Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

My computer is constantly not responding [Closed]


  • This topic is locked This topic is locked

#1
xCherryXSherryx

xCherryXSherryx

    Member

  • Member
  • PipPip
  • 90 posts
I can't click on ANYTHING when I log in to my computer cause even one click can make everything not respond. Then it takes like 5 minutes for programs to finally work again and another 2 minutes for my computer to connect to my wifi. I don't know what's going on. :/

Here's the log:

OTL logfile created on: 2/21/2012 8:02:20 AM - Run 7
OTL by OldTimer - Version 3.2.33.1 Folder = C:\Users\Sherry\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.86 Gb Total Physical Memory | 1.62 Gb Available Physical Memory | 41.99% Memory free
9.66 Gb Paging File | 6.56 Gb Available in Paging File | 67.88% Paging File free
Paging file location(s): C:\pagefile.sys 5934 5934 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.97 Gb Total Space | 118.88 Gb Free Space | 26.25% Space Free | Partition Type: NTFS

Computer Name: SHERRY-PC | User Name: Sherry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/21 07:43:19 | 000,583,168 | ---- | M] (OldTimer Tools) -- C:\Users\Sherry\Desktop\OTL.exe
PRC - [2012/02/15 06:20:46 | 000,492,496 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe
PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/01/13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/12/29 19:06:05 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2011/12/19 16:32:26 | 000,394,672 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
PRC - [2011/11/28 20:53:03 | 000,255,208 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
PRC - [2011/09/23 18:08:19 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011/09/23 18:01:09 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/09/23 11:38:21 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/07/18 15:08:22 | 000,053,088 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files (x86)\Uniblue\PowerSuite\powersuite.exe
PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010/12/07 05:32:02 | 002,228,008 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2010/04/08 15:18:40 | 000,908,368 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2010/04/08 15:18:40 | 000,312,400 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2010/04/08 15:18:40 | 000,298,064 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2010/03/03 16:41:58 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/01/28 18:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
PRC - [2009/12/23 19:39:04 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009/12/23 19:39:02 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/16 03:52:00 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll
MOD - [2012/02/16 03:51:21 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll
MOD - [2012/02/16 03:51:06 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll
MOD - [2012/02/16 03:50:47 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll
MOD - [2012/02/16 03:50:42 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012/02/16 03:50:39 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
MOD - [2012/02/16 03:50:36 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2012/02/15 00:03:36 | 000,429,040 | ---- | M] () -- C:\Users\Sherry\AppData\Local\Google\Chrome\Application\17.0.963.56\ppgooglenaclpluginchrome.dll
MOD - [2012/02/15 00:03:34 | 003,772,912 | ---- | M] () -- C:\Users\Sherry\AppData\Local\Google\Chrome\Application\17.0.963.56\pdf.dll
MOD - [2012/02/15 00:02:21 | 000,527,344 | ---- | M] () -- C:\Users\Sherry\AppData\Local\Google\Chrome\Application\17.0.963.56\libglesv2.dll
MOD - [2012/02/15 00:02:19 | 000,114,672 | ---- | M] () -- C:\Users\Sherry\AppData\Local\Google\Chrome\Application\17.0.963.56\libegl.dll
MOD - [2012/02/15 00:02:10 | 000,122,880 | ---- | M] () -- C:\Users\Sherry\AppData\Local\Google\Chrome\Application\17.0.963.56\avutil-51.dll
MOD - [2012/02/15 00:02:08 | 000,220,672 | ---- | M] () -- C:\Users\Sherry\AppData\Local\Google\Chrome\Application\17.0.963.56\avformat-53.dll
MOD - [2012/02/15 00:02:07 | 001,747,456 | ---- | M] () -- C:\Users\Sherry\AppData\Local\Google\Chrome\Application\17.0.963.56\avcodec-53.dll
MOD - [2012/02/14 21:00:24 | 008,593,568 | ---- | M] () -- C:\Users\Sherry\AppData\Local\Google\Chrome\Application\17.0.963.56\gcswf32.dll
MOD - [2012/02/13 21:12:13 | 014,415,144 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2012/02/13 21:12:10 | 000,857,896 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2012/02/13 21:12:08 | 000,091,432 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-50.dll
MOD - [2012/02/13 21:12:06 | 000,155,432 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-52.dll
MOD - [2012/02/13 21:12:04 | 000,914,216 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-52.dll
MOD - [2011/11/28 06:58:45 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/09/16 02:05:58 | 000,398,288 | ---- | M] () -- C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2011/07/28 18:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/07/18 15:08:22 | 000,131,584 | ---- | M] () -- C:\Program Files (x86)\Uniblue\PowerSuite\locale\en\en.dll
MOD - [2011/07/18 15:08:22 | 000,047,616 | ---- | M] () -- C:\Program Files (x86)\Uniblue\PowerSuite\cache.dll
MOD - [2011/07/18 15:08:22 | 000,013,312 | ---- | M] () -- C:\Program Files (x86)\Uniblue\PowerSuite\cwebpage.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/05/20 17:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/05/17 11:11:42 | 000,290,816 | ---- | M] (Puran Software) [Disabled | Stopped] -- C:\Windows\SysNative\PuranDefragS.exe -- (PuranDefrag)
SRV:64bit: - [2010/02/05 22:23:06 | 000,865,824 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2010/01/28 18:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2010/01/22 12:01:12 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/11/02 14:48:18 | 000,126,352 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/12/19 16:32:26 | 000,394,672 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)
SRV - [2011/11/04 15:29:05 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/10/02 06:25:01 | 000,189,248 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWow64\PnkBstrB.ex0 -- (PnkBstrB)
SRV - [2011/10/02 06:24:56 | 000,075,136 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWow64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/09/23 18:08:19 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/09/23 18:01:09 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/12/07 05:32:02 | 002,228,008 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010/04/08 15:18:40 | 000,312,400 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/03 16:42:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2010/03/03 16:41:58 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2009/12/23 19:39:04 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2009/12/15 15:07:16 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/11 09:38:06 | 000,620,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007/05/31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/02/15 06:20:46 | 000,132,320 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/10/10 08:26:10 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/10/10 08:08:06 | 000,305,200 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/09/15 23:55:03 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/09/15 23:55:03 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011/08/01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/06/21 14:05:52 | 000,046,112 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tbhsd.sys -- (tbhsd)
DRV:64bit: - [2011/06/15 03:30:46 | 000,093,240 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2011/05/10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/04/13 22:47:55 | 000,031,216 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/07/15 22:24:21 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/04/07 13:04:22 | 002,216,960 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/02/10 21:02:00 | 000,158,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/01/22 12:13:24 | 006,233,088 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/01/22 11:07:56 | 000,161,280 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2009/12/17 12:42:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/12/01 21:21:32 | 000,040,448 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2009/11/02 14:48:02 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009/10/21 23:55:06 | 000,272,432 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009/10/16 05:32:22 | 000,321,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2009/09/30 12:34:32 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/09/17 15:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/06/19 21:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20)
DRV:64bit: - [2009/06/10 15:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 15:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/03/18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2008/08/28 11:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2007/05/14 16:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2006/11/10 08:08:58 | 000,030,720 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ATITool64.sys -- (ATITool)
DRV:64bit: - [2006/09/26 08:56:08 | 000,194,560 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV:64bit: - [2005/09/19 13:57:36 | 000,142,336 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbVM31b.sys -- (DCamUSBVM)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gate...80z1j5a46n1b235
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gate...80z1j5a46n1b235
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Facemoods Search"
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.startup.homepage: "http://start.facemoo...ds.com/?a=w7th"


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Sherry\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Sherry\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3C5F0F00-683D-4847-89C8-E7AF64FD1CFB}: C:\Program Files (x86)\RelevantKnowledge
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/12/24 08:49:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/12/07 21:58:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/10/30 17:10:56 | 000,000,000 | ---D | M]

[2011/08/19 07:15:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sherry\AppData\Roaming\Mozilla\Extensions
[2011/06/30 22:01:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sherry\AppData\Roaming\Mozilla\Extensions\[email protected]
[2010/07/15 15:14:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sherry\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/10/09 10:32:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sherry\AppData\Roaming\Mozilla\Firefox\Profiles\ywyf3121.default\extensions
[2011/10/09 10:32:45 | 000,000,000 | ---D | M] (Facemoods) -- C:\Users\Sherry\AppData\Roaming\Mozilla\Firefox\Profiles\ywyf3121.default\extensions\[email protected]
[2011/08/19 17:57:51 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Sherry\AppData\Roaming\Mozilla\Firefox\Profiles\ywyf3121.default\extensions\[email protected]
[2011/07/04 10:36:12 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Sherry\AppData\Roaming\Mozilla\Firefox\Profiles\ywyf3121.default\extensions\[email protected]
[2011/12/07 21:58:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/10/22 05:45:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/11/20 23:04:51 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/10/03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/11/20 20:04:05 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/10/09 10:32:48 | 000,002,047 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
[2011/11/20 20:04:05 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Sherry\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Sherry\AppData\Local\Google\Chrome\Application\17.0.963.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Sherry\AppData\Local\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Sherry\AppData\Local\Google\Chrome\Application\17.0.963.56\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Missing e = C:\Users\Sherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcjbagclppcgdbpobcpoojdjdmcjhpid\2.6.2_0\
CHR - Extension: YouTube = C:\Users\Sherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Kate Spade = C:\Users\Sherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhpfdkiglaphjhmhojbofcplejkjkoc\3_0\
CHR - Extension: Google Search = C:\Users\Sherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: UnfollowHater = C:\Users\Sherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpjobkfnjnakiggjoafelkncclbonjhm\1.0.6_1\
CHR - Extension: Search Center = C:\Users\Sherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndfplmdnbnefomnjiknbpejdceedhdmf\3.7.0_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Sherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Tumblr Savior = C:\Users\Sherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\oefddkjnflmjbclpnnoegglmmdfkidip\0.3.9_0\
CHR - Extension: Gmail = C:\Users\Sherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2011/11/22 07:34:43 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - Reg Error: Value error. File not found
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll File not found
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [EKAiO2StatusMonitor] C:\Windows\SysNative\spool\drivers\x64\3\EKAiO2MUI.exe (Eastman Kodak Company)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Conime] %windir%\system32\conime.exe File not found
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EKAiO2StatusMonitor] C:\Windows\system32\spool\DRIVERS\x64\3\EKAiO2MUI.EXE File not found
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [YouCam Service] C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe (CyberLink Corp.)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [PowerSuite] C:\Program Files (x86)\Uniblue\PowerSuite\Launcher.exe (Uniblue Systems Limited)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Sherry\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Sherry\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Sherry\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Sherry\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{36AA29EF-2F7C-4159-BDF3-ED69785F896F}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E71AD9B0-C556-4F31-82BE-2EF1C50DA2F0}: DhcpNameServer = 167.206.254.2 167.206.254.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/21 07:42:00 | 000,583,168 | ---- | C] (OldTimer Tools) -- C:\Users\Sherry\Desktop\OTL.exe
[2012/02/21 00:26:16 | 000,000,000 | -HSD | C] -- C:\found.004
[2012/02/20 20:56:08 | 000,000,000 | ---D | C] -- C:\Users\Sherry\Desktop\Avenged Sevenfold - Nightmare [2010]
[2012/02/19 11:43:52 | 000,000,000 | ---D | C] -- C:\Users\Sherry\Desktop\Gladhander - 4.2.1.theme
[2012/02/18 20:38:58 | 000,000,000 | ---D | C] -- C:\Users\Sherry\AppData\Roaming\redsn0w
[2012/02/15 18:16:23 | 000,000,000 | ---D | C] -- C:\Users\Sherry\Desktop\guitar ensemble
[2012/02/14 15:35:36 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Logs
[2012/02/14 15:33:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mass Effect 3 Demo
[2012/02/14 15:02:47 | 000,000,000 | ---D | C] -- C:\Users\Sherry\AppData\Roaming\Origin
[2012/02/14 15:02:47 | 000,000,000 | ---D | C] -- C:\Users\Sherry\AppData\Local\Origin
[2012/02/14 15:02:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
[2012/02/14 15:02:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin
[2012/02/14 15:02:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2012/02/14 15:02:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin
[2012/02/12 12:15:25 | 000,000,000 | ---D | C] -- C:\Users\Sherry\AppData\Roaming\Xilisoft
[2012/02/12 12:14:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xilisoft
[2012/02/12 12:01:43 | 000,000,000 | ---D | C] -- C:\OutputFolder
[2012/02/11 13:36:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse
[2012/02/07 06:18:05 | 000,000,000 | ---D | C] -- C:\Users\Sherry\AppData\Roaming\Avira
[2012/02/07 06:17:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012/02/07 06:17:27 | 000,132,320 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012/02/07 06:17:27 | 000,097,312 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012/02/07 06:17:27 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012/02/07 06:17:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012/02/07 06:17:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012/02/04 19:43:18 | 000,000,000 | ---D | C] -- C:\ProgramData\ChbShoot
[2012/01/31 03:18:13 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CyberLink
[2012/01/30 19:00:14 | 000,000,000 | ---D | C] -- C:\Users\Sherry\Documents\Avatar
[2012/01/30 18:59:28 | 000,000,000 | ---D | C] -- C:\Users\Sherry\AppData\Roaming\CyberLink
[2012/01/30 18:40:30 | 000,000,000 | ---D | C] -- C:\Users\Sherry\Documents\Youcam
[2012/01/30 18:40:29 | 000,000,000 | ---D | C] -- C:\Users\Sherry\AppData\Local\CyberLink
[2012/01/30 18:40:08 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2012/01/30 18:39:42 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink YouCam 5
[2012/01/30 18:33:53 | 000,000,000 | ---D | C] -- C:\ProgramData\install_clap
[2012/01/29 07:01:02 | 000,000,000 | ---D | C] -- C:\Users\Sherry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Terrafirma
[2012/01/29 07:01:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Terrafirma
[2012/01/28 06:39:05 | 000,000,000 | -HSD | C] -- C:\found.003
[2012/01/22 19:44:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ulead GIF Animator 5
[2012/01/22 19:44:30 | 001,056,768 | ---- | C] (Blue Sky Software Corporation.) -- C:\Windows\SysWow64\ROBOEX32.DLL
[2012/01/22 19:44:30 | 000,049,152 | ---- | C] (Blue Sky Software Corporation.) -- C:\Windows\SysWow64\INETWH32.dll
[2012/01/22 19:44:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ulead Systems
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/21 07:46:18 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/21 07:46:17 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3073798259-1430849664-2456542642-1000UA.job
[2012/02/21 07:43:19 | 000,583,168 | ---- | M] (OldTimer Tools) -- C:\Users\Sherry\Desktop\OTL.exe
[2012/02/21 07:39:57 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/21 07:39:57 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/21 07:28:43 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/21 07:28:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/21 07:28:14 | 3111,518,208 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/21 00:28:58 | 000,003,416 | ---- | M] () -- C:\bootsqm.dat
[2012/02/20 16:58:29 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3073798259-1430849664-2456542642-1000Core.job
[2012/02/19 13:32:33 | 000,000,600 | ---- | M] () -- C:\Users\Sherry\AppData\Roaming\winscp.rnd
[2012/02/18 05:17:03 | 000,001,805 | ---- | M] () -- C:\Users\Sherry\Desktop\Spotify.lnk
[2012/02/16 03:43:01 | 000,617,056 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/02/16 03:08:53 | 000,793,636 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/02/16 03:08:53 | 000,660,530 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/02/16 03:08:53 | 000,121,426 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/02/15 19:20:55 | 000,000,439 | ---- | M] () -- C:\Windows\ULEAD32.INI
[2012/02/15 06:20:46 | 000,132,320 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012/02/12 12:14:38 | 000,002,167 | ---- | M] () -- C:\Users\Public\Desktop\Xilisoft Video Converter Ultimate 6.lnk
[2012/02/10 20:04:54 | 544,015,614 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/02/05 17:00:10 | 000,059,392 | ---- | M] () -- C:\Users\Sherry\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/29 07:01:02 | 000,001,004 | ---- | M] () -- C:\Users\Sherry\Desktop\Terrafirma.lnk
[2012/01/22 19:44:55 | 000,003,176 | ---- | M] () -- C:\Windows\SysWow64\gafilter.sti
[2012/01/22 19:44:54 | 000,004,808 | ---- | M] () -- C:\Windows\SysWow64\gaeffect.sti
[2012/01/22 19:44:32 | 000,002,149 | ---- | M] () -- C:\Users\Public\Desktop\Ulead GIF Animator 5.lnk
[2012/01/22 19:35:54 | 000,007,750 | ---- | M] () -- C:\Users\Sherry\.recently-used.xbel
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/21 00:28:58 | 000,003,416 | ---- | C] () -- C:\bootsqm.dat
[2012/02/18 05:17:03 | 000,001,805 | ---- | C] () -- C:\Users\Sherry\Desktop\Spotify.lnk
[2012/02/12 12:14:38 | 000,002,167 | ---- | C] () -- C:\Users\Public\Desktop\Xilisoft Video Converter Ultimate 6.lnk
[2012/01/29 07:01:02 | 000,001,004 | ---- | C] () -- C:\Users\Sherry\Desktop\Terrafirma.lnk
[2012/01/22 19:44:55 | 000,003,176 | ---- | C] () -- C:\Windows\SysWow64\gafilter.sti
[2012/01/22 19:44:54 | 000,004,808 | ---- | C] () -- C:\Windows\SysWow64\gaeffect.sti
[2012/01/22 19:44:32 | 000,002,149 | ---- | C] () -- C:\Users\Public\Desktop\Ulead GIF Animator 5.lnk
[2012/01/22 19:44:32 | 000,000,439 | ---- | C] () -- C:\Windows\ULEAD32.INI
[2012/01/22 19:35:54 | 000,007,750 | ---- | C] () -- C:\Users\Sherry\.recently-used.xbel
[2011/11/27 06:24:08 | 000,773,482 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/11/22 07:22:01 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/11/22 07:22:01 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/11/22 07:22:01 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/11/22 07:22:01 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/11/22 07:22:01 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/10/02 06:25:01 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/10/02 06:24:56 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/09/28 16:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/08/01 08:42:31 | 001,627,136 | ---- | C] () -- C:\Windows\SysWow64\fftw3.dll
[2011/08/01 08:42:31 | 001,527,650 | ---- | C] () -- C:\Windows\SysWow64\libfftw3f-3.dll
[2011/08/01 08:42:31 | 000,140,288 | ---- | C] () -- C:\Windows\SysWow64\avsfilter.dll
[2011/08/01 08:42:31 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\avisynth_c.dll
[2011/08/01 08:42:31 | 000,004,608 | ---- | C] () -- C:\Windows\SysWow64\AvsRecursion.dll
[2011/08/01 06:30:15 | 000,129,024 | ---- | C] () -- C:\Windows\SysWow64\AVERM.dll
[2011/08/01 06:30:15 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\AVEQT.dll
[2011/07/26 07:47:40 | 000,372,736 | ---- | C] () -- C:\Windows\SysWow64\RSLSP.dll
[2011/07/18 19:28:59 | 000,158,720 | ---- | C] () -- C:\Windows\SysWow64\WS_VideoConverterContextMenu.dll
[2011/07/17 14:55:05 | 003,835,624 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe
[2011/07/04 13:56:41 | 000,000,083 | ---- | C] () -- C:\Windows\SysWow64\winitn.dll
[2011/07/04 13:56:33 | 000,000,001 | ---- | C] () -- C:\Windows\sslzdlt.dll
[2011/07/04 13:56:32 | 000,484,352 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2011/03/24 19:37:24 | 000,000,008 | -HS- | C] () -- C:\Users\Sherry\AppData\Local\systemCurUses
[2011/03/24 19:37:22 | 000,000,006 | -HS- | C] () -- C:\Users\Sherry\AppData\Local\systemHdID
[2011/03/06 10:19:00 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011/02/27 12:23:21 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/01/17 07:54:31 | 000,000,600 | ---- | C] () -- C:\Users\Sherry\AppData\Roaming\winscp.rnd
[2010/11/14 10:05:58 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2010/11/14 06:28:19 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI
[2010/11/03 18:56:40 | 000,059,392 | ---- | C] () -- C:\Users\Sherry\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/02 17:25:56 | 000,000,186 | ---- | C] () -- C:\Program Files (x86)\InstallRecord.blob
[2010/10/03 05:52:04 | 000,284,396 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010/08/07 07:51:27 | 000,000,036 | ---- | C] () -- C:\Users\Sherry\AppData\Local\housecall.guid.cache
[2010/05/28 20:41:45 | 000,001,035 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/05/28 20:41:00 | 000,001,665 | ---- | C] () -- C:\Windows\WPatchProgress.ini
[2010/05/28 20:11:55 | 000,000,033 | ---- | C] () -- C:\Windows\LaunApp.ini
[2010/05/28 19:52:04 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/03/23 23:10:48 | 000,000,189 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2010/03/23 23:10:48 | 000,000,168 | ---- | C] () -- C:\Windows\WisLangCode.ini
[2010/03/23 23:10:48 | 000,000,147 | ---- | C] () -- C:\Windows\WisPriority.ini

========== LOP Check ==========

[2011/06/22 14:53:59 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\.minecraft
[2010/07/15 15:29:00 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\acccore
[2010/10/26 13:55:01 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\AnvSoft
[2011/04/09 04:53:55 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\Audacity
[2010/12/22 23:10:39 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\Bioshock
[2010/08/07 19:58:13 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\BitDefender
[2010/07/15 22:31:57 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\DAEMON Tools Lite
[2011/07/24 10:41:09 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\dBpoweramp
[2011/08/18 17:43:12 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\DVDVideoSoft
[2011/08/01 09:15:43 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/11/11 07:39:32 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\FlashGet
[2010/12/31 08:30:36 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\fltk.org
[2011/07/30 06:41:29 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\FreeAudioPack
[2011/08/31 09:18:36 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\FrostWire
[2011/08/01 06:19:29 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\GetRightToGo
[2012/01/22 19:35:54 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\gtk-2.0
[2011/07/19 08:12:56 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\HandBrake
[2011/06/20 10:41:06 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\IrfanView
[2010/11/20 13:20:09 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\Leadertech
[2010/10/03 11:27:13 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\LEGO Company
[2010/10/03 11:20:56 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\ManyCam
[2011/12/24 11:22:13 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\MoreTerra
[2011/08/26 23:11:14 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\ooVoo Details
[2012/02/14 15:03:53 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\Origin
[2010/12/25 22:49:00 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\PC Suite
[2010/10/03 05:51:51 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\prankhouse
[2011/01/31 05:25:36 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\QuickScan
[2012/02/18 20:43:51 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\redsn0w
[2011/08/20 04:32:14 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\RoboForm
[2010/10/22 18:34:36 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\runic games
[2010/12/25 22:48:59 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\Samsung
[2010/10/03 11:32:21 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\SanDisk
[2011/10/11 22:00:10 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\SnapTeam
[2010/07/15 13:42:40 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\Spearit
[2012/02/20 22:50:01 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\Spotify
[2011/12/25 06:35:18 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\SystemRequirementsLab
[2011/06/29 14:31:27 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\Systweak
[2011/01/08 17:14:09 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\TeamViewer
[2011/08/24 12:50:46 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\Temp
[2011/01/29 11:04:17 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\tidysongs15.27F6A35B76E5883BF9E6FEE514586561E60595CA.1
[2011/01/29 10:46:30 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\tidysongs16
[2011/06/30 22:01:51 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\TomTom
[2011/10/29 16:25:39 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\TS3Client
[2011/06/25 10:47:18 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\Tunngle
[2011/10/10 07:45:58 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\Uniblue
[2012/02/20 20:57:08 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\uTorrent
[2010/12/29 10:57:08 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\VMK Pal
[2011/01/16 21:25:43 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\WinAVI
[2010/11/03 20:01:29 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\WindSolutions
[2011/08/19 17:57:51 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\Wondershare
[2012/02/12 12:15:25 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\Xilisoft
[2011/10/22 09:59:03 | 000,032,646 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#2
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hi
:welcome: . I'm Michael and I'm going to help you fix your computer :)

Note: Before we start the process you should:
  • POST your logs, don't attach them, as it makes it harder to read. Also please don't edit any log in any case
  • Disable ANY programs that offer real-time protection features while executing my instructions. That includes your antivirus, antispyware, windows defender or any other program that offers protection. When you're clean or waiting for my next set of instructions, re-enable them .If you need any help disabling them, ask.
  • Topics that are idle for 4 days after I post instructions will be closed, unless I'm notified of the delay.
  • Last, as most of the tools we use here need administrative rights in order to function properly, I expect that you will be running them from an administrator account.

Very sorry for the late reply. You should have posted at the waiting room earlier.

We need to get fresh logs.

Posted Image OTL Custom Scan
  • Download OTL to your Desktop
  • Double click on the Posted Image icon to run it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top, make sure Stadard output is selected.
  • Select Scan all users
  • Under Extra Registry select Use Safelist
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scans/Fixes box copy and paste this in:

    netsvcs
    %SYSTEMDRIVE%\*.exe
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %SYSTEMDRIVE%\*.exe
    %ALLUSERSPROFILE%\Application Data\*.exe
    %APPDATA%\*.
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    CREATERESTOREPOINT

  • Click the Posted Image button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open OTL.Txt and Extras.txt in Notepad windows.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files and post them with your next reply.


Next:

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image

Also in Desktop there should be a file called MBR.dat after that, zip it and then attach it here :thumbsup:
  • 0

#3
xCherryXSherryx

xCherryXSherryx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts
Hi, sorry about the late reply. Also it's not letting me attach the zip file :/

Here's OTL.txt:

OTL logfile created on: 4/12/2012 6:18:42 PM - Run 8
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Sherry\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.86 Gb Total Physical Memory | 2.13 Gb Available Physical Memory | 55.25% Memory free
9.66 Gb Paging File | 7.72 Gb Available in Paging File | 79.90% Paging File free
Paging file location(s): C:\pagefile.sys 5934 5934 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.97 Gb Total Space | 96.70 Gb Free Space | 21.35% Space Free | Partition Type: NTFS

Computer Name: SHERRY-PC | User Name: Sherry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/12 18:16:28 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Sherry\Desktop\OTL.exe
PRC - [2012/03/11 22:57:55 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012/03/11 22:56:50 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2012/03/11 22:56:29 | 000,342,480 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
PRC - [2012/03/11 22:56:25 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/03/11 22:56:23 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/02/15 10:32:12 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
PRC - [2012/01/13 15:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/01/13 15:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/12/19 17:32:26 | 000,394,672 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
PRC - [2011/11/28 21:53:03 | 000,255,208 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
PRC - [2011/07/28 19:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/07/18 16:08:22 | 000,053,088 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files (x86)\Uniblue\PowerSuite\powersuite.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010/12/07 06:32:02 | 002,228,008 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2010/04/08 16:18:40 | 000,908,368 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2010/04/08 16:18:40 | 000,312,400 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2010/04/08 16:18:40 | 000,298,064 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2010/03/03 17:42:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/03/03 17:41:58 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/01/28 19:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
PRC - [2009/12/23 20:39:04 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009/12/23 20:39:02 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe


========== Modules (No Company Name) ==========

MOD - [2012/04/09 15:42:11 | 008,743,584 | ---- | M] () -- C:\Users\Sherry\AppData\Local\Google\Chrome\Application\18.0.1025.152\gcswf32.dll
MOD - [2012/02/16 04:52:00 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll
MOD - [2012/02/16 04:51:21 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll
MOD - [2012/02/16 04:51:06 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll
MOD - [2012/02/16 04:50:47 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll
MOD - [2012/02/16 04:50:42 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012/02/16 04:50:39 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
MOD - [2012/02/16 04:50:36 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2011/11/28 07:58:45 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/07/28 19:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 19:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/07/18 16:08:22 | 000,131,584 | ---- | M] () -- C:\Program Files (x86)\Uniblue\PowerSuite\locale\en\en.dll
MOD - [2011/07/18 16:08:22 | 000,047,616 | ---- | M] () -- C:\Program Files (x86)\Uniblue\PowerSuite\cache.dll
MOD - [2011/07/18 16:08:22 | 000,013,312 | ---- | M] () -- C:\Program Files (x86)\Uniblue\PowerSuite\cwebpage.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/05/20 18:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/05/17 12:11:42 | 000,290,816 | ---- | M] (Puran Software) [Disabled | Stopped] -- C:\Windows\SysNative\PuranDefragS.exe -- (PuranDefrag)
SRV:64bit: - [2010/02/05 23:23:06 | 000,865,824 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2010/01/28 19:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2010/01/22 13:01:12 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/11/02 15:48:18 | 000,126,352 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/04/01 07:26:48 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/11 22:57:55 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/03/11 22:56:50 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2012/03/11 22:56:29 | 000,342,480 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2012/03/11 22:56:25 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/01/13 15:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/12/19 17:32:26 | 000,394,672 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)
SRV - [2011/11/04 16:29:05 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/10/02 07:25:01 | 000,189,248 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWow64\PnkBstrB.ex0 -- (PnkBstrB)
SRV - [2011/10/02 07:24:56 | 000,075,136 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWow64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/12/07 06:32:02 | 002,228,008 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010/04/08 16:18:40 | 000,312,400 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/03 17:42:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2010/03/03 17:41:58 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2009/12/23 20:39:04 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2009/12/15 16:07:16 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/11 10:38:06 | 000,620,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007/05/31 18:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 18:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/02/15 07:20:46 | 000,132,320 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/10/10 09:26:10 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/10/10 09:08:06 | 000,305,200 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/09/16 00:55:03 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/09/16 00:55:03 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011/08/01 16:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/06/21 15:05:52 | 000,046,112 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tbhsd.sys -- (tbhsd)
DRV:64bit: - [2011/06/15 04:30:46 | 000,093,240 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2011/04/13 23:47:55 | 000,031,216 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/07/15 23:24:21 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/04/07 14:04:22 | 002,216,960 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/02/10 22:02:00 | 000,158,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/01/22 13:13:24 | 006,233,088 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/01/22 12:07:56 | 000,161,280 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2009/12/17 13:42:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/12/01 22:21:32 | 000,040,448 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2009/11/02 15:48:02 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009/10/22 00:55:06 | 000,272,432 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009/10/16 06:32:22 | 000,321,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2009/09/30 13:34:32 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/09/17 16:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/06/19 22:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20)
DRV:64bit: - [2009/06/10 16:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 16:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/03/18 18:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2008/08/28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2007/05/14 17:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2006/11/10 09:08:58 | 000,030,720 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ATITool64.sys -- (ATITool)
DRV:64bit: - [2006/09/26 09:56:08 | 000,194,560 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV:64bit: - [2005/09/19 14:57:36 | 000,142,336 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbVM31b.sys -- (DCamUSBVM)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gate...80z1j5a46n1b235
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = http://dts.search-re...q={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ACGW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}: "URL" = http://dts.search-re...q={searchTerms}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3073798259-1430849664-2456542642-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gate...80z1j5a46n1b235
IE - HKU\S-1-5-21-3073798259-1430849664-2456542642-1000\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
IE - HKU\S-1-5-21-3073798259-1430849664-2456542642-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-3073798259-1430849664-2456542642-1000\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoo...earchTerms}&f=4
IE - HKU\S-1-5-21-3073798259-1430849664-2456542642-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...hTerms}&locale=
IE - HKU\S-1-5-21-3073798259-1430849664-2456542642-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...1I7ACGW_enUS388
IE - HKU\S-1-5-21-3073798259-1430849664-2456542642-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\S-1-5-21-3073798259-1430849664-2456542642-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKU\S-1-5-21-3073798259-1430849664-2456542642-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKU\S-1-5-21-3073798259-1430849664-2456542642-1000\..\SearchScopes\{E718C3DE-111B-48C1-BC1C-FF248EB10C9B}: "URL" = http://search.avg.co...}&ychte=us&nt=1
IE - HKU\S-1-5-21-3073798259-1430849664-2456542642-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3073798259-1430849664-2456542642-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Facemoods Search"
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.startup.homepage: "http://start.facemoo...ds.com/?a=w7th"


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_228.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Sherry\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Sherry\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3C5F0F00-683D-4847-89C8-E7AF64FD1CFB}: C:\Program Files (x86)\RelevantKnowledge
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/12/24 09:49:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/12/07 22:58:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/10/30 18:10:56 | 000,000,000 | ---D | M]

[2011/08/19 08:15:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sherry\AppData\Roaming\Mozilla\Extensions
[2011/06/30 23:01:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sherry\AppData\Roaming\Mozilla\Extensions\[email protected]
[2010/07/15 16:14:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sherry\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/10/09 11:32:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sherry\AppData\Roaming\Mozilla\Firefox\Profiles\ywyf3121.default\extensions
[2011/10/09 11:32:45 | 000,000,000 | ---D | M] (Facemoods) -- C:\Users\Sherry\AppData\Roaming\Mozilla\Firefox\Profiles\ywyf3121.default\extensions\[email protected]
[2011/08/19 18:57:51 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Sherry\AppData\Roaming\Mozilla\Firefox\Profiles\ywyf3121.default\extensions\[email protected]
[2011/07/04 11:36:12 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Sherry\AppData\Roaming\Mozilla\Firefox\Profiles\ywyf3121.default\extensions\[email protected]
[2012/03/11 23:01:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/03/11 23:01:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2011/11/21 00:04:51 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/03/11 23:01:22 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/11/20 21:04:05 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/10/09 11:32:48 | 000,002,047 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
[2011/11/20 21:04:05 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Sherry\AppData\Local\Google\Chrome\Application\18.0.1025.152\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Sherry\AppData\Local\Google\Chrome\Application\18.0.1025.152\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Sherry\AppData\Local\Google\Chrome\Application\18.0.1025.152\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Sherry\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - Extension: Missing e = C:\Users\Sherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcjbagclppcgdbpobcpoojdjdmcjhpid\2.9.8_0\
CHR - Extension: YouTube = C:\Users\Sherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Kate Spade = C:\Users\Sherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhpfdkiglaphjhmhojbofcplejkjkoc\3_0\
CHR - Extension: Google Search = C:\Users\Sherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: UnfollowHater = C:\Users\Sherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpjobkfnjnakiggjoafelkncclbonjhm\1.0.6_1\
CHR - Extension: Search Center = C:\Users\Sherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndfplmdnbnefomnjiknbpejdceedhdmf\3.7.3_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Sherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Tumblr Savior = C:\Users\Sherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\oefddkjnflmjbclpnnoegglmmdfkidip\0.3.9_0\
CHR - Extension: Gmail = C:\Users\Sherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2011/11/22 08:34:43 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - Reg Error: Value error. File not found
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-3073798259-1430849664-2456542642-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [EKAiO2StatusMonitor] C:\Windows\SysNative\spool\drivers\x64\3\EKAiO2MUI.exe (Eastman Kodak Company)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Conime] %windir%\system32\conime.exe File not found
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EKAiO2StatusMonitor] C:\Windows\system32\spool\DRIVERS\x64\3\EKAiO2MUI.EXE File not found
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [YouCam Service] C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-3073798259-1430849664-2456542642-1000..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-21-3073798259-1430849664-2456542642-1000..\Run: [PowerSuite] C:\Program Files (x86)\Uniblue\PowerSuite\Launcher.exe (Uniblue Systems Limited)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [InnoSetupRegFile.0000000001] C:\Windows\is-NP1RF.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [KodakHomeCenter] C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe (Eastman Kodak Company)
O4 - HKU\S-1-5-18..\RunOnce: [KodakHomeCenter] C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe (Eastman Kodak Company)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3073798259-1430849664-2456542642-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3073798259-1430849664-2456542642-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3073798259-1430849664-2456542642-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Sherry\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Sherry\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Sherry\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Sherry\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{36AA29EF-2F7C-4159-BDF3-ED69785F896F}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E71AD9B0-C556-4F31-82BE-2EF1C50DA2F0}: DhcpNameServer = 167.206.254.2 167.206.254.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*



SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: vidc.i420 - C:\Windows\SysWow64\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.VP60 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: vidc.yv12 - C:\Windows\SysWow64\yv12vfw.dll (www.helixcommunity.org)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/04/12 18:16:27 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Sherry\Desktop\OTL.exe
[2012/04/01 07:26:42 | 008,767,136 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012/04/01 06:38:10 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/03/28 06:06:42 | 000,000,000 | ---D | C] -- C:\Users\Sherry\Desktop\Firefly
[2012/03/23 19:55:40 | 000,000,000 | ---D | C] -- C:\Users\Sherry\AppData\Local\Spotify
[2012/03/23 19:54:17 | 000,000,000 | ---D | C] -- C:\Users\Sherry\AppData\Roaming\Spotify
[2012/03/22 15:12:12 | 004,435,968 | ---- | C] (Google Inc.) -- C:\Windows\SysWow64\GPhotos.scr
[2012/03/17 17:53:29 | 000,000,000 | ---D | C] -- C:\Users\Sherry\Desktop\Mass Effect 3 CE Soundtrack
[2012/03/13 22:12:36 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/03/13 22:12:35 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/03/13 22:12:35 | 003,913,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/12 18:26:03 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/12 18:16:28 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Sherry\Desktop\OTL.exe
[2012/04/12 17:51:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3073798259-1430849664-2456542642-1000UA.job
[2012/04/12 17:47:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/12 16:39:08 | 000,334,907 | ---- | M] () -- C:\Users\Sherry\Desktop\Untitled.png
[2012/04/12 16:26:24 | 000,779,266 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/04/12 16:26:24 | 000,660,530 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/04/12 16:26:24 | 000,121,426 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/04/12 16:25:46 | 000,071,442 | ---- | M] () -- C:\Users\Sherry\Desktop\nuhyyhu.JPG
[2012/04/12 16:25:12 | 000,036,332 | ---- | M] () -- C:\Users\Sherry\Desktop\IMG09851-20120412-1613.jpg
[2012/04/12 06:31:20 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/12 06:23:11 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3073798259-1430849664-2456542642-1000Core.job
[2012/04/12 06:23:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/11 21:03:53 | 000,711,240 | ---- | M] () -- C:\Windows\is-NP1RF.exe
[2012/04/11 21:03:53 | 000,010,498 | ---- | M] () -- C:\Windows\is-NP1RF.msg
[2012/04/11 21:03:53 | 000,000,459 | ---- | M] () -- C:\Windows\is-NP1RF.lst
[2012/04/11 15:08:24 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/11 15:08:24 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/11 15:00:03 | 3111,518,208 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/09 12:53:32 | 730,527,744 | ---- | M] () -- C:\Users\Sherry\Desktop\School Of Rock.avi
[2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/04/01 07:26:48 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/04/01 07:26:48 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/04/01 07:26:42 | 008,767,136 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012/03/22 15:12:12 | 004,435,968 | ---- | M] (Google Inc.) -- C:\Windows\SysWow64\GPhotos.scr
[2012/03/21 15:15:38 | 571,431,519 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/03/20 03:09:26 | 000,773,482 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/03/16 10:29:51 | 000,617,056 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/12 16:39:08 | 000,334,907 | ---- | C] () -- C:\Users\Sherry\Desktop\Untitled.png
[2012/04/12 16:23:38 | 000,036,332 | ---- | C] () -- C:\Users\Sherry\Desktop\IMG09851-20120412-1613.jpg
[2012/04/12 16:16:39 | 000,071,442 | ---- | C] () -- C:\Users\Sherry\Desktop\nuhyyhu.JPG
[2012/04/12 15:50:35 | 003,146,240 | ---- | C] () -- C:\Users\Sherry\Desktop\Earthbound.smc
[2012/04/11 21:03:53 | 000,711,240 | ---- | C] () -- C:\Windows\is-NP1RF.exe
[2012/04/11 21:03:53 | 000,010,498 | ---- | C] () -- C:\Windows\is-NP1RF.msg
[2012/04/11 21:03:53 | 000,000,459 | ---- | C] () -- C:\Windows\is-NP1RF.lst
[2012/04/08 16:13:28 | 730,527,744 | ---- | C] () -- C:\Users\Sherry\Desktop\School Of Rock.avi
[2012/04/01 06:38:14 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/03/23 19:55:39 | 000,001,805 | ---- | C] () -- C:\Users\Sherry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
[2012/01/22 20:44:32 | 000,000,439 | ---- | C] () -- C:\Windows\ULEAD32.INI
[2011/11/27 07:24:08 | 000,773,482 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/11/22 08:22:01 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/11/22 08:22:01 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/11/22 08:22:01 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/11/22 08:22:01 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/11/22 08:22:01 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/10/02 07:25:01 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/10/02 07:24:56 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/08/01 09:42:31 | 001,627,136 | ---- | C] () -- C:\Windows\SysWow64\fftw3.dll
[2011/08/01 09:42:31 | 001,527,650 | ---- | C] () -- C:\Windows\SysWow64\libfftw3f-3.dll
[2011/08/01 09:42:31 | 000,140,288 | ---- | C] () -- C:\Windows\SysWow64\avsfilter.dll
[2011/08/01 09:42:31 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\avisynth_c.dll
[2011/08/01 09:42:31 | 000,004,608 | ---- | C] () -- C:\Windows\SysWow64\AvsRecursion.dll
[2011/08/01 07:30:15 | 000,129,024 | ---- | C] () -- C:\Windows\SysWow64\AVERM.dll
[2011/08/01 07:30:15 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\AVEQT.dll
[2011/07/26 08:47:40 | 000,372,736 | ---- | C] () -- C:\Windows\SysWow64\RSLSP.dll
[2011/07/18 20:28:59 | 000,158,720 | ---- | C] () -- C:\Windows\SysWow64\WS_VideoConverterContextMenu.dll
[2011/07/17 15:55:05 | 003,835,624 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe
[2011/07/04 14:56:41 | 000,000,083 | ---- | C] () -- C:\Windows\SysWow64\winitn.dll
[2011/07/04 14:56:33 | 000,000,001 | ---- | C] () -- C:\Windows\sslzdlt.dll
[2011/07/04 14:56:32 | 000,484,352 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2011/03/24 20:37:24 | 000,000,008 | -HS- | C] () -- C:\Users\Sherry\AppData\Local\systemCurUses
[2011/03/24 20:37:22 | 000,000,006 | -HS- | C] () -- C:\Users\Sherry\AppData\Local\systemHdID
[2011/03/06 11:19:00 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011/02/27 13:23:21 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/01/17 08:54:31 | 000,000,600 | ---- | C] () -- C:\Users\Sherry\AppData\Roaming\winscp.rnd
[2010/11/14 11:05:58 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2010/11/14 07:28:19 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI
[2010/11/03 19:56:40 | 000,059,392 | ---- | C] () -- C:\Users\Sherry\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/02 18:25:56 | 000,000,186 | ---- | C] () -- C:\Program Files (x86)\InstallRecord.blob
[2010/10/03 06:52:04 | 000,284,396 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010/08/07 08:51:27 | 000,000,036 | ---- | C] () -- C:\Users\Sherry\AppData\Local\housecall.guid.cache
[2010/05/28 21:41:45 | 000,001,035 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/05/28 21:41:00 | 000,001,665 | ---- | C] () -- C:\Windows\WPatchProgress.ini
[2010/05/28 21:11:55 | 000,000,033 | ---- | C] () -- C:\Windows\LaunApp.ini
[2010/05/28 20:52:04 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

========== LOP Check ==========

[2011/09/07 17:45:55 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Temp
[2011/09/07 17:45:55 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Temp
[2011/06/22 15:53:59 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\.minecraft
[2010/07/15 16:29:00 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\acccore
[2010/10/26 14:55:01 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\AnvSoft
[2011/04/09 05:53:55 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\Audacity
[2010/12/23 00:10:39 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\Bioshock
[2010/08/07 20:58:13 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\BitDefender
[2012/02/26 10:39:58 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\DAEMON Tools Lite
[2011/07/24 11:41:09 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\dBpoweramp
[2011/08/18 18:43:12 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\DVDVideoSoft
[2011/08/01 10:15:43 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/11/11 08:39:32 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\FlashGet
[2010/12/31 09:30:36 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\fltk.org
[2011/07/30 07:41:29 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\FreeAudioPack
[2011/08/31 10:18:36 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\FrostWire
[2011/08/01 07:19:29 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\GetRightToGo
[2012/01/22 20:35:54 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\gtk-2.0
[2011/07/19 09:12:56 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\HandBrake
[2011/06/20 11:41:06 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\IrfanView
[2010/11/20 14:20:09 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\Leadertech
[2010/10/03 12:27:13 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\LEGO Company
[2010/10/03 12:20:56 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\ManyCam
[2011/12/24 12:22:13 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\MoreTerra
[2011/08/27 00:11:14 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\ooVoo Details
[2012/02/14 16:03:53 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\Origin
[2010/12/25 23:49:00 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\PC Suite
[2010/10/03 06:51:51 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\prankhouse
[2011/01/31 06:25:36 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\QuickScan
[2012/02/18 21:43:51 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\redsn0w
[2011/08/20 05:32:14 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\RoboForm
[2010/10/22 19:34:36 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\runic games
[2010/12/25 23:48:59 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\Samsung
[2010/10/03 12:32:21 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\SanDisk
[2011/10/11 23:00:10 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\SnapTeam
[2010/07/15 14:42:40 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\Spearit
[2012/04/02 18:21:22 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\Spotify
[2011/12/25 07:35:18 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\SystemRequirementsLab
[2011/06/29 15:31:27 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\Systweak
[2011/01/08 18:14:09 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\TeamViewer
[2011/08/24 13:50:46 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\Temp
[2011/01/29 12:04:17 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\tidysongs15.27F6A35B76E5883BF9E6FEE514586561E60595CA.1
[2011/01/29 11:46:30 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\tidysongs16
[2011/06/30 23:01:51 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\TomTom
[2011/10/29 17:25:39 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\TS3Client
[2011/06/25 11:47:18 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\Tunngle
[2011/10/10 08:45:58 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\Uniblue
[2012/04/11 14:58:38 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\uTorrent
[2010/12/29 11:57:08 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\VMK Pal
[2011/01/16 22:25:43 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\WinAVI
[2010/11/03 21:01:29 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\WindSolutions
[2011/08/19 18:57:51 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\Wondershare
[2012/02/12 13:15:25 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\Xilisoft
[2011/10/22 10:59:03 | 000,032,646 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2011/06/22 15:53:59 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\.minecraft
[2010/07/15 16:29:00 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\acccore
[2011/07/17 15:55:53 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\AccurateRip
[2011/05/12 19:15:39 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\Adobe
[2010/10/26 14:55:01 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\AnvSoft
[2011/10/16 17:09:59 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\Apple Computer
[2010/07/16 02:10:14 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\ATI
[2011/04/09 05:53:55 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\Audacity
[2012/02/07 07:18:05 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\Avira
[2012/01/03 08:24:21 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\AVS4YOU
[2010/12/23 00:10:39 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\Bioshock
[2010/08/07 20:58:13 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\BitDefender
[2012/01/30 19:59:28 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\CyberLink
[2012/02/26 10:39:58 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\DAEMON Tools Lite
[2011/07/24 11:41:09 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\dBpoweramp
[2010/08/19 18:01:11 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\DivX
[2010/10/04 17:03:25 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\dvdcss
[2011/08/18 18:43:12 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\DVDVideoSoft
[2011/08/01 10:15:43 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/11/11 08:39:32 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\FlashGet
[2010/12/31 09:30:36 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\fltk.org
[2011/07/30 07:41:29 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\FreeAudioPack
[2011/08/31 10:18:36 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\FrostWire
[2011/08/01 07:19:29 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\GetRightToGo
[2010/07/16 02:16:36 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\Google
[2011/07/04 09:02:38 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\Google Chrome Backup
[2012/01/22 20:35:54 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\gtk-2.0
[2011/07/19 09:12:56 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\HandBrake
[2010/07/16 02:09:02 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\Identities
[2010/11/14 10:47:19 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\IGN_DLM
[2010/07/16 02:09:50 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\Intel Corporation
[2011/06/20 11:41:06 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\IrfanView
[2010/11/20 14:20:09 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\Leadertech
[2010/10/03 12:27:13 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\LEGO Company
[2010/07/16 02:09:34 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\Macromedia
[2010/07/15 15:05:18 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\Malwarebytes
[2010/10/03 12:20:56 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\ManyCam
[2010/03/24 00:23:39 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\Media Center Programs
[2012/01/21 18:19:05 | 000,000,000 | --SD | M] -- C:\Users\Sherry\AppData\Roaming\Microsoft
[2011/12/24 12:22:13 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\MoreTerra
[2010/07/15 14:59:57 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\Mozilla
[2010/08/26 21:09:51 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\MozillaControl
[2011/08/27 00:11:14 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\ooVoo Details
[2012/02/14 16:03:53 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\Origin
[2010/12/25 23:49:00 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\PC Suite
[2010/10/03 06:51:51 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\prankhouse
[2011/01/31 06:25:36 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\QuickScan
[2012/02/18 21:43:51 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\redsn0w
[2011/08/20 05:32:14 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\RoboForm
[2010/10/22 19:34:36 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\runic games
[2010/12/25 23:48:59 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\Samsung
[2010/10/03 12:32:21 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\SanDisk
[2011/10/24 21:17:16 | 000,000,000 | RH-D | M] -- C:\Users\Sherry\AppData\Roaming\SecuROM
[2011/03/18 20:33:10 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\Skype
[2011/03/06 11:18:58 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\skypePM
[2011/10/11 23:00:10 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\SnapTeam
[2010/07/15 14:42:40 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\Spearit
[2012/04/02 18:21:22 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\Spotify
[2011/12/25 07:35:18 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\SystemRequirementsLab
[2011/06/29 15:31:27 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\Systweak
[2011/01/08 18:14:09 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\TeamViewer
[2011/08/24 13:50:46 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\Temp
[2011/01/29 12:04:17 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\tidysongs15.27F6A35B76E5883BF9E6FEE514586561E60595CA.1
[2011/01/29 11:46:30 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\tidysongs16
[2011/06/30 23:01:51 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\TomTom
[2011/10/29 17:25:39 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\TS3Client
[2011/06/25 11:47:18 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\Tunngle
[2010/08/02 14:58:17 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\U3
[2011/10/10 08:45:58 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\Uniblue
[2012/04/11 14:58:38 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\uTorrent
[2011/10/16 21:21:50 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\Ventrilo
[2011/08/19 18:57:51 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\vlc
[2010/12/29 11:57:08 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\VMK Pal
[2011/01/16 22:25:43 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\WinAVI
[2010/11/03 21:01:29 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\WindSolutions
[2010/07/15 15:30:39 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\WinRAR
[2011/08/19 18:57:51 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\Wondershare
[2012/02/12 13:15:25 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\Xilisoft

< MD5 for: EXPLORER.EXE >
[2011/02/26 02:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 01:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2010/03/23 23:49:58 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\ERDNT\cache86\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010/03/23 23:42:58 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/03/23 23:49:58 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010/03/23 23:42:58 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 09:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2010/03/23 23:49:58 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010/03/23 23:42:58 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 21:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2010/03/23 23:49:58 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 02:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2010/03/23 23:42:58 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: SVCHOST.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache86\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\ERDNT\cache64\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache86\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\ERDNT\cache64\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\ERDNT\cache64\winlogon.exe
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 21:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2010/03/23 23:49:58 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2010/03/23 23:49:58 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/11/21 00:04:51 | 000,713,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/11/21 00:04:51 | 000,713,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/11/21 00:04:51 | 000,713,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2011/11/21 00:04:51 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2011/11/21 00:04:51 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2011/11/21 00:04:51 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\Sherry\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2012/04/09 16:28:49 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\Sherry\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2012/04/09 16:28:49 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\Sherry\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/04/09 16:28:49 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\Sherry\AppData\Local\Google\Chrome\Application\chrome.exe" [2012/04/09 16:28:49 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2010/11/20 08:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2010/11/20 08:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2010/11/20 08:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2010/11/20 08:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" [2010/11/20 08:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2011/11/21 00:04:51 | 000,713,600 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2011/11/21 00:04:51 | 000,713,600 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2011/11/21 00:04:51 | 000,713,600 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE [2011/11/21 00:04:51 | 000,924,632 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2011/11/21 00:04:51 | 000,924,632 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE [2011/11/21 00:04:51 | 000,924,632 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\USERS\SHERRY\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2012/04/09 16:28:49 | 001,224,176 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\USERS\SHERRY\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2012/04/09 16:28:49 | 001,224,176 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\USERS\SHERRY\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2012/04/09 16:28:49 | 001,224,176 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\USERS\SHERRY\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2012/04/09 16:28:49 | 001,224,176 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2009/07/13 21:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2009/07/13 21:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2009/07/13 21:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2010/11/20 08:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" [2010/11/20 08:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< End of report >

Here's Extras.txt:
OTL Extras logfile created on: 4/12/2012 6:18:42 PM - Run 8
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Sherry\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.86 Gb Total Physical Memory | 2.13 Gb Available Physical Memory | 55.25% Memory free
9.66 Gb Paging File | 7.72 Gb Available in Paging File | 79.90% Paging File free
Paging file location(s): C:\pagefile.sys 5934 5934 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.97 Gb Total Space | 96.70 Gb Free Space | 21.35% Space Free | Partition Type: NTFS

Computer Name: SHERRY-PC | User Name: Sherry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-3073798259-1430849664-2456542642-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0645A454-AD44-4F0D-99CF-6B762735AD1F}" = aioprnt
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{25D04DBB-FE9D-E3BA-C2F3-F1BE9B8C0709}" = ATI Catalyst Install Manager
"{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}" = Kodak AIO Printer
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel® Turbo Boost Technology Monitor
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile Device Center
"{68660049-8D48-427C-9FF7-139D8340CDC0}" = MSVC80_x64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A84DB02B-9C2B-4272-9D2D-A80E00A56513}" = Broadcom Gigabit NetLink Controller
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B0B97CF2-5032-A645-7FFC-BD1E39FC4E3F}" = ccc-utility64
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Puran Defrag Free Edition_is1" = Puran Defrag Free Edition 7.1
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Unlocker" = Unlocker 1.9.0-x64

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam 5
"{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{02828774-BEAF-39B4-E4F5-F093D6184402}" = TidySongs
"{02A414EA-0E5F-CD08-61EF-E155F31DFF76}" = Catalyst Control Center Graphics Previews Vista
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08938019-97FA-1C7A-19E0-0C8D56ED7CB2}" = CCC Help Hungarian
"{0A4D717B-E6E8-11FA-E7D2-385EBB1A4A85}" = CCC Help Japanese
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E2B767B-EA6A-489B-BF83-8083FE1DB661}" = Pcsx2 0.9.6
"{13BA5548-1065-4DBE-B115-681AFB77263B}" = CCC Help Swedish
"{16890D7F-1C77-733B-D8E4-F5D4315A5F93}" = Catalyst Control Center Localization All
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1CBDB473-E303-EFAE-88D1-6F741ACD5B31}" = CCC Help Czech
"{1D8912B0-343C-EB1F-28EE-B672D444C192}" = Catalyst Control Center InstallProxy
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2C59BF0E-66A5-681E-60FE-8D18CE6319A1}" = CCC Help German
"{2C9D4FCA-3E7F-9368-6955-EA6D65F7DC78}" = CCC Help English
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{34610DE0-3C13-42CA-8E32-01FFA38AB6E8}" = PC Connectivity Solution
"{34D8A788-9397-4695-86BF-B6920284CC65}_is1" = Power AMR MP3 WAV WMA M4A AC3 Audio Converter 1.6
"{376348C2-E372-48BC-A138-E896757BD86A}" = aioscnnr
"{3788B9B7-C15F-4C64-D52B-3DD1BA494B7A}" = CCC Help Korean
"{3D200EB9-44FC-432F-1E35-C20AB5FDCD77}" = CCC Help Thai
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Gateway Power Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{4044436C-3A01-4ECA-8FC9-AC8F3F838EDC}" = Audials TV
"{433BF933-81D6-4646-A318-3DE5DB6108F2}" = Icewind Dale - Heart of Winter
"{44D52071-5077-2839-1AE6-863563AEA269}" = CCC Help Russian
"{48B41C3A-9A92-4B81-B653-C97FEB85C910}" = C4USelfUpdater
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B7IL77L-LKS1-75B1-SKYRIM-18CD6E6334R1}_is1" = The Elder Scrolls V - Skyrim version 1.0
"{4BCBC4D0-1D88-462D-809E-506F34EA11C0}" = Catalyst Control Center - Branding
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{56BA241F-580C-43D2-8403-947241AAE633}" = center
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{6030FCD7-8F1A-427D-AF05-8DD1A2EA2ABA}" = Alcor Micro USB Card Reader
"{605333A6-963F-480C-A358-1301CAA6CFF6}" = TES Construction Set
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72E80496-C446-4389-B4F2-CC46DF704A7F}" = Terrafirma
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{793A260C-CDBF-499C-ABBA-B51E8E076867}_is1" = Uniblue PowerSuite
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87976D85-DBF6-F263-39B6-500ACB658CE0}" = Catalyst Control Center Graphics Full Existing
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AF3E926-ED59-11D4-A44B-0000E86D2305}" = Ulead GIF Animator 5
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BBB29A1-C71D-DD1D-66B1-352AAAB13FC6}" = CCC Help Danish
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
"{9F185C48-595B-401A-A1D6-AAB324890DC4}" = [email protected] 1.9.5
"{9F4D1D9E-5542-B572-81A7-9DCB0AEED1BE}" = CCC Help French
"{A129D1F2-CAC4-4AD7-B26D-3C6411B87DCC}" = Psychonauts
"{A1683CA7-4850-4A21-982B-C6D853C79AF7}" = Mass Effect™ 3 Demo
"{A3EF3FAD-6ABA-1551-AD3B-D09361C5EEC9}" = CCC Help Polish
"{A73FBC00-44F8-0ECF-76FB-14CF62120B55}" = ccc-core-static
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AACEAAE9-9CC3-5715-4539-EB13CA3C67BA}" = CCC Help Spanish
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B11A4C66-9E9A-49E1-8C16-F71CCF3F6921}" = Audials
"{B2463AD3-1334-A30E-A523-D38E8E7B09A2}" = CCC Help Dutch
"{B3940EA5-7872-487E-AF15-CF20DBD65F1B}" = RapidLeecher
"{B8C3B479-1716-11D5-968A-0050BA84F5F7}" = Baldur's Gate™ II - Throne of Bhaal ™
"{BA2AD7F2-55AE-87B5-00DD-9B0C6F087FD0}" = Catalyst Control Center Graphics Light
"{BC940CD7-FC71-83C5-2001-CF6FD07BA3D1}" = CCC Help Chinese Traditional
"{BE94C681-68E2-4561-8ABC-8D2E799168B4}" = essentials
"{BF847A60-119D-6888-B2DA-EC62F1B66BBB}" = CCC Help Chinese Standard
"{BFBCF96F-7361-486A-965C-54B17AC35421}" = ocr
"{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1" = Uniblue DriverScanner
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C97396A9-44BC-C856-0B92-93A6A417D6A8}" = Catalyst Control Center Graphics Full New
"{CA10114E-3941-E8ED-70A3-17CAA2226AFC}" = CCC Help Turkish
"{CAB89605-7C12-8082-32DF-B419C696BD12}" = Catalyst Control Center Core Implementation
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel® Turbo Boost Technology Driver
"{D85A387E-6EC0-40E5-9D89-A148B3E93968}_is1" = Mass Effect 2
"{D98C2191-0AE0-4087-9153-018A4810DF45}" = CCC Help Norwegian
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{DF7D3C5E-87FC-6AE6-D986-35E0F05FEFD9}" = CCC Help Italian
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK AiO Software
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1" = Uniblue SpeedUpMyPC
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EBA8538C-F0B1-A089-D555-44DBF3A47C9F}" = CCC Help Finnish
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Gateway Updater
"{EF53BFAB-4C10-40DB-A82D-9B07111715C6}" = aioscnnr
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F22E305E-BD02-5CC1-92D0-BD7170CDFE45}" = CCC Help Portuguese
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"{FD4B3108-0915-31E1-5A7C-AC5B3C33846C}" = CCC Help Greek
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"3herosoft Audio Encoder" = 3herosoft Audio Encoder
"4Videosoft MKV Video Converter_is1" = 4Videosoft MKV Video Converter
"Adobe AIR" = Adobe AIR
"AIM_7" = AIM 7
"Allok 3GP PSP MP4 iPod Video Converter_is1" = Allok 3GP PSP MP4 iPod Video Converter 6.2.0603
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"Avira AntiVir Desktop" = Avira Professional Security
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 8
"BeClean_is1" = BeClean
"conduitEngine" = Conduit Engine
"DAEMON Tools Lite" = DAEMON Tools Lite
"DivX Setup.divx.com" = DivX Setup
"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
"Emicsoft Video Converter_is1" = Emicsoft Video Converter
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EvilLyrics" = EvilLyrics
"FileMagnet" = FileMagnet
"FLV to AVI MPEG WMV 3GP MP4 iPod Converter_is1" = FLV to AVI MPEG WMV 3GP MP4 iPod Converter 5.3.0402
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 2.0
"Free Studio_is1" = Free Studio version 5.1.5
"Garena" = Garena 2010
"Gateway InfoCentre" = Gateway InfoCentre
"Gateway Screensaver" = Gateway ScreenSaver
"HandBrake" = HandBrake 0.9.5
"iArt_is1" = iArt 3
"Icewind Dale" = Icewind Dale
"Identity Card" = Identity Card
"im" = Garena Messenger
"iMesh 1 MediaBar" = MediaBar
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam 5
"InstallShield_{6030FCD7-8F1A-427D-AF05-8DD1A2EA2ABA}" = Alcor Micro USB Card Reader
"JBidwatcher_0" = JBidwatcher 2.1.5
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Mozilla Firefox 8.0.1 (x86 en-US)" = Mozilla Firefox 8.0.1 (x86 en-US)
"OJOsoft Total Video Converter_is1" = OJOsoft Total Video Converter
"Origin" = Origin
"Picasa 3" = Picasa 3
"PowerISO" = PowerISO
"PunkBusterSvc" = PunkBuster Services
"Rockstar Games Social Club" = Rockstar Games Social Club
"Runic Games Torchlight" = Torchlight
"Searchqu 0 MediaBar" = Windows Searchqu Toolbar
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Steam App 105600" = Terraria
"Steam App 110800" = L.A. Noire: The Complete Edition
"Steam App 240" = Counter-Strike: Source
"Steam App 400" = Portal
"Steam App 41300" = Altitude
"Steam App 550" = Left 4 Dead 2
"Steam App 6910" = Deus Ex: Game of the Year Edition
"Steam App 8980" = Borderlands
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 6" = TeamViewer 6
"tidysongs15.27F6A35B76E5883BF9E6FEE514586561E60595CA.1" = TidySongs
"Unofficial Oblivion Patch_is1" = Unofficial Oblivion Patch v3.2.0
"Unofficial Shivering Isles Patch_is1" = Unofficial Shivering Isles Patch v1.4.0
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.11
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
"Winrar 3.93" = Winrar 3.93
"winscp3_is1" = WinSCP 4.2.9
"Wondershare Video Converter Platinum_is1" = Wondershare Video Converter Platinum(Build 5.1.3.1)
"Xilisoft Video Converter Ultimate" = Xilisoft Video Converter Ultimate 6
"XviD4PSP5_is1" = XviD4PSP 5.10.234.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3073798259-1430849664-2456542642-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CopyTrans Suite" = CopyTrans Suite Remove Only
"Google Chrome" = Google Chrome
"Spotify" = Spotify

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/11/2012 10:10:17 PM | Computer Name = Sherry-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 4/11/2012 10:10:17 PM | Computer Name = Sherry-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4555

Error - 4/11/2012 10:10:17 PM | Computer Name = Sherry-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4555

Error - 4/11/2012 10:10:18 PM | Computer Name = Sherry-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 4/11/2012 10:10:18 PM | Computer Name = Sherry-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5694

Error - 4/11/2012 10:10:18 PM | Computer Name = Sherry-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5694

Error - 4/11/2012 10:10:20 PM | Computer Name = Sherry-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 4/11/2012 10:10:20 PM | Computer Name = Sherry-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6895

Error - 4/11/2012 10:10:20 PM | Computer Name = Sherry-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6895

Error - 4/12/2012 10:52:08 AM | Computer Name = Sherry-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

[ System Events ]
Error - 4/11/2012 12:30:16 PM | Computer Name = Sherry-PC | Source = Service Control Manager | ID = 7000
Description = The PnkBstrA service failed to start due to the following error: %%3

Error - 4/11/2012 12:30:16 PM | Computer Name = Sherry-PC | Source = Service Control Manager | ID = 7000
Description = The PnkBstrB service failed to start due to the following error: %%3

Error - 4/11/2012 3:00:12 PM | Computer Name = Sherry-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athExt.dll
Error
Code: 126

Error - 4/11/2012 3:00:26 PM | Computer Name = Sherry-PC | Source = Service Control Manager | ID = 7024
Description = The Avira Realtime Protection service terminated with service-specific
error %%306.

Error - 4/11/2012 3:00:27 PM | Computer Name = Sherry-PC | Source = Service Control Manager | ID = 7000
Description = The PnkBstrA service failed to start due to the following error: %%3

Error - 4/11/2012 3:00:27 PM | Computer Name = Sherry-PC | Source = Service Control Manager | ID = 7000
Description = The PnkBstrB service failed to start due to the following error: %%3

Error - 4/11/2012 3:00:35 PM | Computer Name = Sherry-PC | Source = Service Control Manager | ID = 7001
Description = The Avira Mail Protection service depends on the Avira Realtime Protection
service which failed to start because of the following error: %%1066

Error - 4/11/2012 3:00:35 PM | Computer Name = Sherry-PC | Source = Service Control Manager | ID = 7001
Description = The Avira Web Protection service depends on the Avira Realtime Protection
service which failed to start because of the following error: %%1066

Error - 4/12/2012 6:23:06 AM | Computer Name = Sherry-PC | Source = Service Control Manager | ID = 7034
Description = The Google Update Service (gupdate) service terminated unexpectedly.
It has done this 1 time(s).

Error - 4/12/2012 6:23:34 AM | Computer Name = Sherry-PC | Source = DCOM | ID = 10010
Description =


< End of report >

And last but not least here's aswMBR.txt:
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-12 18:43:35
-----------------------------
18:43:35.281 OS Version: Windows x64 6.1.7601 Service Pack 1
18:43:35.281 Number of processors: 4 586 0x2505
18:43:35.282 ComputerName: SHERRY-PC UserName: Sherry
18:43:38.074 Initialize success
18:46:21.552 AVAST engine defs: 12041201
18:46:29.793 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
18:46:29.793 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
18:46:29.840 Disk 0 MBR read successfully
18:46:29.840 Disk 0 MBR scan
18:46:29.840 Disk 0 Windows VISTA default MBR code
18:46:29.886 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 13000 MB offset 2048
18:46:29.902 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 26626048
18:46:29.918 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 463838 MB offset 26830848
18:46:29.964 Disk 0 scanning C:\Windows\system32\drivers
18:46:45.845 Service scanning
18:47:19.245 Modules scanning
18:47:19.260 Disk 0 trace - called modules:
18:47:19.276 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
18:47:19.292 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004bfc060]
18:47:19.619 3 CLASSPNP.SYS[fffff88001a5143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004941050]
18:47:21.429 AVAST engine scan C:\Windows
18:47:29.510 AVAST engine scan C:\Windows\system32
18:52:40.876 AVAST engine scan C:\Windows\system32\drivers
18:52:58.354 AVAST engine scan C:\Users\Sherry
19:15:13.443 AVAST engine scan C:\ProgramData
19:17:37.354 Scan finished successfully
19:18:05.479 Disk 0 MBR has been saved successfully to "C:\Users\Sherry\Desktop\MBR.dat"
19:18:05.479 The log file has been saved successfully to "C:\Users\Sherry\Desktop\aswMBR.txt"
  • 0

#4
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hello

I can't find anything really bad however I can see many services crashing. I don't think that's caused by malware but let's look deeper.

Is your ISP named Cablevision Systems Corp?


Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :processes
    killallprocesses

    :OTL
    IE - HKU\S-1-5-21-3073798259-1430849664-2456542642-1000\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoo...earchTerms}&f=4
    IE - HKU\S-1-5-21-3073798259-1430849664-2456542642-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...hTerms}&locale=
    FF - prefs.js..browser.search.defaultenginename: "Facemoods Search"
    FF - prefs.js..browser.startup.homepage: "http://start.facemoo...ds.com/?a=w7th"
    FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3C5F0F00-683D-4847-89C8-E7AF64FD1CFB}: C:\Program Files (x86)\RelevantKnowledge
    [2011/10/09 11:32:45 | 000,000,000 | ---D | M] (Facemoods) -- C:\Users\Sherry\AppData\Roaming\Mozilla\Firefox\Profiles\ywyf3121.default\extensions\[email protected]
    [2011/10/09 11:32:48 | 000,002,047 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
    O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - Reg Error: Value error. File not found
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O3 - HKU\S-1-5-21-3073798259-1430849664-2456542642-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    :Services

    :Reg

    :Files

    :Commands
    [purity]
    [EMPTYFLASH]
    [EMPTYJAVA]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    C:\Users\Sherry\AppData\Local\systemCurUses\*.* /s
    C:\Users\Sherry\AppData\Local\systemHdID\*.* /s

  • Click the Quick Scan button. Post the log it produces in your next reply.


Next:

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


Next:

Create a folder on your desktop. Label that folder avz4. Download avz4.exe from HERE and save it in the avz4 folder. ( A zipped file is available here)
  • Double click on AVZ.exe to run it.
  • Run an update by clicking the Auto Update button on the Right of the Log window: Posted Image
  • Click Start to begin the update
Note: If you recieve an error message, chose a different source, then click Start again


  • Start AVZ.
  • Choose from the menu "File" => "Standard scripts " and mark the "Advanced System Analysis with malware removal mode enabled" check box.
    Posted Image
  • Click on the Execute selected scripts.
  • Automatic scanning, healing and system check will be executed.
  • A logfile (avz_sysinfo.htm) will be created and saved in the LOG folder in the AVZ directory as virusinfo_syscure.zip.
  • It is necessary to reboot your machine, because AVZ might disturb some program operations (like antiviruses and firewall) during the system scan.
  • All applications will work properly after the system restart.

When restarted

  • Start AVZ.
  • Choose from the menu "File" => "Standard scripts " and mark the Advanced System Analysis" check box.
    Posted Image
  • Click on the "Execute selected scripts".
  • A system check will be automatically performed, and the created logfile (avz_sysinfo.htm) will be saved in the LOG folder in the AVZ directory as virusinfo_syscheck.zip.

Attach both virusinfo_syscure.zip and virusinfo_syscheck.zip to your next post

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post


Next:

Please uninstall the following:

Uniblue RegistryBooster
Conduit Engine
MediaBar
Windows Searchqu Toolbar


  • 0

#5
xCherryXSherryx

xCherryXSherryx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts
Nope, that's not the name of my ISP. Here's OTL.txt:

OTL logfile created on: 4/13/2012 11:42:01 AM - Run 9
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Sherry\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.86 Gb Total Physical Memory | 2.01 Gb Available Physical Memory | 51.91% Memory free
9.66 Gb Paging File | 7.49 Gb Available in Paging File | 77.56% Paging File free
Paging file location(s): C:\pagefile.sys 5934 5934 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.97 Gb Total Space | 95.00 Gb Free Space | 20.97% Space Free | Partition Type: NTFS

Computer Name: SHERRY-PC | User Name: Sherry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/12 18:16:28 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Sherry\Desktop\OTL.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/03/11 22:57:55 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012/03/11 22:56:50 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2012/03/11 22:56:29 | 000,342,480 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
PRC - [2012/03/11 22:56:25 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/03/11 22:56:23 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/12/19 17:32:26 | 000,394,672 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
PRC - [2011/11/28 21:53:03 | 000,255,208 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
PRC - [2011/07/28 19:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/07/18 16:08:22 | 000,053,088 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files (x86)\Uniblue\PowerSuite\powersuite.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010/12/07 06:32:02 | 002,228,008 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2010/11/20 08:17:55 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2010/09/25 16:18:05 | 002,969,496 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
PRC - [2010/04/08 16:18:40 | 000,908,368 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2010/04/08 16:18:40 | 000,312,400 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2010/04/08 16:18:40 | 000,298,064 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PRC - [2010/03/03 17:42:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/03/03 17:41:58 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/01/28 19:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
PRC - [2009/12/23 20:39:04 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009/12/23 20:39:02 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe


========== Modules (No Company Name) ==========

MOD - [2012/04/13 11:38:41 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8177623eac8f15cf95b587625439eac7\System.Drawing.ni.dll
MOD - [2012/04/09 16:28:48 | 000,444,400 | ---- | M] () -- C:\Users\Sherry\AppData\Local\Google\Chrome\Application\18.0.1025.152\ppgooglenaclpluginchrome.dll
MOD - [2012/04/09 16:28:46 | 003,915,248 | ---- | M] () -- C:\Users\Sherry\AppData\Local\Google\Chrome\Application\18.0.1025.152\pdf.dll
MOD - [2012/04/09 16:27:21 | 000,122,880 | ---- | M] () -- C:\Users\Sherry\AppData\Local\Google\Chrome\Application\18.0.1025.152\avutil-51.dll
MOD - [2012/04/09 16:27:20 | 000,220,672 | ---- | M] () -- C:\Users\Sherry\AppData\Local\Google\Chrome\Application\18.0.1025.152\avformat-53.dll
MOD - [2012/04/09 16:27:19 | 001,747,456 | ---- | M] () -- C:\Users\Sherry\AppData\Local\Google\Chrome\Application\18.0.1025.152\avcodec-53.dll
MOD - [2012/04/09 15:42:11 | 008,743,584 | ---- | M] () -- C:\Users\Sherry\AppData\Local\Google\Chrome\Application\18.0.1025.152\gcswf32.dll
MOD - [2012/02/16 04:52:00 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll
MOD - [2012/02/16 04:50:47 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll
MOD - [2012/02/16 04:50:42 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012/02/16 04:50:39 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
MOD - [2012/02/16 04:50:36 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2011/11/28 07:58:56 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\31fce331fded94dd06627603f6fe4562\Accessibility.ni.dll
MOD - [2011/11/28 07:58:45 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/07/28 19:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 19:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/07/18 16:08:22 | 000,131,584 | ---- | M] () -- C:\Program Files (x86)\Uniblue\PowerSuite\locale\en\en.dll
MOD - [2011/07/18 16:08:22 | 000,047,616 | ---- | M] () -- C:\Program Files (x86)\Uniblue\PowerSuite\cache.dll
MOD - [2011/07/18 16:08:22 | 000,013,312 | ---- | M] () -- C:\Program Files (x86)\Uniblue\PowerSuite\cwebpage.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/29 18:33:52 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2010/09/25 16:18:05 | 002,969,496 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
MOD - [2009/05/20 18:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/05/17 12:11:42 | 000,290,816 | ---- | M] (Puran Software) [Disabled | Stopped] -- C:\Windows\SysNative\PuranDefragS.exe -- (PuranDefrag)
SRV:64bit: - [2010/02/05 23:23:06 | 000,865,824 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2010/01/28 19:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2010/01/22 13:01:12 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/11/02 15:48:18 | 000,126,352 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/04/01 07:26:48 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/11 22:57:55 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/03/11 22:56:50 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2012/03/11 22:56:29 | 000,342,480 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2012/03/11 22:56:25 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/12/19 17:32:26 | 000,394,672 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)
SRV - [2011/11/04 16:29:05 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/10/02 07:25:01 | 000,189,248 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWow64\PnkBstrB.ex0 -- (PnkBstrB)
SRV - [2011/10/02 07:24:56 | 000,075,136 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWow64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/12/07 06:32:02 | 002,228,008 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010/04/08 16:18:40 | 000,312,400 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/03 17:42:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2010/03/03 17:41:58 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2009/12/23 20:39:04 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2009/12/15 16:07:16 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/11 10:38:06 | 000,620,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007/05/31 18:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 18:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/02/15 07:20:46 | 000,132,320 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/10/10 09:26:10 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/10/10 09:08:06 | 000,305,200 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/09/16 00:55:03 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/09/16 00:55:03 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011/08/01 16:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/06/21 15:05:52 | 000,046,112 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tbhsd.sys -- (tbhsd)
DRV:64bit: - [2011/06/15 04:30:46 | 000,093,240 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2011/04/13 23:47:55 | 000,031,216 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/07/15 23:24:21 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/04/07 14:04:22 | 002,216,960 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/02/10 22:02:00 | 000,158,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/01/22 13:13:24 | 006,233,088 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/01/22 12:07:56 | 000,161,280 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2009/12/17 13:42:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/12/01 22:21:32 | 000,040,448 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2009/11/02 15:48:02 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009/10/22 00:55:06 | 000,272,432 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009/10/16 06:32:22 | 000,321,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2009/09/30 13:34:32 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/09/17 16:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/06/19 22:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20)
DRV:64bit: - [2009/06/10 16:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 16:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/03/18 18:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2008/08/28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2007/05/14 17:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2006/11/10 09:08:58 | 000,030,720 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ATITool64.sys -- (ATITool)
DRV:64bit: - [2006/09/26 09:56:08 | 000,194,560 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV:64bit: - [2005/09/19 14:57:36 | 000,142,336 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbVM31b.sys -- (DCamUSBVM)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gate...80z1j5a46n1b235
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = http://dts.search-re...q={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ACGW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}: "URL" = http://dts.search-re...q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gate...80z1j5a46n1b235
IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...1I7ACGW_enUS388
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKCU\..\SearchScopes\{E718C3DE-111B-48C1-BC1C-FF248EB10C9B}: "URL" = http://search.avg.co...}&ychte=us&nt=1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.startup.homepage: ""


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_228.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Sherry\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Sherry\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3C5F0F00-683D-4847-89C8-E7AF64FD1CFB}: C:\Program Files (x86)\RelevantKnowledge
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/12/24 09:49:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/12/07 22:58:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/10/30 18:10:56 | 000,000,000 | ---D | M]

[2011/08/19 08:15:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sherry\AppData\Roaming\Mozilla\Extensions
[2011/06/30 23:01:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sherry\AppData\Roaming\Mozilla\Extensions\[email protected]
[2010/07/15 16:14:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sherry\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/10/09 11:32:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sherry\AppData\Roaming\Mozilla\Firefox\Profiles\ywyf3121.default\extensions
[2011/08/19 18:57:51 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Sherry\AppData\Roaming\Mozilla\Firefox\Profiles\ywyf3121.default\extensions\[email protected]
[2011/07/04 11:36:12 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Sherry\AppData\Roaming\Mozilla\Firefox\Profiles\ywyf3121.default\extensions\[email protected]
[2012/03/11 23:01:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/03/11 23:01:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2011/11/21 00:04:51 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/03/11 23:01:22 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/11/20 21:04:05 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/20 21:04:05 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Sherry\AppData\Local\Google\Chrome\Application\18.0.1025.152\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Sherry\AppData\Local\Google\Chrome\Application\18.0.1025.152\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Sherry\AppData\Local\Google\Chrome\Application\18.0.1025.152\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Sherry\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - Extension: Missing e = C:\Users\Sherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcjbagclppcgdbpobcpoojdjdmcjhpid\2.9.8_0\
CHR - Extension: YouTube = C:\Users\Sherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Kate Spade = C:\Users\Sherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhpfdkiglaphjhmhojbofcplejkjkoc\3_0\
CHR - Extension: Google Search = C:\Users\Sherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: UnfollowHater = C:\Users\Sherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpjobkfnjnakiggjoafelkncclbonjhm\1.0.6_1\
CHR - Extension: Search Center = C:\Users\Sherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndfplmdnbnefomnjiknbpejdceedhdmf\3.7.3_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Sherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Users\Sherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2011/11/22 08:34:43 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [EKAiO2StatusMonitor] C:\Windows\SysNative\spool\drivers\x64\3\EKAiO2MUI.exe (Eastman Kodak Company)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Conime] %windir%\system32\conime.exe File not found
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EKAiO2StatusMonitor] C:\Windows\system32\spool\DRIVERS\x64\3\EKAiO2MUI.EXE File not found
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [YouCam Service] C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe (CyberLink Corp.)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [PowerSuite] C:\Program Files (x86)\Uniblue\PowerSuite\Launcher.exe (Uniblue Systems Limited)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Sherry\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Sherry\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Sherry\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Sherry\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{36AA29EF-2F7C-4159-BDF3-ED69785F896F}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E71AD9B0-C556-4F31-82BE-2EF1C50DA2F0}: DhcpNameServer = 167.206.254.2 167.206.254.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/12 18:16:27 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Sherry\Desktop\OTL.exe
[2012/03/28 06:06:42 | 000,000,000 | ---D | C] -- C:\Users\Sherry\Desktop\Firefly
[2012/03/23 19:55:40 | 000,000,000 | ---D | C] -- C:\Users\Sherry\AppData\Local\Spotify
[2012/03/23 19:54:17 | 000,000,000 | ---D | C] -- C:\Users\Sherry\AppData\Roaming\Spotify
[2012/03/17 17:53:29 | 000,000,000 | ---D | C] -- C:\Users\Sherry\Desktop\Mass Effect 3 CE Soundtrack

========== Files - Modified Within 30 Days ==========

[2012/04/13 11:51:03 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3073798259-1430849664-2456542642-1000UA.job
[2012/04/13 11:47:06 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/13 11:47:00 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/13 11:47:00 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/13 11:37:20 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/13 11:36:32 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/13 11:36:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/13 11:35:59 | 3111,518,208 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/13 06:45:31 | 000,793,636 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/04/13 06:45:31 | 000,660,530 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/04/13 06:45:31 | 000,121,426 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/04/12 18:16:28 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Sherry\Desktop\OTL.exe
[2012/04/12 16:25:46 | 000,071,442 | ---- | M] () -- C:\Users\Sherry\Desktop\nuhyyhu.JPG
[2012/04/12 06:23:11 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3073798259-1430849664-2456542642-1000Core.job
[2012/04/09 12:53:32 | 730,527,744 | ---- | M] () -- C:\Users\Sherry\Desktop\School Of Rock.avi
[2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/03/21 15:15:38 | 571,431,519 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/03/20 03:09:26 | 000,773,482 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/03/16 10:29:51 | 000,617,056 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2012/04/12 16:16:39 | 000,071,442 | ---- | C] () -- C:\Users\Sherry\Desktop\nuhyyhu.JPG
[2012/04/08 16:13:28 | 730,527,744 | ---- | C] () -- C:\Users\Sherry\Desktop\School Of Rock.avi
[2012/04/01 06:38:14 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/03/23 19:55:39 | 000,001,805 | ---- | C] () -- C:\Users\Sherry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
[2012/01/22 20:44:32 | 000,000,439 | ---- | C] () -- C:\Windows\ULEAD32.INI
[2011/11/27 07:24:08 | 000,773,482 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/11/22 08:22:01 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/11/22 08:22:01 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/11/22 08:22:01 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/11/22 08:22:01 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/11/22 08:22:01 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/10/02 07:25:01 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/10/02 07:24:56 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/08/01 09:42:31 | 001,627,136 | ---- | C] () -- C:\Windows\SysWow64\fftw3.dll
[2011/08/01 09:42:31 | 001,527,650 | ---- | C] () -- C:\Windows\SysWow64\libfftw3f-3.dll
[2011/08/01 09:42:31 | 000,140,288 | ---- | C] () -- C:\Windows\SysWow64\avsfilter.dll
[2011/08/01 09:42:31 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\avisynth_c.dll
[2011/08/01 09:42:31 | 000,004,608 | ---- | C] () -- C:\Windows\SysWow64\AvsRecursion.dll
[2011/08/01 07:30:15 | 000,129,024 | ---- | C] () -- C:\Windows\SysWow64\AVERM.dll
[2011/08/01 07:30:15 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\AVEQT.dll
[2011/07/26 08:47:40 | 000,372,736 | ---- | C] () -- C:\Windows\SysWow64\RSLSP.dll
[2011/07/18 20:28:59 | 000,158,720 | ---- | C] () -- C:\Windows\SysWow64\WS_VideoConverterContextMenu.dll
[2011/07/17 15:55:05 | 003,835,624 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe
[2011/07/04 14:56:41 | 000,000,083 | ---- | C] () -- C:\Windows\SysWow64\winitn.dll
[2011/07/04 14:56:33 | 000,000,001 | ---- | C] () -- C:\Windows\sslzdlt.dll
[2011/07/04 14:56:32 | 000,484,352 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2011/03/24 20:37:24 | 000,000,008 | -HS- | C] () -- C:\Users\Sherry\AppData\Local\systemCurUses
[2011/03/24 20:37:22 | 000,000,006 | -HS- | C] () -- C:\Users\Sherry\AppData\Local\systemHdID
[2011/03/06 11:19:00 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011/02/27 13:23:21 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/01/17 08:54:31 | 000,000,600 | ---- | C] () -- C:\Users\Sherry\AppData\Roaming\winscp.rnd
[2010/11/14 11:05:58 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2010/11/14 07:28:19 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI
[2010/11/03 19:56:40 | 000,059,392 | ---- | C] () -- C:\Users\Sherry\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/02 18:25:56 | 000,000,186 | ---- | C] () -- C:\Program Files (x86)\InstallRecord.blob
[2010/10/03 06:52:04 | 000,284,396 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010/08/07 08:51:27 | 000,000,036 | ---- | C] () -- C:\Users\Sherry\AppData\Local\housecall.guid.cache
[2010/05/28 21:41:45 | 000,001,035 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/05/28 21:41:00 | 000,001,665 | ---- | C] () -- C:\Windows\WPatchProgress.ini
[2010/05/28 21:11:55 | 000,000,033 | ---- | C] () -- C:\Windows\LaunApp.ini
[2010/05/28 20:52:04 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

========== LOP Check ==========

[2011/06/22 15:53:59 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\.minecraft
[2010/07/15 16:29:00 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\acccore
[2010/10/26 14:55:01 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\AnvSoft
[2011/04/09 05:53:55 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\Audacity
[2010/12/23 00:10:39 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\Bioshock
[2010/08/07 20:58:13 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\BitDefender
[2012/02/26 10:39:58 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\DAEMON Tools Lite
[2011/07/24 11:41:09 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\dBpoweramp
[2011/08/18 18:43:12 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\DVDVideoSoft
[2011/08/01 10:15:43 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/11/11 08:39:32 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\FlashGet
[2010/12/31 09:30:36 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\fltk.org
[2011/07/30 07:41:29 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\FreeAudioPack
[2011/08/31 10:18:36 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\FrostWire
[2011/08/01 07:19:29 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\GetRightToGo
[2012/01/22 20:35:54 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\gtk-2.0
[2011/07/19 09:12:56 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\HandBrake
[2011/06/20 11:41:06 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\IrfanView
[2010/11/20 14:20:09 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\Leadertech
[2010/10/03 12:27:13 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\LEGO Company
[2010/10/03 12:20:56 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\ManyCam
[2011/12/24 12:22:13 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\MoreTerra
[2011/08/27 00:11:14 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\ooVoo Details
[2012/02/14 16:03:53 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\Origin
[2010/12/25 23:49:00 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\PC Suite
[2010/10/03 06:51:51 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\prankhouse
[2011/01/31 06:25:36 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\QuickScan
[2012/02/18 21:43:51 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\redsn0w
[2011/08/20 05:32:14 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\RoboForm
[2010/10/22 19:34:36 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\runic games
[2010/12/25 23:48:59 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\Samsung
[2010/10/03 12:32:21 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\SanDisk
[2011/10/11 23:00:10 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\SnapTeam
[2010/07/15 14:42:40 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\Spearit
[2012/04/02 18:21:22 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\Spotify
[2011/12/25 07:35:18 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\SystemRequirementsLab
[2011/06/29 15:31:27 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\Systweak
[2011/01/08 18:14:09 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\TeamViewer
[2011/08/24 13:50:46 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\Temp
[2011/01/29 12:04:17 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\tidysongs15.27F6A35B76E5883BF9E6FEE514586561E60595CA.1
[2011/01/29 11:46:30 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\tidysongs16
[2011/06/30 23:01:51 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\TomTom
[2011/10/29 17:25:39 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\TS3Client
[2011/06/25 11:47:18 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\Tunngle
[2011/10/10 08:45:58 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\Uniblue
[2012/04/11 14:58:38 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\uTorrent
[2010/12/29 11:57:08 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\VMK Pal
[2011/01/16 22:25:43 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\WinAVI
[2010/11/03 21:01:29 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\WindSolutions
[2011/08/19 18:57:51 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\Wondershare
[2012/02/12 13:15:25 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\Xilisoft
[2011/10/22 10:59:03 | 000,032,646 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< C:\Users\Sherry\AppData\Local\systemCurUses\*.* /s >

< C:\Users\Sherry\AppData\Local\systemHdID\*.* /s >

< End of report >

Here's the TDSSkiller report:

12:13:07.0572 4728 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
12:13:07.0847 4728 ============================================================
12:13:07.0847 4728 Current date / time: 2012/04/13 12:13:07.0847
12:13:07.0847 4728 SystemInfo:
12:13:07.0847 4728
12:13:07.0847 4728 OS Version: 6.1.7601 ServicePack: 1.0
12:13:07.0847 4728 Product type: Workstation
12:13:07.0848 4728 ComputerName: SHERRY-PC
12:13:07.0848 4728 UserName: Sherry
12:13:07.0848 4728 Windows directory: C:\Windows
12:13:07.0848 4728 System windows directory: C:\Windows
12:13:07.0848 4728 Running under WOW64
12:13:07.0848 4728 Processor architecture: Intel x64
12:13:07.0848 4728 Number of processors: 4
12:13:07.0848 4728 Page size: 0x1000
12:13:07.0848 4728 Boot type: Normal boot
12:13:07.0848 4728 ============================================================
12:13:08.0408 4728 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:13:08.0412 4728 \Device\Harddisk0\DR0:
12:13:08.0412 4728 MBR used
12:13:08.0412 4728 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1964800, BlocksNum 0x32000
12:13:08.0412 4728 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1996800, BlocksNum 0x389EF030
12:13:08.0445 4728 Initialize success
12:13:08.0445 4728 ============================================================
12:13:23.0999 6056 ============================================================
12:13:23.0999 6056 Scan started
12:13:23.0999 6056 Mode: Manual; SigCheck; TDLFS;
12:13:23.0999 6056 ============================================================
12:13:26.0417 6056 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
12:13:26.0579 6056 1394ohci - ok
12:13:26.0687 6056 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
12:13:26.0704 6056 ACPI - ok
12:13:26.0815 6056 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
12:13:26.0908 6056 AcpiPmi - ok
12:13:27.0032 6056 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
12:13:27.0050 6056 AdobeARMservice - ok
12:13:27.0214 6056 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
12:13:27.0245 6056 AdobeFlashPlayerUpdateSvc - ok
12:13:27.0354 6056 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
12:13:27.0385 6056 adp94xx - ok
12:13:27.0479 6056 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
12:13:27.0510 6056 adpahci - ok
12:13:27.0619 6056 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
12:13:27.0635 6056 adpu320 - ok
12:13:27.0751 6056 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
12:13:27.0917 6056 AeLookupSvc - ok
12:13:28.0026 6056 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
12:13:28.0108 6056 AFD - ok
12:13:28.0208 6056 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
12:13:28.0229 6056 agp440 - ok
12:13:28.0276 6056 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
12:13:28.0356 6056 ALG - ok
12:13:28.0465 6056 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
12:13:28.0485 6056 aliide - ok
12:13:28.0582 6056 AMD External Events Utility (3d90cf67db75823a8480e56bbcd2e028) C:\Windows\system32\atiesrxx.exe
12:13:28.0684 6056 AMD External Events Utility - ok
12:13:28.0814 6056 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
12:13:28.0830 6056 amdide - ok
12:13:28.0939 6056 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
12:13:29.0033 6056 AmdK8 - ok
12:13:29.0595 6056 amdkmdag (52679612d742bf74ca1ba6ab86ddf431) C:\Windows\system32\DRIVERS\atipmdag.sys
12:13:29.0845 6056 amdkmdag - ok
12:13:29.0947 6056 amdkmdap (414e0788920a8c856032be2cbf29f984) C:\Windows\system32\DRIVERS\atikmpag.sys
12:13:29.0996 6056 amdkmdap - ok
12:13:30.0052 6056 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
12:13:30.0099 6056 AmdPPM - ok
12:13:30.0166 6056 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
12:13:30.0188 6056 amdsata - ok
12:13:30.0231 6056 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
12:13:30.0246 6056 amdsbs - ok
12:13:30.0261 6056 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
12:13:30.0269 6056 amdxata - ok
12:13:30.0347 6056 AmUStor (391887990cdaa83de5c56c3fde966da1) C:\Windows\system32\drivers\AmUStor.SYS
12:13:30.0409 6056 AmUStor - ok
12:13:30.0565 6056 AntiVirMailService (ba9d3348d00e06f56628f5575424f119) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
12:13:30.0581 6056 AntiVirMailService - ok
12:13:30.0643 6056 AntiVirSchedulerService (cf6d08375921202507664b52a03cc810) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
12:13:30.0659 6056 AntiVirSchedulerService - ok
12:13:30.0753 6056 AntiVirService (08705cbf4508f7562ed5fbb2141e2a93) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
12:13:30.0768 6056 AntiVirService - ok
12:13:30.0815 6056 AntiVirWebService (2a3411ce483fb0fcdd4efd1b282989ba) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
12:13:30.0837 6056 AntiVirWebService - ok
12:13:30.0942 6056 ApfiltrService (fab590e0fc28cb474b965f8267458e14) C:\Windows\system32\DRIVERS\Apfiltr.sys
12:13:30.0986 6056 ApfiltrService - ok
12:13:31.0049 6056 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
12:13:31.0267 6056 AppID - ok
12:13:31.0365 6056 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
12:13:31.0450 6056 AppIDSvc - ok
12:13:31.0535 6056 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
12:13:31.0634 6056 Appinfo - ok
12:13:31.0756 6056 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:13:31.0772 6056 Apple Mobile Device - ok
12:13:31.0902 6056 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
12:13:31.0917 6056 arc - ok
12:13:31.0933 6056 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
12:13:31.0948 6056 arcsas - ok
12:13:32.0104 6056 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
12:13:32.0151 6056 aspnet_state - ok
12:13:32.0245 6056 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
12:13:32.0338 6056 AsyncMac - ok
12:13:32.0420 6056 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
12:13:32.0431 6056 atapi - ok
12:13:32.0524 6056 athr (70260c7c98cc0101316f5b2650c3bb44) C:\Windows\system32\DRIVERS\athrx.sys
12:13:32.0659 6056 athr - ok
12:13:32.0757 6056 AtiHDAudioService (dbb487d09f56c674430ac454fd8bcab9) C:\Windows\system32\drivers\AtihdW76.sys
12:13:32.0781 6056 AtiHDAudioService - ok
12:13:32.0852 6056 AtiHdmiService (fb7602c5c508be281368aae0b61b51c6) C:\Windows\system32\drivers\AtiHdmi.sys
12:13:32.0863 6056 AtiHdmiService - ok
12:13:32.0912 6056 atillk64 - ok
12:13:32.0950 6056 ATITool (b07e6681d303a612680223c729b021e2) C:\Windows\system32\DRIVERS\ATITool64.sys
12:13:32.0986 6056 ATITool ( UnsignedFile.Multi.Generic ) - warning
12:13:32.0986 6056 ATITool - detected UnsignedFile.Multi.Generic (1)
12:13:33.0063 6056 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
12:13:33.0116 6056 AudioEndpointBuilder - ok
12:13:33.0132 6056 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
12:13:33.0174 6056 AudioSrv - ok
12:13:33.0310 6056 avgntflt (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys
12:13:33.0326 6056 avgntflt - ok
12:13:33.0456 6056 avipbb (852e3c0a60d368c487949e55ad52a47f) C:\Windows\system32\DRIVERS\avipbb.sys
12:13:33.0472 6056 avipbb - ok
12:13:33.0597 6056 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
12:13:33.0612 6056 avkmgr - ok
12:13:33.0675 6056 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
12:13:33.0768 6056 AxInstSV - ok
12:13:33.0846 6056 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
12:13:33.0924 6056 b06bdrv - ok
12:13:33.0978 6056 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
12:13:34.0022 6056 b57nd60a - ok
12:13:34.0170 6056 BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys
12:13:34.0298 6056 BCM43XX - ok
12:13:34.0416 6056 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
12:13:34.0483 6056 BDESVC - ok
12:13:34.0548 6056 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
12:13:34.0642 6056 Beep - ok
12:13:34.0783 6056 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
12:13:34.0828 6056 BFE - ok
12:13:34.0898 6056 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
12:13:35.0011 6056 BITS - ok
12:13:35.0120 6056 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
12:13:35.0167 6056 blbdrive - ok
12:13:35.0307 6056 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
12:13:35.0339 6056 Bonjour Service - ok
12:13:35.0417 6056 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
12:13:35.0479 6056 bowser - ok
12:13:35.0545 6056 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:13:35.0590 6056 BrFiltLo - ok
12:13:35.0629 6056 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:13:35.0693 6056 BrFiltUp - ok
12:13:35.0768 6056 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
12:13:35.0860 6056 Browser - ok
12:13:35.0923 6056 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
12:13:35.0996 6056 Brserid - ok
12:13:36.0092 6056 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
12:13:36.0130 6056 BrSerWdm - ok
12:13:36.0163 6056 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
12:13:36.0202 6056 BrUsbMdm - ok
12:13:36.0309 6056 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
12:13:36.0339 6056 BrUsbSer - ok
12:13:36.0371 6056 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
12:13:36.0387 6056 BTHMODEM - ok
12:13:36.0442 6056 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
12:13:36.0500 6056 bthserv - ok
12:13:36.0600 6056 catchme - ok
12:13:36.0638 6056 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
12:13:36.0706 6056 cdfs - ok
12:13:36.0770 6056 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
12:13:36.0812 6056 cdrom - ok
12:13:36.0884 6056 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
12:13:36.0947 6056 CertPropSvc - ok
12:13:37.0017 6056 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
12:13:37.0058 6056 circlass - ok
12:13:37.0116 6056 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
12:13:37.0135 6056 CLFS - ok
12:13:37.0208 6056 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:13:37.0230 6056 clr_optimization_v2.0.50727_32 - ok
12:13:37.0280 6056 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:13:37.0293 6056 clr_optimization_v2.0.50727_64 - ok
12:13:37.0387 6056 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:13:37.0489 6056 clr_optimization_v4.0.30319_32 - ok
12:13:37.0631 6056 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:13:37.0689 6056 clr_optimization_v4.0.30319_64 - ok
12:13:37.0805 6056 clwvd (e13a438f9e51dd034730678e33b73290) C:\Windows\system32\DRIVERS\clwvd.sys
12:13:37.0814 6056 clwvd - ok
12:13:37.0848 6056 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
12:13:37.0883 6056 CmBatt - ok
12:13:37.0927 6056 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
12:13:37.0939 6056 cmdide - ok
12:13:38.0004 6056 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
12:13:38.0064 6056 CNG - ok
12:13:38.0176 6056 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
12:13:38.0194 6056 Compbatt - ok
12:13:38.0286 6056 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
12:13:38.0333 6056 CompositeBus - ok
12:13:38.0592 6056 COMSysApp - ok
12:13:38.0633 6056 cpuz132 - ok
12:13:38.0703 6056 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
12:13:38.0713 6056 crcdisk - ok
12:13:39.0114 6056 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
12:13:39.0220 6056 CryptSvc - ok
12:13:39.0344 6056 DAUpdaterSvc (914a7156b0c0f10be645a02e13f576b2) C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
12:13:39.0353 6056 DAUpdaterSvc - ok
12:13:39.0504 6056 DCamUSBVM (d00a4fe22216265783a08a05d268b902) C:\Windows\system32\Drivers\usbVM31b.sys
12:13:39.0638 6056 DCamUSBVM - ok
12:13:39.0884 6056 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
12:13:40.0002 6056 DcomLaunch - ok
12:13:40.0301 6056 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
12:13:40.0398 6056 defragsvc - ok
12:13:40.0697 6056 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
12:13:40.0812 6056 DfsC - ok
12:13:40.0955 6056 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
12:13:41.0028 6056 Dhcp - ok
12:13:41.0158 6056 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
12:13:41.0249 6056 discache - ok
12:13:41.0878 6056 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
12:13:41.0890 6056 Disk - ok
12:13:42.0075 6056 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
12:13:42.0213 6056 Dnscache - ok
12:13:42.0386 6056 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
12:13:42.0497 6056 dot3svc - ok
12:13:42.0638 6056 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
12:13:42.0723 6056 DPS - ok
12:13:42.0871 6056 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
12:13:42.0952 6056 drmkaud - ok
12:13:43.0261 6056 DsiWMIService (e2b2853a0210d6edab2261870bd80c1a) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
12:13:43.0275 6056 DsiWMIService - ok
12:13:43.0875 6056 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
12:13:43.0921 6056 DXGKrnl - ok
12:13:44.0240 6056 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
12:13:44.0317 6056 EapHost - ok
12:13:44.0970 6056 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
12:13:45.0221 6056 ebdrv - ok
12:13:45.0654 6056 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
12:13:45.0730 6056 EFS - ok
12:13:46.0128 6056 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
12:13:46.0435 6056 ehRecvr - ok
12:13:46.0647 6056 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
12:13:46.0684 6056 ehSched - ok
12:13:46.0775 6056 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
12:13:46.0798 6056 elxstor - ok
12:13:46.0969 6056 ePowerSvc (49eef52bfb986a2b5d70f4ec12637d7b) C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
12:13:47.0000 6056 ePowerSvc - ok
12:13:47.0087 6056 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
12:13:47.0124 6056 ErrDev - ok
12:13:47.0248 6056 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
12:13:47.0345 6056 EventSystem - ok
12:13:47.0453 6056 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
12:13:47.0526 6056 exfat - ok
12:13:47.0552 6056 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
12:13:47.0617 6056 fastfat - ok
12:13:47.0725 6056 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
12:13:47.0810 6056 Fax - ok
12:13:47.0860 6056 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
12:13:47.0904 6056 fdc - ok
12:13:47.0949 6056 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
12:13:48.0031 6056 fdPHost - ok
12:13:48.0123 6056 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
12:13:48.0161 6056 FDResPub - ok
12:13:48.0218 6056 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
12:13:48.0242 6056 FileInfo - ok
12:13:48.0254 6056 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
12:13:48.0341 6056 Filetrace - ok
12:13:48.0381 6056 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
12:13:48.0421 6056 flpydisk - ok
12:13:48.0526 6056 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
12:13:48.0542 6056 FltMgr - ok
12:13:48.0908 6056 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
12:13:49.0128 6056 FontCache - ok
12:13:49.0253 6056 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:13:49.0283 6056 FontCache3.0.0.0 - ok
12:13:49.0395 6056 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
12:13:49.0417 6056 FsDepends - ok
12:13:49.0479 6056 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
12:13:49.0490 6056 Fs_Rec - ok
12:13:49.0557 6056 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
12:13:49.0586 6056 fvevol - ok
12:13:49.0903 6056 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
12:13:49.0924 6056 gagp30kx - ok
12:13:50.0108 6056 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:13:50.0124 6056 GEARAspiWDM - ok
12:13:50.0411 6056 GGSAFERDriver - ok
12:13:50.0825 6056 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
12:13:50.0910 6056 gpsvc - ok
12:13:51.0838 6056 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:13:51.0856 6056 gupdate - ok
12:13:52.0026 6056 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:13:52.0036 6056 gupdatem - ok
12:13:52.0147 6056 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
12:13:52.0159 6056 gusvc - ok
12:13:52.0271 6056 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
12:13:52.0289 6056 hamachi - ok
12:13:52.0394 6056 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
12:13:52.0467 6056 hcw85cir - ok
12:13:52.0587 6056 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
12:13:52.0640 6056 HdAudAddService - ok
12:13:53.0212 6056 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
12:13:53.0259 6056 HDAudBus - ok
12:13:53.0605 6056 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
12:13:53.0625 6056 HECIx64 - ok
12:13:53.0717 6056 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
12:13:53.0758 6056 HidBatt - ok
12:13:53.0869 6056 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
12:13:53.0928 6056 HidBth - ok
12:13:54.0063 6056 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
12:13:54.0107 6056 HidIr - ok
12:13:54.0591 6056 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
12:13:54.0644 6056 hidserv - ok
12:13:55.0212 6056 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
12:13:55.0249 6056 HidUsb - ok
12:13:55.0361 6056 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
12:13:55.0447 6056 hkmsvc - ok
12:13:55.0560 6056 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
12:13:55.0639 6056 HomeGroupListener - ok
12:13:55.0751 6056 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
12:13:55.0794 6056 HomeGroupProvider - ok
12:13:55.0940 6056 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
12:13:55.0951 6056 HpSAMD - ok
12:13:56.0082 6056 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
12:13:56.0167 6056 HTTP - ok
12:13:56.0214 6056 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
12:13:56.0235 6056 hwpolicy - ok
12:13:56.0306 6056 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
12:13:56.0332 6056 i8042prt - ok
12:13:56.0389 6056 iaStor (42e00996dfc13c46366689c0ea8abc5e) C:\Windows\system32\DRIVERS\iaStor.sys
12:13:56.0407 6056 iaStor - ok
12:13:56.0526 6056 IAStorDataMgrSvc (48362e5db5cb2c000c514ee1f3890acd) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
12:13:56.0539 6056 IAStorDataMgrSvc - ok
12:13:56.0661 6056 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
12:13:56.0679 6056 iaStorV - ok
12:13:56.0867 6056 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:13:56.0898 6056 idsvc - ok
12:13:57.0154 6056 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
12:13:57.0442 6056 igfx - ok
12:13:57.0572 6056 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
12:13:57.0596 6056 iirsp - ok
12:13:57.0676 6056 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
12:13:57.0791 6056 IKEEXT - ok
12:13:57.0866 6056 Impcd (4b6363cd4610bb848531bb260b15dfcc) C:\Windows\system32\DRIVERS\Impcd.sys
12:13:57.0931 6056 Impcd - ok
12:13:58.0011 6056 IntcAzAudAddService - ok
12:13:58.0075 6056 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
12:13:58.0084 6056 intelide - ok
12:13:58.0130 6056 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
12:13:58.0173 6056 intelppm - ok
12:13:58.0217 6056 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
12:13:58.0300 6056 IPBusEnum - ok
12:13:58.0408 6056 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:13:58.0503 6056 IpFilterDriver - ok
12:13:58.0911 6056 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
12:13:59.0005 6056 iphlpsvc - ok
12:13:59.0149 6056 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
12:13:59.0223 6056 IPMIDRV - ok
12:13:59.0317 6056 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
12:13:59.0380 6056 IPNAT - ok
12:13:59.0522 6056 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
12:13:59.0551 6056 iPod Service - ok
12:13:59.0680 6056 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
12:13:59.0777 6056 IRENUM - ok
12:13:59.0828 6056 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
12:13:59.0839 6056 isapnp - ok
12:13:59.0890 6056 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
12:13:59.0910 6056 iScsiPrt - ok
12:13:59.0958 6056 k57nd60a (9d7ea8c7215d8d4ae7be110eee61085d) C:\Windows\system32\DRIVERS\k57nd60a.sys
12:13:59.0977 6056 k57nd60a - ok
12:14:00.0033 6056 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
12:14:00.0045 6056 kbdclass - ok
12:14:00.0099 6056 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
12:14:00.0114 6056 kbdhid - ok
12:14:00.0177 6056 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:14:00.0194 6056 KeyIso - ok
12:14:00.0371 6056 Kodak AiO Network Discovery Service (27277a11db52fefae5b01dc8fb570b28) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
12:14:00.0397 6056 Kodak AiO Network Discovery Service - ok
12:14:00.0503 6056 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
12:14:00.0519 6056 KSecDD - ok
12:14:00.0537 6056 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
12:14:00.0550 6056 KSecPkg - ok
12:14:00.0596 6056 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
12:14:00.0634 6056 ksthunk - ok
12:14:00.0676 6056 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
12:14:00.0724 6056 KtmRm - ok
12:14:00.0849 6056 L1E (2ac603c3188c704cfce353659aa7ad71) C:\Windows\system32\DRIVERS\L1E62x64.sys
12:14:00.0901 6056 L1E - ok
12:14:01.0142 6056 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
12:14:01.0249 6056 LanmanServer - ok
12:14:01.0329 6056 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
12:14:01.0419 6056 LanmanWorkstation - ok
12:14:01.0554 6056 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
12:14:01.0619 6056 lltdio - ok
12:14:01.0668 6056 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
12:14:01.0736 6056 lltdsvc - ok
12:14:01.0867 6056 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
12:14:01.0933 6056 lmhosts - ok
12:14:02.0035 6056 LMS (23de5b62b0445a6f874be633c95b483e) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
12:14:02.0057 6056 LMS - ok
12:14:02.0147 6056 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
12:14:02.0161 6056 LSI_FC - ok
12:14:02.0189 6056 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
12:14:02.0205 6056 LSI_SAS - ok
12:14:02.0223 6056 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:14:02.0235 6056 LSI_SAS2 - ok
12:14:02.0251 6056 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:14:02.0264 6056 LSI_SCSI - ok
12:14:02.0282 6056 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
12:14:02.0342 6056 luafv - ok
12:14:02.0532 6056 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
12:14:02.0546 6056 MBAMProtector - ok
12:14:02.0840 6056 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
12:14:02.0862 6056 MBAMService - ok
12:14:03.0398 6056 mcdbus (0e511aaf050c4dbafc7d0cfc99a37fd9) C:\Windows\system32\DRIVERS\mcdbus.sys
12:14:03.0431 6056 mcdbus ( UnsignedFile.Multi.Generic ) - warning
12:14:03.0431 6056 mcdbus - detected UnsignedFile.Multi.Generic (1)
12:14:03.0667 6056 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
12:14:03.0710 6056 Mcx2Svc - ok
12:14:03.0821 6056 MDM (7cf1b716372b89568ae4c0fe769f5869) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
12:14:03.0853 6056 MDM ( UnsignedFile.Multi.Generic ) - warning
12:14:03.0853 6056 MDM - detected UnsignedFile.Multi.Generic (1)
12:14:03.0948 6056 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
12:14:03.0960 6056 megasas - ok
12:14:04.0045 6056 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
12:14:04.0061 6056 MegaSR - ok
12:14:04.0151 6056 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
12:14:04.0237 6056 MMCSS - ok
12:14:04.0321 6056 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
12:14:04.0406 6056 Modem - ok
12:14:04.0510 6056 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
12:14:04.0554 6056 monitor - ok
12:14:04.0678 6056 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
12:14:04.0697 6056 mouclass - ok
12:14:04.0815 6056 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
12:14:04.0854 6056 mouhid - ok
12:14:05.0172 6056 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
12:14:05.0194 6056 mountmgr - ok
12:14:05.0549 6056 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
12:14:05.0575 6056 mpio - ok
12:14:05.0678 6056 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
12:14:05.0749 6056 mpsdrv - ok
12:14:05.0818 6056 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
12:14:05.0943 6056 MpsSvc - ok
12:14:06.0012 6056 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
12:14:06.0069 6056 MRxDAV - ok
12:14:06.0139 6056 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:14:06.0208 6056 mrxsmb - ok
12:14:06.0311 6056 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:14:06.0375 6056 mrxsmb10 - ok
12:14:06.0437 6056 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:14:06.0474 6056 mrxsmb20 - ok
12:14:06.0523 6056 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
12:14:06.0534 6056 msahci - ok
12:14:06.0587 6056 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
12:14:06.0607 6056 msdsm - ok
12:14:06.0657 6056 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
12:14:06.0692 6056 MSDTC - ok
12:14:06.0754 6056 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
12:14:06.0832 6056 Msfs - ok
12:14:06.0881 6056 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
12:14:06.0945 6056 mshidkmdf - ok
12:14:06.0990 6056 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
12:14:07.0010 6056 msisadrv - ok
12:14:07.0055 6056 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
12:14:07.0146 6056 MSiSCSI - ok
12:14:07.0153 6056 msiserver - ok
12:14:07.0211 6056 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
12:14:07.0285 6056 MSKSSRV - ok
12:14:07.0321 6056 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
12:14:07.0359 6056 MSPCLOCK - ok
12:14:07.0368 6056 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
12:14:07.0429 6056 MSPQM - ok
12:14:07.0490 6056 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
12:14:07.0522 6056 MsRPC - ok
12:14:07.0577 6056 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
12:14:07.0588 6056 mssmbios - ok
12:14:07.0616 6056 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
12:14:07.0682 6056 MSTEE - ok
12:14:07.0714 6056 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
12:14:07.0726 6056 MTConfig - ok
12:14:07.0758 6056 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
12:14:07.0770 6056 Mup - ok
12:14:07.0823 6056 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
12:14:07.0905 6056 napagent - ok
12:14:08.0033 6056 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
12:14:08.0095 6056 NativeWifiP - ok
12:14:08.0220 6056 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
12:14:08.0267 6056 NDIS - ok
12:14:08.0319 6056 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
12:14:08.0382 6056 NdisCap - ok
12:14:08.0495 6056 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
12:14:08.0574 6056 NdisTapi - ok
12:14:08.0685 6056 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
12:14:08.0775 6056 Ndisuio - ok
12:14:08.0824 6056 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
12:14:08.0880 6056 NdisWan - ok
12:14:08.0933 6056 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
12:14:09.0024 6056 NDProxy - ok
12:14:09.0076 6056 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
12:14:09.0140 6056 NetBIOS - ok
12:14:09.0197 6056 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
12:14:09.0265 6056 NetBT - ok
12:14:09.0332 6056 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:14:09.0353 6056 Netlogon - ok
12:14:09.0401 6056 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
12:14:09.0482 6056 Netman - ok
12:14:09.0658 6056 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:14:09.0669 6056 NetMsmqActivator - ok
12:14:09.0730 6056 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:14:09.0743 6056 NetPipeActivator - ok
12:14:09.0833 6056 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
12:14:09.0907 6056 netprofm - ok
12:14:10.0070 6056 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:14:10.0087 6056 NetTcpActivator - ok
12:14:10.0093 6056 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:14:10.0107 6056 NetTcpPortSharing - ok
12:14:10.0200 6056 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
12:14:10.0213 6056 nfrd960 - ok
12:14:10.0317 6056 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
12:14:10.0386 6056 NlaSvc - ok
12:14:10.0446 6056 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
12:14:10.0487 6056 Npfs - ok
12:14:10.0517 6056 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
12:14:10.0585 6056 nsi - ok
12:14:10.0615 6056 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
12:14:10.0682 6056 nsiproxy - ok
12:14:10.0767 6056 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
12:14:10.0828 6056 Ntfs - ok
12:14:10.0868 6056 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
12:14:10.0930 6056 Null - ok
12:14:10.0981 6056 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
12:14:10.0993 6056 nvraid - ok
12:14:11.0048 6056 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
12:14:11.0063 6056 nvstor - ok
12:14:11.0127 6056 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
12:14:11.0140 6056 nv_agp - ok
12:14:11.0364 6056 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:14:11.0384 6056 odserv - ok
12:14:11.0484 6056 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
12:14:11.0528 6056 ohci1394 - ok
12:14:11.0619 6056 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:14:11.0633 6056 ose - ok
12:14:11.0716 6056 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
12:14:11.0798 6056 p2pimsvc - ok
12:14:11.0825 6056 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
12:14:11.0889 6056 p2psvc - ok
12:14:11.0940 6056 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
12:14:11.0954 6056 Parport - ok
12:14:12.0001 6056 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
12:14:12.0015 6056 partmgr - ok
12:14:12.0042 6056 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
12:14:12.0093 6056 PcaSvc - ok
12:14:12.0160 6056 pccsmcfd (bc0018c2d29f655188a0ed3fa94fdb24) C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
12:14:12.0225 6056 pccsmcfd - ok
12:14:12.0277 6056 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
12:14:12.0297 6056 pci - ok
12:14:12.0334 6056 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
12:14:12.0344 6056 pciide - ok
12:14:12.0373 6056 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
12:14:12.0388 6056 pcmcia - ok
12:14:12.0403 6056 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
12:14:12.0416 6056 pcw - ok
12:14:12.0453 6056 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
12:14:12.0531 6056 PEAUTH - ok
12:14:12.0738 6056 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
12:14:12.0779 6056 PerfHost - ok
12:14:12.0889 6056 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
12:14:13.0009 6056 pla - ok
12:14:13.0110 6056 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
12:14:13.0178 6056 PlugPlay - ok
12:14:13.0296 6056 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
12:14:13.0339 6056 PNRPAutoReg - ok
12:14:13.0460 6056 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
12:14:13.0482 6056 PNRPsvc - ok
12:14:13.0533 6056 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
12:14:13.0541 6056 Point64 - ok
12:14:13.0603 6056 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
12:14:13.0649 6056 PolicyAgent - ok
12:14:13.0726 6056 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
12:14:13.0789 6056 Power - ok
12:14:13.0866 6056 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
12:14:13.0935 6056 PptpMiniport - ok
12:14:14.0034 6056 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
12:14:14.0050 6056 Processor - ok
12:14:14.0100 6056 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
12:14:14.0170 6056 ProfSvc - ok
12:14:14.0222 6056 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:14:14.0233 6056 ProtectedStorage - ok
12:14:14.0303 6056 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
12:14:14.0380 6056 Psched - ok
12:14:14.0527 6056 PuranDefrag (c2ed66cb163fa6dade402d28f49a9dd8) C:\Windows\system32\PuranDefragS.exe
12:14:14.0576 6056 PuranDefrag ( UnsignedFile.Multi.Generic ) - warning
12:14:14.0576 6056 PuranDefrag - detected UnsignedFile.Multi.Generic (1)
12:14:14.0665 6056 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
12:14:14.0719 6056 ql2300 - ok
12:14:14.0750 6056 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
12:14:14.0764 6056 ql40xx - ok
12:14:14.0820 6056 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
12:14:14.0844 6056 QWAVE - ok
12:14:14.0884 6056 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
12:14:14.0925 6056 QWAVEdrv - ok
12:14:15.0064 6056 RapiMgr (a55e7d0d873b2c97585b3b5926ac6ade) C:\Windows\WindowsMobile\rapimgr.dll
12:14:15.0079 6056 RapiMgr - ok
12:14:15.0164 6056 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
12:14:15.0236 6056 RasAcd - ok
12:14:15.0329 6056 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
12:14:15.0404 6056 RasAgileVpn - ok
12:14:15.0517 6056 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
12:14:15.0599 6056 RasAuto - ok
12:14:15.0694 6056 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:14:15.0765 6056 Rasl2tp - ok
12:14:15.0846 6056 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
12:14:15.0920 6056 RasMan - ok
12:14:15.0977 6056 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
12:14:16.0047 6056 RasPppoe - ok
12:14:16.0115 6056 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
12:14:16.0152 6056 RasSstp - ok
12:14:16.0207 6056 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
12:14:16.0284 6056 rdbss - ok
12:14:16.0334 6056 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
12:14:16.0384 6056 rdpbus - ok
12:14:16.0430 6056 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:14:16.0508 6056 RDPCDD - ok
12:14:16.0556 6056 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
12:14:16.0597 6056 RDPENCDD - ok
12:14:16.0617 6056 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
12:14:16.0676 6056 RDPREFMP - ok
12:14:16.0730 6056 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
12:14:16.0796 6056 RDPWD - ok
12:14:16.0847 6056 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
12:14:16.0866 6056 rdyboost - ok
12:14:16.0910 6056 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
12:14:16.0979 6056 RemoteAccess - ok
12:14:17.0079 6056 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
12:14:17.0164 6056 RemoteRegistry - ok
12:14:17.0283 6056 RimUsb (7b04c9843921ab1f695fb395422c5360) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
12:14:17.0346 6056 RimUsb - ok
12:14:17.0418 6056 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
12:14:17.0470 6056 RpcEptMapper - ok
12:14:17.0574 6056 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
12:14:17.0594 6056 RpcLocator - ok
12:14:17.0652 6056 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\System32\rpcss.dll
12:14:17.0708 6056 RpcSs - ok
12:14:17.0769 6056 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
12:14:17.0833 6056 rspndr - ok
12:14:17.0944 6056 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:14:17.0954 6056 SamSs - ok
12:14:18.0027 6056 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
12:14:18.0041 6056 sbp2port - ok
12:14:18.0095 6056 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
12:14:18.0144 6056 SCardSvr - ok
12:14:18.0236 6056 SCDEmu (b2f50286dc82b93c013e3fc57ba1a956) C:\Windows\system32\drivers\SCDEmu.sys
12:14:18.0260 6056 SCDEmu - ok
12:14:18.0314 6056 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
12:14:18.0372 6056 scfilter - ok
12:14:18.0429 6056 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
12:14:18.0535 6056 Schedule - ok
12:14:18.0585 6056 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
12:14:18.0621 6056 SCPolicySvc - ok
12:14:18.0668 6056 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
12:14:18.0697 6056 SDRSVC - ok
12:14:18.0751 6056 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
12:14:18.0819 6056 secdrv - ok
12:14:18.0863 6056 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
12:14:18.0902 6056 seclogon - ok
12:14:18.0947 6056 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
12:14:19.0016 6056 SENS - ok
12:14:19.0111 6056 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
12:14:19.0189 6056 SensrSvc - ok
12:14:19.0282 6056 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
12:14:19.0330 6056 Serenum - ok
12:14:19.0518 6056 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
12:14:19.0565 6056 Serial - ok
12:14:19.0688 6056 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
12:14:19.0734 6056 sermouse - ok
12:14:19.0830 6056 ServiceLayer (3ec8de67b1c78c31e54c0f030e6bd7d5) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
12:14:19.0887 6056 ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
12:14:19.0887 6056 ServiceLayer - detected UnsignedFile.Multi.Generic (1)
12:14:20.0024 6056 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
12:14:20.0082 6056 SessionEnv - ok
12:14:20.0149 6056 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
12:14:20.0211 6056 sffdisk - ok
12:14:20.0225 6056 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
12:14:20.0257 6056 sffp_mmc - ok
12:14:20.0292 6056 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
12:14:20.0337 6056 sffp_sd - ok
12:14:20.0444 6056 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
12:14:20.0488 6056 sfloppy - ok
12:14:20.0598 6056 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
12:14:20.0691 6056 SharedAccess - ok
12:14:20.0757 6056 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
12:14:20.0823 6056 ShellHWDetection - ok
12:14:20.0912 6056 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:14:20.0932 6056 SiSRaid2 - ok
12:14:21.0031 6056 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
12:14:21.0043 6056 SiSRaid4 - ok
12:14:21.0075 6056 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
12:14:21.0142 6056 Smb - ok
12:14:21.0275 6056 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
12:14:21.0288 6056 SNMPTRAP - ok
12:14:21.0333 6056 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
12:14:21.0347 6056 spldr - ok
12:14:21.0399 6056 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
12:14:21.0448 6056 Spooler - ok
12:14:21.0596 6056 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
12:14:21.0804 6056 sppsvc - ok
12:14:21.0914 6056 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
12:14:21.0982 6056 sppuinotify - ok
12:14:22.0093 6056 sptd (602884696850c86434530790b110e8eb) C:\Windows\System32\Drivers\sptd.sys
12:14:22.0143 6056 sptd - ok
12:14:22.0182 6056 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
12:14:22.0247 6056 srv - ok
12:14:22.0282 6056 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
12:14:22.0321 6056 srv2 - ok
12:14:22.0355 6056 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
12:14:22.0370 6056 srvnet - ok
12:14:22.0410 6056 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
12:14:22.0472 6056 SSDPSRV - ok
12:14:22.0524 6056 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
12:14:22.0591 6056 SstpSvc - ok
12:14:22.0674 6056 Steam Client Service - ok
12:14:22.0767 6056 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
12:14:22.0784 6056 stexstor - ok
12:14:22.0857 6056 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
12:14:22.0903 6056 stisvc - ok
12:14:22.0953 6056 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
12:14:22.0964 6056 swenum - ok
12:14:22.0995 6056 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
12:14:23.0087 6056 swprv - ok
12:14:23.0128 6056 SynTP (a0066e04d89e1ccdc8b24af4c7f41416) C:\Windows\system32\DRIVERS\SynTP.sys
12:14:23.0143 6056 SynTP - ok
12:14:23.0229 6056 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
12:14:23.0293 6056 SysMain - ok
12:14:23.0334 6056 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
12:14:23.0378 6056 TabletInputService - ok
12:14:23.0433 6056 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
12:14:23.0495 6056 TapiSrv - ok
12:14:23.0607 6056 tbhsd (93f0f5ef8a4ca261372df98b31b2bd05) C:\Windows\system32\drivers\tbhsd.sys
12:14:23.0618 6056 tbhsd - ok
12:14:23.0651 6056 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
12:14:23.0688 6056 TBS - ok
12:14:23.0764 6056 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
12:14:23.0859 6056 Tcpip - ok
12:14:23.0931 6056 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
12:14:23.0981 6056 TCPIP6 - ok
12:14:24.0033 6056 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
12:14:24.0074 6056 tcpipreg - ok
12:14:24.0106 6056 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
12:14:24.0147 6056 TDPIPE - ok
12:14:24.0189 6056 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
12:14:24.0207 6056 TDTCP - ok
12:14:24.0262 6056 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
12:14:24.0331 6056 tdx - ok
12:14:24.0468 6056 TeamViewer6 (839e88db24d2d8f05b72e12b175951ca) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
12:14:24.0551 6056 TeamViewer6 - ok
12:14:24.0661 6056 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
12:14:24.0684 6056 TermDD - ok
12:14:24.0740 6056 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
12:14:24.0820 6056 TermService - ok
12:14:24.0868 6056 Themes (9201be2bab8a9ff8e20d8439ae3bb04d) C:\Windows\system32\themeservice.dll
12:14:24.0906 6056 Themes ( UnsignedFile.Multi.Generic ) - warning
12:14:24.0906 6056 Themes - detected UnsignedFile.Multi.Generic (1)
12:14:24.0952 6056 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
12:14:25.0004 6056 THREADORDER - ok
12:14:25.0068 6056 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
12:14:25.0150 6056 TrkWks - ok
12:14:25.0235 6056 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
12:14:25.0303 6056 TrustedInstaller - ok
12:14:25.0398 6056 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:14:25.0458 6056 tssecsrv - ok
12:14:25.0539 6056 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
12:14:25.0605 6056 TsUsbFlt - ok
12:14:25.0670 6056 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
12:14:25.0753 6056 tunnel - ok
12:14:25.0795 6056 TurboB (825e7a1f48fb8bcfba27c178aab4e275) C:\Windows\system32\DRIVERS\TurboB.sys
12:14:25.0808 6056 TurboB - ok
12:14:25.0909 6056 TurboBoost (b206be1174d5964d49a56bb6c4e0524a) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
12:14:25.0923 6056 TurboBoost - ok
12:14:26.0166 6056 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
12:14:26.0181 6056 uagp35 - ok
12:14:26.0243 6056 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
12:14:26.0318 6056 udfs - ok
12:14:26.0346 6056 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
12:14:26.0383 6056 UI0Detect - ok
12:14:26.0464 6056 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
12:14:26.0477 6056 uliagpkx - ok
12:14:26.0545 6056 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
12:14:26.0627 6056 umbus - ok
12:14:26.0705 6056 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
12:14:26.0739 6056 UmPass - ok
12:14:26.0882 6056 UNS (cc3775100aba633984f73dfae1f55cae) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
12:14:26.0991 6056 UNS - ok
12:14:27.0079 6056 Updater Service (f9ec9acd504d823d9b9ca98a4f8d3ca2) C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
12:14:27.0090 6056 Updater Service - ok
12:14:27.0198 6056 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
12:14:27.0287 6056 upnphost - ok
12:14:27.0394 6056 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
12:14:27.0482 6056 USBAAPL64 - ok
12:14:27.0623 6056 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
12:14:27.0686 6056 usbaudio - ok
12:14:27.0751 6056 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
12:14:27.0823 6056 usbccgp - ok
12:14:27.0888 6056 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
12:14:27.0932 6056 usbcir - ok
12:14:27.0980 6056 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
12:14:27.0995 6056 usbehci - ok
12:14:28.0059 6056 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
12:14:28.0132 6056 usbhub - ok
12:14:28.0182 6056 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
12:14:28.0220 6056 usbohci - ok
12:14:28.0279 6056 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
12:14:28.0336 6056 usbprint - ok
12:14:28.0490 6056 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
12:14:28.0531 6056 usbscan - ok
12:14:28.0576 6056 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:14:28.0644 6056 USBSTOR - ok
12:14:28.0692 6056 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
12:14:28.0731 6056 usbuhci - ok
12:14:28.0804 6056 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
12:14:28.0849 6056 usbvideo - ok
12:14:28.0983 6056 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
12:14:29.0011 6056 usb_rndisx - ok
12:14:29.0048 6056 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
12:14:29.0085 6056 UxSms - ok
12:14:29.0144 6056 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:14:29.0163 6056 VaultSvc - ok
12:14:29.0227 6056 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
12:14:29.0237 6056 vdrvroot - ok
12:14:29.0297 6056 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
12:14:29.0372 6056 vds - ok
12:14:29.0423 6056 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
12:14:29.0438 6056 vga - ok
12:14:29.0468 6056 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
12:14:29.0548 6056 VgaSave - ok
12:14:29.0596 6056 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
12:14:29.0610 6056 vhdmp - ok
12:14:29.0664 6056 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
12:14:29.0677 6056 viaide - ok
12:14:29.0727 6056 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
12:14:29.0740 6056 volmgr - ok
12:14:29.0793 6056 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
12:14:29.0813 6056 volmgrx - ok
12:14:29.0855 6056 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
12:14:29.0872 6056 volsnap - ok
12:14:29.0918 6056 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
12:14:29.0934 6056 vsmraid - ok
12:14:30.0009 6056 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
12:14:30.0122 6056 VSS - ok
12:14:30.0178 6056 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
12:14:30.0194 6056 vwifibus - ok
12:14:30.0207 6056 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
12:14:30.0251 6056 vwififlt - ok
12:14:30.0287 6056 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
12:14:30.0324 6056 vwifimp - ok
12:14:30.0393 6056 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
12:14:30.0436 6056 W32Time - ok
12:14:30.0480 6056 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
12:14:30.0517 6056 WacomPen - ok
12:14:30.0586 6056 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:14:30.0664 6056 WANARP - ok
12:14:30.0687 6056 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:14:30.0726 6056 Wanarpv6 - ok
12:14:30.0786 6056 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
12:14:30.0845 6056 WatAdminSvc - ok
12:14:30.0908 6056 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
12:14:31.0044 6056 wbengine - ok
12:14:31.0129 6056 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
12:14:31.0182 6056 WbioSrvc - ok
12:14:31.0323 6056 WcesComm (8bda6db43aa54e8bb5e0794541ddc209) C:\Windows\WindowsMobile\wcescomm.dll
12:14:31.0350 6056 WcesComm - ok
12:14:31.0432 6056 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
12:14:31.0468 6056 wcncsvc - ok
12:14:31.0521 6056 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
12:14:31.0582 6056 WcsPlugInService - ok
12:14:31.0623 6056 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
12:14:31.0634 6056 Wd - ok
12:14:31.0688 6056 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
12:14:31.0714 6056 Wdf01000 - ok
12:14:31.0757 6056 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
12:14:31.0863 6056 WdiServiceHost - ok
12:14:31.0868 6056 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
12:14:31.0886 6056 WdiSystemHost - ok
12:14:31.0936 6056 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
12:14:31.0979 6056 WebClient - ok
12:14:32.0025 6056 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
12:14:32.0089 6056 Wecsvc - ok
12:14:32.0140 6056 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
12:14:32.0221 6056 wercplsupport - ok
12:14:32.0265 6056 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
12:14:32.0331 6056 WerSvc - ok
12:14:32.0392 6056 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
12:14:32.0487 6056 WfpLwf - ok
12:14:32.0515 6056 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
12:14:32.0526 6056 WIMMount - ok
12:14:32.0557 6056 WinDefend - ok
12:14:32.0564 6056 WinHttpAutoProxySvc - ok
12:14:32.0629 6056 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
12:14:32.0691 6056 Winmgmt - ok
12:14:32.0778 6056 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
12:14:32.0891 6056 WinRM - ok
12:14:33.0028 6056 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
12:14:33.0044 6056 WinUsb - ok
12:14:33.0113 6056 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
12:14:33.0170 6056 Wlansvc - ok
12:14:33.0312 6056 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:14:33.0390 6056 wlidsvc - ok
12:14:33.0491 6056 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
12:14:33.0503 6056 WmiAcpi - ok
12:14:33.0578 6056 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
12:14:33.0627 6056 wmiApSrv - ok
12:14:33.0680 6056 WMPNetworkSvc - ok
12:14:33.0765 6056 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
12:14:33.0797 6056 WPCSvc - ok
12:14:33.0841 6056 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
12:14:33.0887 6056 WPDBusEnum - ok
12:14:33.0926 6056 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
12:14:33.0962 6056 ws2ifsl - ok
12:14:34.0003 6056 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
12:14:34.0041 6056 wscsvc - ok
12:14:34.0048 6056 WSearch - ok
12:14:34.0155 6056 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
12:14:34.0339 6056 wuauserv - ok
12:14:34.0467 6056 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
12:14:34.0506 6056 WudfPf - ok
12:14:34.0548 6056 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:14:34.0629 6056 WUDFRd - ok
12:14:34.0668 6056 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
12:14:34.0705 6056 wudfsvc - ok
12:14:34.0753 6056 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
12:14:34.0804 6056 WwanSvc - ok
12:14:34.0867 6056 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
12:14:35.0064 6056 \Device\Harddisk0\DR0 - ok
12:14:35.0070 6056 Boot (0x1200) (22983d061e1b4e1183a733d4229d311c) \Device\Harddisk0\DR0\Partition0
12:14:35.0075 6056 \Device\Harddisk0\DR0\Partition0 - ok
12:14:35.0112 6056 Boot (0x1200) (2dc9e5a88fb97f387281deabc9f9026e) \Device\Harddisk0\DR0\Partition1
12:14:35.0114 6056 \Device\Harddisk0\DR0\Partition1 - ok
12:14:35.0114 6056 ============================================================
12:14:35.0114 6056 Scan finished
12:14:35.0114 6056 ============================================================
12:14:35.0126 5452 Detected object count: 6
12:14:35.0126 5452 Actual detected object count: 6
12:14:48.0246 5452 ATITool ( UnsignedFile.Multi.Generic ) - skipped by user
12:14:48.0246 5452 ATITool ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:14:48.0246 5452 mcdbus ( UnsignedFile.Multi.Generic ) - skipped by user
12:14:48.0246 5452 mcdbus ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:14:48.0246 5452 MDM ( UnsignedFile.Multi.Generic ) - skipped by user
12:14:48.0246 5452 MDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:14:48.0246 5452 PuranDefrag ( UnsignedFile.Multi.Generic ) - skipped by user
12:14:48.0246 5452 PuranDefrag ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:14:48.0246 5452 ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
12:14:48.0246 5452 ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:14:48.0246 5452 Themes ( UnsignedFile.Multi.Generic ) - skipped by user
12:14:48.0246 5452 Themes ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:15:17.0129 5508 Deinitialize success

And for some reason when I click the links to download avz4.exe/the zip file, it says that the webpage is not available.
  • 0

#6
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Are you sure you're clicking at the correct link? Because when I try it works. Click this:
AVZ4
  • 0

#7
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
hello
if that link still doesn't work, download it from here
  • 0

#8
xCherryXSherryx

xCherryXSherryx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts
Okay, that last link DID work. :)

Attached Files


  • 0

#9
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hello Sherry :)

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :processes
    killallprocesses

    :OTL
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
    IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = http://dts.search-re...q={searchTerms}
    IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}: "URL" = http://dts.search-re...q={searchTerms}
    IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
    IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = http://dts.search-re...q={searchTerms}
    IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}: "URL" = http://dts.search-re...q={searchTerms}
    IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
    IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = http://dts.search-re...q={searchTerms}
    IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}: "URL" = http://dts.search-re...q={searchTerms}
    IE - HKCU\..\SearchScopes\{E718C3DE-111B-48C1-BC1C-FF248EB10C9B}: "URL" = http://search.avg.co...}&ychte=us&nt=1
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3C5F0F00-683D-4847-89C8-E7AF64FD1CFB}: C:\Program Files (x86)\RelevantKnowledge
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E71AD9B0-C556-4F31-82BE-2EF1C50DA2F0}: DhcpNameServer = 167.206.254.2 167.206.254.1
    [2011/03/24 20:37:24 | 000,000,008 | -HS- | C] () -- C:\Users\Sherry\AppData\Local\systemCurUses
    [2011/03/24 20:37:22 | 000,000,006 | -HS- | C] () -- C:\Users\Sherry\AppData\Local\systemHdID

    :Services

    :Reg

    :Files

    :Commands
    [purity]
    [EMPTYFLASH]
    [EMPTYJAVA]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.


Next:

File Scanner
There are some files I need you to upload for checking

  • Make sure to use Internet Explorer for this
  • Please go to VirSCAN.org FREE on-line scan service or VirusTotal
  • Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:
    • C:\Windows\sslzdlt.dll
  • Click on the Upload button
  • If a pop-up appears saying the file has been scanned already, please select the ReScan button.
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.


Next:

Please run a full scan with Avira and delete anything found. Instructions for running a scan here. Select Local Hard Disks as a scan profile.

Finally post the log here


Next:
Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
  • 0

#10
xCherryXSherryx

xCherryXSherryx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts
Here's the OTL report:

OTL logfile created on: 4/21/2012 6:48:30 AM - Run 10
OTL by OldTimer - Version 3.2.40.0 Folder = C:\Users\Sherry\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.86 Gb Total Physical Memory | 1.93 Gb Available Physical Memory | 49.92% Memory free
9.66 Gb Paging File | 7.40 Gb Available in Paging File | 76.63% Paging File free
Paging file location(s): C:\pagefile.sys 5934 5934 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.97 Gb Total Space | 93.56 Gb Free Space | 20.66% Space Free | Partition Type: NTFS
Drive F: | 3.72 Gb Total Space | 0.68 Gb Free Space | 18.39% Space Free | Partition Type: FAT32

Computer Name: SHERRY-PC | User Name: Sherry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/21 06:09:45 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Sherry\Desktop\OTL.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 15:56:38 | 000,981,680 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/03/11 22:57:55 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012/03/11 22:56:50 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2012/03/11 22:56:29 | 000,342,480 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
PRC - [2012/03/11 22:56:25 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/03/11 22:56:23 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/12/19 17:32:26 | 000,394,672 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
PRC - [2011/11/28 21:53:03 | 000,255,208 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
PRC - [2011/07/28 19:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010/12/07 06:32:02 | 002,228,008 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2010/09/25 16:18:05 | 002,969,496 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
PRC - [2010/04/08 16:18:40 | 000,908,368 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2010/04/08 16:18:40 | 000,312,400 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2010/04/08 16:18:40 | 000,298,064 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2010/03/03 17:42:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/03/03 17:41:58 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/01/28 19:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
PRC - [2009/12/23 20:39:04 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009/12/23 20:39:02 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe


========== Modules (No Company Name) ==========

MOD - [2012/04/13 11:38:49 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\262285b3d0afafc5059f3fe9be69bff5\System.Windows.Forms.ni.dll
MOD - [2012/04/13 11:38:41 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8177623eac8f15cf95b587625439eac7\System.Drawing.ni.dll
MOD - [2012/04/12 03:37:34 | 000,444,400 | ---- | M] () -- C:\Users\Sherry\AppData\Local\Google\Chrome\Application\18.0.1025.162\ppgooglenaclpluginchrome.dll
MOD - [2012/04/12 03:37:33 | 003,915,248 | ---- | M] () -- C:\Users\Sherry\AppData\Local\Google\Chrome\Application\18.0.1025.162\pdf.dll
MOD - [2012/04/12 03:36:08 | 000,122,880 | ---- | M] () -- C:\Users\Sherry\AppData\Local\Google\Chrome\Application\18.0.1025.162\avutil-51.dll
MOD - [2012/04/12 03:36:06 | 000,220,672 | ---- | M] () -- C:\Users\Sherry\AppData\Local\Google\Chrome\Application\18.0.1025.162\avformat-53.dll
MOD - [2012/04/12 03:36:05 | 001,747,456 | ---- | M] () -- C:\Users\Sherry\AppData\Local\Google\Chrome\Application\18.0.1025.162\avcodec-53.dll
MOD - [2012/04/12 02:51:55 | 008,743,584 | ---- | M] () -- C:\Users\Sherry\AppData\Local\Google\Chrome\Application\18.0.1025.162\gcswf32.dll
MOD - [2012/02/16 04:52:00 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll
MOD - [2012/02/16 04:50:47 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll
MOD - [2012/02/16 04:50:42 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012/02/16 04:50:39 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
MOD - [2012/02/16 04:50:36 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2011/11/28 07:58:45 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/07/28 19:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 19:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/09/25 16:18:05 | 002,969,496 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
MOD - [2009/05/20 18:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/05/17 12:11:42 | 000,290,816 | ---- | M] (Puran Software) [Disabled | Stopped] -- C:\Windows\SysNative\PuranDefragS.exe -- (PuranDefrag)
SRV:64bit: - [2010/02/05 23:23:06 | 000,865,824 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2010/01/28 19:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2010/01/22 13:01:12 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/11/02 15:48:18 | 000,126,352 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/04/13 16:26:42 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/03/11 22:57:55 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/03/11 22:56:50 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2012/03/11 22:56:29 | 000,342,480 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2012/03/11 22:56:25 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/12/19 17:32:26 | 000,394,672 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)
SRV - [2011/11/04 16:29:05 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/10/02 07:25:01 | 000,189,248 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWow64\PnkBstrB.ex0 -- (PnkBstrB)
SRV - [2011/10/02 07:24:56 | 000,075,136 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWow64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/12/07 06:32:02 | 002,228,008 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010/04/08 16:18:40 | 000,312,400 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/03 17:42:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2010/03/03 17:41:58 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2009/12/23 20:39:04 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2009/12/15 16:07:16 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/11 10:38:06 | 000,620,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007/05/31 18:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 18:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/02/15 07:20:46 | 000,132,320 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/10/10 09:26:10 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/10/10 09:08:06 | 000,305,200 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/09/16 00:55:03 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/09/16 00:55:03 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011/08/01 16:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/06/21 15:05:52 | 000,046,112 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tbhsd.sys -- (tbhsd)
DRV:64bit: - [2011/06/15 04:30:46 | 000,093,240 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2011/04/13 23:47:55 | 000,031,216 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/07/15 23:24:21 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/04/07 14:04:22 | 002,216,960 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/02/10 22:02:00 | 000,158,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/01/22 13:13:24 | 006,233,088 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/01/22 12:07:56 | 000,161,280 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2009/12/17 13:42:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/12/01 22:21:32 | 000,040,448 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2009/11/02 15:48:02 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009/10/22 00:55:06 | 000,272,432 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009/10/16 06:32:22 | 000,321,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2009/09/30 13:34:32 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/09/17 16:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/06/19 22:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20)
DRV:64bit: - [2009/06/10 16:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 16:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/03/18 18:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2008/08/28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2007/05/14 17:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2006/11/10 09:08:58 | 000,030,720 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ATITool64.sys -- (ATITool)
DRV:64bit: - [2006/09/26 09:56:08 | 000,194,560 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV:64bit: - [2005/09/19 14:57:36 | 000,142,336 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbVM31b.sys -- (DCamUSBVM)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gate...80z1j5a46n1b235
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ACGW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gate...80z1j5a46n1b235
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...1I7ACGW_enUS388
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.startup.homepage: ""


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Sherry\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Sherry\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3C5F0F00-683D-4847-89C8-E7AF64FD1CFB}: C:\Program Files (x86)\RelevantKnowledge
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/12/24 09:49:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/12/07 22:58:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/10/30 18:10:56 | 000,000,000 | ---D | M]

[2011/08/19 08:15:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sherry\AppData\Roaming\Mozilla\Extensions
[2011/06/30 23:01:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sherry\AppData\Roaming\Mozilla\Extensions\[email protected]
[2010/07/15 16:14:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sherry\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/10/09 11:32:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sherry\AppData\Roaming\Mozilla\Firefox\Profiles\ywyf3121.default\extensions
[2011/08/19 18:57:51 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Sherry\AppData\Roaming\Mozilla\Firefox\Profiles\ywyf3121.default\extensions\[email protected]
[2011/07/04 11:36:12 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Sherry\AppData\Roaming\Mozilla\Firefox\Profiles\ywyf3121.default\extensions\[email protected]
[2012/03/11 23:01:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/03/11 23:01:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2011/11/21 00:04:51 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/03/11 23:01:22 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/11/20 21:04:05 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/20 21:04:05 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Sherry\AppData\Local\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Sherry\AppData\Local\Google\Chrome\Application\18.0.1025.162\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Sherry\AppData\Local\Google\Chrome\Application\18.0.1025.162\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Sherry\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - Extension: Missing e = C:\Users\Sherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcjbagclppcgdbpobcpoojdjdmcjhpid\2.9.11_0\
CHR - Extension: YouTube = C:\Users\Sherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Kate Spade = C:\Users\Sherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhpfdkiglaphjhmhojbofcplejkjkoc\3_0\
CHR - Extension: Google Search = C:\Users\Sherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: UnfollowHater = C:\Users\Sherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpjobkfnjnakiggjoafelkncclbonjhm\1.0.6_1\
CHR - Extension: AdBlock = C:\Users\Sherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.32_0\
CHR - Extension: Search Center = C:\Users\Sherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndfplmdnbnefomnjiknbpejdceedhdmf\3.7.3_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Sherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Users\Sherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2011/11/22 08:34:43 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [EKAiO2StatusMonitor] C:\Windows\SysNative\spool\drivers\x64\3\EKAiO2MUI.exe (Eastman Kodak Company)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Conime] %windir%\system32\conime.exe File not found
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EKAiO2StatusMonitor] C:\Windows\system32\spool\DRIVERS\x64\3\EKAiO2MUI.EXE File not found
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [YouCam Service] C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe (CyberLink Corp.)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [PowerSuite] "C:\PROGRA~2\Uniblue\POWERS~1\launcher.exe" delay 20000 -m File not found
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Sherry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Sherry\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Sherry\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Sherry\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Sherry\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{36AA29EF-2F7C-4159-BDF3-ED69785F896F}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - Unable to obtain root file information for disk F:\
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/21 06:09:45 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Sherry\Desktop\OTL.exe
[2012/04/18 05:49:35 | 000,000,000 | ---D | C] -- C:\Users\Sherry\Desktop\Sherlock - Season 1-2 Complete 480p.x264.HDTV.ReEnc-BoB
[2012/04/16 15:50:53 | 000,000,000 | ---D | C] -- C:\Users\Sherry\Documents\Updater
[2012/04/16 15:46:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe Systems
[2012/04/16 15:42:46 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Adobe PDF
[2012/04/16 15:42:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe Systems Shared
[2012/04/16 15:42:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
[2012/03/28 06:06:42 | 000,000,000 | ---D | C] -- C:\Users\Sherry\Desktop\Firefly
[2012/03/23 19:55:40 | 000,000,000 | ---D | C] -- C:\Users\Sherry\AppData\Local\Spotify
[2012/03/23 19:54:17 | 000,000,000 | ---D | C] -- C:\Users\Sherry\AppData\Roaming\Spotify

========== Files - Modified Within 30 Days ==========

[2012/04/21 06:51:01 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3073798259-1430849664-2456542642-1000UA.job
[2012/04/21 06:47:01 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/21 06:39:43 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/21 06:39:43 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/21 06:30:36 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/21 06:30:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/21 06:30:05 | 3111,518,208 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/21 06:29:23 | 000,003,408 | ---- | M] () -- C:\bootsqm.dat
[2012/04/21 06:09:45 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Sherry\Desktop\OTL.exe
[2012/04/20 22:26:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/20 22:03:15 | 150,018,570 | ---- | M] () -- C:\Users\Sherry\Desktop\Community.S03E16.HDTV.x264-LOL.mp4
[2012/04/20 17:00:16 | 000,112,595 | ---- | M] () -- C:\Users\Sherry\Desktop\IMG_5875.JPG
[2012/04/20 16:16:40 | 000,580,047 | ---- | M] () -- C:\Users\Sherry\Desktop\IMG_9783.JPG
[2012/04/20 15:14:03 | 000,485,844 | ---- | M] () -- C:\Users\Sherry\Desktop\IMG_9772.JPG
[2012/04/20 05:15:55 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3073798259-1430849664-2456542642-1000Core.job
[2012/04/19 20:39:17 | 000,779,266 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/04/19 20:39:17 | 000,660,530 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/04/19 20:39:17 | 000,121,426 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/04/19 19:49:35 | 076,752,408 | ---- | M] () -- C:\Users\Sherry\Desktop\outdoor track finallllll.psd
[2012/04/18 05:14:44 | 000,610,440 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/04/16 15:42:56 | 000,001,352 | ---- | M] () -- C:\Users\Sherry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
[2012/04/13 16:53:56 | 367,303,368 | ---- | M] () -- C:\Users\Sherry\Desktop\Doctor_Who_2005.6x04.The_Doctors_Wife.HDTV_XviD-FoV.[VTV].avi
[2012/04/09 12:53:32 | 730,527,744 | ---- | M] () -- C:\Users\Sherry\Desktop\School Of Rock.avi
[2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2012/04/21 06:29:23 | 000,003,408 | ---- | C] () -- C:\bootsqm.dat
[2012/04/20 21:55:08 | 150,018,570 | ---- | C] () -- C:\Users\Sherry\Desktop\Community.S03E16.HDTV.x264-LOL.mp4
[2012/04/20 16:59:30 | 000,112,595 | ---- | C] () -- C:\Users\Sherry\Desktop\IMG_5875.JPG
[2012/04/20 15:15:46 | 000,580,047 | ---- | C] () -- C:\Users\Sherry\Desktop\IMG_9783.JPG
[2012/04/20 15:05:31 | 000,485,844 | ---- | C] () -- C:\Users\Sherry\Desktop\IMG_9772.JPG
[2012/04/18 22:36:09 | 076,752,408 | ---- | C] () -- C:\Users\Sherry\Desktop\outdoor track finallllll.psd
[2012/04/16 15:47:32 | 000,002,056 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help Center.lnk
[2012/04/16 15:42:56 | 000,001,352 | ---- | C] () -- C:\Users\Sherry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
[2012/04/16 15:42:30 | 000,002,038 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge.lnk
[2012/04/16 15:42:01 | 000,002,012 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS2.lnk
[2012/04/16 15:42:01 | 000,002,009 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ImageReady CS2.lnk
[2012/04/13 16:34:54 | 367,303,368 | ---- | C] () -- C:\Users\Sherry\Desktop\Doctor_Who_2005.6x04.The_Doctors_Wife.HDTV_XviD-FoV.[VTV].avi
[2012/04/08 16:13:28 | 730,527,744 | ---- | C] () -- C:\Users\Sherry\Desktop\School Of Rock.avi
[2012/04/01 06:38:14 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/03/23 19:55:39 | 000,001,805 | ---- | C] () -- C:\Users\Sherry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
[2012/01/22 20:44:32 | 000,000,439 | ---- | C] () -- C:\Windows\ULEAD32.INI
[2011/11/27 07:24:08 | 000,773,482 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/11/22 08:22:01 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/11/22 08:22:01 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/11/22 08:22:01 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/11/22 08:22:01 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/11/22 08:22:01 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/10/02 07:25:01 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/10/02 07:24:56 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/08/01 09:42:31 | 001,627,136 | ---- | C] () -- C:\Windows\SysWow64\fftw3.dll
[2011/08/01 09:42:31 | 001,527,650 | ---- | C] () -- C:\Windows\SysWow64\libfftw3f-3.dll
[2011/08/01 09:42:31 | 000,140,288 | ---- | C] () -- C:\Windows\SysWow64\avsfilter.dll
[2011/08/01 09:42:31 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\avisynth_c.dll
[2011/08/01 09:42:31 | 000,004,608 | ---- | C] () -- C:\Windows\SysWow64\AvsRecursion.dll
[2011/08/01 07:30:15 | 000,129,024 | ---- | C] () -- C:\Windows\SysWow64\AVERM.dll
[2011/08/01 07:30:15 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\AVEQT.dll
[2011/07/26 08:47:40 | 000,372,736 | ---- | C] () -- C:\Windows\SysWow64\RSLSP.dll
[2011/07/18 20:28:59 | 000,158,720 | ---- | C] () -- C:\Windows\SysWow64\WS_VideoConverterContextMenu.dll
[2011/07/17 15:55:05 | 003,835,624 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe
[2011/07/04 14:56:41 | 000,000,083 | ---- | C] () -- C:\Windows\SysWow64\winitn.dll
[2011/07/04 14:56:33 | 000,000,001 | ---- | C] () -- C:\Windows\sslzdlt.dll
[2011/07/04 14:56:32 | 000,484,352 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2011/03/06 11:19:00 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011/02/27 13:23:21 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/01/17 08:54:31 | 000,000,600 | ---- | C] () -- C:\Users\Sherry\AppData\Roaming\winscp.rnd
[2010/11/14 11:05:58 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2010/11/14 07:28:19 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI
[2010/11/03 19:56:40 | 000,059,392 | ---- | C] () -- C:\Users\Sherry\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/02 18:25:56 | 000,000,186 | ---- | C] () -- C:\Program Files (x86)\InstallRecord.blob
[2010/10/03 06:52:04 | 000,284,396 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010/08/07 08:51:27 | 000,000,036 | ---- | C] () -- C:\Users\Sherry\AppData\Local\housecall.guid.cache
[2010/05/28 21:41:45 | 000,001,035 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/05/28 21:41:00 | 000,001,665 | ---- | C] () -- C:\Windows\WPatchProgress.ini
[2010/05/28 21:11:55 | 000,000,033 | ---- | C] () -- C:\Windows\LaunApp.ini
[2010/05/28 20:52:04 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

========== LOP Check ==========

[2011/06/22 15:53:59 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\.minecraft
[2010/07/15 16:29:00 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\acccore
[2010/10/26 14:55:01 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\AnvSoft
[2011/04/09 05:53:55 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\Audacity
[2010/12/23 00:10:39 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\Bioshock
[2010/08/07 20:58:13 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\BitDefender
[2012/02/26 10:39:58 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\DAEMON Tools Lite
[2011/07/24 11:41:09 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\dBpoweramp
[2011/08/18 18:43:12 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\DVDVideoSoft
[2011/08/01 10:15:43 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/11/11 08:39:32 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\FlashGet
[2010/12/31 09:30:36 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\fltk.org
[2011/07/30 07:41:29 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\FreeAudioPack
[2011/08/31 10:18:36 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\FrostWire
[2011/08/01 07:19:29 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\GetRightToGo
[2012/01/22 20:35:54 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\gtk-2.0
[2011/07/19 09:12:56 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\HandBrake
[2011/06/20 11:41:06 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\IrfanView
[2010/11/20 14:20:09 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\Leadertech
[2010/10/03 12:27:13 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\LEGO Company
[2010/10/03 12:20:56 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\ManyCam
[2011/12/24 12:22:13 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\MoreTerra
[2011/08/27 00:11:14 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\ooVoo Details
[2012/02/14 16:03:53 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\Origin
[2010/12/25 23:49:00 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\PC Suite
[2010/10/03 06:51:51 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\prankhouse
[2011/01/31 06:25:36 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\QuickScan
[2012/04/17 18:07:49 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\redsn0w
[2011/08/20 05:32:14 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\RoboForm
[2010/10/22 19:34:36 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\runic games
[2010/12/25 23:48:59 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\Samsung
[2010/10/03 12:32:21 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\SanDisk
[2011/10/11 23:00:10 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\SnapTeam
[2010/07/15 14:42:40 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\Spearit
[2012/04/02 18:21:22 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\Spotify
[2011/12/25 07:35:18 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\SystemRequirementsLab
[2011/06/29 15:31:27 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\Systweak
[2011/01/08 18:14:09 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\TeamViewer
[2011/08/24 13:50:46 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\Temp
[2011/01/29 12:04:17 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\tidysongs15.27F6A35B76E5883BF9E6FEE514586561E60595CA.1
[2011/01/29 11:46:30 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\tidysongs16
[2011/06/30 23:01:51 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\TomTom
[2011/10/29 17:25:39 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\TS3Client
[2011/06/25 11:47:18 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\Tunngle
[2012/04/20 22:24:09 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\uTorrent
[2010/12/29 11:57:08 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\VMK Pal
[2011/01/16 22:25:43 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\WinAVI
[2010/11/03 21:01:29 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\WindSolutions
[2011/08/19 18:57:51 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\Wondershare
[2012/02/12 13:15:25 | 000,000,000 | ---D | M] -- C:\Users\Sherry\AppData\Roaming\Xilisoft
[2011/10/22 10:59:03 | 000,032,646 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

Here's the VirSCAN report:

VirSCAN.org Scanned Report :
Scanned time : 2012/04/21 07:42:40 (EDT)
Scanner results: Scanners did not find malware!
File Name : sslzdlt.dll
File Size : 1 byte
File Type : very short file (no magic)
MD5 : 7215ee9c7d9dc229d2921a40e899ec5f
SHA1 : b858cb282617fb0956d960215c8e84d1ccf909c6
Online report : http://r.virscan.org...2fea993c2fb0fcc

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.1.0.4 20120420211944 2012-04-20 0.31 -
AhnLab V3 2012.03.26.00 2012.03.26 2012-03-26 1.86 -
AntiVir 8.2.10.24 7.11.25.222 2012-03-22 0.24 -
Antiy 2.0.18 2.0.18. 0002-18-00 0.27 -
Arcavir 2011 201204161059 2012-04-16 4.32 -
Authentium 5.1.1 201204202221 2012-04-20 1.60 -
AVAST! 4.7.4 120421-0 2012-04-21 0.17 -
AVG 12.0.1782 2409/4950 2012-04-21 0.25 -
BitDefender 7.90123.7082582 7.41991 2012-04-21 3.72 -
ClamAV 0.97.3 14826 2012-04-21 0.26 -
Comodo 5.1 12112 2012-04-20 2.58 -
CP Secure 1.3.0.5 2012.04.21 2012-04-21 0.17 -
Dr.Web 7.0.1.2210 2012.04.12 2012-04-12 17.52 -
F-Prot 4.6.2.117 20120420 2012-04-20 1.08 -
F-Secure 7.02.73807 2012.02.07.03 2012-02-07 1.06 -
Fortinet 4.3.392 15.447 2012-04-20 0.14 -
GData 22.4700 20120421 2012-04-21 6.04 -
ViRobot 20120421 2012.04.21 2012-04-21 0.46 -
Ikarus T3.1.32.20.0 2012.04.21.80998 2012-04-21 5.12 -
JiangMin 13.0.900 2012.04.21 2012-04-21 2.39 -
Kaspersky 5.5.10 2012.04.21 2012-04-21 0.21 -
KingSoft 2009.2.5.15 2012.4.21.9 2012-04-21 1.19 -
McAfee 5400.1158 6687 2012-04-20 9.65 -
Microsoft 1.8304 2012.04.21 2012-04-21 5.30 -
NOD32 3.0.21 7063 2012-04-17 1.17 -
Panda 9.05.01 2012.04.20 2012-04-20 2.59 -
Trend Micro 9.500-1005 8.926.08 2012-04-20 0.53 -
Quick Heal 11.00 2012.04.20 2012-04-20 1.08 -
Rising 20.0 24.06.04.01 2012-04-20 0.65 -
Sophos 3.30.0 4.76 2012-04-21 5.41 -
Sunbelt 3.9.2533.2 11819 2012-04-20 2.69 -
Symantec 1.3.0.24 20120420.002 2012-04-20 0.73 -
nProtect 20120421.01 11156415 2012-04-21 1.61 -
The Hacker 6.7.0.1 v00449 2012-04-20 0.68 -
VBA32 3.12.16.4 20120420.1105 2012-04-20 6.51 -
VirusBuster 5.5.0.2 14.2.38.0/8419205 2012-04-21 0.23 -

Here's the Avira log:



Avira Professional Security
Report file date: Saturday, April 21, 2012 07:49

Scanning for 3668575 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Municipalidad de Orotina
Serial number : 2204604615-ADJIM-0004
Platform : Windows 7 x64
Windows version : (Service Pack 1) [6.1.7601]
Boot mode : Normally booted
Username : Sherry
Computer name : SHERRY-PC

Version information:
BUILD.DAT : 12.0.0.1236 46760 Bytes 1/31/2012 14:06:00
AVSCAN.EXE : 12.1.0.20 492496 Bytes 3/12/2012 02:56:39
AVSCAN.DLL : 12.1.0.18 54224 Bytes 3/12/2012 02:56:38
LUKE.DLL : 12.1.0.19 68304 Bytes 3/12/2012 02:57:37
AVSCPLR.DLL : 12.1.0.22 100048 Bytes 2/15/2012 11:20:46
AVREG.DLL : 12.1.0.36 229128 Bytes 4/11/2012 19:30:41
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 01:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 16:07:39
VBASE002.VDF : 7.11.19.170 14374912 Bytes 12/20/2011 11:20:30
VBASE003.VDF : 7.11.21.238 4472832 Bytes 2/1/2012 11:22:03
VBASE004.VDF : 7.11.26.44 4329472 Bytes 3/28/2012 23:09:06
VBASE005.VDF : 7.11.26.45 2048 Bytes 3/28/2012 23:09:06
VBASE006.VDF : 7.11.26.46 2048 Bytes 3/28/2012 23:09:07
VBASE007.VDF : 7.11.26.47 2048 Bytes 3/28/2012 23:09:07
VBASE008.VDF : 7.11.26.48 2048 Bytes 3/28/2012 23:09:08
VBASE009.VDF : 7.11.26.49 2048 Bytes 3/28/2012 23:09:08
VBASE010.VDF : 7.11.26.50 2048 Bytes 3/28/2012 23:09:08
VBASE011.VDF : 7.11.26.51 2048 Bytes 3/28/2012 23:09:08
VBASE012.VDF : 7.11.26.52 2048 Bytes 3/28/2012 23:09:09
VBASE013.VDF : 7.11.26.53 2048 Bytes 3/28/2012 23:09:09
VBASE014.VDF : 7.11.26.107 221696 Bytes 3/30/2012 09:38:38
VBASE015.VDF : 7.11.26.179 224768 Bytes 4/2/2012 12:40:23
VBASE016.VDF : 7.11.26.241 142336 Bytes 4/4/2012 00:08:19
VBASE017.VDF : 7.11.27.41 247808 Bytes 4/8/2012 15:29:28
VBASE018.VDF : 7.11.27.107 161280 Bytes 4/12/2012 10:25:02
VBASE019.VDF : 7.11.27.159 148992 Bytes 4/13/2012 18:25:44
VBASE020.VDF : 7.11.27.201 207360 Bytes 4/17/2012 11:38:59
VBASE021.VDF : 7.11.28.3 237568 Bytes 4/19/2012 09:06:42
VBASE022.VDF : 7.11.28.49 193536 Bytes 4/20/2012 18:54:13
VBASE023.VDF : 7.11.28.50 2048 Bytes 4/20/2012 18:54:13
VBASE024.VDF : 7.11.28.51 2048 Bytes 4/20/2012 18:54:13
VBASE025.VDF : 7.11.28.52 2048 Bytes 4/20/2012 18:54:14
VBASE026.VDF : 7.11.28.53 2048 Bytes 4/20/2012 18:54:14
VBASE027.VDF : 7.11.28.54 2048 Bytes 4/20/2012 18:54:14
VBASE028.VDF : 7.11.28.55 2048 Bytes 4/20/2012 18:54:14
VBASE029.VDF : 7.11.28.56 2048 Bytes 4/20/2012 18:54:14
VBASE030.VDF : 7.11.28.57 2048 Bytes 4/20/2012 18:54:14
VBASE031.VDF : 7.11.28.70 6656 Bytes 4/20/2012 19:54:09
Engineversion : 8.2.10.52
AEVDF.DLL : 8.1.2.2 106868 Bytes 2/7/2012 11:23:28
AESCRIPT.DLL : 8.1.4.17 446842 Bytes 4/19/2012 20:38:47
AESCN.DLL : 8.1.8.2 131444 Bytes 2/7/2012 11:23:17
AESBX.DLL : 8.2.5.5 606579 Bytes 3/12/2012 11:05:45
AERDL.DLL : 8.1.9.15 639348 Bytes 9/9/2011 04:16:06
AEPACK.DLL : 8.2.16.9 807287 Bytes 3/30/2012 14:46:29
AEOFFICE.DLL : 8.1.2.27 201082 Bytes 4/11/2012 19:30:38
AEHEUR.DLL : 8.1.4.19 4673910 Bytes 4/19/2012 20:38:46
AEHELP.DLL : 8.1.19.1 254327 Bytes 4/2/2012 13:40:22
AEGEN.DLL : 8.1.5.27 422261 Bytes 4/19/2012 20:38:40
AEEXP.DLL : 8.1.0.29 82293 Bytes 4/12/2012 20:23:31
AEEMU.DLL : 8.1.3.0 393589 Bytes 9/2/2011 04:46:01
AECORE.DLL : 8.1.25.6 201078 Bytes 3/15/2012 22:06:58
AEBB.DLL : 8.1.1.0 53618 Bytes 9/2/2011 04:46:01
AVWINLL.DLL : 12.1.0.17 27344 Bytes 3/12/2012 02:54:48
AVPREF.DLL : 12.1.0.17 51920 Bytes 3/12/2012 02:56:38
AVREP.DLL : 12.1.0.17 179408 Bytes 3/12/2012 02:58:32
AVARKT.DLL : 12.1.0.23 209360 Bytes 3/12/2012 02:55:54
AVEVTLOG.DLL : 12.1.0.17 169168 Bytes 3/12/2012 02:56:03
SQLITE3.DLL : 3.7.0.0 398288 Bytes 3/12/2012 02:58:03
AVSMTP.DLL : 12.1.0.17 62928 Bytes 3/12/2012 02:56:43
NETNT.DLL : 12.1.0.17 17104 Bytes 3/12/2012 02:57:45
RCIMAGE.DLL : 12.1.0.17 4715728 Bytes 3/12/2012 02:54:51
RCTEXT.DLL : 12.1.0.16 96208 Bytes 3/12/2012 02:54:52

Configuration settings for the scan:
Jobname.............................: Local Hard Disks
Configuration file..................: C:\program files (x86)\avira\antivir desktop\alldiscs.avp
Logging.............................: default
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: Intelligent file selection
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: extended

Start of the scan: Saturday, April 21, 2012 07:49

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'chrome.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'chrome.exe' - '1' Module(s) have been scanned
Scan process 'chrome.exe' - '1' Module(s) have been scanned
Scan process 'chrome.exe' - '1' Module(s) have been scanned
Scan process 'UNS.exe' - '1' Module(s) have been scanned
Scan process 'mbamservice.exe' - '1' Module(s) have been scanned
Scan process 'chrome.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'chrome.exe' - '1' Module(s) have been scanned
Scan process 'chrome.exe' - '1' Module(s) have been scanned
Scan process 'chrome.exe' - '1' Module(s) have been scanned
Scan process 'chrome.exe' - '1' Module(s) have been scanned
Scan process 'LMworker.exe' - '1' Module(s) have been scanned
Scan process 'AVWEBGRD.EXE' - '1' Module(s) have been scanned
Scan process 'avmailc.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'YouCamService.exe' - '1' Module(s) have been scanned
Scan process 'DivXUpdate.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'mbamgui.exe' - '1' Module(s) have been scanned
Scan process 'LManager.exe' - '1' Module(s) have been scanned
Scan process 'IAStorIcon.exe' - '1' Module(s) have been scanned
Scan process 'IAStorDataMgrSvc.exe' - '1' Module(s) have been scanned
Scan process 'UpdaterService.exe' - '1' Module(s) have been scanned
Scan process 'TeamViewer_Service.exe' - '1' Module(s) have been scanned
Scan process 'mdm.exe' - '1' Module(s) have been scanned
Scan process 'LMS.exe' - '1' Module(s) have been scanned
Scan process 'EKAiOHostService.exe' - '1' Module(s) have been scanned
Scan process 'dsiwmis.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'armsvc.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned

Starting to scan executable files (registry).
The registry was scanned ( '1314' files ).


Starting the file scan:

Begin scan in 'C:\' <Gateway>
C:\Program Files (x86)\Steam\steamapps\common\terraria\dotNetFx40_Full_x86_x64.exe
[WARNING] The file could not be read!


End of the scan: Saturday, April 21, 2012 10:50
Used time: 3:01:18 Hour(s)

The scan has been done completely.

45516 Scanned directories
973353 Files were scanned
0 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 Files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
973353 Files not concerned
4510 Archives were scanned
1 Warnings
0 Notes

Last but not least, here's the malwarebytes log:

Malwarebytes Anti-Malware (PRO) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.21.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Sherry :: SHERRY-PC [administrator]

Protection: Enabled

4/21/2012 10:51:54 AM
mbam-log-2012-04-21 (10-51-54).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 209353
Time elapsed: 7 minute(s), 48 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#11
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hello
Your logs look good.

1. Open the Start Menu.

2. Click on All Programs and Accessories, then right click on Command Prompt and click on Run as administrator. (See screenshot below)
Posted Image

3. In the elevated command prompt, type sfc /scannow and press Enter. (see screenshot below)
NOTE: This may take a little bit to finish.
Posted Image

4. When the scan is complete, copy the line below and paste it at the command prompt. Then press Enter

findstr /c:"[SR]" %windir%\Logs\CBS\CBS.log >%userprofile%\Desktop\sfcdetails.txt


5. The file sfcdetails.txt will now be on your desktop. Please open it , Edit | select all | copy and paste it in your next reply.


Next:



Click Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sigverif

Press Start in the new window. This will check your drivers. If you just get a few when it finishes tell me what they are. If you get a lot just look for those with newish dates (since about the time the problem started.)


Next:

1. Open the Start Menu.

2. Click on All Programs and Accessories, then right click on Command Prompt and click on Run as administrator. (See screenshot below)
Posted Image

3. In the elevated command prompt, type:

chkdsk C: /f /r


and press Enter.

4. It will says that Chkdsk cannot run because the volume is in use by another process. Would you like to schedule this volume to be checked the next time the system restarts? (Y/N)
Type y and press enter

5.Restart and don't touch any keys. A black screen will show and your disks will be checked.

6.When finished, read here on how to find the log of chkdsk and post it here


Next:

How is your computer running? Are there any more problems?
  • 0

#12
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hey Sherry
Are you still here??
  • 0

#13
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP