OTL logfile created on: 9/16/2011 10:40:16 AM - Run 1 OTL by OldTimer - Version 3.2.28.0 Folder = C:\Users\Jerry\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.80 Gb Total Physical Memory | 2.21 Gb Available Physical Memory | 58.10% Memory free 7.60 Gb Paging File | 6.00 Gb Available in Paging File | 78.97% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 280.47 Gb Total Space | 140.61 Gb Free Space | 50.13% Space Free | Partition Type: NTFS Drive E: | 4.66 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Drive F: | 3.68 Gb Total Space | 0.01 Gb Free Space | 0.16% Space Free | Partition Type: FAT32 Computer Name: JERRY-PC | User Name: Jerry | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2011/09/16 10:35:41 | 000,581,632 | ---- | M] (OldTimer Tools) -- C:\Users\Jerry\Desktop\OTL.exe PRC - [2011/06/12 10:23:05 | 000,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\Desktop Manager\dwm.exe PRC - [2011/06/01 07:52:46 | 000,853,504 | ---- | M] () -- C:\Users\Jerry\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\7.6.0.0_0\plugin\ClickClean.exe PRC - [2011/05/03 16:13:58 | 003,092,480 | ---- | M] (EasyTech) -- C:\Program Files (x86)\Easy-Hide-IP\rdr\EasyRedirect.exe PRC - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360 Premier Edition\Engine\5.1.0.29\ccSvcHst.exe PRC - [2010/11/18 11:38:18 | 000,052,664 | ---- | M] () -- C:\Program Files (x86)\Tether\TBService.exe PRC - [2010/09/14 05:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2010/09/14 05:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2010/08/20 15:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe PRC - [2009/09/30 07:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2009/09/30 07:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2009/09/26 00:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) -- C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe PRC - [2009/06/09 09:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2011/08/22 01:18:06 | 000,925,696 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll MOD - [2011/06/01 07:52:46 | 000,853,504 | ---- | M] () -- C:\Users\Jerry\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\7.6.0.0_0\plugin\ClickClean.exe MOD - [2011/05/07 06:57:14 | 000,327,224 | ---- | M] () -- C:\Users\Jerry\AppData\Local\Google\Chrome\Application\11.0.696.68\ppgooglenaclpluginchrome.dll MOD - [2011/05/07 06:57:13 | 004,125,752 | ---- | M] () -- C:\Users\Jerry\AppData\Local\Google\Chrome\Application\11.0.696.68\pdf.dll MOD - [2011/05/07 06:55:40 | 000,102,472 | ---- | M] () -- C:\Users\Jerry\AppData\Local\Google\Chrome\Application\11.0.696.68\avutil-50.dll MOD - [2011/05/07 06:55:39 | 000,194,632 | ---- | M] () -- C:\Users\Jerry\AppData\Local\Google\Chrome\Application\11.0.696.68\avformat-52.dll MOD - [2011/05/07 06:55:38 | 001,823,304 | ---- | M] () -- C:\Users\Jerry\AppData\Local\Google\Chrome\Application\11.0.696.68\avcodec-52.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2010/01/20 15:10:00 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\stacsv64.exe -- (STacSV) SRV:[b]64bit:[/b] - [2009/09/21 15:24:40 | 001,420,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV:[b]64bit:[/b] - [2009/09/21 15:03:06 | 000,315,664 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS) SRV:[b]64bit:[/b] - [2009/09/21 15:00:44 | 000,831,760 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV:[b]64bit:[/b] - [2009/08/17 21:09:52 | 000,868,128 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV:[b]64bit:[/b] - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:[b]64bit:[/b] - [2009/06/09 09:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService) SRV:[b]64bit:[/b] - [2009/03/02 13:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe -- (AESTFilters) SRV - [2011/06/12 10:23:05 | 000,142,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Desktop Manager\dwm.exe -- (USmsServ) SRV - [2011/05/03 16:13:58 | 003,092,480 | ---- | M] (EasyTech) [Auto | Running] -- C:\Program Files (x86)\Easy-Hide-IP\rdr\EasyRedirect.exe -- (EasyRedirect) SRV - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton 360 Premier Edition\Engine\5.1.0.29\ccSvcHst.exe -- (N360) SRV - [2010/11/18 11:38:18 | 000,052,664 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Tether\TBService.exe -- (Tether) SRV - [2010/09/14 05:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2010/09/14 05:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2010/08/20 15:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/09/30 07:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R) SRV - [2009/09/30 07:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R) SRV - [2009/09/26 00:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service) SRV - [2009/06/23 16:02:42 | 000,060,928 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe -- (InstallFilterService) SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - [2011/07/08 17:45:12 | 000,386,168 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symnets.sys -- (SymNetS) DRV:[b]64bit:[/b] - [2011/05/17 13:10:24 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent) DRV:[b]64bit:[/b] - [2011/05/12 14:03:12 | 000,006,144 | ---- | M] (Sophos Plc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\E42F.tmp -- (MEMSWEEP2) DRV:[b]64bit:[/b] - [2011/03/30 22:00:09 | 000,744,568 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtsp64.sys -- (SRTSP) DRV:[b]64bit:[/b] - [2011/03/30 22:00:09 | 000,040,568 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL) DRV:[b]64bit:[/b] - [2011/03/14 21:31:23 | 000,912,504 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\SymEFA64.sys -- (SymEFA) DRV:[b]64bit:[/b] - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:[b]64bit:[/b] - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:[b]64bit:[/b] - [2011/02/11 19:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:[b]64bit:[/b] - [2011/01/27 01:47:10 | 000,450,680 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\SymDS64.sys -- (SymDS) DRV:[b]64bit:[/b] - [2011/01/27 00:07:06 | 000,171,128 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\Ironx64.sys -- (SymIRON) DRV:[b]64bit:[/b] - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:[b]64bit:[/b] - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:[b]64bit:[/b] - [2010/11/17 19:34:58 | 000,025,072 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\Dell Support Center\pcdsrvc_x64.pkms -- (PCDSRVC{1E208CE0-FB7451FF-06020101}_0) DRV:[b]64bit:[/b] - [2010/11/03 09:23:57 | 000,230,352 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt) DRV:[b]64bit:[/b] - [2010/09/14 05:45:52 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:[b]64bit:[/b] - [2010/09/14 05:45:50 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:[b]64bit:[/b] - [2010/09/14 05:45:48 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:[b]64bit:[/b] - [2010/09/14 05:45:44 | 000,760,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:[b]64bit:[/b] - [2010/09/03 13:26:24 | 000,050,768 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\uimx64.sys -- (UimBus) DRV:[b]64bit:[/b] - [2010/09/03 13:26:22 | 000,566,864 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\Uim_IMx64.sys -- (Uim_IM) DRV:[b]64bit:[/b] - [2010/09/03 13:26:22 | 000,037,456 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hotcore3.sys -- (hotcore3) DRV:[b]64bit:[/b] - [2010/08/29 18:11:08 | 000,021,072 | ---- | M] (Mobile Stream) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\easytthr.sys -- (easytether) DRV:[b]64bit:[/b] - [2010/08/20 22:59:12 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:[b]64bit:[/b] - [2010/06/23 09:10:56 | 000,344,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:[b]64bit:[/b] - [2010/04/14 01:01:44 | 000,054,824 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt) DRV:[b]64bit:[/b] - [2010/02/10 03:01:58 | 000,158,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:[b]64bit:[/b] - [2010/01/20 15:10:00 | 000,505,856 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:[b]64bit:[/b] - [2010/01/07 15:51:38 | 000,271,872 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R) DRV:[b]64bit:[/b] - [2009/10/26 17:54:22 | 000,032,768 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64) DRV:[b]64bit:[/b] - [2009/10/16 10:23:00 | 000,050,856 | ---- | M] (Tether) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qrkis.sys -- (qrkis) DRV:[b]64bit:[/b] - [2009/09/16 23:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R) DRV:[b]64bit:[/b] - [2009/09/15 11:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel(R) DRV:[b]64bit:[/b] - [2009/08/23 22:20:22 | 000,285,744 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:[b]64bit:[/b] - [2009/07/24 01:13:02 | 000,023,912 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Acceler.sys -- (Acceler) DRV:[b]64bit:[/b] - [2009/07/23 12:57:48 | 000,018,792 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdflt.sys -- (stdflt) DRV:[b]64bit:[/b] - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:[b]64bit:[/b] - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:[b]64bit:[/b] - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:[b]64bit:[/b] - [2009/07/13 19:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:[b]64bit:[/b] - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:[b]64bit:[/b] - [2009/07/13 19:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM) DRV:[b]64bit:[/b] - [2009/07/09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:[b]64bit:[/b] - [2009/07/04 06:27:02 | 000,055,808 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpe64.sys -- (rixdpcie) DRV:[b]64bit:[/b] - [2009/07/01 19:54:52 | 000,060,416 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspe64.sys -- (rimspci) DRV:[b]64bit:[/b] - [2009/07/01 05:31:58 | 000,080,896 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdpe64.sys -- (risdpcie) DRV:[b]64bit:[/b] - [2009/06/30 23:46:52 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:[b]64bit:[/b] - [2009/06/30 23:46:48 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:[b]64bit:[/b] - [2009/06/30 23:46:40 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:[b]64bit:[/b] - [2009/06/25 04:04:20 | 000,067,584 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk) DRV:[b]64bit:[/b] - [2009/06/25 03:38:52 | 000,057,856 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp) DRV:[b]64bit:[/b] - [2009/06/25 03:13:44 | 000,055,296 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk) DRV:[b]64bit:[/b] - [2009/06/15 13:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt) DRV:[b]64bit:[/b] - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:[b]64bit:[/b] - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:[b]64bit:[/b] - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:[b]64bit:[/b] - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:[b]64bit:[/b] - [2009/04/07 02:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:[b]64bit:[/b] - [2009/01/09 15:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort) DRV:[b]64bit:[/b] - [2008/05/20 18:33:36 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb) DRV:[b]64bit:[/b] - [2006/11/01 12:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr) DRV - [2011/09/15 18:15:28 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20110915.024\EX64.SYS -- (NAVEX15) DRV - [2011/09/15 18:15:28 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20110915.024\ENG64.SYS -- (NAVENG) DRV - [2011/09/14 05:12:08 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20110915.030\IDSviA64.sys -- (IDSVia64) DRV - [2011/09/09 17:47:18 | 001,152,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20110909.001\BHDrvx64.sys -- (BHDrvx64) DRV - [2011/07/27 23:17:26 | 000,481,912 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl) DRV - [2011/07/27 23:17:26 | 000,136,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2982078996-2158721695-3169103491-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1 IE - HKU\S-1-5-21-2982078996-2158721695-3169103491-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2801948 IE - HKU\S-1-5-21-2982078996-2158721695-3169103491-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/ IE - HKU\S-1-5-21-2982078996-2158721695-3169103491-1001\..\URLSearchHook: {37483b40-c254-4a72-bda4-22ee90182c1e} - Reg Error: No CLSID value found. File not found IE - HKU\S-1-5-21-2982078996-2158721695-3169103491-1001\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll (Yahoo! Inc.) IE - HKU\S-1-5-21-2982078996-2158721695-3169103491-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2982078996-2158721695-3169103491-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:8118 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultthis.engineName: "NCH EN Customized Web Search" FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2801948&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "NCH EN Customized Web Search" FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT2801948&SearchSource=13" FF - prefs.js..extensions.enabledItems: clickclean@hotcleaner.com:3.6.5.0 FF - prefs.js..extensions.enabledItems: Eraser@vikram:1.03 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.14.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25 FF - prefs.js..extensions.enabledItems: searchtoolbar@zugo.com:1.2 FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:3.1 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.3.5.20110120033202 FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.5 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: {37483b40-c254-4a72-bda4-22ee90182c1e}:3.5.0.12 FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:2011.7.1.3 FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2801948&q=" FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@onlive.com/OlGameDetect,version=1.1.0.72956: C:\Program Files (x86)\OnLive\FirefoxPlugin\npolgdet.dll File not found FF - HKLM\Software\MozillaPlugins\@qq.com/npqscall,version=1.0.0: %commonprogramfiles%\tencent\NPQSCALL\npqscall.dll File not found FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll () FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Jerry\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Jerry\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Users\Jerry\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Jerry\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\facebook.com/PhotoUploaderPlugin: C:\Users\Jerry\AppData\Local\Facebook\PhotoUploader\1.0.0.2001\npFacebookPhotoUploader.dll (Facebook) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPlgn\ [2011/08/17 10:00:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\coFFPlgn_2011_7_1_3 [2011/09/16 10:06:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/04/08 12:25:08 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/05/24 10:27:48 | 000,000,000 | ---D | M] [2010/08/23 18:29:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jerry\AppData\Roaming\Mozilla\Extensions [2011/09/07 11:39:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jerry\AppData\Roaming\Mozilla\Firefox\Profiles\s1px82gm.default\extensions [2011/08/11 12:20:42 | 000,000,000 | ---D | M] (NCH EN Community Toolbar) -- C:\Users\Jerry\AppData\Roaming\Mozilla\Firefox\Profiles\s1px82gm.default\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e} [2011/03/29 23:22:41 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Jerry\AppData\Roaming\Mozilla\Firefox\Profiles\s1px82gm.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2011/05/19 19:55:06 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Jerry\AppData\Roaming\Mozilla\Firefox\Profiles\s1px82gm.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2011/07/31 14:16:35 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Jerry\AppData\Roaming\Mozilla\Firefox\Profiles\s1px82gm.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2011/06/09 16:09:21 | 000,000,000 | ---D | M] (Torbutton) -- C:\Users\Jerry\AppData\Roaming\Mozilla\Firefox\Profiles\s1px82gm.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca} [2010/08/23 18:38:43 | 000,000,000 | ---D | M] (Click&Clean) -- C:\Users\Jerry\AppData\Roaming\Mozilla\Firefox\Profiles\s1px82gm.default\extensions\clickclean@hotcleaner.com [2010/08/23 18:38:43 | 000,000,000 | ---D | M] (Eraser) -- C:\Users\Jerry\AppData\Roaming\Mozilla\Firefox\Profiles\s1px82gm.default\extensions\Eraser@vikram [2011/07/31 14:16:37 | 000,000,000 | ---D | M] (Facebook Translate) -- C:\Users\Jerry\AppData\Roaming\Mozilla\Firefox\Profiles\s1px82gm.default\extensions\facebook-translate@oliver.schloebe.de [2011/04/29 23:18:55 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Users\Jerry\AppData\Roaming\Mozilla\Firefox\Profiles\s1px82gm.default\extensions\searchtoolbar@zugo.com [2011/04/29 23:18:55 | 000,001,919 | ---- | M] () -- C:\Users\Jerry\AppData\Roaming\Mozilla\Firefox\Profiles\s1px82gm.default\searchplugins\bing-zugo.xml [2011/06/22 14:13:40 | 000,000,915 | ---- | M] () -- C:\Users\Jerry\AppData\Roaming\Mozilla\Firefox\Profiles\s1px82gm.default\searchplugins\conduit.xml [2011/06/12 14:32:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2010/09/20 09:50:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010/11/01 18:52:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011/01/04 23:07:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011/02/22 00:11:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011/04/29 21:26:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} [2011/06/12 14:32:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011/09/16 10:06:49 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\COFFPLGN_2011_7_1_3 [2011/08/17 10:00:41 | 000,000,000 | ---D | M] (Symantec IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPLGN [2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2010/11/03 17:39:24 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files (x86)\mozilla firefox\plugins\npFoxitReaderPlugin.dll O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\5.1.0.29\CoIEPlg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\5.1.0.29\IPS\IPSBHO.dll (Symantec Corporation) O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll () O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc) O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\5.1.0.29\CoIEPlg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll () O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3:[b]64bit:[/b] - HKU\S-1-5-21-2982078996-2158721695-3169103491-1001\..\Toolbar\WebBrowser - No CLSID value found. O3:[b]64bit:[/b] - HKU\S-1-5-21-2982078996-2158721695-3169103491-1001\..\Toolbar\WebBrowser - No CLSID value found. O3 - HKU\S-1-5-21-2982078996-2158721695-3169103491-1001\..\Toolbar\WebBrowser: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll () O3:[b]64bit:[/b] - HKU\S-1-5-21-2982078996-2158721695-3169103491-1001\..\Toolbar\WebBrowser - No CLSID value found. O3: - HKU\S-1-5-21-2982078996-2158721695-3169103491-1001\..\Toolbar\WebBrowser - No CLSID value found. O4:[b]64bit:[/b] - HKLM..\Run: [default] "ctfmon"="CTFMON,EXE" File not found O4:[b]64bit:[/b] - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2982078996-2158721695-3169103491-1001..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found O4 - Startup: C:\Users\TEMP.Jerry-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found O4 - Startup: C:\Users\TEMP.Jerry-PC.002\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:[b]64bit:[/b] - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8:[b]64bit:[/b] - Extra context menu item: Download with FLV Blaster - C:\Program Files (x86)\FLV Blaster\Addons\Internet Explorer\script.htm File not found O8:[b]64bit:[/b] - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8:[b]64bit:[/b] - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Download with FLV Blaster - C:\Program Files (x86)\FLV Blaster\Addons\Internet Explorer\script.htm File not found O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:[b]64bit:[/b] - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:[b]64bit:[/b] - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000001 - CC:\Windows\system32\EasyRedirect.dll File not found O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000002 - CC:\Windows\system32\EasyRedirect.dll File not found O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000003 - CC:\Windows\system32\EasyRedirect.dll File not found O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000004 - CC:\Windows\system32\EasyRedirect.dll File not found O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000016 - CC:\Windows\system32\EasyRedirect.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\EasyRedirect.dll (EasyTech) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\EasyRedirect.dll (EasyTech) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\EasyRedirect.dll (EasyTech) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\EasyRedirect.dll (EasyTech) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\SysWow64\EasyRedirect.dll (EasyTech) O13[b]64bit:[/b] - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 97.64.183.164 97.64.209.37 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6054CEFB-1D8D-4BD4-966D-22D2402B80C2}: DhcpNameServer = 97.64.183.164 97.64.209.37 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6BCB5757-B76F-486B-B8DC-1E5392175E9D}: NameServer = 208.67.222.222,208.67.220.220 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A9165A4D-0827-4663-98E1-8D574B173EC9}: DhcpNameServer = 97.64.183.164 97.64.209.37 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E10AA0CF-29D3-4A97-BDD6-03BCC4FEF849}: DhcpNameServer = 8.8.8.8 8.8.4.4 O18:[b]64bit:[/b] - Protocol\Handler\cozi - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\cozi - No CLSID value found O18 - Protocol\Handler\gopher - No CLSID value found O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010/07/04 11:06:56 | 000,000,085 | R--- | M] () - E:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{84341198-2d96-11e0-99c4-5cac4cd7f23d}\Shell - "" = AutoRun O33 - MountPoints2\{84341198-2d96-11e0-99c4-5cac4cd7f23d}\Shell\AutoRun\command - "" = E:\TL-Bootstrap.exe -- [2010/07/28 11:44:57 | 000,171,520 | R--- | M] () O33 - MountPoints2\{91d93bf6-2fd4-11e0-99fe-5cac4cd7f23d}\Shell - "" = AutoRun O33 - MountPoints2\{91d93bf6-2fd4-11e0-99fe-5cac4cd7f23d}\Shell\AutoRun\command - "" = E:\TL-Bootstrap.exe -- [2010/07/28 11:44:57 | 000,171,520 | R--- | M] () O33 - MountPoints2\{d80b7387-6845-11e0-bcb9-5cac4cd7f23d}\Shell - "" = AutoRun O33 - MountPoints2\{d80b7387-6845-11e0-bcb9-5cac4cd7f23d}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a O33 - MountPoints2\{e75e6a81-5d31-11e0-9a80-5cac4cd7f23d}\Shell - "" = AutoRun O33 - MountPoints2\{e75e6a81-5d31-11e0-9a80-5cac4cd7f23d}\Shell\AutoRun\command - "" = E:\TL-Bootstrap.exe -- [2010/07/28 11:44:57 | 000,171,520 | R--- | M] () O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\TL-Bootstrap.exe -- [2010/07/28 11:44:57 | 000,171,520 | R--- | M] () O34 - HKLM BootExecute: (autocheck autochk *) O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKU\S-1-5-21-2982078996-2158721695-3169103491-1001\...com [@ = comfile] -- Reg Error: Key error. File not found O37 - HKU\S-1-5-21-2982078996-2158721695-3169103491-1001\...exe [@ = exefile] -- Reg Error: Key error. File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2011/09/16 10:35:40 | 000,581,632 | ---- | C] (OldTimer Tools) -- C:\Users\Jerry\Desktop\OTL.exe [2011/09/16 10:18:14 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Jerry\Desktop\aswMBR.exe [2011/09/15 22:30:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion [2011/09/15 22:30:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger [2011/09/15 18:11:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro [2011/09/15 18:11:44 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis [2011/09/15 16:50:14 | 000,000,000 | ---D | C] -- C:\iTunes [2011/09/14 03:03:22 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011/09/04 19:00:00 | 002,562,040 | ---- | C] (Symantec Corporation) -- C:\Users\Jerry\Desktop\NPE.exe [2011/09/01 13:25:45 | 000,000,000 | ---D | C] -- C:\Users\Jerry\vfac [2011/08/31 17:11:31 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2011/08/31 17:11:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2011/08/31 10:10:18 | 000,331,776 | ---- | C] (EasyTech) -- C:\Windows\SysWow64\EasyRedirect.dll [2011/08/31 10:10:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Easy-Hide-IP [2011/08/30 22:04:07 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Tencent [2011/08/30 22:03:35 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tencent Software [2011/08/30 22:03:28 | 000,000,000 | ---D | C] -- C:\Users\Jerry\Documents\Tencent Files [2011/08/30 22:03:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tencent [2011/08/30 15:42:47 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2011/08/27 15:38:19 | 000,000,000 | ---D | C] -- C:\vfac [2011/08/21 19:14:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos [2011/08/21 19:14:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos [2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2011/09/16 10:42:05 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011/09/16 10:35:41 | 000,581,632 | ---- | M] (OldTimer Tools) -- C:\Users\Jerry\Desktop\OTL.exe [2011/09/16 10:33:29 | 000,000,512 | ---- | M] () -- C:\Users\Jerry\Desktop\MBR.dat [2011/09/16 10:18:25 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Jerry\Desktop\aswMBR.exe [2011/09/16 10:14:18 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011/09/16 10:14:18 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011/09/16 10:11:41 | 000,780,156 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011/09/16 10:11:41 | 000,660,982 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011/09/16 10:11:41 | 000,121,620 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011/09/16 10:06:40 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cc2058e91fb04e.job [2011/09/16 10:06:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011/09/16 10:06:23 | 3061,202,944 | -HS- | M] () -- C:\hiberfil.sys [2011/09/15 22:30:38 | 000,001,125 | ---- | M] () -- C:\Users\Jerry\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk [2011/09/15 18:14:43 | 000,796,852 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011/09/15 18:11:44 | 000,002,935 | ---- | M] () -- C:\Users\Jerry\Desktop\HiJackThis.lnk [2011/09/15 09:39:52 | 000,002,144 | ---- | M] () -- C:\{05F5B8B2-F5E9-4E9E-BE1A-017098004CBD} [2011/09/13 22:10:59 | 005,354,822 | ---- | M] () -- C:\Users\Jerry\Documents\P1010438.MOV [2011/09/11 12:08:14 | 4294,967,294 | ---- | M] () -- C:\Users\Jerry\vfact12 [2011/09/06 10:53:12 | 000,004,404 | ---- | M] () -- C:\WirelessDiagLog.csv [2011/09/05 23:03:03 | 022,579,378 | ---- | M] () -- C:\Users\Jerry\Documents\P1010295.MOV [2011/09/05 10:09:18 | 000,501,815 | ---- | M] () -- C:\Users\Jerry\Documents\IMG0224174601.jpg [2011/09/04 22:27:52 | 000,240,044 | ---- | M] () -- C:\Users\Jerry\Documents\IMG_1722.jpg [2011/09/04 19:00:02 | 002,562,040 | ---- | M] (Symantec Corporation) -- C:\Users\Jerry\Desktop\NPE.exe [2011/09/03 23:37:16 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011/08/31 18:22:33 | 000,002,544 | ---- | M] () -- C:\Windows\SysWow64\EasyRedirect.ini [2011/08/31 18:22:33 | 000,001,248 | ---- | M] () -- C:\Windows\SysWow64\EasyRedirectOff.ini [2011/08/31 18:22:33 | 000,001,248 | ---- | M] () -- C:\Windows\SysNative\EasyRedirectOff.ini [2011/08/31 10:10:17 | 000,001,021 | ---- | M] () -- C:\Users\Public\Desktop\IP.lnk [2011/08/30 22:03:05 | 000,018,760 | ---- | M] () -- C:\Windows\SysWow64\QQVistaHelper.dll [2011/08/30 15:42:47 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2011/08/30 15:18:39 | 000,207,795 | ---- | M] () -- C:\Users\Jerry\Documents\Missions of Mercy Confirmation.pdf [2011/08/30 10:13:42 | 000,002,136 | ---- | M] () -- C:\{FBACB654-C3F0-4793-92F2-B97556CEFF47} [2011/08/21 19:13:36 | 001,410,192 | ---- | M] () -- C:\Users\Jerry\Desktop\sar_15_sfx.exe [2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011/09/16 10:33:29 | 000,000,512 | ---- | C] () -- C:\Users\Jerry\Desktop\MBR.dat [2011/09/15 22:30:37 | 000,001,125 | ---- | C] () -- C:\Users\Jerry\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk [2011/09/15 18:11:44 | 000,002,935 | ---- | C] () -- C:\Users\Jerry\Desktop\HiJackThis.lnk [2011/09/15 09:39:51 | 000,002,144 | ---- | C] () -- C:\{05F5B8B2-F5E9-4E9E-BE1A-017098004CBD} [2011/09/13 22:08:57 | 005,354,822 | ---- | C] () -- C:\Users\Jerry\Documents\P1010438.MOV [2011/09/11 12:06:08 | 4294,967,294 | ---- | C] () -- C:\Users\Jerry\vfact12 [2011/09/06 10:53:12 | 000,004,404 | ---- | C] () -- C:\WirelessDiagLog.csv [2011/09/05 22:54:36 | 022,579,378 | ---- | C] () -- C:\Users\Jerry\Documents\P1010295.MOV [2011/09/05 10:08:06 | 000,501,815 | ---- | C] () -- C:\Users\Jerry\Documents\IMG0224174601.jpg [2011/09/04 22:27:41 | 000,240,044 | ---- | C] () -- C:\Users\Jerry\Documents\IMG_1722.jpg [2011/08/31 10:12:37 | 000,002,544 | ---- | C] () -- C:\Windows\SysWow64\EasyRedirect.ini [2011/08/31 10:12:37 | 000,001,248 | ---- | C] () -- C:\Windows\SysWow64\EasyRedirectOff.ini [2011/08/31 10:12:37 | 000,001,248 | ---- | C] () -- C:\Windows\SysNative\EasyRedirectOff.ini [2011/08/31 10:10:16 | 000,001,021 | ---- | C] () -- C:\Users\Public\Desktop\IP.lnk [2011/08/30 15:18:39 | 000,207,795 | ---- | C] () -- C:\Users\Jerry\Documents\Missions of Mercy Confirmation.pdf [2011/08/30 10:13:42 | 000,002,136 | ---- | C] () -- C:\{FBACB654-C3F0-4793-92F2-B97556CEFF47} [2011/08/21 19:13:34 | 001,410,192 | ---- | C] () -- C:\Users\Jerry\Desktop\sar_15_sfx.exe [2011/08/09 18:17:59 | 000,018,760 | ---- | C] () -- C:\Windows\SysWow64\QQVistaHelper.dll [2011/04/12 22:48:41 | 000,002,496 | ---- | C] () -- C:\Windows\SysWow64\AVRedirector.ini [2011/04/12 22:48:41 | 000,001,248 | ---- | C] () -- C:\Windows\SysWow64\AVRedirectorOff.ini [2011/02/11 19:15:08 | 000,874,048 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin [2010/12/11 13:55:46 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010/11/14 15:43:09 | 000,031,767 | ---- | C] () -- C:\Windows\maxlink.ini [2010/10/10 14:27:14 | 000,009,728 | ---- | C] () -- C:\Users\Jerry\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/09/13 04:15:40 | 000,796,852 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010/08/23 23:08:00 | 000,000,916 | ---- | C] () -- C:\Windows\Brpfx04a.ini [2010/08/23 23:08:00 | 000,000,112 | ---- | C] () -- C:\Windows\brpcfx.ini [2010/08/23 23:07:36 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI [2010/08/23 23:06:44 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll [2010/08/23 23:06:43 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini [2010/08/23 23:06:43 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat [2010/07/28 21:08:46 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin [2010/07/28 21:08:44 | 000,104,796 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin [2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [color=#E56717]========== LOP Check ==========[/color] [2011/08/14 11:42:06 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\AnvSoft [2011/04/29 23:20:23 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\ASAP Utilities [2011/04/12 22:46:44 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\AVSoftware [2010/09/05 14:33:57 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\Blackberry Desktop [2011/08/15 16:04:54 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\Blueberry [2011/09/05 08:57:17 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\Dropbox [2011/03/18 18:50:21 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\FLV Blaster [2010/08/23 21:10:12 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\Foxit [2010/11/25 10:06:22 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\Foxit Software [2011/02/20 17:43:42 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\IObit [2010/08/23 16:59:57 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\Leadertech [2011/06/12 14:14:57 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\LogSys [2011/02/21 16:42:10 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\OnLive App [2011/03/03 22:58:03 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\ooVoo Details [2010/08/28 17:44:49 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\OpenOffice.org [2011/04/06 14:23:51 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\PC-FAX TX [2011/03/02 12:59:40 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\PCDr [2010/09/05 14:29:16 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\Research In Motion [2011/05/08 17:53:04 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\ScanSoft [2011/06/12 13:28:21 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\SMRecorder [2011/09/15 18:06:08 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\SoftGrid Client [2011/08/24 22:51:15 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\Solveig Multimedia [2010/10/27 15:39:15 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\SystemRequirementsLab [2011/01/31 13:06:18 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\Teleca [2011/08/09 18:20:58 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\Tencent [2011/09/15 09:06:56 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\Tether [2010/10/20 20:14:19 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\Tific [2010/10/16 22:52:17 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\TP [2011/01/17 12:00:01 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\TrueCrypt [2010/08/23 22:06:11 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\Unity [2011/06/10 09:54:05 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\WhiteSmoke [2010/12/14 11:56:58 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\WinPatrol [2011/06/06 15:58:39 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\WirelessManager [2011/05/08 17:53:12 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\Zeon [2011/07/05 12:30:21 | 000,000,906 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2982078996-2158721695-3169103491-1001Core.job [2011/03/02 13:02:11 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job [2010/10/17 11:34:07 | 000,031,664 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU(46).TXT [2011/09/15 18:32:10 | 000,032,564 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011/03/02 13:02:11 | 000,000,422 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color] [2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe [2009/07/13 20:14:38 | 000,017,920 | ---- | M] (Microsoft Corporation) -- C:\setupSNK.exe [color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color] [2010/08/17 22:04:55 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe [2011/02/26 01:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe [2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2011/02/26 00:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe [2010/08/17 22:05:08 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe [2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011/02/26 01:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2010/08/17 22:04:55 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=6D4F9E4B640B413C6F73414327484C80 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe [2010/08/17 22:05:01 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2010/08/17 22:05:08 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2010/08/17 22:05:01 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2010/11/20 08:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe [2010/08/17 22:05:08 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2010/08/17 22:05:01 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009/07/13 20:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2010/08/17 22:05:08 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2010/08/17 22:04:55 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=CA17F8620815267DC838E30B68CB5052 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe [2011/02/26 01:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe [2010/08/17 22:05:01 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe [2010/08/17 22:04:55 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7c\explorer.exe [color=#A23BEC]< MD5 for: SVCHOST.EXE >[/color] [2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe [2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe [2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe [2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe [color=#A23BEC]< MD5 for: USERINIT.EXE >[/color] [2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe [color=#A23BEC]< MD5 for: VOLSNAP.SYS >[/color] [2010/11/20 08:34:02 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\SysNative\drivers\volsnap.sys [2010/11/20 08:34:02 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\SysNative\DriverStore\FileRepository\volume.inf_amd64_neutral_df8bea40ac96ca21\volsnap.sys [2010/11/20 08:34:02 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_73dcbcf012b4850e\volsnap.sys [2009/07/13 20:45:55 | 000,294,992 | ---- | M] (Microsoft Corporation) MD5=58F82EED8CA24B461441F9C3E4F0BF5C -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7600.16385_none_71aba92815c60174\volsnap.sys [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009/07/13 20:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2010/08/17 22:05:08 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2010/08/17 22:05:08 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe [color=#A23BEC]< %systemroot%\*. /mp /s >[/color] [color=#A23BEC]< hklm\software\clients\startmenuinternet|command /rs >[/color] HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/04/08 12:25:07 | 000,552,376 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/04/08 12:25:07 | 000,552,376 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/04/08 12:25:07 | 000,552,376 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2011/04/08 12:25:06 | 000,912,344 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2011/04/08 12:25:06 | 000,912,344 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2011/04/08 12:25:06 | 000,912,344 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\Jerry\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2011/05/07 06:57:16 | 001,010,232 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\Jerry\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2011/05/07 06:57:16 | 001,010,232 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\Jerry\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/05/07 06:57:16 | 001,010,232 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\Jerry\AppData\Local\Google\Chrome\Application\chrome.exe" [2011/05/07 06:57:16 | 001,010,232 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2010/11/20 07:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2010/11/20 07:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2010/11/20 07:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2010/11/20 07:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2010/11/20 07:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation) [color=#A23BEC]< hklm\software\clients\startmenuinternet|command /64 /rs >[/color] 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2011/04/08 12:25:07 | 000,552,376 | ---- | M] (Mozilla Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2011/04/08 12:25:07 | 000,552,376 | ---- | M] (Mozilla Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2011/04/08 12:25:07 | 000,552,376 | ---- | M] (Mozilla Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE [2011/04/08 12:25:06 | 000,912,344 | ---- | M] (Mozilla Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2011/04/08 12:25:06 | 000,912,344 | ---- | M] (Mozilla Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE [2011/04/08 12:25:06 | 000,912,344 | ---- | M] (Mozilla Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\USERS\JERRY\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2011/05/07 06:57:16 | 001,010,232 | ---- | M] (Google Inc.) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\USERS\JERRY\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2011/05/07 06:57:16 | 001,010,232 | ---- | M] (Google Inc.) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\USERS\JERRY\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2011/05/07 06:57:16 | 001,010,232 | ---- | M] (Google Inc.) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\USERS\JERRY\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2011/05/07 06:57:16 | 001,010,232 | ---- | M] (Google Inc.) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2009/07/13 20:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2009/07/13 20:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2009/07/13 20:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2010/11/20 07:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2010/11/20 07:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation) [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:DBC416F8 < End of report >