OTL.txt (part 1 of 2)
OTL logfile created on: 9/6/2011 11:23:13 PM - Run 1
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Documents and Settings\ewelsch\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.24 Gb Available Physical Memory | 62.08% Memory free
3.85 Gb Paging File | 3.29 Gb Available in Paging File | 85.60% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.46 Gb Total Space | 5.25 Gb Free Space | 7.05% Space Free | Partition Type: NTFS
Computer Name: LAP6 | User Name: ewelsch | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/09/05 07:26:49 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ewelsch\Desktop\OTL.exe
PRC - [2011/02/18 11:47:12 | 000,079,192 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2010/11/24 11:23:05 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2010/11/24 11:22:51 | 001,885,488 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Smc.exe
PRC - [2010/11/24 11:22:51 | 001,459,568 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\SmcGui.exe
PRC - [2010/11/24 11:22:46 | 001,832,072 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2010/09/06 02:19:58 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2010/06/18 08:05:38 | 000,081,920 | ---- | M] (HostingClient) -- C:\hosting\client\HostingClient.exe
PRC - [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2009/10/30 13:34:12 | 001,916,248 | ---- | M] (Smith Micro Software, Inc.) -- C:\Program Files\Smith Micro\StuffIt 2010\ArcNameService.exe
PRC - [2009/09/28 23:41:12 | 000,024,645 | ---- | M] (Apache Software Foundation) -- C:\hosting\apache\bin\httpd.exe
PRC - [2008/06/11 22:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/14 16:21:40 | 000,475,136 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2007/04/15 23:49:16 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\hidfind.exe
PRC - [2007/04/15 23:49:08 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2007/04/15 23:49:08 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApMsgFwd.exe
PRC - [2007/04/15 23:49:08 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
PRC - [2007/02/19 01:27:16 | 000,090,112 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe
PRC - [2007/02/19 01:26:32 | 000,303,104 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2007/02/01 11:21:22 | 001,466,368 | ---- | M] () -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
PRC - [2007/01/30 17:32:42 | 000,102,400 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
PRC - [2007/01/22 13:53:02 | 000,212,992 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
PRC - [2006/12/19 16:21:48 | 000,079,432 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
PRC - [2006/10/20 19:23:38 | 000,118,784 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
========== Modules (No Company Name) ==========
MOD - [2011/07/19 16:13:32 | 003,542,616 | ---- | M] () -- c:\Program Files\Common Files\Akamai\netsession_win_2da1ebd.dll
MOD - [2010/11/04 08:51:44 | 000,555,624 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nView\nvShell.dll
MOD - [2010/11/04 08:51:42 | 002,502,248 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nView\nView.dll
MOD - [2010/02/19 08:44:21 | 011,486,720 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\7124a40b9998f7b63c86bd1a2125ce26\mscorlib.ni.dll
MOD - [2009/09/04 23:15:06 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2007/09/20 18:34:58 | 000,129,024 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2007/03/16 05:10:48 | 000,757,760 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll
MOD - [2007/02/01 11:21:20 | 001,736,704 | ---- | M] () -- C:\WINDOWS\system32\Tsp1.dll
MOD - [2007/02/01 10:56:08 | 000,035,328 | ---- | M] () -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\TspPopup_ENU.dll
MOD - [2007/01/30 17:31:50 | 000,286,720 | ---- | M] () -- C:\WINDOWS\system32\wxvault.dll
MOD - [2007/01/30 17:30:30 | 000,004,096 | ---- | M] () -- C:\WINDOWS\system32\detoured.dll
========== Win32 Services (SafeList) ==========
SRV - [2011/07/19 16:13:32 | 003,542,616 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Akamai\netsession_win_2da1ebd.dll -- (Akamai)
SRV - [2011/01/04 16:02:43 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2011/01/04 13:38:30 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/11/24 11:23:05 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2010/11/24 11:23:05 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2010/11/24 11:22:51 | 001,885,488 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Smc.exe -- (SmcService)
SRV - [2010/11/24 11:22:51 | 000,357,704 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec AntiVirus\SNAC.EXE -- (SNAC)
SRV - [2010/11/24 11:22:46 | 001,832,072 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2010/10/05 09:07:08 | 000,087,336 | ---- | M] (Dassault Systèmes SolidWorks Corp.) [On_Demand | Stopped] -- C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe -- (CoordinatorServiceHost)
SRV - [2010/09/06 02:19:58 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0)
SRV - [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2010/02/17 11:53:18 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2009/10/30 13:34:12 | 001,916,248 | ---- | M] (Smith Micro Software, Inc.) [Auto | Running] -- C:\Program Files\Smith Micro\StuffIt 2010\ArcNameService.exe -- (Stuffit Archive Name Service)
SRV - [2009/09/28 23:41:12 | 000,024,645 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\hosting\apache\bin\httpd.exe -- (Apache2.2)
SRV - [2008/08/28 15:24:24 | 000,226,576 | ---- | M] (SonicWALL, Inc.) [On_Demand | Stopped] -- C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe -- (RampartSvc)
SRV - [2007/07/20 07:20:16 | 000,057,344 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- C:\hosting\tomcat\bin\tomcat6.exe -- (tomcat6)
SRV - [2007/05/14 16:21:40 | 000,475,136 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)
SRV - [2007/02/19 01:27:16 | 000,090,112 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe -- (STacSV)
SRV - [2007/02/01 11:21:22 | 001,466,368 | ---- | M] () [Auto | Running] -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)
SRV - [2007/01/29 23:59:58 | 000,487,424 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV - [2006/12/19 16:21:48 | 000,079,432 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe -- (ASFIPmon)
SRV - [2005/09/23 08:01:16 | 002,799,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80)
========== Driver Services (SafeList) ==========
DRV - [2011/09/06 07:47:58 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110906.017\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/09/06 07:47:58 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110906.017\NAVENG.SYS -- (NAVENG)
DRV - [2011/07/28 06:32:00 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/07/27 04:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/06/22 19:05:28 | 000,167,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wpshelper.sys -- (WpsHelper)
DRV - [2010/11/24 11:31:37 | 000,125,488 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/11/24 11:23:20 | 000,043,376 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\WPSDRVnt.sys -- (WPS)
DRV - [2010/11/24 11:23:10 | 000,320,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2010/11/24 11:23:10 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2010/11/24 11:23:09 | 000,283,184 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2010/11/24 11:22:53 | 000,067,472 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Teefer2.sys -- (Teefer2)
DRV - [2010/11/24 11:22:21 | 000,188,080 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2010/11/24 11:22:20 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2010/11/24 11:22:18 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2009/12/01 15:22:49 | 000,012,464 | ---- | M] (Macrovision Europe Ltd) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CdaC15BA.SYS -- (CdaC15BA)
DRV - [2008/11/18 19:17:08 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2008/08/25 14:16:12 | 000,125,584 | R--- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2008/03/19 12:12:42 | 000,086,552 | ---- | M] (SonicWALL, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\RCFOX.SYS -- (RCFOX)
DRV - [2007/04/15 23:49:08 | 000,132,608 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/03/18 17:44:38 | 000,160,256 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2007/03/16 05:10:56 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2007/02/19 01:27:34 | 001,228,296 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/01/31 20:19:04 | 000,989,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/01/31 20:19:02 | 000,730,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/01/31 20:19:02 | 000,209,152 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007/01/30 19:37:18 | 000,056,320 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\oz776.sys -- (guardian2)
DRV - [2006/12/19 16:21:52 | 000,010,480 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys -- (BASFND)
DRV - [2006/08/28 17:00:44 | 000,019,968 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\PBADRV.sys -- (PBADRV)
DRV - [2005/11/08 09:58:20 | 000,024,876 | ---- | M] (SonicWALL, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rcvpn.sys -- (rcvpn)
DRV - [2005/08/12 19:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL =
www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6071231
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page =
www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6071231
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6071231
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6071231
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-16521670-482496684-1124750213-1740\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-16521670-482496684-1124750213-1740\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.com/
IE - HKU\S-1-5-21-16521670-482496684-1124750213-1740\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..network.proxy.type: 0
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files\MSN Toolbar\Platform\5.0.1430.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\ewelsch\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\5.0.1430.0\Firefox [2010/04/19 11:17:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/04/19 11:17:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{820EB553-FE8F-45B9-9694-8ED0012CEC57}: C:\Documents and Settings\gkessler\Local Settings\Application Data\{820EB553-FE8F-45B9-9694-8ED0012CEC57} [2010/06/21 07:58:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/08/31 10:58:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
[2011/05/07 08:51:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ewelsch\Application Data\Mozilla\Extensions
[2011/07/25 23:24:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ewelsch\Application Data\Mozilla\Firefox\Profiles\saqeamh1.default\extensions
[2011/07/25 23:24:46 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Documents and Settings\ewelsch\Application Data\Mozilla\Firefox\Profiles\saqeamh1.default\extensions\plugin@yontoo.com
[2011/09/04 22:46:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/09/04 22:46:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2008/12/21 08:41:13 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/02/19 08:40:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/08/31 10:58:39 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
O1 HOSTS File: ([2011/09/06 22:34:27 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-16521670-482496684-1124750213-1740\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [Document Manager] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [SecureUpgrade] C:\Program Files\Wave Systems Corp\SecureUpgrade.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HostingClientShortcut.lnk = C:\hosting\client\HostingClient.exe (HostingClient)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SolidWorks Background Downloader.lnk = C:\Program Files\Common Files\SolidWorks Installation Manager\BackgroundDownloading\sldBgDwld.exe (Dassault Systèmes SolidWorks Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-16521670-482496684-1124750213-1740\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-16521670-482496684-1124750213-1740\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-16521670-482496684-1124750213-1740\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisablePersonalDirChange = 1
O7 - HKU\S-1-5-21-16521670-482496684-1124750213-1740\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-16521670-482496684-1124750213-1740\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\biolsp.dll (Wave Systems Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\biolsp.dll (Wave Systems Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\biolsp.dll (Wave Systems Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\biolsp.dll (Wave Systems Corp.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}
http://go.microsoft.com/fwlink/?linkid=58813 (Office Genuine Advantage Validation Tool)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700}
http://download.microsoft.com/downl...-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}
http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1266499618834 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.71.230 68.87.73.246
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = FitnessEM.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{574781F1-DCBE-46FB-BB10-4C16228A705B}: DhcpNameServer = 192.168.0.7 66.189.0.29
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E3028C4F-5F7F-4C94-A323-2DBF4B9B8DA8}: DhcpNameServer = 68.87.71.230 68.87.73.246
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\ewelsch\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\ewelsch\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 19:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
Drivers32: msacm.ac3filter - C:\WINDOWS\System32\ac3filter.acm ()
Drivers32: msacm.dvacm - c:\Program Files\Common Files\Ulead Systems\VIO\DVACM.acm (Corel TW Corp.)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2011/09/06 22:56:53 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/09/06 22:14:03 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/09/06 22:14:03 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/09/06 22:14:03 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/09/06 22:14:03 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/09/06 22:13:18 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/09/06 22:12:44 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/09/06 22:04:33 | 004,197,762 | R--- | C] (Swearware) -- C:\Documents and Settings\ewelsch\Desktop\ComboFix.exe
[2011/09/06 11:56:47 | 001,401,136 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\ewelsch\Desktop\tdsskiller.exe
[2011/09/06 09:04:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ewelsch\Desktop\Adobe Acrobat 9 Std
[2011/09/05 07:28:40 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/09/05 07:26:49 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\ewelsch\Desktop\OTL.exe
[2011/09/03 23:58:19 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/09/03 23:22:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Wave Systems Corp
[2011/09/03 23:21:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\NTRU Cryptosystems
[2011/08/30 08:12:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ewelsch\Application Data\NVIDIA
[2011/08/26 10:13:57 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/08/26 10:10:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/08/26 10:10:18 | 000,000,000 | R--D | C] -- C:\Documents and Settings\ewelsch\Start Menu\Programs\Administrative Tools
[2011/08/25 15:14:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ewelsch\Application Data\WinRAR
[2011/08/25 10:25:04 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\ewelsch\Recent
[2011/08/17 10:04:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA
[2011/08/17 09:33:53 | 000,000,000 | ---D | C] -- C:\MGtools
[2011/08/11 14:43:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office
[2011/08/11 14:42:53 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2011/08/11 14:42:20 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2011/08/11 14:34:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ewelsch\Local Settings\Application Data\Microsoft Help
[2011/08/08 10:18:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ewelsch\Application Data\Corel
[2011/08/08 10:18:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Protexis
[2011/08/08 10:18:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ewelsch\Application Data\Ulead Systems
[2011/08/08 10:02:56 | 000,000,000 | ---D | C] -- C:\Program Files\SmartSound Software
[2011/08/08 10:02:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2011/08/08 10:02:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windows media
[2011/08/08 10:02:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\RegisteredPackages
[2011/08/08 10:02:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Media
[2011/08/08 10:01:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InterVideo
[2011/08/08 09:59:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Corel
[2011/08/08 09:59:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Corel VideoStudio Pro X4
[2011/08/08 09:57:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2011/08/08 09:53:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Protexis
[2011/08/08 09:53:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Corel
[2011/08/08 09:52:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Ulead Systems
[2011/08/08 09:52:43 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Components
[2011/08/08 09:51:43 | 000,000,000 | ---D | C] -- C:\Program Files\Corel
[2011/08/08 09:35:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Akamai
========== Files - Modified Within 30 Days ==========
[2011/09/06 22:56:05 | 000,087,719 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2011/09/06 22:54:52 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/09/06 22:53:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/06 22:52:47 | 2145,353,728 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/06 22:34:27 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/09/06 22:04:43 | 004,197,762 | R--- | M] (Swearware) -- C:\Documents and Settings\ewelsch\Desktop\ComboFix.exe
[2011/09/06 14:39:16 | 000,001,754 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Acrobat 9 Standard.lnk
[2011/09/06 11:56:59 | 001,401,136 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\ewelsch\Desktop\tdsskiller.exe
[2011/09/06 09:20:24 | 001,837,464 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/09/06 02:00:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-SAVAGEFITNESS-ewelsch.job
[2011/09/05 14:00:27 | 000,294,400 | ---- | M] () -- C:\Documents and Settings\ewelsch\Desktop\exeHelper.com
[2011/09/05 07:26:49 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ewelsch\Desktop\OTL.exe
[2011/09/03 00:15:51 | 000,252,080 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/09/03 00:15:51 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/09/02 12:46:21 | 000,252,080 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/09/02 08:47:17 | 000,002,569 | ---- | M] () -- C:\Documents and Settings\ewelsch\Desktop\SolidWorks 2011.lnk
[2011/09/02 07:27:18 | 001,008,092 | ---- | M] () -- C:\Documents and Settings\ewelsch\Desktop\rkill.exe
[2011/08/27 19:17:05 | 000,263,601 | ---- | M] () -- C:\MGlogs.zip
[2011/08/26 11:06:04 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\ewelsch\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2011/08/26 10:14:06 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/08/22 20:10:08 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\ewelsch\Desktop\Shortcut to 2011 Kristin and Anthony Wedding - Heather Hudson Photography.lnk
[2011/08/20 05:50:01 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Bxuhoci.dat
[2011/08/20 05:49:58 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Ldusaxiqexeji.bin
[2011/08/18 17:14:13 | 000,087,719 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2011/08/18 07:54:01 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nvdrswr.lk
[2011/08/18 07:43:39 | 000,072,762 | ---- | M] () -- C:\WINDOWS\System32\NvwsApps.xml
[2011/08/16 12:05:25 | 000,001,272 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2011/08/08 09:59:14 | 000,000,775 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Corel VideoStudio Pro X4.lnk