So this is my sister's work computer, but I've been tasked with fixing it for her. The issue started a few days ago while she was running photoshop. The computer would freeze to the point that the task manager couldn't even start, and would remain nonreactive until reboot. Upon reboot, the photoshop file that was being worked on would be completely corrupt, as would any copy of it that she made for back-up. This trashed several of my sister's files which obviously isn't good for an illustrator. Aside from crashing during photoshop, it crashes basically any time she would try to multitask. In any case, when my computer seemed to be completely and utterly on the fritz, you guys came through and helped me fix it in less than two hours. For that, I thank you, and I hope that you can help me again OTL log at the bottom of this post.
I noticed a few unrecognized processes running. One was alarmclock.exe which seemed to be related to gigabyte after research, the other was related to AMD (external events utility). I assumed that the files were infected by something. I attempted a fix which I described below, but that might have messed things up a bit more than before. Now, the computer is running but it is too unstable to work on anything for prolonged periods. It can barely handle browsing the internet and seems to freeze or blue screen abruptly. It even froze while I was creating this thread.
This is definitely not related to the computer being underspec'd because the thing is running an i7 2600k, 16gb ram, a recent/modern gpu, and has been a beast at running any program until a few days ago.
Attempted fix:
After some research, it looked like other people were having similar problems and solved them by going into computer > manage > services > and disabling the amd external events utility. That got rid of one of the unknown processes (I don't recall the .exe name atm) but didn't fix the stability. I wasn't able to find out anything about alarmclock.exe except that other people who saw it in the task manager also had similar problems to mine. I wasn't able to disable it or end task it. Next, I ran malware bytes, MSI, and ccleaner. The first two found nothing. I ran a registry fix using ccleaner because I thought the registry might have been damaged. It found roughly 100+ errors and fixed them, so the computer is much more stable but still crashes very often. I'm not sure how much of this is my fault, but hopefully I didn't do too much damage.
OTL Log:
OTL logfile created on: 4/5/2013 7:35:30 PM - Run 1
OTL by OldTimer - Version Folder = C:\Users\Izabella\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
15.92 Gb Total Physical Memory | 13.74 Gb Available Physical Memory | 86.33% Memory free
31.84 Gb Paging File | 29.38 Gb Available in Paging File | 92.29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119.14 Gb Total Space | 35.25 Gb Free Space | 29.58% Space Free | Partition Type: NTFS
Drive X: | 931.51 Gb Total Space | 818.57 Gb Free Space | 87.88% Space Free | Partition Type: NTFS
Computer Name: WINTOSH-PRO | User Name: Izabella | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013/04/05 19:35:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Izabella\Desktop\OTL.exe
PRC - [2013/04/03 12:49:45 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/03/16 15:53:44 | 000,035,008 | ---- | M] (Starfield Technologies) -- C:\Users\Izabella\AppData\Local\Workspace\workspaceupdate.exe
PRC - [2013/03/12 22:02:23 | 001,822,424 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
PRC - [2013/03/06 04:59:12 | 002,569,168 | ---- | M] () -- C:\ProgramData\Browser Manager\2.6.1125.80\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
PRC - [2013/02/28 15:15:34 | 001,183,456 | ---- | M] (Starfield Technologies) -- C:\Program Files (x86)\Workspace\offSyncService.exe
PRC - [2012/12/18 10:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/11/13 14:07:24 | 000,168,384 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2012/11/13 14:07:20 | 001,369,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2012/11/13 14:07:16 | 001,103,392 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2011/04/30 01:32:54 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/04/30 01:32:50 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/10/12 14:56:40 | 000,979,328 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
PRC - [2010/06/22 03:48:30 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\CustoPackTools\utils\RocketDock\RocketDock.exe
PRC - [2010/04/22 16:05:26 | 001,011,712 | ---- | M] (Gigabyte Technology CO., LTD.) -- C:\Program Files (x86)\GIGABYTE\smart6\timelock\AlarmClock.exe
PRC - [2009/10/13 17:39:46 | 000,114,688 | ---- | M] (Gigabyte Technology CO., LTD.) -- C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe
PRC - [2009/06/17 17:13:06 | 000,068,136 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe
PRC - [2009/05/21 19:09:04 | 000,172,032 | ---- | M] () -- C:\Program Files (x86)\ASUS\WLAN Card Utilities\ASWLCCSVC.exe
PRC - [2006/12/19 19:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
========== Modules (No Company Name) ==========
MOD - [2013/04/03 12:49:39 | 003,143,576 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/03/12 22:02:22 | 014,717,144 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
MOD - [2013/03/06 04:59:12 | 002,569,168 | ---- | M] () -- C:\ProgramData\Browser Manager\2.6.1125.80\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
MOD - [2013/03/06 04:57:59 | 002,232,272 | ---- | M] () -- c:\ProgramData\Browser Manager\2.6.1125.80\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll
MOD - [2013/02/19 01:11:00 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\
MOD - [2013/01/10 10:07:17 | 000,492,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\4cae4b1b6c8423f80d1f86eae7fd8203\
MOD - [2013/01/10 10:07:17 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\6fd278018f0cf369362fc810f8aefcb5\
MOD - [2013/01/10 10:04:14 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\
MOD - [2013/01/10 10:03:57 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\
MOD - [2013/01/10 10:03:50 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\
MOD - [2013/01/10 10:03:47 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\
MOD - [2013/01/10 10:03:45 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\
MOD - [2013/01/10 10:03:45 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\
MOD - [2013/01/10 10:03:42 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\
MOD - [2011/03/17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 16:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/06/22 03:48:30 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\CustoPackTools\utils\RocketDock\RocketDock.exe
MOD - [2010/06/22 03:48:30 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\CustoPackTools\utils\RocketDock\RocketDock.dll
========== Services (SafeList) ==========
SRV:64bit: - [2013/01/27 12:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/01/27 12:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2012/12/19 15:56:00 | 000,240,640 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/08/05 12:53:12 | 000,467,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV:64bit: - [2011/08/05 12:53:12 | 000,306,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV:64bit: - [2011/08/05 12:53:06 | 008,277,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV:64bit: - [2011/03/17 19:03:44 | 000,552,832 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe -- (EpsonCustomerParticipation)
SRV:64bit: - [2010/11/30 14:27:58 | 000,336,824 | ---- | M] (arvato digital services llc) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2_x64)
SRV:64bit: - [2010/04/06 17:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv)
SRV:64bit: - [2010/03/08 20:47:06 | 006,245,744 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Windows\SysNative\Wacom_Tablet.exe -- (TabletServiceWacom)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/04/03 12:49:44 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/03/12 22:02:23 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/03/06 04:59:12 | 002,569,168 | ---- | M] () [Auto | Running] -- C:\ProgramData\Browser Manager\2.6.1125.80\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe -- (Browser Manager)
SRV - [2013/02/28 15:15:34 | 001,183,456 | ---- | M] (Starfield Technologies) [Auto | Running] -- C:\Program Files (x86)\Workspace\offSyncService.exe -- (File Backup)
SRV - [2013/01/18 13:27:32 | 000,541,608 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/12/18 10:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/04/30 01:32:54 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/10/13 17:39:46 | 000,114,688 | ---- | M] (Gigabyte Technology CO., LTD.) [Auto | Running] -- C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe -- (Smart TimeLock)
SRV - [2009/06/17 17:13:06 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe -- (DES2 Service)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/21 19:09:04 | 000,172,032 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\WLAN Card Utilities\ASWLCCSVC.exe -- (ASWLCCSvc)
SRV - [2006/12/19 19:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2013/01/20 16:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/12/19 16:48:48 | 011,278,336 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/12/19 15:32:54 | 000,552,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/11/06 07:11:52 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/21 21:30:04 | 012,310,112 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/04/26 12:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/03/14 05:29:46 | 000,313,136 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mvs91xx.sys -- (mvs91xx)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/07 05:22:00 | 000,065,280 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI)
DRV:64bit: - [2011/03/07 05:22:00 | 000,040,832 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3)
DRV:64bit: - [2011/01/15 12:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2011/01/13 07:58:00 | 000,413,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/01/10 19:16:08 | 000,021,104 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger)
DRV:64bit: - [2010/12/16 18:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 07:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/10/20 00:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/02/12 21:42:28 | 001,104,672 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2010/01/24 19:32:24 | 000,018,216 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV:64bit: - [2009/10/28 14:59:08 | 000,045,752 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PCASp50.sys -- (PCASp50)
DRV:64bit: - [2009/09/21 19:29:22 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007/04/09 14:09:46 | 000,012,288 | ---- | M] (Waytech Development, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UsbFltr.sys -- (UsbFltr)
DRV:64bit: - [2007/02/16 15:12:36 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2013/04/05 18:59:53 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2009/10/28 14:59:08 | 000,045,752 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\PCASp50.sys -- (PCASp50)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2801948
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://search.babylo...00014dae9b09bd0
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = http://search.babylo...00014dae9b09bd0
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT2801948
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 38 B2 78 65 0F C6 CC 01 [binary data]
IE - HKCU\..\URLSearchHook: {37483b40-c254-4a72-bda4-22ee90182c1e} - No CLSID value found
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...00014dae9b09bd0
IE - HKCU\..\SearchScopes\{3B4970A3-98D3-4726-A793-75830D35DEA5}: "URL" = http://websearch.ask...FA-A0CCD1328A26
IE - HKCU\..\SearchScopes\{3C3AD6AF-32B1-435A-B0F6-EE08E7D819F2}: "URL" ={SearchTerms}
IE - HKCU\..\SearchScopes\{3D8A4D33-D13C-4a4f-8F7A-0AF57E301E00}: "URL" =
IE - HKCU\..\SearchScopes\{A63AEAE4-2798-4772-BBBB-EB953FD3BD2D}: "URL" ={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2801948
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incre...6R8kQ4D1a8&i=26
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - ""
FF - "NCH EN Customized Web Search"
FF - "http://search.condui...={searchTerms}"
FF - "Search the web (Babylon)"
FF - "Google"
FF - true
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..extensions.enabledAddons: %7B23fcfd51-4958-4f00-80a3-ae97e717ed8b%7D:
FF - prefs.js..extensions.enabledAddons: %7Ba7c6cf7f-112c-4500-a7ea-39801a327e5f%7D:2.0.13
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0
FF - prefs.js..keyword.URL: ""
FF - "Search the web (Babylon)"
FF:64bit: - HKLM\Software\MozillaPlugins\ C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\ VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\ disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\ C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\,version=: File not found
FF - HKLM\Software\MozillaPlugins\,version=1.0: C:\Program Files\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\ Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\ VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\ Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\ disabled File not found
FF - HKLM\Software\MozillaPlugins\,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\,version= C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\ C:\Users\Izabella\AppData\Roaming\Mozilla\Plugins\npoff.dll ( Starfield Technologies, LLC.)
FF - HKCU\Software\MozillaPlugins\ C:\Users\Izabella\AppData\Roaming\Mozilla\Plugins\npoff64.dll ( Starfield Technologies, LLC.)
FF - HKCU\Software\MozillaPlugins\ C:\Users\Izabella\AppData\Roaming\Mozilla\Plugins\npwbe.dll (Starfield Technology, LLC)
FF - HKCU\Software\MozillaPlugins\ C:\Users\Izabella\AppData\Roaming\Mozilla\Plugins\npwbe64.dll (Starfield Technology, LLC)
FF - HKCU\Software\MozillaPlugins\ C:\Users\Izabella\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\ C:\Users\Izabella\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\ C:\Users\Izabella\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\ Update;version=3: C:\Users\Izabella\AppData\Local\Google\Update\\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\ Update;version=9: C:\Users\Izabella\AppData\Local\Google\Update\\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/02/17 00:46:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/04/03 12:49:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/01/17 16:07:37 | 000,000,000 | ---D | M]
[2013/03/16 15:54:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Izabella\AppData\Roaming\Mozilla\Extensions
[2012/05/27 17:03:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Izabella\AppData\Roaming\Mozilla\Extensions\[email protected]
[2013/03/04 00:39:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Izabella\AppData\Roaming\Mozilla\Firefox\Profiles\sx8ay3nc.default\extensions
[2013/02/19 01:24:23 | 000,000,000 | ---D | M] (FireFTP) -- C:\Users\Izabella\AppData\Roaming\Mozilla\Firefox\Profiles\sx8ay3nc.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2013/02/18 21:29:27 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Izabella\AppData\Roaming\Mozilla\Firefox\Profiles\sx8ay3nc.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2013/01/04 01:39:14 | 000,000,000 | ---D | M] (Reddit Enhancement Suite) -- C:\Users\Izabella\AppData\Roaming\Mozilla\Firefox\Profiles\sx8ay3nc.default\extensions\jid1-xUfzOsOFlzSOXg@jetpack
[2013/03/04 00:39:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Izabella\AppData\Roaming\Mozilla\Firefox\Profiles\sx8ay3nc.default\extensions\staged
[2013/01/04 01:39:10 | 000,423,679 | ---- | M] () (No name found) -- C:\Users\Izabella\AppData\Roaming\Mozilla\Firefox\Profiles\sx8ay3nc.default\extensions\[email protected]
[2013/03/04 00:39:06 | 000,872,587 | ---- | M] () (No name found) -- C:\Users\Izabella\AppData\Roaming\Mozilla\Firefox\Profiles\sx8ay3nc.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi
[2013/02/18 21:29:25 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Izabella\AppData\Roaming\Mozilla\Firefox\Profiles\sx8ay3nc.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/09/08 02:27:05 | 000,002,343 | ---- | M] () -- C:\Users\Izabella\AppData\Roaming\Mozilla\Firefox\Profiles\sx8ay3nc.default\searchplugins\askcom.xml
[2012/09/19 16:37:46 | 000,002,223 | ---- | M] () -- C:\Users\Izabella\AppData\Roaming\Mozilla\Firefox\Profiles\sx8ay3nc.default\searchplugins\BabylonMngr.xml
[2012/05/30 08:46:12 | 000,000,915 | ---- | M] () -- C:\Users\Izabella\AppData\Roaming\Mozilla\Firefox\Profiles\sx8ay3nc.default\searchplugins\conduit.xml
[2012/02/23 17:00:35 | 000,002,203 | ---- | M] () -- C:\Users\Izabella\AppData\Roaming\Mozilla\Firefox\Profiles\sx8ay3nc.default\searchplugins\MyStart Search.xml
[2012/05/30 15:11:05 | 000,002,057 | ---- | M] () -- C:\Users\Izabella\AppData\Roaming\Mozilla\Firefox\Profiles\sx8ay3nc.default\searchplugins\youtube-video-search.xml
[2012/09/07 17:41:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/02/17 00:46:10 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2013/04/03 12:49:45 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/09/19 16:37:40 | 000,002,360 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012/08/30 02:20:38 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/09/19 17:15:18 | 000,002,024 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2013/03/04 04:05:02 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url ={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - homepage: http://search.babylo...00014dae9b09bd0
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Izabella\AppData\Local\Google\Chrome\Application\26.0.1410.43\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Izabella\AppData\Local\Google\Chrome\Application\26.0.1410.43\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Izabella\AppData\Local\Google\Chrome\Application\26.0.1410.43\gcswf32.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Izabella\AppData\Local\Google\Update\\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Izabella\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Users\Izabella\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\\
CHR - Extension: Yulia Brodskaya = C:\Users\Izabella\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlgdloilieclkegafohackmhffbmdpko\2_0\
CHR - Extension: Better Pop Up Blocker = C:\Users\Izabella\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpeeekfhbmikbdhlpjbfmnpgcbeggic\2.1.6_0\
CHR - Extension: BrowserProtect = C:\Users\Izabella\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0_1\
CHR - Extension: Gmail = C:\Users\Izabella\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2011/01/27 16:00:57 | 000,001,211 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: localhost
O1 - Hosts:
O1 - Hosts:
O1 - Hosts: practivate.adobe practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp
O1 - Hosts:
O1 - Hosts:
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {37483B40-C254-4A72-BDA4-22EE90182C1E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [Artisan 730(Network)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHQA.EXE /FU "C:\Users\Izabella\AppData\Local\Temp\E_S9CC.tmp" /EF "HKCU" File not found
O4 - HKCU..\Run: [EPSON Artisan 730 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHQA.EXE /FU "C:\Users\Izabella\AppData\Local\Temp\E_S99D.tmp" /EF "HKCU" File not found
O4 - HKCU..\Run: [RocketDock] C:\Program Files (x86)\CustoPackTools\utils\RocketDock\RocketDock.exe ()
O4 - HKCU..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Starfield Updater] C:\Users\Izabella\AppData\Local\Workspace\WorkspaceUpdate.exe (Starfield Technologies)
O4:64bit: - HKLM..\RunOnce: [RPMKickstart] C:\Program Files\GIGABYTE\SMART6\Recovery\RPMKickstart.exe (Gigabyte Technology CO., LTD.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O8:64bit: - Extra context menu item: Search the Web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O8 - Extra context menu item: Search the Web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer =
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{655CB665-AB99-4C80-8364-D606EEBA4014}: DhcpNameServer =
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (c:\progra~3\browse~1\261125~1.80\{16cdf~1\browse~1.dll) - c:\ProgramData\Browser Manager\2.6.1125.80\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/12/31 20:45:44 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\ [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\ [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013/04/05 19:34:57 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Izabella\Desktop\OTL.exe
[2013/04/04 16:57:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
[2013/04/04 16:57:51 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID
[2013/04/04 00:01:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013/04/04 00:01:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013/04/04 00:01:17 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2013/04/04 00:01:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2013/03/24 00:30:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013/03/24 00:30:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013/03/24 00:30:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013/03/17 11:43:17 | 000,000,000 | ---D | C] -- C:\Users\Izabella\AppData\Local\offsync
[2013/03/16 15:55:07 | 000,000,000 | ---D | C] -- C:\Users\Izabella\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Workspace
[2013/03/16 15:55:04 | 000,000,000 | ---D | C] -- X:\Izabella\Workspace Logs
[2013/03/16 15:55:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Workspace
[2013/03/16 15:53:41 | 000,000,000 | ---D | C] -- C:\Users\Izabella\AppData\Local\Workspace
[2013/03/12 13:12:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/03/12 13:12:03 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Plugins
[2013/03/12 13:12:02 | 000,000,000 | ---D | C] -- C:\Program Files\iTunesHelper.Resources
[2013/03/12 13:11:55 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes.Resources
[2013/03/12 13:11:55 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/03/12 13:11:54 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/03/12 13:11:54 | 000,000,000 | ---D | C] -- C:\Program Files\CD Configuration
[2013/03/12 13:11:54 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/02/20 13:16:00 | 000,112,968 | ---- | C] (Apple Inc.) -- C:\Program Files\ITDetector.ocx
[2013/02/20 12:35:30 | 000,293,192 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesOutlookAddIn.dll
[2013/02/20 12:35:28 | 000,152,392 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesHelper.exe
[2013/02/20 12:35:26 | 000,412,488 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesAdmin.dll
[2013/02/20 12:35:26 | 000,148,808 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesHelper.dll
[2013/02/20 12:35:24 | 009,789,256 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunes.exe
[2013/02/20 12:35:08 | 022,970,184 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunes.dll
[2013/02/20 12:35:04 | 003,015,008 | ---- | C] (Gracenote, Inc.) -- C:\Program Files\gnsdk_dsp.dll
[2013/02/20 12:35:04 | 000,782,688 | ---- | C] (Gracenote, Inc.) -- C:\Program Files\gnsdk_sdkmanager.dll
[2013/02/20 12:35:04 | 000,269,152 | ---- | C] (Gracenote, Inc.) -- C:\Program Files\gnsdk_submit.dll
[2013/02/20 12:35:04 | 000,226,144 | ---- | C] (Gracenote, Inc.) -- C:\Program Files\gnsdk_musicid.dll
========== Files - Modified Within 30 Days ==========
[2013/04/05 19:35:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Izabella\Desktop\OTL.exe
[2013/04/05 19:23:00 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1525621531-1438105479-2784798899-1000UA.job
[2013/04/05 19:06:58 | 000,021,200 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/05 19:06:58 | 000,021,200 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/05 19:06:49 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/04/05 19:06:49 | 000,624,162 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/04/05 19:06:49 | 000,106,538 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/04/05 19:02:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/04/05 18:59:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/04/05 18:59:49 | 4229,779,454 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/05 01:59:42 | 078,313,856 | ---- | M] () -- C:\Users\Izabella\Desktop\BL copy.psd
[2013/04/05 01:59:26 | 003,765,623 | ---- | M] () -- C:\Users\Izabella\Desktop\BL2.jpg
[2013/04/05 01:59:14 | 078,312,962 | ---- | M] () -- C:\Users\Izabella\Desktop\BL.psd
[2013/04/04 17:23:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1525621531-1438105479-2784798899-1000Core.job
[2013/04/04 16:57:51 | 000,000,930 | ---- | M] () -- C:\Users\Public\Desktop\CPUID HWMonitor.lnk
[2013/04/04 16:57:13 | 004,157,552 | ---- | M] ( ) -- C:\Users\Izabella\Desktop\hwmonitor_1.21-setup.exe
[2013/04/04 16:03:20 | 000,039,652 | ---- | M] () -- C:\Users\Izabella\Desktop\cc_20130404_160259.reg
[2013/04/04 00:14:49 | 000,000,121 | ---- | M] () -- C:\Windows\wininit.ini
[2013/04/03 03:01:34 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/04/03 03:01:34 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013/03/29 11:18:09 | 000,000,988 | ---- | M] () -- C:\Users\Izabella\Desktop\Dropbox.lnk
[2013/03/16 15:55:07 | 000,001,076 | ---- | M] () -- C:\Users\Izabella\Desktop\desktoptools.lnk
[2013/03/12 13:12:05 | 000,001,652 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
========== Files Created - No Company Name ==========
[2013/04/05 01:50:29 | 003,765,623 | ---- | C] () -- C:\Users\Izabella\Desktop\BL2.jpg
[2013/04/04 16:57:51 | 000,000,930 | ---- | C] () -- C:\Users\Public\Desktop\CPUID HWMonitor.lnk
[2013/04/04 16:57:12 | 004,157,552 | ---- | C] ( ) -- C:\Users\Izabella\Desktop\hwmonitor_1.21-setup.exe
[2013/04/04 16:03:08 | 000,039,652 | ---- | C] () -- C:\Users\Izabella\Desktop\cc_20130404_160259.reg
[2013/04/04 01:15:16 | 078,313,856 | ---- | C] () -- C:\Users\Izabella\Desktop\BL copy.psd
[2013/04/04 00:14:49 | 000,000,121 | ---- | C] () -- C:\Windows\wininit.ini
[2013/04/04 00:01:21 | 000,002,189 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013/04/03 19:38:55 | 078,312,962 | ---- | C] () -- C:\Users\Izabella\Desktop\BL.psd
[2013/04/03 03:01:34 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/04/03 03:01:34 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013/03/16 15:55:07 | 000,001,076 | ---- | C] () -- C:\Users\Izabella\Desktop\desktoptools.lnk
[2013/03/12 13:12:05 | 000,001,652 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/02/20 13:15:56 | 000,122,375 | ---- | C] () -- C:\Program Files\Acknowledgements.rtf
[2012/09/01 14:51:32 | 000,000,132 | ---- | C] () -- C:\Users\Izabella\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2012/05/30 15:42:28 | 000,000,132 | ---- | C] () -- C:\Users\Izabella\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012/05/02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/04/10 16:05:34 | 000,000,132 | ---- | C] () -- C:\Users\Izabella\AppData\Roaming\Adobe IllExport Filter CS5 Prefs
[2012/04/05 21:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/04/05 21:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/03/07 14:24:08 | 000,000,026 | -H-- | C] () -- C:\ProgramData\.811261211181235583101118113995
[2012/02/17 14:53:02 | 000,001,456 | ---- | C] () -- C:\Users\Izabella\AppData\Local\Adobe Save for Web 12.0 Prefs
[2012/01/19 23:38:32 | 000,000,077 | ---- | C] () -- C:\Windows\EART730.ini
[2011/12/31 20:09:49 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2011/12/29 03:31:59 | 000,743,538 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/12/28 22:07:36 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/10/21 21:27:54 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/10/21 21:27:54 | 000,217,536 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/10/21 21:27:54 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/10/21 21:22:54 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011/10/21 21:03:04 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011/09/12 19:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
========== ZeroAccess Check ==========
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2010/11/20 09:27:25 | 014,161,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
"" = %SystemRoot%\system32\shell32.dll -- [2010/11/20 08:21:19 | 012,859,904 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2011/12/31 20:47:38 | 000,000,000 | ---D | M] -- C:\Users\Izabella\AppData\Roaming\Autodesk
[2012/01/06 00:39:39 | 000,000,000 | ---D | M] -- C:\Users\Izabella\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2013/04/03 23:31:08 | 000,000,000 | ---D | M] -- C:\Users\Izabella\AppData\Roaming\Dropbox
[2013/02/12 20:28:10 | 000,000,000 | ---D | M] -- C:\Users\Izabella\AppData\Roaming\Epson
[2012/05/30 22:10:21 | 000,000,000 | ---D | M] -- C:\Users\Izabella\AppData\Roaming\FileZilla
[2012/02/27 14:29:46 | 000,000,000 | ---D | M] -- C:\Users\Izabella\AppData\Roaming\Final Draft
[2012/01/09 15:00:28 | 000,000,000 | ---D | M] -- C:\Users\Izabella\AppData\Roaming\Foxit Software
[2012/05/27 17:03:05 | 000,000,000 | ---D | M] -- C:\Users\Izabella\AppData\Roaming\Greyfirst
[2012/01/20 13:04:35 | 000,000,000 | ---D | M] -- C:\Users\Izabella\AppData\Roaming\Leader Technologies
[2012/01/19 23:47:32 | 000,000,000 | ---D | M] -- C:\Users\Izabella\AppData\Roaming\Leadertech
[2013/01/18 16:20:48 | 000,000,000 | ---D | M] -- C:\Users\Izabella\AppData\Roaming\Nitro PDF
[2012/05/26 00:09:55 | 000,000,000 | ---D | M] -- C:\Users\Izabella\AppData\Roaming\OpenCandy
[2012/05/26 00:12:37 | 000,000,000 | ---D | M] -- C:\Users\Izabella\AppData\Roaming\PrimoPDF
[2013/02/07 00:36:57 | 000,000,000 | ---D | M] -- C:\Users\Izabella\AppData\Roaming\SendSpace Wizard
[2012/01/01 21:18:55 | 000,000,000 | ---D | M] -- C:\Users\Izabella\AppData\Roaming\Splashtop
[2012/02/25 14:29:33 | 000,000,000 | ---D | M] -- C:\Users\Izabella\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2013/04/04 13:46:04 | 000,000,000 | ---D | M] -- C:\Users\Izabella\AppData\Roaming\uTorrent
========== Purity Check ==========
< End of report >