Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Keyboard, Wi-Fi Adaptor, and Video/Music Failing [Closed]

Started by thepsilocybevibe , Mar 30 2012 08:06 PM

This topic is locked

#1
thepsilocybevibe

Posted 30 March 2012 - 08:06 PM

Member

Member
22 posts

Hello!

I hadn't used my computer in maybe 3 months. Before that, my computer was completely fine. I started using my computer again a few weeks ago. But when I use it now, strange things happen. If I want to watch a movie file on WMP 11, it will repeatedly pause and play again. It will do this over and over. If I open a folder with movie or music files, WMP will start itself if I single click any of the files. I dont have my computer set to open anything with a single click. Once the music or movie file is opened on it's own, WMP (or any other player I try to use, like WinAmp or VLC Player) will do the pause/play thing.

The other problem is single buttons on my keyboard will go "dead" if I'm typing up a message or in the middle of a computer game. The button that goes dead is completely random. Sometimes, a button will act as if it's being pressed and held. The only way i've been able to correct this is to unplug and replug the keyboard's USB connection. Just typing this message, my keyboard had to be replugged 4 times.

I tried to run Malware Bytes out of habit but it found nothing on it's own. I tried to update drivers for both my graphics card and keyboard. I also tried to use the system restore function but it wont allow me to restore to the date I last used the computer months ago. Please help. I tried to post this problem last week but got no response. Hopefully someone can help me this time around. I appreciate your time. Thank you.

OTL Log:

OTL logfile created on: 3/30/2012 8:46:44 PM - Run 6
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Lawrence\Desktop\Computer Maintenance
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.91 Gb Available Physical Memory | 45.41% Memory free
4.23 Gb Paging File | 2.83 Gb Available in Paging File | 66.89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97.66 Gb Total Space | 24.55 Gb Free Space | 25.14% Space Free | Partition Type: NTFS
Drive D: | 51.39 Gb Total Space | 15.31 Gb Free Space | 29.79% Space Free | Partition Type: NTFS
Drive G: | 5.86 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: LAWRENCE-PC | User Name: Lawrence | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/25 18:33:30 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/03/24 10:43:34 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Lawrence\Desktop\Computer Maintenance\OTL(1).exe
PRC - [2012/03/23 15:00:26 | 000,489,256 | ---- | M] (Valve Corporation) -- C:\Program Files\Common Files\Steam\SteamService.exe
PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/01/13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/09/24 21:56:11 | 000,273,528 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/08/19 04:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/08/16 12:47:04 | 001,804,648 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Photosmart 5510d series\Bin\ScanToPCActivationApp.exe
PRC - [2011/08/16 12:35:08 | 000,643,944 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Photosmart 5510d series\Bin\HPNetworkCommunicator.exe
PRC - [2011/08/07 00:45:16 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\steam.exe
PRC - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/06/15 17:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/06/06 15:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/04/27 17:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/04/13 11:46:28 | 000,110,592 | ---- | M] () -- C:\Program Files\Razer\Razer Lycosa\razertra.exe
PRC - [2011/03/21 21:01:46 | 000,233,984 | ---- | M] (Razer USA Ltd.) -- C:\Program Files\Razer\Razer Lycosa\razerhid.exe
PRC - [2011/02/14 08:55:16 | 000,043,520 | R--- | M] () -- C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
PRC - [2011/01/20 04:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2009/06/04 02:55:16 | 000,025,600 | ---- | M] (Creative Technology Ltd) -- C:\Windows\System32\Ctxfihlp.exe
PRC - [2009/06/04 02:49:56 | 001,213,440 | ---- | M] (Creative Technology Ltd) -- C:\Windows\System32\CTxfispi.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/02/23 13:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2005/03/09 22:50:18 | 000,018,944 | ---- | M] (http://libusb-win32.sourceforge.net) -- C:\Windows\System32\libusbd-nt.exe

========== Modules (No Company Name) ==========

MOD - [2012/03/25 18:33:29 | 001,969,080 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/03/25 14:08:19 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\9a22784f4af63232128cbaa639e1852b\WindowsFormsIntegration.ni.dll
MOD - [2012/03/25 02:00:05 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\2598077ccea480c6120d3a1ad4455be0\System.Web.ni.dll
MOD - [2012/03/25 01:59:58 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5c3bfd69e0c268baff0d169e11a6a784\System.Runtime.Remoting.ni.dll
MOD - [2012/03/25 01:59:44 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7fd6c62196829d1e2dce5a253145d51a\System.Configuration.ni.dll
MOD - [2012/03/23 17:36:09 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d9f0f1dc8cbdb81f1ba122d77a6ab710\System.Xml.ni.dll
MOD - [2012/03/23 17:35:43 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\65450889f3742aada2a6c0cf8e6173e3\System.Windows.Forms.ni.dll
MOD - [2012/03/23 17:35:33 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\137696d0416b65dbc1561152971488b4\System.Drawing.ni.dll
MOD - [2012/03/23 17:35:06 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\bc01d91f95947c7f25f3ae4e16db2cb5\System.Core.ni.dll
MOD - [2012/03/23 17:34:58 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d48e106e015d0f8cb2d5295015cee508\PresentationFramework.Aero.ni.dll
MOD - [2012/03/23 17:34:57 | 014,328,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\56df3488472318c59d0a08ed10a065d3\PresentationFramework.ni.dll
MOD - [2012/03/23 17:34:38 | 012,216,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\3951e0a359c004cd6ba268ff78ac62aa\PresentationCore.ni.dll
MOD - [2012/03/23 17:34:14 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1e258a951222c818540b33880ca45f2e\WindowsBase.ni.dll
MOD - [2012/03/23 17:34:09 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll
MOD - [2012/03/23 15:00:26 | 020,297,512 | ---- | M] () -- C:\Program Files\Steam\bin\libcef.dll
MOD - [2012/03/23 15:00:26 | 001,099,576 | ---- | M] () -- C:\Program Files\Steam\bin\avcodec-53.dll
MOD - [2012/03/23 15:00:26 | 000,907,048 | ---- | M] () -- C:\Program Files\Steam\bin\chromehtml.dll
MOD - [2012/03/23 15:00:26 | 000,190,776 | ---- | M] () -- C:\Program Files\Steam\bin\avformat-53.dll
MOD - [2012/03/23 15:00:26 | 000,123,192 | ---- | M] () -- C:\Program Files\Steam\bin\avutil-51.dll
MOD - [2012/03/09 01:36:36 | 000,369,152 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2012/03/08 22:56:10 | 000,037,376 | ---- | M] () -- C:\Windows\System32\atitmpxx.dll
MOD - [2011/10/13 05:35:58 | 000,060,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\5aab9bc687029a908fc01473f8e5f77b\UIAutomationProvider.ni.dll
MOD - [2011/10/13 05:30:23 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2011/07/28 18:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/04/13 11:46:28 | 000,110,592 | ---- | M] () -- C:\Program Files\Razer\Razer Lycosa\razertra.exe
MOD - [2011/02/14 08:55:16 | 000,043,520 | R--- | M] () -- C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
MOD - [2009/06/04 02:55:20 | 000,002,560 | ---- | M] () -- C:\Windows\CTXFIRES.DLL
MOD - [2009/03/26 17:46:42 | 000,148,480 | ---- | M] () -- C:\Windows\System32\APOMngr.DLL

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Windows\system32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - File not found [Auto | Stopped] -- C:\Windows\system32\HPZinw12.dll -- (Net Driver HPZ12)
SRV - [2012/03/23 15:00:26 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/03/09 00:10:06 | 000,163,328 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/19 04:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/06/06 15:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/27 17:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 17:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/08/04 16:15:41 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2009/02/23 13:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2005/03/09 22:50:18 | 000,018,944 | ---- | M] (http://libusb-win32.sourceforge.net) [Auto | Running] -- C:\Windows\System32\libusbd-nt.exe -- (libusbd)

========== Driver Services (SafeList) ==========

DRV - File not found [File_System | On_Demand | Stopped] -- -- (StarOpen)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DF58D6EA-99F3-44A2-8D06-028B0CBB33D4}\MpKslfa35f3a3.sys -- (MpKslfa35f3a3)
DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0AD62393-EAB9-424F-AFBE-A8AED26DC084}\MpKsld56b956e.sys -- (MpKsld56b956e)
DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4BCFA92D-382C-46D5-A090-C1FB32A8E80A}\MpKsl95dbb41b.sys -- (MpKsl95dbb41b)
DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{331F5D0B-A6DA-48B7-9C32-7E699FCF1966}\MpKsl7f412780.sys -- (MpKsl7f412780)
DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7BCE402F-A49B-42CF-A6EB-769E04001055}\MpKsl595c46e3.sys -- (MpKsl595c46e3)
DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0AD62393-EAB9-424F-AFBE-A8AED26DC084}\MpKsl5769a9c3.sys -- (MpKsl5769a9c3)
DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4EA8DEC6-622F-42AB-9672-974BFF1F2E47}\MpKsl57328be5.sys -- (MpKsl57328be5)
DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1617A2C6-0D0E-4607-B822-2A8131F4D342}\MpKsl3683ef38.sys -- (MpKsl3683ef38)
DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B43332E0-F92A-44A4-8EF4-FF249362D944}\MpKsl28698052.sys -- (MpKsl28698052)
DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DF58D6EA-99F3-44A2-8D06-028B0CBB33D4}\MpKsl21691c7e.sys -- (MpKsl21691c7e)
DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4EA8DEC6-622F-42AB-9672-974BFF1F2E47}\MpKsl112567fd.sys -- (MpKsl112567fd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012/03/23 19:25:27 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012/03/09 01:26:40 | 009,183,232 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2012/03/08 22:57:34 | 000,265,216 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/12/05 14:46:56 | 000,083,472 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdLH3.sys -- (AtiHDAudioService)
DRV - [2011/08/19 04:26:50 | 004,334,624 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam Pro 9000(UVC)
DRV - [2011/08/19 04:26:46 | 000,315,808 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2011/05/27 17:22:17 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011/04/27 17:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 15:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/12/15 02:28:10 | 000,129,024 | ---- | M] (HTC Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\htcusbnet.sys -- (htcusbnet)
DRV - [2010/10/01 00:16:40 | 000,010,240 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VKbms.sys -- (VKbms)
DRV - [2010/09/25 12:55:46 | 000,006,656 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hidkmdf.sys -- (hidkmdf)
DRV - [2010/09/08 10:39:30 | 000,023,680 | ---- | M] (Razer USA Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Lycosa.sys -- (LycoFltr)
DRV - [2010/05/06 04:21:36 | 000,105,488 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2010/03/22 05:04:40 | 000,262,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2010/01/06 13:54:52 | 001,387,008 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athur.sys -- (athur)
DRV - [2009/06/04 04:48:12 | 001,177,624 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ha20x2k.sys -- (ha20x2k)
DRV - [2009/06/04 04:48:00 | 000,095,768 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\emupia2k.sys -- (emupia)
DRV - [2009/06/04 04:47:50 | 000,158,744 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2009/06/04 04:47:42 | 000,014,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2009/06/04 04:47:34 | 000,130,072 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2009/06/04 04:47:24 | 000,347,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2009/06/04 04:47:14 | 000,526,232 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2009/06/04 04:47:06 | 000,511,000 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2009/06/04 04:46:56 | 001,324,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS)
DRV - [2009/06/04 04:46:56 | 001,324,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV - [2009/06/04 04:46:42 | 000,072,728 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CTHWIUT.sys -- (CTHWIUT.SYS)
DRV - [2009/06/04 04:46:42 | 000,072,728 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV - [2009/06/04 04:46:34 | 000,171,032 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CT20XUT.sys -- (CT20XUT.SYS)
DRV - [2009/06/04 04:46:34 | 000,171,032 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CT20XUT.sys -- (CT20XUT)
DRV - [2008/12/26 14:56:04 | 000,017,792 | ---- | M] (Avnex) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vcsvad.sys -- (VCSVADHWSer) Avnex Virtual Audio Device (WDM)
DRV - [2005/03/09 22:50:16 | 000,033,792 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?l=dis&o=15007
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...B-565CB274CF60
IE - HKCU\..\SearchScopes\{E5F5D888-2587-E012-A817-7038F5690F26}: "URL" = http://bing.zugo.com...fg=2-76-0-1NNQB
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local;*.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.666: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.666: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.666: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.666: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.666: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/08/11 00:48:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/09/24 21:56:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/25 18:33:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/18 11:25:45 | 000,000,000 | ---D | M]

[2010/09/25 15:12:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lawrence\AppData\Roaming\mozilla\Extensions
[2010/09/25 15:12:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lawrence\AppData\Roaming\mozilla\Extensions\[email protected]
[2011/10/13 01:56:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lawrence\AppData\Roaming\mozilla\Firefox\Profiles\oehiqy60.default\extensions
[2011/04/13 19:05:44 | 000,000,000 | ---D | M] (BlockSite) -- C:\Users\Lawrence\AppData\Roaming\mozilla\Firefox\Profiles\oehiqy60.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}
[2012/03/25 18:33:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/08/11 00:48:15 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012/03/25 18:33:30 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/03/23 19:33:52 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/03/25 18:33:27 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/03/25 18:33:27 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/12/17 21:30:59 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\System32\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Lycosa] C:\Program Files\Razer\Razer Lycosa\razerhid.exe (Razer USA Ltd.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VMM Mode Selection] C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe ()
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [HP Photosmart 5510d series (NET)] C:\Program Files\HP\HP Photosmart 5510d series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0F6041C9-3351-4555-9CCF-DC7C019BB2E6}: DhcpNameServer = 69.78.96.14 66.174.95.44
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AEE6CDB5-71B4-4D45-A708-1332C0E8B3AD}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DE015573-9767-4536-BF99-140064C06E43}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O22 - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - Deskscapes - C:\Program Files\Stardock\Object Desktop\DeskScapes3\deskscapes.dll (Stardock Corporation)
O22 - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - Stardock Vista ControlPanel Extension - C:\Program Files\Stardock\Object Desktop\DeskScapes\DesktopControlPanel.dll (Stardock)
O22 - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - StardockDreamController - C:\Program Files\Stardock\Object Desktop\DeskScapes\DreamControl.dll (Stardock)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img2.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img2.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011/01/10 01:04:54 | 000,000,085 | R--- | M] () - G:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/30 19:37:57 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012/03/30 19:37:23 | 000,000,000 | ---D | C] -- C:\Program Files\AMD APP
[2012/03/30 19:37:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2012/03/30 19:33:46 | 000,000,000 | ---D | C] -- C:\Windows\LastGood
[2012/03/30 19:31:22 | 000,000,000 | ---D | C] -- C:\AMD
[2012/03/28 07:01:44 | 000,000,000 | ---D | C] -- C:\Users\Lawrence\AppData\Roaming\Razer
[2012/03/27 23:44:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Razer
[2012/03/27 23:42:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
[2012/03/27 23:42:06 | 000,010,240 | ---- | C] (Windows ® Win 7 DDK provider) -- C:\Windows\System32\drivers\VKbms.sys
[2012/03/27 23:42:06 | 000,006,656 | ---- | C] (Windows ® Win 7 DDK provider) -- C:\Windows\System32\drivers\hidkmdf.sys
[2012/03/27 23:42:04 | 000,065,536 | ---- | C] (Razer Inc.) -- C:\Windows\System32\Lycosa.cpl
[2012/03/27 23:42:01 | 000,023,680 | ---- | C] (Razer USA Ltd.) -- C:\Windows\System32\drivers\Lycosa.sys
[2012/03/27 23:42:00 | 000,000,000 | ---D | C] -- C:\Program Files\Razer
[2012/03/27 20:14:04 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Photo Creations
[2012/03/27 20:14:04 | 000,000,000 | ---D | C] -- C:\Program Files\HP Photo Creations
[2012/03/27 20:13:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2012/03/27 17:43:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIM
[2012/03/27 17:42:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility
[2012/03/26 18:29:42 | 000,000,000 | ---D | C] -- C:\Users\Lawrence\vsxu
[2012/03/26 17:25:12 | 001,387,008 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\System32\drivers\athur.sys
[2012/03/23 21:54:32 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\MCE Logs
[2012/03/23 19:41:17 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/03/23 19:34:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/03/23 19:25:02 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/03/23 17:04:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012/03/23 17:04:12 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2012/03/09 01:24:14 | 000,048,128 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2012/03/09 00:10:54 | 000,405,504 | ---- | C] (AMD) -- C:\Windows\System32\atieclxx.exe
[2012/03/09 00:10:06 | 000,163,328 | ---- | C] (AMD) -- C:\Windows\System32\atiesrxx.exe
[2012/03/09 00:08:40 | 000,159,744 | ---- | C] (AMD) -- C:\Windows\System32\atitmmxx.dll
[2012/03/09 00:07:58 | 000,020,992 | ---- | C] (AMD) -- C:\Windows\System32\atimuixx.dll
[7 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/30 20:01:00 | 000,000,262 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Messager.job
[2012/03/30 19:51:30 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/30 19:51:30 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/30 19:38:22 | 000,642,508 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/03/30 19:38:22 | 000,119,660 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/03/30 13:51:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/30 13:51:23 | 2146,689,024 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/30 10:07:10 | 000,054,760 | ---- | M] () -- C:\Windows\System32\BMXStateBkp-{00000004-00000000-00000000-00001102-00000005-00311102}.rfx
[2012/03/30 10:07:10 | 000,054,760 | ---- | M] () -- C:\Windows\System32\BMXState-{00000004-00000000-00000000-00001102-00000005-00311102}.rfx
[2012/03/30 10:07:10 | 000,000,788 | ---- | M] () -- C:\Windows\System32\DVCState-{00000004-00000000-00000000-00001102-00000005-00311102}.rfx
[2012/03/29 16:43:08 | 000,002,859 | ---- | M] () -- C:\Users\Lawrence\.recently-used.xbel
[2012/03/29 06:42:13 | 244,553,913 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/03/27 23:44:13 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_VKbms_01009.Wdf
[2012/03/27 23:44:11 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2012/03/27 20:13:10 | 000,002,127 | ---- | M] () -- C:\Users\Public\Desktop\HP Photosmart 5510d series.lnk
[2012/03/27 20:10:41 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini
[2012/03/27 17:43:11 | 000,001,090 | -H-- | M] () -- C:\IPH.PH
[2012/03/27 17:43:06 | 000,001,720 | ---- | M] () -- C:\Users\Lawrence\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2012/03/27 17:43:06 | 000,001,696 | ---- | M] () -- C:\Users\Public\Desktop\AIM.lnk
[2012/03/23 21:58:18 | 000,011,776 | ---- | M] () -- C:\Users\Lawrence\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/23 19:25:27 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/03/23 17:33:20 | 000,263,552 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/03/09 01:26:20 | 000,054,784 | ---- | M] () -- C:\Windows\System32\OVDecode.dll
[2012/03/09 01:24:14 | 000,048,128 | ---- | M] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2012/03/09 00:17:50 | 000,235,184 | ---- | M] () -- C:\Windows\System32\atiapfxx.blb
[2012/03/09 00:10:54 | 000,405,504 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
[2012/03/09 00:10:06 | 000,163,328 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
[2012/03/09 00:08:40 | 000,159,744 | ---- | M] (AMD) -- C:\Windows\System32\atitmmxx.dll
[2012/03/09 00:07:58 | 000,020,992 | ---- | M] (AMD) -- C:\Windows\System32\atimuixx.dll
[2012/03/08 23:22:26 | 002,427,392 | ---- | M] () -- C:\Windows\System32\atiumdva.cap
[2012/03/08 22:56:10 | 000,037,376 | ---- | M] () -- C:\Windows\System32\atitmpxx.dll
[2012/03/08 22:47:16 | 000,051,200 | ---- | M] (AMD) -- C:\Windows\System32\coinst.dll
[7 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/29 16:43:08 | 000,002,859 | ---- | C] () -- C:\Users\Lawrence\.recently-used.xbel
[2012/03/27 23:44:13 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_VKbms_01009.Wdf
[2012/03/27 23:44:11 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2012/03/27 23:43:45 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf
[2012/03/27 20:14:07 | 000,000,262 | ---- | C] () -- C:\Windows\tasks\HP Photo Creations Messager.job
[2012/03/27 20:13:10 | 000,002,127 | ---- | C] () -- C:\Users\Public\Desktop\HP Photosmart 5510d series.lnk
[2012/03/27 20:10:41 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012/03/09 01:26:20 | 000,054,784 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2012/03/09 00:17:50 | 000,235,184 | ---- | C] () -- C:\Windows\System32\atiapfxx.blb
[2012/03/08 23:22:26 | 002,427,392 | ---- | C] () -- C:\Windows\System32\atiumdva.cap
[2012/01/10 16:10:08 | 000,601,728 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011/12/17 21:13:05 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/17 21:13:05 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/17 21:13:05 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/17 21:13:05 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/17 21:13:05 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/09/24 21:59:26 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/09/24 21:59:26 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/09/12 17:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011/08/19 04:26:20 | 010,898,456 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2011/08/19 04:26:20 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2011/08/19 04:26:20 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2011/08/12 15:20:14 | 000,015,896 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2011/07/26 01:48:54 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2011/06/18 16:08:21 | 000,040,960 | ---- | C] () -- C:\Windows\System32\ps3sixaxis_en.exe
[2011/06/18 16:05:46 | 000,033,792 | ---- | C] () -- C:\Windows\System32\drivers\libusb0.sys
[2011/04/18 13:26:07 | 000,012,858 | ---- | C] () -- C:\Windows\hpwscr14.dat
[2011/02/27 06:12:47 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011/02/27 00:49:42 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/02/27 00:49:42 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/02/25 04:42:09 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011/01/31 21:04:42 | 000,058,792 | ---- | C] () -- C:\Windows\System32\wbload.dll
[2010/09/11 15:20:33 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010/08/19 11:30:40 | 000,020,436 | ---- | C] () -- C:\Windows\MSUMLT_U.INI
[2010/08/19 11:30:39 | 000,045,056 | ---- | C] () -- C:\Windows\System32\MSHRES_U.DLL
[2010/08/12 05:44:21 | 000,011,776 | ---- | C] () -- C:\Users\Lawrence\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/04 17:06:50 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/08/04 16:15:04 | 000,148,480 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2010/08/04 16:15:04 | 000,073,728 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2010/08/04 15:38:57 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2010/08/04 14:59:26 | 000,000,680 | ---- | C] () -- C:\Users\Lawrence\AppData\Local\d3d9caps.dat
[2010/07/06 20:14:26 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll

========== LOP Check ==========

[2010/08/04 21:01:29 | 000,000,000 | ---D | M] -- C:\Users\Lawrence\AppData\Roaming\acccore
[2011/05/27 02:22:39 | 000,000,000 | ---D | M] -- C:\Users\Lawrence\AppData\Roaming\Avnex
[2010/09/03 19:34:25 | 000,000,000 | ---D | M] -- C:\Users\Lawrence\AppData\Roaming\Barnes & Noble
[2012/01/12 06:17:43 | 000,000,000 | ---D | M] -- C:\Users\Lawrence\AppData\Roaming\BitTorrent
[2010/09/06 17:13:54 | 000,000,000 | ---D | M] -- C:\Users\Lawrence\AppData\Roaming\Canneverbe Limited
[2011/05/15 20:58:35 | 000,000,000 | ---D | M] -- C:\Users\Lawrence\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/01/01 22:38:17 | 000,000,000 | ---D | M] -- C:\Users\Lawrence\AppData\Roaming\DAEMON Tools Lite
[2011/08/03 12:32:59 | 000,000,000 | ---D | M] -- C:\Users\Lawrence\AppData\Roaming\DAEMON Tools Pro
[2011/05/30 21:14:39 | 000,000,000 | ---D | M] -- C:\Users\Lawrence\AppData\Roaming\Firestorm
[2011/10/18 06:13:39 | 000,000,000 | ---D | M] -- C:\Users\Lawrence\AppData\Roaming\fltk.org
[2010/09/26 14:16:55 | 000,000,000 | ---D | M] -- C:\Users\Lawrence\AppData\Roaming\GetRightToGo
[2012/03/29 16:43:08 | 000,000,000 | ---D | M] -- C:\Users\Lawrence\AppData\Roaming\gtk-2.0
[2011/06/29 20:02:45 | 000,000,000 | ---D | M] -- C:\Users\Lawrence\AppData\Roaming\Imprudence
[2010/08/14 19:20:03 | 000,000,000 | ---D | M] -- C:\Users\Lawrence\AppData\Roaming\Individual Software
[2011/10/13 01:57:42 | 000,000,000 | ---D | M] -- C:\Users\Lawrence\AppData\Roaming\InWorldz
[2011/12/09 04:11:17 | 000,000,000 | ---D | M] -- C:\Users\Lawrence\AppData\Roaming\Leadertech
[2010/08/19 10:06:52 | 000,000,000 | -HSD | M] -- C:\Users\Lawrence\AppData\Roaming\lowsec
[2011/08/14 14:37:14 | 000,000,000 | ---D | M] -- C:\Users\Lawrence\AppData\Roaming\MH GED
[2011/12/17 21:06:14 | 000,000,000 | ---D | M] -- C:\Users\Lawrence\AppData\Roaming\Mieq
[2011/06/03 17:29:34 | 000,000,000 | ---D | M] -- C:\Users\Lawrence\AppData\Roaming\musicjacker
[2010/08/14 19:29:28 | 000,000,000 | ---D | M] -- C:\Users\Lawrence\AppData\Roaming\OpenOffice.org
[2010/08/13 13:23:33 | 000,000,000 | ---D | M] -- C:\Users\Lawrence\AppData\Roaming\Propellerhead Software
[2012/03/28 07:01:44 | 000,000,000 | ---D | M] -- C:\Users\Lawrence\AppData\Roaming\Razer
[2011/09/01 00:43:29 | 000,000,000 | ---D | M] -- C:\Users\Lawrence\AppData\Roaming\SecondLife
[2011/01/31 21:02:48 | 000,000,000 | ---D | M] -- C:\Users\Lawrence\AppData\Roaming\Stardock
[2011/07/11 20:57:05 | 000,000,000 | ---D | M] -- C:\Users\Lawrence\AppData\Roaming\uPlayer
[2010/08/15 05:06:12 | 000,000,000 | ---D | M] -- C:\Users\Lawrence\AppData\Roaming\VirtuaWin
[2011/12/17 21:27:04 | 000,000,000 | ---D | M] -- C:\Users\Lawrence\AppData\Roaming\Yzadog
[2012/03/30 10:06:52 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 2158 bytes -> C:\Windows\System32\drivers\afzdbcea.sys:changelist

< End of report >

#2
Essexboy

Posted 09 April 2012 - 07:27 AM

GeekU Moderator

Retired Staff
69,964 posts

Hi there and sorry for the delay, could you update me on the current problems please

Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Select All Users
Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
consrv.dll
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
C:\Windows\assembly\tmp\U\*.* /s
%Temp%\smtmp\1\*.*
%Temp%\smtmp\2\*.*
%Temp%\smtmp\3\*.*
%Temp%\smtmp\4\*.*
>C:\commands.txt echo list vol /raw /hide /c
/wait
>C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
/wait
type c:\diskreport.txt /c
/wait
erase c:\commands.txt /hide /c
/wait
erase c:\diskreport.txt /hide /c
CREATERESTOREPOINT
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Post both logs

THEN

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

#3
thepsilocybevibe

Posted 11 April 2012 - 09:18 PM

Member

Topic Starter
Member
22 posts

Hello! Thanks for your time!

I ran OTL as instructed but only got one log, OTL.Txt. I also ran aswMBR and saved the log. No real updates as far as the problems are concerned. Nothing has changed since my post. Here are the logs.

OTL:

OTL logfile created on: 4/11/2012 9:47:47 PM - Run 7
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Lawrence\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.03 Gb Available Physical Memory | 51.64% Memory free
4.23 Gb Paging File | 2.77 Gb Available in Paging File | 65.40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97.66 Gb Total Space | 25.88 Gb Free Space | 26.51% Space Free | Partition Type: NTFS
Drive D: | 51.39 Gb Total Space | 15.31 Gb Free Space | 29.79% Space Free | Partition Type: NTFS
Drive H: | 1.91 Gb Total Space | 1.55 Gb Free Space | 80.98% Space Free | Partition Type: NTFS

Computer Name: LAWRENCE-PC | User Name: Lawrence | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/11 21:45:43 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Lawrence\Desktop\OTL.exe
PRC - [2012/03/25 18:33:30 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/03/23 15:00:26 | 000,489,256 | ---- | M] (Valve Corporation) -- C:\Program Files\Common Files\Steam\SteamService.exe
PRC - [2012/03/09 00:10:54 | 000,405,504 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2012/03/09 00:10:06 | 000,163,328 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/01/13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/09/24 21:56:11 | 000,273,528 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/08/19 04:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/08/16 12:47:04 | 001,804,648 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Photosmart 5510d series\Bin\ScanToPCActivationApp.exe
PRC - [2011/08/16 12:35:08 | 000,643,944 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Photosmart 5510d series\Bin\HPNetworkCommunicator.exe
PRC - [2011/08/07 00:45:16 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\steam.exe
PRC - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/06/15 17:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/06/06 15:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/04/27 17:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/04/13 11:46:28 | 000,110,592 | ---- | M] () -- C:\Program Files\Razer\Razer Lycosa\razertra.exe
PRC - [2011/03/21 21:01:46 | 000,233,984 | ---- | M] (Razer USA Ltd.) -- C:\Program Files\Razer\Razer Lycosa\razerhid.exe
PRC - [2011/02/14 08:55:16 | 000,043,520 | R--- | M] () -- C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
PRC - [2011/01/20 04:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2009/06/04 02:55:16 | 000,025,600 | ---- | M] (Creative Technology Ltd) -- C:\Windows\System32\Ctxfihlp.exe
PRC - [2009/06/04 02:49:56 | 001,213,440 | ---- | M] (Creative Technology Ltd) -- C:\Windows\System32\CTxfispi.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/02/23 13:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2005/03/09 22:50:18 | 000,018,944 | ---- | M] (http://libusb-win32.sourceforge.net) -- C:\Windows\System32\libusbd-nt.exe

========== Modules (No Company Name) ==========

MOD - [2012/03/25 18:33:29 | 001,969,080 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/03/25 14:08:19 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\9a22784f4af63232128cbaa639e1852b\WindowsFormsIntegration.ni.dll
MOD - [2012/03/25 02:00:05 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\2598077ccea480c6120d3a1ad4455be0\System.Web.ni.dll
MOD - [2012/03/25 01:59:58 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5c3bfd69e0c268baff0d169e11a6a784\System.Runtime.Remoting.ni.dll
MOD - [2012/03/25 01:59:44 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7fd6c62196829d1e2dce5a253145d51a\System.Configuration.ni.dll
MOD - [2012/03/23 17:36:09 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d9f0f1dc8cbdb81f1ba122d77a6ab710\System.Xml.ni.dll
MOD - [2012/03/23 17:35:43 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\65450889f3742aada2a6c0cf8e6173e3\System.Windows.Forms.ni.dll
MOD - [2012/03/23 17:35:33 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\137696d0416b65dbc1561152971488b4\System.Drawing.ni.dll
MOD - [2012/03/23 17:35:06 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\bc01d91f95947c7f25f3ae4e16db2cb5\System.Core.ni.dll
MOD - [2012/03/23 17:34:58 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d48e106e015d0f8cb2d5295015cee508\PresentationFramework.Aero.ni.dll
MOD - [2012/03/23 17:34:57 | 014,328,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\56df3488472318c59d0a08ed10a065d3\PresentationFramework.ni.dll
MOD - [2012/03/23 17:34:38 | 012,216,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\3951e0a359c004cd6ba268ff78ac62aa\PresentationCore.ni.dll
MOD - [2012/03/23 17:34:14 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1e258a951222c818540b33880ca45f2e\WindowsBase.ni.dll
MOD - [2012/03/23 17:34:09 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll
MOD - [2012/03/23 15:00:26 | 020,297,512 | ---- | M] () -- C:\Program Files\Steam\bin\libcef.dll
MOD - [2012/03/23 15:00:26 | 001,099,576 | ---- | M] () -- C:\Program Files\Steam\bin\avcodec-53.dll
MOD - [2012/03/23 15:00:26 | 000,907,048 | ---- | M] () -- C:\Program Files\Steam\bin\chromehtml.dll
MOD - [2012/03/23 15:00:26 | 000,190,776 | ---- | M] () -- C:\Program Files\Steam\bin\avformat-53.dll
MOD - [2012/03/23 15:00:26 | 000,123,192 | ---- | M] () -- C:\Program Files\Steam\bin\avutil-51.dll
MOD - [2012/03/09 01:36:36 | 000,369,152 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2012/03/08 22:56:10 | 000,037,376 | ---- | M] () -- C:\Windows\System32\atitmpxx.dll
MOD - [2011/10/13 05:35:58 | 000,060,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\5aab9bc687029a908fc01473f8e5f77b\UIAutomationProvider.ni.dll
MOD - [2011/10/13 05:30:23 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2011/07/28 18:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/04/13 11:46:28 | 000,110,592 | ---- | M] () -- C:\Program Files\Razer\Razer Lycosa\razertra.exe
MOD - [2011/02/14 08:55:16 | 000,043,520 | R--- | M] () -- C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
MOD - [2011/01/31 20:38:38 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2009/06/04 02:55:20 | 000,002,560 | ---- | M] () -- C:\Windows\CTXFIRES.DLL
MOD - [2009/03/26 17:46:42 | 000,148,480 | ---- | M] () -- C:\Windows\System32\APOMngr.DLL

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Windows\system32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - File not found [Auto | Stopped] -- C:\Windows\system32\HPZinw12.dll -- (Net Driver HPZ12)
SRV - [2012/04/08 12:46:32 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/23 15:00:26 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/03/09 00:10:06 | 000,163,328 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/19 04:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/06/06 15:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/27 17:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 17:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/08/04 16:15:41 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2009/02/23 13:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2005/03/09 22:50:18 | 000,018,944 | ---- | M] (http://libusb-win32.sourceforge.net) [Auto | Running] -- C:\Windows\System32\libusbd-nt.exe -- (libusbd)

========== Driver Services (SafeList) ==========

DRV - File not found [File_System | On_Demand | Stopped] -- -- (StarOpen)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DF58D6EA-99F3-44A2-8D06-028B0CBB33D4}\MpKslfa35f3a3.sys -- (MpKslfa35f3a3)
DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0AD62393-EAB9-424F-AFBE-A8AED26DC084}\MpKsld56b956e.sys -- (MpKsld56b956e)
DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4BCFA92D-382C-46D5-A090-C1FB32A8E80A}\MpKsl95dbb41b.sys -- (MpKsl95dbb41b)
DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{331F5D0B-A6DA-48B7-9C32-7E699FCF1966}\MpKsl7f412780.sys -- (MpKsl7f412780)
DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7BCE402F-A49B-42CF-A6EB-769E04001055}\MpKsl595c46e3.sys -- (MpKsl595c46e3)
DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0AD62393-EAB9-424F-AFBE-A8AED26DC084}\MpKsl5769a9c3.sys -- (MpKsl5769a9c3)
DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4EA8DEC6-622F-42AB-9672-974BFF1F2E47}\MpKsl57328be5.sys -- (MpKsl57328be5)
DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1617A2C6-0D0E-4607-B822-2A8131F4D342}\MpKsl3683ef38.sys -- (MpKsl3683ef38)
DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B43332E0-F92A-44A4-8EF4-FF249362D944}\MpKsl28698052.sys -- (MpKsl28698052)
DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DF58D6EA-99F3-44A2-8D06-028B0CBB33D4}\MpKsl21691c7e.sys -- (MpKsl21691c7e)
DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4EA8DEC6-622F-42AB-9672-974BFF1F2E47}\MpKsl112567fd.sys -- (MpKsl112567fd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012/03/23 19:25:27 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012/03/09 01:26:40 | 009,183,232 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2012/03/08 22:57:34 | 000,265,216 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/12/05 14:46:56 | 000,083,472 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdLH3.sys -- (AtiHDAudioService)
DRV - [2011/08/19 04:26:50 | 004,334,624 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam Pro 9000(UVC)
DRV - [2011/08/19 04:26:46 | 000,315,808 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2011/05/27 17:22:17 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011/04/27 17:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 15:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/12/15 02:28:10 | 000,129,024 | ---- | M] (HTC Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\htcusbnet.sys -- (htcusbnet)
DRV - [2010/10/01 00:16:40 | 000,010,240 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VKbms.sys -- (VKbms)
DRV - [2010/09/25 12:55:46 | 000,006,656 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hidkmdf.sys -- (hidkmdf)
DRV - [2010/09/08 10:39:30 | 000,023,680 | ---- | M] (Razer USA Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Lycosa.sys -- (LycoFltr)
DRV - [2010/05/06 04:21:36 | 000,105,488 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2010/03/22 05:04:40 | 000,262,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2010/01/06 13:54:52 | 001,387,008 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athur.sys -- (athur)
DRV - [2009/06/04 04:48:12 | 001,177,624 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ha20x2k.sys -- (ha20x2k)
DRV - [2009/06/04 04:48:00 | 000,095,768 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\emupia2k.sys -- (emupia)
DRV - [2009/06/04 04:47:50 | 000,158,744 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2009/06/04 04:47:42 | 000,014,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2009/06/04 04:47:34 | 000,130,072 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2009/06/04 04:47:24 | 000,347,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2009/06/04 04:47:14 | 000,526,232 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2009/06/04 04:47:06 | 000,511,000 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2009/06/04 04:46:56 | 001,324,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS)
DRV - [2009/06/04 04:46:56 | 001,324,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV - [2009/06/04 04:46:42 | 000,072,728 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CTHWIUT.sys -- (CTHWIUT.SYS)
DRV - [2009/06/04 04:46:42 | 000,072,728 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV - [2009/06/04 04:46:34 | 000,171,032 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CT20XUT.sys -- (CT20XUT.SYS)
DRV - [2009/06/04 04:46:34 | 000,171,032 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CT20XUT.sys -- (CT20XUT)
DRV - [2008/12/26 14:56:04 | 000,017,792 | ---- | M] (Avnex) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vcsvad.sys -- (VCSVADHWSer) Avnex Virtual Audio Device (WDM)
DRV - [2005/03/09 22:50:16 | 000,033,792 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3914744143-2170124463-19528412-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?l=dis&o=15007
IE - HKU\S-1-5-21-3914744143-2170124463-19528412-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3914744143-2170124463-19528412-1000\..\SearchScopes,DefaultScope = {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
IE - HKU\S-1-5-21-3914744143-2170124463-19528412-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-3914744143-2170124463-19528412-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...B-565CB274CF60
IE - HKU\S-1-5-21-3914744143-2170124463-19528412-1000\..\SearchScopes\{E5F5D888-2587-E012-A817-7038F5690F26}: "URL" = http://bing.zugo.com...fg=2-76-0-1NNQB
IE - HKU\S-1-5-21-3914744143-2170124463-19528412-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3914744143-2170124463-19528412-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local;*.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.666: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.666: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.666: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.666: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.666: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/08/11 00:48:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/09/24 21:56:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/25 18:33:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/18 11:25:45 | 000,000,000 | ---D | M]

[2010/09/25 15:12:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lawrence\AppData\Roaming\mozilla\Extensions
[2010/09/25 15:12:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lawrence\AppData\Roaming\mozilla\Extensions\[email protected]
[2011/10/13 01:56:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lawrence\AppData\Roaming\mozilla\Firefox\Profiles\oehiqy60.default\extensions
[2011/04/13 19:05:44 | 000,000,000 | ---D | M] (BlockSite) -- C:\Users\Lawrence\AppData\Roaming\mozilla\Firefox\Profiles\oehiqy60.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}
[2012/03/25 18:33:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/08/11 00:48:15 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012/03/25 18:33:30 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/03/23 19:33:52 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/03/25 18:33:27 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/03/25 18:33:27 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/12/17 21:30:59 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKU\S-1-5-21-3914744143-2170124463-19528412-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\System32\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Lycosa] C:\Program Files\Razer\Razer Lycosa\razerhid.exe (Razer USA Ltd.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VMM Mode Selection] C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe ()
O4 - HKU\S-1-5-21-3914744143-2170124463-19528412-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-3914744143-2170124463-19528412-1000..\Run: [HP Photosmart 5510d series (NET)] C:\Program Files\HP\HP Photosmart 5510d series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3914744143-2170124463-19528412-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0F6041C9-3351-4555-9CCF-DC7C019BB2E6}: DhcpNameServer = 69.78.96.14 66.174.95.44
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AEE6CDB5-71B4-4D45-A708-1332C0E8B3AD}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DE015573-9767-4536-BF99-140064C06E43}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O22 - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - Deskscapes - C:\Program Files\Stardock\Object Desktop\DeskScapes3\deskscapes.dll (Stardock Corporation)
O22 - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - Stardock Vista ControlPanel Extension - C:\Program Files\Stardock\Object Desktop\DeskScapes\DesktopControlPanel.dll (Stardock)
O22 - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - StardockDreamController - C:\Program Files\Stardock\Object Desktop\DeskScapes\DreamControl.dll (Stardock)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img2.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img2.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/04/11 21:45:34 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Lawrence\Desktop\OTL.exe
[2012/04/09 21:29:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/04/09 21:29:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/04/09 21:29:12 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2012/03/30 19:37:57 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012/03/30 19:37:23 | 000,000,000 | ---D | C] -- C:\Program Files\AMD APP
[2012/03/30 19:37:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2012/03/30 19:31:22 | 000,000,000 | ---D | C] -- C:\AMD
[2012/03/28 07:01:44 | 000,000,000 | ---D | C] -- C:\Users\Lawrence\AppData\Roaming\Razer
[2012/03/27 23:44:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Razer
[2012/03/27 23:42:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
[2012/03/27 23:42:06 | 000,010,240 | ---- | C] (Windows ® Win 7 DDK provider) -- C:\Windows\System32\drivers\VKbms.sys
[2012/03/27 23:42:06 | 000,006,656 | ---- | C] (Windows ® Win 7 DDK provider) -- C:\Windows\System32\drivers\hidkmdf.sys
[2012/03/27 23:42:04 | 000,065,536 | ---- | C] (Razer Inc.) -- C:\Windows\System32\Lycosa.cpl
[2012/03/27 23:42:01 | 000,023,680 | ---- | C] (Razer USA Ltd.) -- C:\Windows\System32\drivers\Lycosa.sys
[2012/03/27 23:42:00 | 000,000,000 | ---D | C] -- C:\Program Files\Razer
[2012/03/27 20:14:04 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Photo Creations
[2012/03/27 20:14:04 | 000,000,000 | ---D | C] -- C:\Program Files\HP Photo Creations
[2012/03/27 20:13:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2012/03/27 17:43:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIM
[2012/03/27 17:42:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility
[2012/03/26 18:29:42 | 000,000,000 | ---D | C] -- C:\Users\Lawrence\vsxu
[2012/03/26 17:25:12 | 001,387,008 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\System32\drivers\athur.sys
[2012/03/23 21:54:32 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\MCE Logs
[2012/03/23 19:41:17 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/03/23 19:34:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/03/23 19:25:02 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/03/23 17:04:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012/03/23 17:04:12 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/11 21:46:16 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/11 21:45:43 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Lawrence\Desktop\OTL.exe
[2012/04/11 21:01:38 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/11 21:01:38 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/11 21:01:00 | 000,000,262 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Messager.job
[2012/04/11 13:07:51 | 000,642,508 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/04/11 13:07:51 | 000,119,660 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/04/11 13:01:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/11 13:01:35 | 2146,689,024 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/10 22:40:06 | 000,054,760 | ---- | M] () -- C:\Windows\System32\BMXStateBkp-{00000004-00000000-00000000-00001102-00000005-00311102}.rfx
[2012/04/10 22:40:06 | 000,054,760 | ---- | M] () -- C:\Windows\System32\BMXState-{00000004-00000000-00000000-00001102-00000005-00311102}.rfx
[2012/04/10 22:40:06 | 000,000,788 | ---- | M] () -- C:\Windows\System32\DVCState-{00000004-00000000-00000000-00001102-00000005-00311102}.rfx
[2012/04/09 21:29:24 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/04/06 22:22:51 | 000,014,848 | ---- | M] () -- C:\Users\Lawrence\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/05 06:30:58 | 221,268,153 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/03/29 16:43:08 | 000,002,859 | ---- | M] () -- C:\Users\Lawrence\.recently-used.xbel
[2012/03/27 23:44:13 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_VKbms_01009.Wdf
[2012/03/27 23:44:11 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2012/03/27 20:13:10 | 000,002,127 | ---- | M] () -- C:\Users\Public\Desktop\HP Photosmart 5510d series.lnk
[2012/03/27 20:10:41 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini
[2012/03/27 17:43:11 | 000,001,090 | -H-- | M] () -- C:\IPH.PH
[2012/03/27 17:43:06 | 000,001,720 | ---- | M] () -- C:\Users\Lawrence\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2012/03/27 17:43:06 | 000,001,696 | ---- | M] () -- C:\Users\Public\Desktop\AIM.lnk
[2012/03/23 19:25:27 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/03/23 17:33:20 | 000,263,552 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/09 21:29:24 | 000,001,878 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/04/08 12:27:14 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/03/29 16:43:08 | 000,002,859 | ---- | C] () -- C:\Users\Lawrence\.recently-used.xbel
[2012/03/27 23:44:13 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_VKbms_01009.Wdf
[2012/03/27 23:44:11 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2012/03/27 23:43:45 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf
[2012/03/27 20:14:07 | 000,000,262 | ---- | C] () -- C:\Windows\tasks\HP Photo Creations Messager.job
[2012/03/27 20:13:10 | 000,002,127 | ---- | C] () -- C:\Users\Public\Desktop\HP Photosmart 5510d series.lnk
[2012/03/27 20:10:41 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012/03/09 01:26:20 | 000,054,784 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2012/01/10 16:10:08 | 000,601,728 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011/12/17 21:13:05 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/17 21:13:05 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/17 21:13:05 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/17 21:13:05 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/17 21:13:05 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/09/24 21:59:26 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/09/24 21:59:26 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/09/12 17:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011/08/19 04:26:20 | 010,898,456 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2011/08/19 04:26:20 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2011/08/19 04:26:20 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2011/08/12 15:20:14 | 000,015,896 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2011/07/26 01:48:54 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2011/06/18 16:08:21 | 000,040,960 | ---- | C] () -- C:\Windows\System32\ps3sixaxis_en.exe
[2011/06/18 16:05:46 | 000,033,792 | ---- | C] () -- C:\Windows\System32\drivers\libusb0.sys
[2011/04/18 13:26:07 | 000,012,858 | ---- | C] () -- C:\Windows\hpwscr14.dat
[2011/02/27 06:12:47 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011/02/27 00:49:42 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/02/27 00:49:42 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/02/25 04:42:09 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011/01/31 21:04:42 | 000,058,792 | ---- | C] () -- C:\Windows\System32\wbload.dll
[2010/09/11 15:20:33 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010/08/19 11:30:40 | 000,020,436 | ---- | C] () -- C:\Windows\MSUMLT_U.INI
[2010/08/19 11:30:39 | 000,045,056 | ---- | C] () -- C:\Windows\System32\MSHRES_U.DLL
[2010/08/12 05:44:21 | 000,014,848 | ---- | C] () -- C:\Users\Lawrence\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/04 17:06:50 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/08/04 16:15:04 | 000,148,480 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2010/08/04 16:15:04 | 000,073,728 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2010/08/04 15:38:57 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2010/08/04 14:59:26 | 000,000,680 | ---- | C] () -- C:\Users\Lawrence\AppData\Local\d3d9caps.dat
[2010/07/06 20:14:26 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll

========== LOP Check ==========

[2010/08/04 21:01:29 | 000,000,000 | ---D | M] -- C:\Users\Lawrence\AppData\Roaming\acccore
[2011/05/27 02:22:39 | 000,000,000 | ---D | M] -- C:\Users\Lawrence\AppData\Roaming\Avnex
[2010/09/03 19:34:25 | 000,000,000 | ---D | M] -- C:\Users\Lawrence\AppData\Roaming\Barnes & Noble
[2012/01/12 06:17:43 | 000,000,000 | ---D | M] -- C:\Users\Lawrence\AppData\Roaming\BitTorrent
[2010/09/06 17:13:54 | 000,000,000 | ---D | M] -- C:\Users\Lawrence\AppData\Roaming\Canneverbe Limited
[2011/05/15 20:58:35 | 000,000,000 | ---D | M] -- C:\Users\Lawrence\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/01/01 22:38:17 | 000,000,000 | ---D | M] -- C:\Users\Lawrence\AppData\Roaming\DAEMON Tools Lite
[2011/08/03 12:32:59 | 000,000,000 | ---D | M] -- C:\Users\Lawrence\AppData\Roaming\DAEMON Tools Pro
[2011/05/30 21:14:39 | 000,000,000 | ---D | M] -- C:\Users\Lawrence\AppData\Roaming\Firestorm
[2011/10/18 06:13:39 | 000,000,000 | ---D | M] -- C:\Users\Lawrence\AppData\Roaming\fltk.org
[2010/09/26 14:16:55 | 000,000,000 | ---D | M] -- C:\Users\Lawrence\AppData\Roaming\GetRightToGo
[2012/03/29 16:43:08 | 000,000,000 | ---D | M] -- C:\Users\Lawrence\AppData\Roaming\gtk-2.0
[2011/06/29 20:02:45 | 000,000,000 | ---D | M] -- C:\Users\Lawrence\AppData\Roaming\Imprudence
[2010/08/14 19:20:03 | 000,000,000 | ---D | M] -- C:\Users\Lawrence\AppData\Roaming\Individual Software
[2011/10/13 01:57:42 | 000,000,000 | ---D | M] -- C:\Users\Lawrence\AppData\Roaming\InWorldz
[2011/12/09 04:11:17 | 000,000,000 | ---D | M] -- C:\Users\Lawrence\AppData\Roaming\Leadertech
[2010/08/19 10:06:52 | 000,000,000 | -HSD | M] -- C:\Users\Lawrence\AppData\Roaming\lowsec
[2011/08/14 14:37:14 | 000,000,000 | ---D | M] -- C:\Users\Lawrence\AppData\Roaming\MH GED
[2011/12/17 21:06:14 | 000,000,000 | ---D | M] -- C:\Users\Lawrence\AppData\Roaming\Mieq
[2011/06/03 17:29:34 | 000,000,000 | ---D | M] -- C:\Users\Lawrence\AppData\Roaming\musicjacker
[2010/08/14 19:29:28 | 000,000,000 | ---D | M] -- C:\Users\Lawrence\AppData\Roaming\OpenOffice.org
[2010/08/13 13:23:33 | 000,000,000 | ---D | M] -- C:\Users\Lawrence\AppData\Roaming\Propellerhead Software
[2012/03/28 07:01:44 | 000,000,000 | ---D | M] -- C:\Users\Lawrence\AppData\Roaming\Razer
[2012/04/03 17:26:55 | 000,000,000 | ---D | M] -- C:\Users\Lawrence\AppData\Roaming\SecondLife
[2011/01/31 21:02:48 | 000,000,000 | ---D | M] -- C:\Users\Lawrence\AppData\Roaming\Stardock
[2011/07/11 20:57:05 | 000,000,000 | ---D | M] -- C:\Users\Lawrence\AppData\Roaming\uPlayer
[2010/08/15 05:06:12 | 000,000,000 | ---D | M] -- C:\Users\Lawrence\AppData\Roaming\VirtuaWin
[2011/12/17 21:27:04 | 000,000,000 | ---D | M] -- C:\Users\Lawrence\AppData\Roaming\Yzadog
[2012/04/10 22:39:31 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2010/08/06 05:53:24 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2010/08/06 05:53:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2010/08/06 05:53:23 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2010/08/06 06:27:47 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2010/08/06 06:27:47 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\ERDNT\cache\explorer.exe
[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2010/08/06 05:53:23 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 04:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 02:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SVCHOST.EXE >
[2006/11/02 04:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2008/01/19 02:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\ERDNT\cache\svchost.exe
[2008/01/19 02:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/19 02:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/19 02:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe
[2008/01/19 02:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/19 02:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006/11/02 04:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\ERDNT\cache\winlogon.exe
[2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006/11/02 04:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/01/19 02:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< C:\Windows\assembly\tmp\U\*.* /s >

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< type c:\diskreport.txt /c >
Microsoft DiskPart version 6.0.6002
Copyright © 1999-2007 Microsoft Corporation.
On computer: LAWRENCE-PC
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 E DVD-ROM 0 B No Media
Volume 1 F DVD-ROM 0 B No Media
Volume 2 C NTFS Partition 98 GB Healthy System
Volume 3 D NTFS Partition 51 GB Healthy
Volume 4 H SANDISK NTFS Removable 1960 MB Healthy

========== Alternate Data Streams ==========

@Alternate Data Stream - 2158 bytes -> C:\Windows\System32\drivers\afzdbcea.sys:changelist

< End of report >

aswMBR:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-11 22:02:09
-----------------------------
22:02:09.249 OS Version: Windows 6.0.6002 Service Pack 2
22:02:09.249 Number of processors: 2 586 0xF02
22:02:09.251 ComputerName: LAWRENCE-PC UserName: Lawrence
22:02:10.374 Initialize success
22:03:09.110 AVAST engine defs: 12041101
22:03:24.834 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
22:03:24.836 Disk 0 Vendor: WDC_WD1600JS-22NCB1 10.02E02 Size: 152627MB BusType: 3
22:03:24.854 Disk 0 MBR read successfully
22:03:24.857 Disk 0 MBR scan
22:03:24.903 Disk 0 Windows VISTA default MBR code
22:03:24.911 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100000 MB offset 2048
22:03:24.952 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 52625 MB offset 204802048
22:03:24.995 Disk 0 scanning sectors +312578048
22:03:25.061 Disk 0 scanning C:\Windows\system32\drivers
22:03:45.367 Service scanning
22:04:01.848 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
22:04:23.082 Modules scanning
22:04:37.703 Disk 0 trace - called modules:
22:04:38.074 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys dxgkrnl.sys atikmpag.sys atikmdag.sys watchdog.sys
22:04:38.079 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84bf6ac8]
22:04:38.084 3 CLASSPNP.SYS[8803d8b3] -> nt!IofCallDriver -> [0x84630918]
22:04:38.089 5 acpi.sys[87a3f6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x84623b98]
22:04:38.931 AVAST engine scan C:\Windows
22:04:44.375 AVAST engine scan C:\Windows\system32
22:10:21.613 AVAST engine scan C:\Windows\system32\drivers
22:10:49.593 File: C:\Windows\system32\drivers\mbamswissarmy.sys **HIDDEN**
22:10:50.311 AVAST engine scan C:\Users\Lawrence
22:14:31.503 Disk 0 MBR has been saved successfully to "C:\Users\Lawrence\Desktop\MBR.dat"
22:14:31.536 The log file has been saved successfully to "C:\Users\Lawrence\Desktop\aswMBR.txt"

#4
Essexboy

Posted 12 April 2012 - 01:30 PM

GeekU Moderator

Retired Staff
69,964 posts

There is something that does not look quite right so I will need to use a different tool

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run
To disable MBAM
Open the scanner and select the protection tab
Remove the tick from "Start with Windows"
Reboot and then run OTL
Posted Image

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
IE - HKU\S-1-5-21-3914744143-2170124463-19528412-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...B-565CB274CF60
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O3 - HKU\S-1-5-21-3914744143-2170124463-19528412-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
@Alternate Data Stream - 2158 bytes -> C:\Windows\System32\drivers\afzdbcea.sys:changelist

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Double click on ComboFix.exe & follow the prompts.
Accept the disclaimer and allow to update if it asks
When finished, it shall produce a log for you.
Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

#5
Essexboy

Posted 16 April 2012 - 06:22 AM

GeekU Moderator

Retired Staff
69,964 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.