.ini
[2012/08/10 15:08:20 | 000,102,896 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Academic Writing & recipes.pdf
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Administrator\My Documents\*.tmp files -> C:\Documents and Settings\Administrator\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/05 16:45:38 | 000,035,980 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cc_20120905_164537.reg
[2012/09/01 00:59:49 | 000,000,674 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Qiqqa.lnk
[2012/08/23 15:57:44 | 000,229,376 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\diff decline.JNB
[2012/08/19 19:17:20 | 000,000,710 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\TreeDBNotes 4.lnk
[2012/08/10 15:08:19 | 000,102,896 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Academic Writing & recipes.pdf
[2012/07/31 18:14:01 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\WebpageIcons.db
[2012/07/20 01:24:22 | 002,083,751 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-4180217190-714296794-1052857462-500-0.dat
[2012/07/20 01:24:22 | 000,482,730 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/06/13 19:50:29 | 000,296,560 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2012/06/13 19:50:29 | 000,296,560 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2012/06/13 19:50:29 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2012/06/13 19:49:58 | 002,785,006 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2012/05/31 21:02:00 | 000,000,316 | ---- | C] () -- C:\Documents and Settings\Administrator\.JavaPowUpload.properties
[2012/04/07 17:49:58 | 000,349,195 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\census.cache
[2012/04/07 17:49:51 | 000,310,410 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ars.cache
[2012/04/07 17:28:40 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\housecall.guid.cache
[2012/02/27 17:43:22 | 000,002,156 | ---- | C] () -- C:\Documents and Settings\Administrator\.recently-used.xbel
[2012/02/17 12:00:24 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/10/10 00:49:46 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2011/08/14 13:01:33 | 000,023,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/07/22 09:44:24 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\trtmtnti.dll
[2011/07/09 14:45:51 | 000,002,284 | ---- | C] () -- C:\Documents and Settings\Administrator\.powerupdate.user.properties
[2011/06/03 15:44:41 | 000,000,159 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2011/06/02 17:18:43 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\winscp.rnd
[2010/10/16 18:47:23 | 000,000,068 | ---- | C] () -- C:\WINDOWS\GenGraph-6ed.ini
[2010/10/16 18:47:22 | 000,000,133 | ---- | C] () -- C:\WINDOWS\GenStat-6ed.ini
[2010/10/16 16:44:39 | 000,000,155 | ---- | C] () -- C:\Documents and Settings\Administrator\.plugins.cfg
[2010/10/16 16:44:30 | 000,000,644 | ---- | C] () -- C:\Documents and Settings\Administrator\.DeducerPrefs
[2010/10/16 15:58:01 | 000,002,624 | ---- | C] () -- C:\Documents and Settings\Administrator\.RData
[2010/10/16 15:50:10 | 000,003,463 | ---- | C] () -- C:\Documents and Settings\Administrator\.JGRprefsrc
[2010/10/16 15:50:10 | 000,001,461 | ---- | C] () -- C:\Documents and Settings\Administrator\.JGREditorprefsrc
[2010/05/03 14:01:54 | 000,000,008 | -H-- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\L8457789110
[2010/03/09 17:13:17 | 000,000,607 | ---- | C] () -- C:\Documents and Settings\Administrator\.mtpaint
[2010/01/16 15:35:06 | 000,000,836 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DockManager.config
[2010/01/16 15:35:06 | 000,000,494 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\app.config
[2009/12/30 20:02:44 | 000,000,332 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\magnifier.ini
[2009/12/28 22:40:59 | 000,000,301 | ---- | C] () -- C:\Documents and Settings\Administrator\SciTE.session
[2009/12/24 00:30:27 | 000,002,443 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\gnuplot_history
[2009/11/28 17:18:51 | 000,003,105 | ---- | C] () -- C:\Documents and Settings\Administrator\.ganttproject
[2009/11/28 16:58:38 | 000,000,251 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2009/11/12 14:14:36 | 000,011,336 | ---- | C] () -- C:\Documents and Settings\Administrator\gsview32.ini
[2009/08/13 23:25:31 | 000,056,651 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Proxies.xml
[2009/08/12 21:02:34 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\d3d9caps.dat
[2009/07/08 11:34:29 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\PUTTY.RND
[2009/07/05 01:44:18 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\default.rss
[2009/06/28 22:13:53 | 000,086,016 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== LOP Check ==========

[2012/04/14 18:02:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\.kde
[2010/10/21 13:51:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Abine
[2010/06/04 23:33:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ADDINSOFT
[2010/08/27 22:53:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\adma
[2011/11/22 22:25:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Artweaver Free
[2010/02/04 23:02:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\avidemux
[2010/01/11 04:19:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Blender Foundation
[2009/10/13 16:55:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\calibre
[2010/08/28 16:52:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\CBS Interactive
[2011/07/09 19:04:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\CmapTools
[2010/11/13 14:31:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Copernic
[2012/04/10 09:42:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DataOrganizer
[2011/09/26 20:52:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DeepBurner
[2011/06/02 20:39:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Design Science
[2012/07/20 00:12:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Docear
[2011/11/23 15:04:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DraftSight
[2012/04/02 22:27:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Dropbox
[2012/01/27 20:47:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Easy Duplicate Finder
[2010/03/24 16:39:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\EndNote
[2009/11/28 16:58:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\eNoteFile Services Pty Ltd
[2011/05/17 14:54:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Enthought
[2010/08/23 00:00:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\EssentialPIM
[2011/11/19 14:28:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\eTeks
[2011/08/14 14:30:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\f-secure
[2010/05/03 14:04:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FileMaker Pro
[2009/12/29 00:07:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FileSieve 3
[2011/12/13 14:34:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FileZilla
[2012/09/05 10:40:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Flashnote
[2012/01/09 03:02:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\foobar2000
[2011/11/01 00:22:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Foxit Software
[2011/01/15 19:10:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\geany
[2010/10/16 18:51:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GenStat
[2009/08/18 23:21:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GlarySoft
[2012/03/22 11:41:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GrabPro
[2011/07/24 09:55:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\gtk-2.0
[2010/04/24 11:09:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\HandBrake
[2012/04/10 09:56:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\inkscape
[2009/12/14 12:48:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InterVideo
[2012/04/14 17:01:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\KDE
[2011/10/08 19:52:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\KeePass
[2010/09/07 21:40:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\kompozer.net
[2010/11/09 16:38:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Launchy
[2010/10/13 11:02:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Locate32
[2012/03/25 20:09:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Luminotes
[2010/09/11 14:51:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\LyX16
[2012/09/05 15:51:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mipony
[2011/11/22 23:33:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\MyVirtualHome
[2009/10/08 15:47:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\NeatImage SL
[2011/03/13 22:27:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Notepad++
[2010/11/02 10:26:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Opera
[2012/08/15 00:02:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Oracle
[2011/06/03 14:31:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\orange
[2012/03/22 11:49:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Orbit
[2011/06/02 17:22:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PhotoScape
[2012/03/17 01:26:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PriceGong
[2012/03/22 11:41:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ProgSense
[2011/12/13 00:11:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Q-Dir
[2012/09/02 19:01:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\QuickScan
[2009/12/16 23:17:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\QuotePad
[2010/10/16 19:35:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\red-r
[2007/08/09 17:15:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SampleView
[2009/07/03 23:03:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Scilab
[2012/02/25 23:56:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ScreenCapturePrint
[2012/08/20 22:00:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ScummVM
[2012/08/27 20:03:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SigmaPlot 11.0
[2011/11/19 14:12:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SmartDraw
[2012/04/10 09:13:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Spider Player
[2012/03/18 16:39:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SSC
[2009/09/01 11:55:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\StatSoft
[2012/05/05 18:34:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Subversion
[2011/10/09 09:14:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SystemRequirementsLab
[2012/02/27 18:15:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TeraCopy
[2010/05/15 20:51:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Thinstall
[2010/03/14 17:34:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Thunderbird
[2009/11/28 17:12:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Tomboy
[2009/12/25 13:40:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TreeDBNotes 3
[2012/08/19 19:17:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TreeDBNotes 4
[2009/08/18 16:50:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TreeSheetsdbs
[2011/07/04 11:17:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\WaveMetrics
[2010/08/13 10:08:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\WinPatrol
[2009/08/09 00:56:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\XMind
[2012/02/18 17:16:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Zotero
[2011/11/22 22:25:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Artweaver
[2011/11/22 22:25:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Artweaver Free
[2010/04/11 15:04:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autorun Eater
[2011/11/23 15:03:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dassault Systemes
[2012/01/27 20:47:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Easy Duplicate Finder
[2009/11/28 16:57:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eNoteFile Services Pty Ltd
[2010/04/14 20:27:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2011/08/14 13:30:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2012/03/27 17:40:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2010/05/14 12:12:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kinoma
[2009/07/05 01:36:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2009/07/19 21:38:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2011/11/22 23:44:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MyVirtualHome
[2011/07/04 11:40:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OriginLab
[2010/12/25 10:13:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2011/12/24 12:47:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SnapDraw-Free
[2012/06/12 21:09:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sophos
[2009/09/01 11:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\StatSoft
[2011/12/09 15:11:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/03/24 16:36:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Thomson.ResearchSoft.Installers
[2011/02/16 23:34:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2012/09/05 10:40:18 | 000,000,324 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 400 bytes -> C:\Documents and Settings\Administrator\Local Settings\Application Data\desktop.ini:bf5af20ce7a419b1178ece347eddc338
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7638A5DA

< End of report >

Edited by jumbokid, 05 September 2012 - 09:33 PM.

#2
Gammo

Posted 08 September 2012 - 05:36 AM

Member 2k

Malware Removal
2,299 posts

Hello and welcome to Geekstogo!

We apologize for the delay in responding to your request for help.
If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

If you haven't done so yet, please go to Malware and Spyware Cleaning Guide and follow the steps instructed there. If you have already done this, we still need a new log to see what has changed since you originally posted your problem.

We need to create an OTL Report
Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Check the box that says Scan All Users.
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.
Note: the Extras.txt file only gets created on OTL's first run.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

#3
jumbokid

Posted 08 September 2012 - 09:14 AM

New Member

Topic Starter
Member
9 posts

Dear Gammo

1. Thanks for the reply.
2. I have not done anything to my computer in terms of malware removal after I submitted the OTL log in the last post. Do you still want me to put in a fresh log?
3. I have already outlined the symptoms that I am facing and the steps I have taken, in my previous post. As I have stated, I am not even sure if this is a malware, and would appreciate some advice on that. If there are any further specific pieces of information that you desire, please let me know.

Best
JK

#4
Gammo

Posted 09 September 2012 - 04:56 AM

Member 2k

Malware Removal
2,299 posts

Do you still want me to put in a fresh log?

Yes please. If there is an infection on your PC, it could have created new malicious files since then.

#5
jumbokid

Posted 09 September 2012 - 11:11 PM

New Member

Topic Starter
Member
9 posts

Thanks! Here is the OTL log. The Extras file was not created.

Regards
JK

OTL logfile created on: 9/10/2012 10:26:03 AM - Run 9
OTL by OldTimer - Version 3.2.61.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.16 Gb Available Physical Memory | 71.99% Memory free
7.33 Gb Paging File | 6.48 Gb Available in Paging File | 88.37% Paging File free
Paging file location(s): F:\pagefile.sys 4606 5606 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.36 Gb Total Space | 2.34 Gb Free Space | 7.98% Space Free | Partition Type: NTFS
Drive D: | 10.22 Gb Total Space | 3.62 Gb Free Space | 35.41% Space Free | Partition Type: NTFS
Drive E: | 19.69 Gb Total Space | 2.08 Gb Free Space | 10.56% Space Free | Partition Type: NTFS
Drive F: | 81.29 Gb Total Space | 19.19 Gb Free Space | 23.60% Space Free | Partition Type: NTFS
Drive G: | 8.49 Gb Total Space | 0.58 Gb Free Space | 6.82% Space Free | Partition Type: NTFS

Computer Name: MINDBLOWER | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/05 17:05:20 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2012/09/05 16:38:52 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2012/03/25 23:43:18 | 000,329,312 | ---- | M] (BillP Studios) -- F:\ProgramsOnF\WinPatrol\WinPatrol.exe
PRC - [2012/03/08 20:12:02 | 000,281,880 | ---- | M] (http://tortoisesvn.net) -- F:\ProgramsOnF\TortoiseSVN\bin\TSVNCache.exe
PRC - [2011/11/20 23:48:04 | 004,555,776 | ---- | M] () -- F:\ProgramsOnF\Flashnote\Flashnote.exe
PRC - [2011/04/24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
PRC - [2011/04/24 23:12:42 | 000,131,472 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtblfs.exe
PRC - [2011/03/24 16:54:34 | 000,072,936 | ---- | M] (SANDBOXIE L.T.D) -- F:\ProgramsOnF\Sandboxie\SbieSvc.exe
PRC - [2010/05/15 23:26:38 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2010/05/10 11:33:42 | 000,110,592 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2010/05/10 11:32:36 | 001,858,048 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
PRC - [2010/05/10 11:32:06 | 000,482,304 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
PRC - [2010/04/03 14:05:46 | 000,380,928 | ---- | M] () -- F:\ProgramsOnF\Launchy\Launchy\Launchy.exe
PRC - [2010/03/03 20:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009/12/14 10:49:07 | 000,221,184 | ---- | M] (SnoopFree Software) -- C:\WINDOWS\SnoopFreeUI.exe
PRC - [2009/12/14 10:49:07 | 000,090,112 | ---- | M] () -- C:\WINDOWS\system32\SnoopFreeSvc.exe
PRC - [2009/11/09 00:18:00 | 000,065,216 | ---- | M] (WordWeb Software) -- C:\Program Files\WordWeb\wweb32.exe
PRC - [2009/08/22 16:01:06 | 005,148,672 | ---- | M] () -- C:\Program Files\Rainlendar2\Rainlendar2.exe
PRC - [2009/05/26 22:57:08 | 000,411,108 | ---- | M] (Old McDonald's Farm) -- F:\ProgramsOnF\Autorun Eater\billy.exe
PRC - [2009/05/26 22:54:10 | 000,549,400 | ---- | M] (Old McDonald's Farm) -- F:\ProgramsOnF\Autorun Eater\oldmcdonald.exe
PRC - [2009/03/13 06:48:48 | 000,602,624 | ---- | M] () -- F:\ProgramsOnF\Everything\Everything.exe
PRC - [2008/09/24 14:32:48 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2008/04/14 05:42:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/21 02:20:46 | 000,018,944 | ---- | M] () -- C:\Program Files\StatSoft\STATISTICA Version Manager\rgSTr.exe
PRC - [2007/05/08 21:08:46 | 000,540,448 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsvc.exe
PRC - [2007/04/27 23:28:58 | 000,221,184 | ---- | M] (SafeBoot International) -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
PRC - [2007/01/24 14:28:58 | 000,124,928 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\accelerometerST.exe
PRC - [2007/01/10 04:22:32 | 000,145,184 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
PRC - [2007/01/04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006/12/04 16:13:16 | 000,292,384 | R--- | M] (Sierra Wireless Inc.) -- C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe
PRC - [2006/10/09 23:53:06 | 000,697,976 | ---- | M] () -- C:\WINDOWS\SMINST\Scheduler.exe
PRC - [2006/10/01 16:50:28 | 000,334,848 | ---- | M] () -- F:\ProgramsOnF\Free Desktop Clock\DesktopClock.exe
PRC - [2000/05/20 17:23:48 | 000,086,016 | ---- | M] () -- C:\WINDOWS\StartupMonitor.exe

========== Modules (No Company Name) ==========

MOD - [2012/07/06 18:54:47 | 000,170,496 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\IsdiInterop\376f50398538ba8bd2f6268d93f3a21f\IsdiInterop.ni.dll
MOD - [2012/07/06 18:54:45 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\9080c8e8e7b6dfb502c1328673d636f8\System.Management.ni.dll
MOD - [2012/07/06 18:54:39 | 000,627,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\29bce0113d611084a9329349e33528ac\System.EnterpriseServices.ni.dll
MOD - [2012/07/06 18:54:38 | 000,627,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\41f6f6dd0c8427d4a8e6fd3915505a6b\System.Transactions.ni.dll
MOD - [2012/07/06 18:54:30 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\92d58f840f549f9bd880783d43db7e3c\System.Runtime.Remoting.ni.dll
MOD - [2012/07/06 18:54:29 | 000,453,120 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\IAStorUtil\622607546fd59dc29861d64cd13296c8\IAStorUtil.ni.dll
MOD - [2012/07/06 18:54:29 | 000,176,128 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\IAStorDataMgr\f81cd4ce5995e58cd97033f579ae7c9d\IAStorDataMgr.ni.dll
MOD - [2012/07/06 18:54:23 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
MOD - [2012/07/06 18:54:22 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll
MOD - [2012/07/06 18:54:21 | 000,019,968 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\IAStorDataMgrSvc\3fd9b9e3d91914329f8416fd8a5fc449\IAStorDataMgrSvc.ni.exe
MOD - [2012/07/06 18:05:48 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012/07/06 18:05:21 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\12c6fe8d4dd78f9bddf847d3b2821c03\System.Data.ni.dll
MOD - [2012/07/06 18:03:46 | 003,325,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\6d8bef0d008389874e55c0308f0c18e5\WindowsBase.ni.dll
MOD - [2012/07/06 18:03:36 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012/07/06 18:03:28 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2012/07/06 17:40:34 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2012/07/06 17:40:15 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2012/06/01 01:44:00 | 000,357,184 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nview\nvShell.dll
MOD - [2012/03/08 20:11:36 | 000,070,424 | ---- | M] () -- F:\ProgramsOnF\TortoiseSVN\bin\libsasl32.dll
MOD - [2011/11/20 23:48:04 | 004,555,776 | ---- | M] () -- F:\ProgramsOnF\Flashnote\Flashnote.exe
MOD - [2011/11/09 02:16:02 | 000,093,696 | ---- | M] () -- F:\ProgramsOnF\FileZilla FTP Client\fzshellext.dll
MOD - [2011/10/31 21:44:00 | 000,559,244 | ---- | M] () -- F:\ProgramsOnF\Flashnote\sqlite3.dll
MOD - [2011/10/26 17:41:20 | 000,325,120 | ---- | M] () -- F:\ProgramsOnF\TeraCopy\TeraCopy.dll
MOD - [2011/10/26 17:41:20 | 000,305,664 | ---- | M] () -- F:\ProgramsOnF\TeraCopy\TeraCopyExt.dll
MOD - [2011/04/24 23:13:30 | 007,008,656 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtgui4.dll
MOD - [2011/04/24 23:13:28 | 000,192,912 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtsql4.dll
MOD - [2011/04/24 23:13:26 | 001,270,160 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtscript4.dll
MOD - [2011/04/24 23:13:26 | 000,758,160 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtnetwork4.dll
MOD - [2011/04/24 23:13:24 | 002,118,032 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtcore4.dll
MOD - [2011/04/24 23:13:24 | 002,089,360 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtdeclarative4.dll
MOD - [2011/04/20 19:56:28 | 000,025,088 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll
MOD - [2011/04/15 06:31:33 | 000,548,854 | ---- | M] () -- F:\ProgramsOnF\WinPatrol\sqlite3.dll
MOD - [2011/03/15 20:03:07 | 000,022,800 | ---- | M] () -- C:\Program Files\WordWeb\WUCNT.dll
MOD - [2010/05/10 11:32:36 | 001,858,048 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
MOD - [2010/05/10 11:32:06 | 000,482,304 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
MOD - [2010/04/03 14:06:02 | 000,094,208 | ---- | M] () -- F:\ProgramsOnF\Launchy\Launchy\plugins\runner.dll
MOD - [2010/04/03 14:05:46 | 000,380,928 | ---- | M] () -- F:\ProgramsOnF\Launchy\Launchy\Launchy.exe
MOD - [2010/04/03 14:05:22 | 000,090,112 | ---- | M] () -- F:\ProgramsOnF\Launchy\Launchy\plugins\controly.dll
MOD - [2010/03/03 20:08:58 | 000,058,880 | ---- | M] () -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
MOD - [2009/12/17 01:18:48 | 000,233,472 | ---- | M] () -- F:\ProgramsOnF\Launchy\Launchy\imageformats\qmng4.dll
MOD - [2009/12/16 23:13:02 | 008,314,880 | ---- | M] () -- F:\ProgramsOnF\Launchy\Launchy\QtGui4.dll
MOD - [2009/12/16 22:56:22 | 000,712,704 | ---- | M] () -- F:\ProgramsOnF\Launchy\Launchy\QtNetwork4.dll
MOD - [2009/12/16 22:54:46 | 002,236,416 | ---- | M] () -- F:\ProgramsOnF\Launchy\Launchy\QtCore4.dll
MOD - [2009/12/14 10:49:07 | 000,090,112 | ---- | M] () -- C:\WINDOWS\system32\SnoopFreeSvc.exe
MOD - [2009/12/14 10:49:07 | 000,045,056 | ---- | M] () -- C:\WINDOWS\SnoopFreeDll.dll
MOD - [2009/11/05 07:39:40 | 000,087,552 | ---- | M] () -- C:\WINDOWS\system32\cpwmon2k.dll
MOD - [2009/08/22 16:02:50 | 000,724,992 | ---- | M] () -- C:\Program Files\Rainlendar2\plugins\iCalendarPlugin.dll
MOD - [2009/08/22 16:01:06 | 005,148,672 | ---- | M] () -- C:\Program Files\Rainlendar2\Rainlendar2.exe
MOD - [2009/03/13 06:48:48 | 000,602,624 | ---- | M] () -- F:\ProgramsOnF\Everything\Everything.exe
MOD - [2008/11/08 01:30:46 | 000,009,216 | ---- | M] () -- C:\Program Files\Rainlendar2\lfs.dll
MOD - [2008/11/08 01:29:08 | 000,131,072 | ---- | M] () -- C:\Program Files\Rainlendar2\lua51.dll
MOD - [2008/09/16 20:18:06 | 000,132,608 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2008/02/21 02:20:46 | 000,018,944 | ---- | M] () -- C:\Program Files\StatSoft\STATISTICA Version Manager\rgSTr.exe
MOD - [2007/04/30 21:01:14 | 000,274,432 | ---- | M] () -- C:\WINDOWS\system32\flcdlmsg.dll
MOD - [2007/02/16 05:07:00 | 000,446,464 | ---- | M] () -- C:\WINDOWS\SMINST\naspp.dll
MOD - [2006/10/09 23:53:06 | 000,697,976 | ---- | M] () -- C:\WINDOWS\SMINST\Scheduler.exe
MOD - [2006/10/01 16:50:28 | 000,334,848 | ---- | M] () -- F:\ProgramsOnF\Free Desktop Clock\DesktopClock.exe
MOD - [2005/09/07 11:03:16 | 000,062,464 | ---- | M] () -- F:\ProgramsOnF\Free Desktop Clock\Clock.dll
MOD - [2000/05/20 17:23:48 | 000,086,016 | ---- | M] () -- C:\WINDOWS\StartupMonitor.exe

========== Services (SafeList) ==========

SRV - [2012/09/05 16:38:52 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/08/29 19:02:54 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/08/24 11:04:38 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011/04/24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP)
SRV - [2011/03/24 16:54:34 | 000,072,936 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- F:\ProgramsOnF\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2010/05/15 23:26:38 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [Auto | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/05/10 11:33:42 | 000,110,592 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2010/05/10 11:32:36 | 001,858,048 | ---- | M] () [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe -- (WDFME)
SRV - [2010/05/10 11:32:06 | 000,482,304 | ---- | M] () [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe -- (WDSC)
SRV - [2010/03/03 20:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/01/25 10:00:54 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper)
SRV - [2009/12/14 10:49:07 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\SnoopFreeSvc.exe -- (SnoopFreeSvc)
SRV - [2009/11/09 21:46:24 | 000,073,728 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service)
SRV - [2008/09/24 14:32:48 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2008/02/21 02:20:46 | 000,018,944 | ---- | M] () [Auto | Running] -- C:\Program Files\StatSoft\STATISTICA Version Manager\rgSTr.exe -- (STATISTICA Version Manager)
SRV - [2007/05/08 21:08:46 | 000,540,448 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2007/04/30 20:58:34 | 000,172,131 | ---- | M] (Hewlett-Packard Ltd) [On_Demand | Stopped] -- C:\WINDOWS\system32\flcdlock.exe -- (FLCDLOCK)
SRV - [2007/04/27 23:28:58 | 000,221,184 | ---- | M] (SafeBoot International) [Auto | Running] -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService)
SRV - [2007/02/07 07:00:00 | 000,074,240 | R--- | M] (Cognizance Corporation) [Auto | Running] -- C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll -- (ASBroker)
SRV - [2007/01/04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/12/04 16:13:16 | 000,292,384 | R--- | M] (Sierra Wireless Inc.) [Auto | Running] -- C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe -- (SWIHPWMI)
SRV - [2006/10/01 18:07:42 | 000,016,384 | ---- | M] () [On_Demand | Stopped] -- F:\ProgramsOnF\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2006/06/22 10:44:00 | 000,131,584 | R--- | M] (Cognizance Corporation) [Auto | Running] -- C:\Program Files\Hewlett-Packard\IAM\Bin\ASChnl.dll -- (ASChannel)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2011/08/17 09:56:32 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2011/08/17 09:56:30 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011/08/17 09:56:26 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2011/08/17 09:56:22 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2011/08/14 13:33:39 | 000,023,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hitmanpro35.sys -- (hitmanpro35)
DRV - [2011/04/20 14:50:22 | 000,565,552 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2011/03/24 16:54:30 | 000,126,696 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- F:\ProgramsOnF\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2011/03/10 18:34:46 | 000,034,608 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2011/03/04 13:23:20 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl2.sys -- (kl2)
DRV - [2011/03/04 13:23:14 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1)
DRV - [2010/05/28 16:34:52 | 000,014,896 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2009/12/14 10:49:07 | 000,009,472 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SnopFree.sys -- (SnoopFree)
DRV - [2009/11/02 20:27:24 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009/06/30 10:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2009/02/13 12:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/12/23 20:54:26 | 000,581,120 | ---- | M] (PixArt Imaging Incorporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\GUCI_AVS.sys -- (GUCI_AVS)
DRV - [2008/05/08 19:32:52 | 000,203,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST)
DRV - [2008/04/14 00:09:44 | 000,092,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC)
DRV - [2007/05/07 06:30:06 | 000,988,032 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/05/07 06:30:06 | 000,731,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/05/07 06:30:06 | 000,210,816 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007/04/27 07:53:36 | 000,005,808 | ---- | M] (SafeBoot International) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\rsvlock.sys -- (RsvLock)
DRV - [2007/04/27 07:53:06 | 000,100,095 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\SafeBoot.sys -- (SafeBoot)
DRV - [2007/04/24 01:43:44 | 000,030,008 | ---- | M] (Hewlett-Packard Development Company L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DAMDrv.sys -- (DAMDrv)
DRV - [2007/04/11 04:25:28 | 000,140,808 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atswpdrv.sys -- (ATSWPDRV)
DRV - [2007/04/05 00:46:20 | 000,041,216 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2007/04/03 15:14:24 | 002,203,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32)
DRV - [2007/04/03 15:14:06 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2007/03/30 05:24:00 | 000,013,696 | ---- | M] (SafeBoot International) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\SbFsLock.sys -- (SbFsLock)
DRV - [2007/02/24 20:12:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/02/14 19:51:00 | 000,067,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2007/02/14 19:50:58 | 000,868,298 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2007/02/14 19:50:58 | 000,149,123 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2007/02/14 19:50:58 | 000,030,459 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2007/02/14 19:50:56 | 000,530,861 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2007/02/13 22:59:04 | 000,019,345 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMPR5.sys -- (MREMPR5)
DRV - [2007/02/13 22:59:04 | 000,018,003 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5)
DRV - [2006/12/20 06:38:00 | 000,047,616 | ---- | M] (RICOH Company, Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rismc32.sys -- (rismc32)
DRV - [2006/11/30 23:54:58 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2006/10/10 02:01:46 | 000,044,720 | ---- | M] (SafeBoot N.V.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\SbAlg.sys -- (SbAlg)
DRV - [2006/10/01 18:07:02 | 000,026,624 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tap0801.sys -- (tap0801)
DRV - [2006/07/24 00:00:04 | 000,022,016 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2006/07/24 00:00:04 | 000,017,920 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\hpdskflt.sys -- (hpdskflt)
DRV - [2006/06/28 23:24:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2005/07/25 10:04:08 | 000,048,640 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2001/08/18 00:40:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search...p={searchTerms}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost,127.0.0.1;<local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 192.168.1.50:3128

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost,127.0.0.1;<local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 192.168.1.50:3128

IE - HKU\S-1-5-21-4180217190-714296794-1052857462-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-4180217190-714296794-1052857462-500\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-4180217190-714296794-1052857462-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKU\S-1-5-21-4180217190-714296794-1052857462-500\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2465030
IE - HKU\S-1-5-21-4180217190-714296794-1052857462-500\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://aa.yhs.search...p={searchTerms}
IE - HKU\S-1-5-21-4180217190-714296794-1052857462-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4180217190-714296794-1052857462-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;127.0.0.1
IE - HKU\S-1-5-21-4180217190-714296794-1052857462-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 172.16.1.1:3128

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.iiserpune.ac.in/"
FF - prefs.js..extensions.enabledAddons: [email protected]:3.0.8
FF - prefs.js..extensions.enabledAddons: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:12.8
FF - prefs.js..extensions.enabledAddons: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.2
FF - prefs.js..extensions.enabledAddons: {5384767E-00D9-40E9-B72F-9CC39D655D6F}:1.4.2.1
FF - prefs.js..extensions.enabledAddons: {5C46D283-ABDE-4dce-B83C-08881401921C}:2.1.7.1
FF - prefs.js..extensions.enabledAddons: {64161300-e22b-11db-8314-0800200c9a66}:0.9.6.8
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.9
FF - prefs.js..extensions.enabledAddons: {dc572301-7619-498c-a57d-39143191b318}:0.4.0.3
FF - prefs.js..extensions.enabledAddons: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.119
FF - prefs.js..extensions.enabledAddons: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20120827
FF - prefs.js..extensions.enabledAddons: [email protected]:4.1.2
FF - prefs.js..extensions.enabledAddons: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.14
FF - prefs.js..extensions.enabledAddons: [email protected]:12.0.0.477
FF - prefs.js..extensions.enabledAddons: [email protected]:12.0.0.477
FF - prefs.js..extensions.enabledAddons: [email protected]:12.0.0.477
FF - prefs.js..extensions.enabledAddons: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.5.4
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.5
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.13
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.9
FF - prefs.js..extensions.enabledItems: [email protected]:0.7.3
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.4.1
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.2
FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.9.6.4
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20120302
FF - prefs.js..extensions.enabledItems: [email protected]:4.0.6
FF - prefs.js..extensions.enabledItems: [email protected]:3.0.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.114
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:3.3.3.2
FF - prefs.js..extensions.enabledItems: [email protected]:11.0.2.579
FF - prefs.js..extensions.enabledItems: [email protected]:11.0.2.579
FF - prefs.js..extensions.enabledItems: [email protected]:11.0.2.579
FF - prefs.js..extensions.enabledItems: [email protected]:0.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}:7.0
FF - prefs.js..network.proxy.backup.ftp: "192.168.1.50"
FF - prefs.js..network.proxy.backup.ftp_port: 3128
FF - prefs.js..network.proxy.backup.gopher: "192.168.1.50"
FF - prefs.js..network.proxy.backup.gopher_port: 3128
FF - prefs.js..network.proxy.backup.socks: "192.168.1.50"
FF - prefs.js..network.proxy.backup.socks_port: 3128
FF - prefs.js..network.proxy.backup.ssl: "192.168.1.50"
FF - prefs.js..network.proxy.backup.ssl_port: 3128
FF - prefs.js..network.proxy.ftp: "192.168.1.50"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.gopher: "192.168.1.50"
FF - prefs.js..network.proxy.gopher_port: 3128
FF - prefs.js..network.proxy.http: "192.168.1.50"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "192.168.1.50"
FF - prefs.js..network.proxy.socks_port: 3128
FF - prefs.js..network.proxy.ssl: "192.168.1.50"
FF - prefs.js..network.proxy.ssl_port: 3128
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: F:\ProgramsOnF\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: F:\ProgramsOnF\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@sony.com/eBookLibrary: F:\ProgramsOnF\Reader Library\Data\bin\npebldetectmoz.dll (Sony Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: F:\ProgramsOnF\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.67\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.67\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\[email protected] [2012/09/03 18:32:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\[email protected] [2012/09/03 18:32:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\[email protected] [2012/09/03 18:32:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\WordWeb\WCaptureMoz [2011/06/27 18:09:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/08/29 19:02:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/15 00:02:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.0.6\extensions\\Components: F:\ProgramsOnF\SeaMonkey\components [2010/09/07 21:06:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.0.6\extensions\\Plugins: F:\ProgramsOnF\SeaMonkey\plugins [2011/10/08 21:06:55 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{E0CC257A-4D42-4ED7-AFAF-0AE6422F60D0}: F:\ProgramsOnF\Copernic Desktop Search - Home\Firefox36Connector

[2010/09/07 21:06:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/03/14 17:34:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/09/07 21:06:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a}
[2012/09/09 13:16:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\b1gsegen.default\extensions
[2010/04/29 19:16:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\b1gsegen.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/02/04 16:50:11 | 000,000,000 | ---D | M] (PDF Download) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\b1gsegen.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2012/06/06 15:38:36 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\b1gsegen.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2012/08/22 10:49:44 | 000,000,000 | ---D | M] (mipony-plugin Community Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\b1gsegen.default\extensions\{90d46c30-9f25-4104-aea9-35c3f84477ff}
[2012/08/30 19:45:09 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\b1gsegen.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012/03/30 13:19:36 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\b1gsegen.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/06/28 17:11:10 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\b1gsegen.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2012/08/28 15:56:49 | 000,000,000 | ---D | M] (Page Speed) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\b1gsegen.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
[2012/03/29 09:15:54 | 000,000,000 | ---D | M] (FoxTab) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\b1gsegen.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2011/03/25 08:26:43 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\b1gsegen.default\extensions\[email protected]
[2012/09/01 22:45:25 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\b1gsegen.default\extensions\[email protected]
[2010/05/11 21:02:02 | 000,000,000 | ---D | M] (Incredible Bookmarks) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\b1gsegen.default\extensions\[email protected]
[2011/07/17 23:36:09 | 000,000,000 | ---D | M] (Thomson Reuters Master Journal List) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\b1gsegen.default\extensions\[email protected]
[2012/07/18 19:08:26 | 000,000,000 | ---D | M] (Zotero) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\b1gsegen.default\extensions\[email protected]
[2011/02/22 19:14:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\SeaMonkey\Profiles\d14uwuwv.default\extensions
[2010/12/25 10:43:39 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\SeaMonkey\Profiles\d14uwuwv.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2010/12/25 10:43:41 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\SeaMonkey\Profiles\d14uwuwv.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/09/08 00:10:58 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\SeaMonkey\Profiles\d14uwuwv.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/09/08 00:10:57 | 000,000,000 | ---D | M] ("BetterPrivacy") -- C:\Documents and Settings\Administrator\Application Data\Mozilla\SeaMonkey\Profiles\d14uwuwv.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2010/09/08 00:10:58 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\SeaMonkey\Profiles\d14uwuwv.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/12/25 10:43:39 | 000,000,000 | ---D | M] (JavaScript Debugger) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\SeaMonkey\Profiles\d14uwuwv.default\extensions\{f13b157f-b174-47e7-a34d-4815ddfdfeb8}
[2010/12/25 10:43:39 | 000,000,000 | ---D | M] (DOM Inspector) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\SeaMonkey\Profiles\d14uwuwv.default\extensions\[email protected]
[2012/09/01 20:43:18 | 001,625,368 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\b1gsegen.default\extensions\[email protected]
[2012/07/26 15:18:55 | 000,599,034 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\b1gsegen.default\extensions\[email protected]
[2012/07/11 18:50:47 | 000,223,394 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\b1gsegen.default\extensions\[email protected]
[2012/09/09 13:16:11 | 000,371,729 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\b1gsegen.default\extensions\[email protected]
[2012/08/27 18:22:29 | 000,084,654 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\b1gsegen.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}.xpi
[2012/05/12 21:11:38 | 000,372,140 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\b1gsegen.default\extensions\{5C46D283-ABDE-4dce-B83C-08881401921C}.xpi
[2012/07/25 10:02:42 | 000,276,167 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\b1gsegen.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi
[2012/09/06 10:31:22 | 000,527,931 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\b1gsegen.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012/07/31 17:02:42 | 000,375,811 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\b1gsegen.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}.xpi
[2012/07/25 15:18:56 | 000,741,958 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\b1gsegen.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/07/23 14:37:07 | 000,702,524 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\b1gsegen.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
[2012/09/01 22:45:25 | 000,699,353 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\b1gsegen.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2012/09/06 01:05:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/04/27 08:34:09 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]_bak
[2011/03/02 16:34:15 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]_bak
[2012/09/03 18:32:25 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2012\FFEXT\[email protected]
[2012/09/03 18:32:26 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2012\FFEXT\[email protected]
[2012/09/03 18:32:26 | 000,000,000 | ---D | M] (Kaspersky Virtual Keyboard) -- C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2012\FFEXT\[email protected]
[2012/08/29 19:02:55 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/08/29 19:02:51 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/08/29 19:02:51 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.iiserpune.ac.in/
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.151\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.151\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.151\pdf.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Documents and Settings\Administrator\Application Data\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Documents and Settings\Administrator\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
CHR - plugin: getPlusPlus for Adobe 16260 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.67\npGoogleUpdate3.dll
CHR - plugin: Panda ActiveScan 2.0 (Enabled) = C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Picasa (Enabled) = F:\ProgramsOnF\Picasa3\npPicasa3.dll
CHR - plugin: Reader Library (Enabled) = F:\ProgramsOnF\Reader Library\Data\bin\npebldetectmoz.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Mini Notepad = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apjhdoaiejppfmijnkopdcpjcngdlffj\5.0.5_0\
CHR - Extension: WOT = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.3.1_0\
CHR - Extension: Adblock Plus (Beta) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
CHR - Extension: Kaspersky URL Advisor = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\
CHR - Extension: Notepad = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ephkoffkhkiignlofebbfhhahddofkmg\1.1_0\
CHR - Extension: AdBlock = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.42_0\
CHR - Extension: Virtual Keyboard = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\
CHR - Extension: Zotero Connector = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jciblakmllnhbhjjgkbkeihelcndmgnh\3.0.8.1_0\
CHR - Extension: Anti-Banner = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\

O1 HOSTS File: ([2012/03/19 16:50:57 | 000,000,789 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-21-4180217190-714296794-1052857462-500\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-21-4180217190-714296794-1052857462-500\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\accelerometerST.exe (Hewlett-Packard Corporation)
O4 - HKLM..\Run: [Autorun Eater] F:\ProgramsOnF\Autorun Eater\oldmcdonald.exe (Old McDonald's Farm)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [Everything] F:\ProgramsOnF\Everything\Everything.exe ()
O4 - HKLM..\Run: [HPWWANGSAssistant] c:\SWSetup\HPQWWAN\HPWWanGSAssistant.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [MsmqIntCert] C:\WINDOWS\System32\mqrt.dll (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Run StartupMonitor] C:\WINDOWS\StartupMonitor.exe ()
O4 - HKLM..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe ()
O4 - HKLM..\Run: [SnoopFreeUI] C:\WINDOWS\SnoopFreeUI.exe (SnoopFree Software)
O4 - HKLM..\Run: [WinPatrol] F:\ProgramsOnF\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKLM..\Run: [WordWeb] C:\Program Files\WordWeb\wweb32.exe (WordWeb Software)
O4 - HKU\S-1-5-21-4180217190-714296794-1052857462-500..\Run: [Flashnote] F:\ProgramsOnF\Flashnote\Flashnote.exe ()
O4 - HKU\S-1-5-21-4180217190-714296794-1052857462-500..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe ()
O4 - HKU\S-1-5-21-4180217190-714296794-1052857462-500..\Run: [SkinClock] F:\ProgramsOnF\Free Desktop Clock\DesktopClock.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Launchy.lnk = F:\ProgramsOnF\Launchy\Launchy\Launchy.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 351
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 43 01 00 00 [binary data]
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 43 01 00 00 [binary data]
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4180217190-714296794-1052857462-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4180217190-714296794-1052857462-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-4180217190-714296794-1052857462-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-4180217190-714296794-1052857462-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Download with Mipony - F:\ProgramsOnF\MiPony\Browser\IEContext.htm ()
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe File not found
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\ProgramsOnD\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1341481201656 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1341480422937 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.130 218.248.240.135 218.248.240.23 218.248.240.134
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{54BD177B-0108-466B-AF34-F9395F8AC4F6}: DhcpNameServer = 192.168.1.130 218.248.240.135 218.248.240.23 218.248.240.134
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BD4F0CC1-171E-4B52-A002-173AE5D29439}: NameServer = 192.168.1.130,218.248.240.208
O18 - Protocol\Handler\sspng {1E8068DE-05AD-11D4-ACC8-EF447469245E} - F:\ProgramsOnF\Internet Researcher\SspNG.dll (Zylox Software)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\DeviceNP: DllName - () - File not found
O20 - Winlogon\Notify\klogon: DllName - (C:\WINDOWS\system32\klogon.dll) - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO)
O20 - Winlogon\Notify\OneCard: DllName - () - File not found
O20 - Winlogon\Notify\SensLogn: DllName - () - File not found
O20 - Winlogon\Notify\termsrv: DllName - () - File not found
O20 - Winlogon\Notify\wlballoon: DllName - () - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/04/11 14:48:33 | 000,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2008/05/02 19:59:50 | 000,000,000 | R--D | M] - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2008/05/02 19:59:50 | 000,000,000 | R--D | M] - E:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2008/05/02 19:59:50 | 000,000,000 | R--D | M] - F:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 04:37:00 | 000,000,000 | -HS- | M] () - G:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/06/20 12:22:12 | 000,000,000 | ---D | M] - G:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{26afb474-4208-11df-9343-001a4b7a6ef6}\Shell - "" = AutoRun
O33 - MountPoints2\{26afb474-4208-11df-9343-001a4b7a6ef6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{26afb474-4208-11df-9343-001a4b7a6ef6}\Shell\AutoRun\command - "" = "I:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{283fc243-7e7a-11df-93f0-001a4b7a6ef6}\Shell - "" = AutoRun
O33 - MountPoints2\{283fc243-7e7a-11df-93f0-001a4b7a6ef6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{283fc243-7e7a-11df-93f0-001a4b7a6ef6}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{3cc6b15e-b473-11e1-84de-001a73dc85ff}\Shell - "" = AutoRun
O33 - MountPoints2\{3cc6b15e-b473-11e1-84de-001a73dc85ff}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3cc6b15e-b473-11e1-84de-001a73dc85ff}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{4a91a2ef-af48-11df-9488-001a4b7a6ef6}\Shell - "" = AutoRun
O33 - MountPoints2\{4a91a2ef-af48-11df-9488-001a4b7a6ef6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4a91a2ef-af48-11df-9488-001a4b7a6ef6}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{9fce2092-2f63-11e0-95fb-001a4b7a6ef6}\Shell - "" = AutoRun
O33 - MountPoints2\{9fce2092-2f63-11e0-95fb-001a4b7a6ef6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9fce2092-2f63-11e0-95fb-001a4b7a6ef6}\Shell\AutoRun\command - "" = "I:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{a0834776-4fc9-11e0-9664-001a4b7a6ef6}\Shell - "" = AutoRun
O33 - MountPoints2\{a0834776-4fc9-11e0-9664-001a4b7a6ef6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a0834776-4fc9-11e0-9664-001a4b7a6ef6}\Shell\AutoRun\command - "" = "I:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{a350c56e-ce4d-11df-94f4-001a73dc85ff}\Shell - "" = AutoRun
O33 - MountPoints2\{a350c56e-ce4d-11df-94f4-001a73dc85ff}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a350c56e-ce4d-11df-94f4-001a73dc85ff}\Shell\AutoRun\command - "" = "I:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{b9750c62-913e-11e1-848f-001a4b7a6ef6}\Shell - "" = AutoRun
O33 - MountPoints2\{b9750c62-913e-11e1-848f-001a4b7a6ef6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b9750c62-913e-11e1-848f-001a4b7a6ef6}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{cbd1e626-6650-11e0-968d-001a4b7a6ef6}\Shell - "" = AutoRun
O33 - MountPoints2\{cbd1e626-6650-11e0-968d-001a4b7a6ef6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{cbd1e626-6650-11e0-968d-001a4b7a6ef6}\Shell\AutoRun\command - "" = "I:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{de2f8018-90f0-11e1-848e-001a73dc85ff}\Shell - "" = AutoRun
O33 - MountPoints2\{de2f8018-90f0-11e1-848e-001a73dc85ff}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{de2f8018-90f0-11e1-848e-001a73dc85ff}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/08 00:14:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Qiqqa
[2012/09/05 18:45:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Geeks to Go
[2012/09/05 17:05:20 | 000,599,040 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012/09/05 16:43:14 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2012/08/20 22:00:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\ScummVM
[2012/08/15 00:02:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Oracle
[2012/08/13 22:33:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Thoughts on various issues
[2012/08/13 19:57:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\PANCARD Related
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Administrator\My Documents\*.tmp files -> C:\Documents and Settings\Administrator\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/09/10 10:29:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/09/10 10:28:00 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/10 10:25:43 | 000,282,881 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2012/09/10 10:19:55 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/10 10:19:55 | 000,000,324 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2012/09/10 10:19:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/09/09 14:22:43 | 000,282,881 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2012/09/09 14:11:00 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4180217190-714296794-1052857462-500UA.job
[2012/09/08 21:11:00 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4180217190-714296794-1052857462-500Core.job
[2012/09/08 20:32:40 | 001,204,743 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Renaut 2006.pdf
[2012/09/08 20:31:55 | 000,815,939 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Goddard 2005.pdf
[2012/09/08 00:14:23 | 000,000,674 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Qiqqa.lnk
[2012/09/07 23:05:50 | 000,011,332 | ---- | M] () -- C:\Documents and Settings\Administrator\gsview32.ini
[2012/09/07 22:18:37 | 002,486,160 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\RESS_Tutorial.pdf
[2012/09/07 22:04:04 | 000,573,145 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\D-4526-2.pdf
[2012/09/07 22:04:02 | 000,642,448 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Cookbook_7.pdf
[2012/09/07 18:18:38 | 000,322,659 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Cordero-SOM.pdf
[2012/09/07 17:05:09 | 001,939,674 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\5677.pdf
[2012/09/06 19:18:15 | 000,558,829 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Proc. R. Soc. B-2012-Jasmin-rspb.2012.1659 (1).pdf
[2012/09/06 19:14:51 | 000,558,829 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Proc. R. Soc. B-2012-Jasmin-rspb.2012.1659.pdf
[2012/09/06 18:54:57 | 002,059,742 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\[James_Schwartz]_In_Pursuit_of_the_Gene_From_Darw(BookFi.org).pdf
[2012/09/06 18:32:22 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/09/05 17:23:55 | 001,328,096 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\KeyScrambler_Setup.exe
[2012/09/05 17:05:20 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012/09/05 16:45:40 | 000,035,980 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cc_20120905_164537.reg
[2012/09/01 20:10:27 | 000,086,016 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/08/27 19:49:11 | 000,000,114 | ---- | M] () -- C:\WINDOWS\System32\prsgrc.tgz
[2012/08/27 19:49:10 | 000,000,100 | ---- | M] () -- C:\WINDOWS\System32\prsgrc.dll
[2012/08/27 19:49:10 | 000,000,086 | ---- | M] () -- C:\WINDOWS\System32\ssprs.tgz
[2012/08/23 15:57:44 | 000,229,376 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\diff decline.JNB
[2012/08/22 19:07:00 | 000,000,546 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\MiPony.lnk
[2012/08/19 19:17:20 | 000,000,710 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\TreeDBNotes 4.lnk
[2012/08/15 16:52:24 | 000,594,160 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/08/14 00:23:19 | 000,009,071 | ---- | M] () -- C:\WINDOWS\Q-Dir.ini
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Administrator\My Documents\*.tmp files -> C:\Documents and Settings\Administrator\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/08 20:32:22 | 001,204,743 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Renaut 2006.pdf
[2012/09/08 20:31:41 | 000,815,939 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Goddard 2005.pdf
[2012/09/08 00:14:23 | 000,000,674 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Qiqqa.lnk
[2012/09/07 22:17:53 | 002,486,160 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\RESS_Tutorial.pdf
[2012/09/07 22:03:53 | 000,642,448 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Cookbook_7.pdf
[2012/09/07 22:03:06 | 000,573,145 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\D-4526-2.pdf
[2012/09/07 18:18:18 | 000,322,659 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Cordero-SOM.pdf
[2012/09/07 17:04:39 | 001,939,674 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\5677.pdf
[2012/09/06 19:18:19 | 000,558,829 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Proc. R. Soc. B-2012-Jasmin-rspb.2012.1659 (1).pdf
[2012/09/06 19:14:54 | 000,558,829 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Proc. R. Soc. B-2012-Jasmin-rspb.2012.1659.pdf
[2012/09/06 18:54:55 | 002,059,742 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\[James_Schwartz]_In_Pursuit_of_the_Gene_From_Darw(BookFi.org).pdf
[2012/09/05 17:21:53 | 001,328,096 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\KeyScrambler_Setup.exe
[2012/09/05 16:45:38 | 000,035,980 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cc_20120905_164537.reg
[2012/08/23 15:57:44 | 000,229,376 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\diff decline.JNB
[2012/08/19 19:17:20 | 000,000,710 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\TreeDBNotes 4.lnk
[2012/07/31 18:14:01 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\WebpageIcons.db
[2012/07/20 01:24:22 | 002,083,751 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-4180217190-714296794-1052857462-500-0.dat
[2012/07/20 01:24:22 | 000,482,730 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/06/13 19:50:29 | 000,296,560 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2012/06/13 19:50:29 | 000,296,560 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2012/06/13 19:50:29 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2012/06/13 19:49:58 | 002,785,006 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2012/05/31 21:02:00 | 000,000,316 | ---- | C] () -- C:\Documents and Settings\Administrator\.JavaPowUpload.properties
[2012/04/07 17:49:58 | 000,349,195 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\census.cache
[2012/04/07 17:49:51 | 000,310,410 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ars.cache
[2012/04/07 17:28:40 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\housecall.guid.cache
[2012/02/27 17:43:22 | 000,002,156 | ---- | C] () -- C:\Documents and Settings\Administrator\.recently-used.xbel
[2012/02/17 12:00:24 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/10/10 00:49:46 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2011/08/14 13:01:33 | 000,023,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/07/22 09:44:24 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\trtmtnti.dll
[2011/07/09 14:45:51 | 000,002,284 | ---- | C] () -- C:\Documents and Settings\Administrator\.powerupdate.user.properties
[2011/06/03 15:44:41 | 000,000,159 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2011/06/02 17:18:43 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\winscp.rnd
[2010/10/16 18:47:23 | 000,000,068 | ---- | C] () -- C:\WINDOWS\GenGraph-6ed.ini
[2010/10/16 18:47:22 | 000,000,133 | ---- | C] () -- C:\WINDOWS\GenStat-6ed.ini
[2010/10/16 16:44:39 | 000,000,155 | ---- | C] () -- C:\Documents and Settings\Administrator\.plugins.cfg
[2010/10/16 16:44:30 | 000,000,644 | ---- | C] () -- C:\Documents and Settings\Administrator\.DeducerPrefs
[2010/10/16 15:58:01 | 000,002,624 | ---- | C] () -- C:\Documents and Settings\Administrator\.RData
[2010/10/16 15:50:10 | 000,003,463 | ---- | C] () -- C:\Documents and Settings\Administrator\.JGRprefsrc
[2010/10/16 15:50:10 | 000,001,461 | ---- | C] () -- C:\Documents and Settings\Administrator\.JGREditorprefsrc
[2010/05/03 14:01:54 | 000,000,008 | -H-- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\L8457789110
[2010/03/09 17:13:17 | 000,000,607 | ---- | C] () -- C:\Documents and Settings\Administrator\.mtpaint
[2010/01/16 15:35:06 | 000,000,836 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DockManager.config
[2010/01/16 15:35:06 | 000,000,494 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\app.config
[2009/12/30 20:02:44 | 000,000,332 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\magnifier.ini
[2009/12/28 22:40:59 | 000,000,301 | ---- | C] () -- C:\Documents and Settings\Administrator\SciTE.session
[2009/12/24 00:30:27 | 000,002,443 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\gnuplot_history
[2009/11/28 17:18:51 | 000,003,105 | ---- | C] () -- C:\Documents and Settings\Administrator\.ganttproject
[2009/11/28 16:58:38 | 000,000,251 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2009/11/12 14:14:36 | 000,011,332 | ---- | C] () -- C:\Documents and Settings\Administrator\gsview32.ini
[2009/08/13 23:25:31 | 000,056,651 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Proxies.xml
[2009/08/12 21:02:34 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\d3d9caps.dat
[2009/07/08 11:34:29 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\PUTTY.RND
[2009/07/05 01:44:18 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\default.rss
[2009/06/28 22:13:53 | 000,086,016 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== LOP Check ==========

[2012/04/14 18:02:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\.kde
[2010/10/21 13:51:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Abine
[2010/06/04 23:33:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ADDINSOFT
[2010/08/27 22:53:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\adma
[2011/11/22 22:25:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Artweaver Free
[2010/02/04 23:02:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\avidemux
[2010/01/11 04:19:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Blender Foundation
[2009/10/13 16:55:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\calibre
[2010/08/28 16:52:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\CBS Interactive
[2011/07/09 19:04:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\CmapTools
[2010/11/13 14:31:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Copernic
[2012/04/10 09:42:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DataOrganizer
[2011/09/26 20:52:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DeepBurner
[2011/06/02 20:39:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Design Science
[2012/07/20 00:12:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Docear
[2011/11/23 15:04:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DraftSight
[2012/04/02 22:27:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Dropbox
[2012/01/27 20:47:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Easy Duplicate Finder
[2010/03/24 16:39:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\EndNote
[2009/11/28 16:58:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\eNoteFile Services Pty Ltd
[2011/05/17 14:54:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Enthought
[2010/08/23 00:00:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\EssentialPIM
[2011/11/19 14:28:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\eTeks
[2011/08/14 14:30:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\f-secure
[2010/05/03 14:04:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FileMaker Pro
[2009/12/29 00:07:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FileSieve 3
[2011/12/13 14:34:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FileZilla
[2012/09/10 10:20:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Flashnote
[2012/01/09 03:02:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\foobar2000
[2011/11/01 00:22:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Foxit Software
[2011/01/15 19:10:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\geany
[2010/10/16 18:51:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GenStat
[2009/08/18 23:21:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GlarySoft
[2012/03/22 11:41:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GrabPro
[2011/07/24 09:55:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\gtk-2.0
[2010/04/24 11:09:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\HandBrake
[2012/04/10 09:56:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\inkscape
[2009/12/14 12:48:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InterVideo
[2012/04/14 17:01:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\KDE
[2011/10/08 19:52:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\KeePass
[2010/09/07 21:40:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\kompozer.net
[2010/11/09 16:38:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Launchy
[2010/10/13 11:02:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Locate32
[2012/03/25 20:09:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Luminotes
[2010/09/11 14:51:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\LyX16
[2012/09/10 10:05:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mipony
[2011/11/22 23:33:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\MyVirtualHome
[2009/10/08 15:47:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\NeatImage SL
[2011/03/13 22:27:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Notepad++
[2010/11/02 10:26:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Opera
[2012/08/15 00:02:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Oracle
[2011/06/03 14:31:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\orange
[2012/03/22 11:49:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Orbit
[2011/06/02 17:22:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PhotoScape
[2012/03/17 01:26:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PriceGong
[2012/03/22 11:41:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ProgSense
[2011/12/13 00:11:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Q-Dir
[2012/09/02 19:01:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\QuickScan
[2009/12/16 23:17:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\QuotePad
[2010/10/16 19:35:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\red-r
[2007/08/09 17:15:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SampleView
[2009/07/03 23:03:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Scilab
[2012/02/25 23:56:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ScreenCapturePrint
[2012/08/20 22:00:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ScummVM
[2012/08/27 20:03:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SigmaPlot 11.0
[2011/11/19 14:12:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SmartDraw
[2012/04/10 09:13:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Spider Player
[2012/03/18 16:39:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SSC
[2009/09/01 11:55:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\StatSoft
[2012/05/05 18:34:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Subversion
[2011/10/09 09:14:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SystemRequirementsLab
[2012/02/27 18:15:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TeraCopy
[2010/05/15 20:51:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Thinstall
[2010/03/14 17:34:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Thunderbird
[2009/11/28 17:12:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Tomboy
[2009/12/25 13:40:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TreeDBNotes 3
[2012/08/19 19:17:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TreeDBNotes 4
[2009/08/18 16:50:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TreeSheetsdbs
[2011/07/04 11:17:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\WaveMetrics
[2010/08/13 10:08:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\WinPatrol
[2009/08/09 00:56:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\XMind
[2012/02/18 17:16:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Zotero
[2011/11/22 22:25:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Artweaver
[2011/11/22 22:25:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Artweaver Free
[2010/04/11 15:04:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autorun Eater
[2011/11/23 15:03:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dassault Systemes
[2012/01/27 20:47:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Easy Duplicate Finder
[2009/11/28 16:57:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eNoteFile Services Pty Ltd
[2010/04/14 20:27:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2011/08/14 13:30:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2012/03/27 17:40:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2010/05/14 12:12:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kinoma
[2009/07/05 01:36:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2009/07/19 21:38:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2011/11/22 23:44:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MyVirtualHome
[2011/07/04 11:40:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OriginLab
[2010/12/25 10:13:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2011/12/24 12:47:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SnapDraw-Free
[2012/06/12 21:09:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sophos
[2009/09/01 11:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\StatSoft
[2011/12/09 15:11:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/03/24 16:36:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Thomson.ResearchSoft.Installers
[2011/02/16 23:34:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2007/08/09 17:15:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\SampleView
[2010/06/03 16:49:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\StatSoft
[2012/09/10 10:19:55 | 000,000,324 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 400 bytes -> C:\Documents and Settings\Administrator\Local Settings\Application Data\desktop.ini:bf5af20ce7a419b1178ece347eddc338
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7638A5DA

< End of report >

#6
Gammo

Posted 11 September 2012 - 12:04 PM

Member 2k

Malware Removal
2,299 posts

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
IE - HKU\S-1-5-21-4180217190-714296794-1052857462-500\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2465030
FF - prefs.js..extensions.enabledItems: [email protected]:3.3.3.2
[2012/08/22 10:49:44 | 000,000,000 | ---D | M] (mipony-plugin Community Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\b1gsegen.default\extensions\{90d46c30-9f25-4104-aea9-35c3f84477ff}
[2011/03/25 08:26:43 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\b1gsegen.default\extensions\[email protected]
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Administrator\My Documents\*.tmp files -> C:\Documents and Settings\Administrator\My Documents\*.tmp -> ]

:Services

:Reg

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[emptyflash]
[createrestorepoint]
[reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Double click on ComboFix.exe & follow the prompts.
Accept the disclaimer and allow to update if it asks
When finished, it shall produce a log for you.
Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

#7
jumbokid

Posted 11 September 2012 - 01:10 PM

New Member

Topic Starter
Member
9 posts

Hi
1. Thanks for your help.

2. When I started the OTL fix, I immediately got the message
"Cannot create file C:\\WINDOWS\System32\drivers\etc\Hosts"

3. Since there was no other option, I clicked OK, and after that nothing happened for a long time. The message at the bottom of the OTL window said
"Resetting HOSTS file. DO NOT INTERRUPT..." but the progress bar remained blank. Finally, I closed the program, and did a reboot.

3.5 After the restart, I got the following log:

Files\Folders moved on Reboot...
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

4. After the reboot, Mozilla has started acting funny, most of my apps were reset to the defaults. Most importantly, my entire zotero library is gone (I am hoping that I will get it back by resetting the path, but I have not yet done anything)!

5. I have not yet run the combofix. Please advice.

Thanks
JK

Edited by jumbokid, 11 September 2012 - 01:13 PM.

#8
Gammo

Posted 12 September 2012 - 03:15 AM

Member 2k

Malware Removal
2,299 posts

Please run Combofix as instructed and post the resulting log file. :thumbsup:

If the Firefox problem doesn't fix itself in the next couple of days, I'll consult with a coleague about it.

#9
jumbokid

Posted 12 September 2012 - 05:44 AM

New Member

Topic Starter
Member
9 posts

Hi
1. When I started Combofix, the first message was that rmbr.3XE has encountered a problem and has to close. I clicked OK.
2. Then there was a message that grpconv -o has been registered to run at system startup. Had no idea what to do, so decided to allow it. Please advice.
3. I had forgotten to switch of WinPatrol while running combofix. There was a message from WinPatrol that Combofix is making changes to the host file, which I had to accept. Since the combofix run completed, I am hoping that this was not an issue.

4. After the Combofix run, I restarted the machine and noted down some figures:

a) Time to shut down = 25 secs
b) Time for which the "Initializing boot agent" screen stays on screen = 50 secs (before my problems started, this used to be much less. However, it was roughly similar before running combofix.)
c) From the end of b to login = 1 min 55 secs.
d) Post login (till Kaspersky comes up and the laptop is ready to use) = 1 min 15 secs.
Total start up time ~ 4 mins.
These are very crude figures, done with my wrist watch, and just one reading. They are probably a little less than what was earlier (prior to combofix), but not very significantly.

5. Tried opening a few .doc and .xls files. They are opening slightly faster, but again not very striking.

6. I know that you are probably busy, but would appreciate greatly if you could give me some pointers on the kinds of things you find / suspect and are doing (enough for me to google out stuffs). I promise not to try anything on my own, without explicitly consulting you a priori.

Thanks
JK

Posting the Combofix log in a separate post, since exceeding forum limit.

#10
jumbokid

Posted 12 September 2012 - 05:48 AM

New Member

Topic Starter
Member
9 posts

Hi
Looks like the log is too long to be pasted in the message box. Attaching the file herewith.

JK

Attached Files

log.txt 721.32KB 79 downloads

#11
Gammo

Posted 12 September 2012 - 09:44 AM

Member 2k

Malware Removal
2,299 posts

I don't see any real malware in your logs, so I doubt the slowness you're experiencing is caused by malware actually.

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, click the "Update" tab and click the "Check For updates" button.
Once the updates were downloaded, click the "Scanner" tab, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

#12
jumbokid

Posted 12 September 2012 - 12:37 PM

New Member

Topic Starter
Member
9 posts

1. Could not find the Show results tab.

2. Log pasted below:

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.12.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: MINDBLOWER [administrator]

9/12/2012 11:59:22 PM
mbam-log-2012-09-12 (23-59-22).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 202979
Time elapsed: 4 minute(s), 55 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Thanks
JK

#13
Gammo

Posted 12 September 2012 - 02:54 PM

Member 2k

Malware Removal
2,299 posts

Your logs appear to be clean now. There is only a bit of cleanup that we will deal with in this post, as well as prevention from future infections. ^_^

Remove Combofix now that we're done with it.

Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
Please follow the prompts to uninstall Combofix.
You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Download OTC to your desktop and run it
A list of tool components used in the Cleanup of malware will be downloaded.
If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
Click Yes to begin the Cleanup process and remove these components, including this application.
You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Keep a backup of your important files
Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Make proper use of your anti-virus and firewall
You should keep your anti-virus and firewall guard enabled at all times, don't shut them off unless there's a specific reason to do so.

Also, regularly performing a full system scan with your anti-virus program is a good idea to make sure nothing has slipped through your protection. Once every two weeks works well for many people. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own.

Keep in mind that anti-virus programs are far from perfect. They don't protect you against every piece of malware that's out there, so don't trust them blindly. If an anti-virus reports a file as 'clean' then it's doesn't necessarily has to mean it is.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Keep all your software updated
It is important to keep up on system updates from Microsoft by regularly checking their website at: http://windowsupdate.microsoft.com/, as these patch critical security vulnerabilities and help to keep you safe.

It's also important to keep programs up to date so that malware doesn't exploit any old security flaws. FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Java and Adobe Reader are two of the main security vulnerabilities. You can find the latest version of Java here, you will want the Java SE Runtime Environment (JRE) one. You can find the latest version of Adobe Reader here.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Use a safer web browser
Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a couple good free alternatives: Google Chrome and Opera. Both are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these.

The WOT add-on will nicely help to enhance your security, no matter which web browser you use. This add-on tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Some other security programs

It is wise these days to have a few security programs installed and running on your machine except from just an anti-virus and a firewall. I will list some of them.

A good anti-spyware program installed on your pc is very important to help remove any spyware that may have gotten on your computer. I highly recommend Malwarebytes' Anti-Malware.
MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites in the future.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Be careful
Having security programs installed is very helpful to you, but none of them have the gift of human thought. The best way to make sure you don't get infected is to exercise common sense. Be careful of what websites you visit - if a site looks suspicious, trust your instincts and get out of there. Be careful of what attachments you open in emails and files you download from websites - check them over carefully to make sure that you know what you're getting.

Using peer-to-peer programs (eg: LimeWire, BitTorrent, uTorrent, Kazaa) or downloading cracks and keygens is something else to avoid. These are the most common way to get infected. Malware writers use these programs to spread infections as it is the easiest way for them. The majority of infections we see in the Malware Removal forum are due to people using p2p programs to download cracks/keygens/warez. These are not only illegal, but will always contain some form of malware. You have no way of verifying that the things you download are legitimate or that they don't contain malware. Even with an up to date anti-virus and firewall, some of these things will still infect you. It is highly recommend that you uninstall all peer-to-peer programs. It just isn't worth it.

Other common ways of getting infected are dis-reputable sites forcing you to download and install a codec. Or viruses using Instant Messaging programs (Windows Live Messenger, MSN Messenger, AIM) to send a file claiming it to be "photos" from a friend, only for it to turn out to be a virus.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Slow computer?
If your computer begins to slow down in the future for no particular reason, your first step should not be to come to the malware forum. As your computer ages and is used, it's parts wear, files and programs accumulate, and its performance can decrease. To restore your computer's performance to its best possible level, follow the steps in this page written by malware expert Miekiemoes.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I'll leave this thread open for a couple days in case you come across any lingering problems that need fixing, then I'll close it up. If you need it reopened for any reason just shoot me a PM. It's been a pleasure working with you, now best of luck!

Cheers,
Gammo :cool:

#14
jumbokid

Posted 12 September 2012 - 11:26 PM

New Member

Topic Starter
Member
9 posts

1. Many thanks for the help. As I had said before, I was not even sure of a malware since scans using several online scanners had detected no infections. But it is still nice to get a confirmation. Did the combofix /OTC cleanups without any incidence.

2. During the combofix run, grpconv -o has been registered to run at system startup. Should I let that continue, or disable it?

3.

If your computer begins to slow down in the future for no particular reason, your first step should not be to come to the malware forum.

I had already tried almost everything that can be easily done (and available on moderate amount of google search) to speed up my PC. This includes almost all the tricks (except the bit about getting rid of unused programs!)listed on the page by Miekiemoes, and a few more. They did not help.

4. The two major symptoms that made me suspicious are:
a) The desktop background resetting to a blue screen very frequently. This has been listed as a possible malware symptom at certain places.
b) The "Initializing Boot agent" screen at the startup taking ~1 minute to disappear.

These are atypical behaviors in the context of all the XP machines that I have used. Would be grateful if you could give me some pointers as to why these might be happening / how to take care.

5. Finally, thanks once more for your patience.

Best
JK

#15
Gammo

Posted 13 September 2012 - 09:39 AM

Member 2k

Malware Removal
2,299 posts

2. During the combofix run, grpconv -o has been registered to run at system startup. Should I let that continue, or disable it?

Just let that continue.

We have a Windows XP forum as well: http://www.geekstogo...p-2000-2003-nt/ . You may want to ask your remaining questions there. :thumbsup: