Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vundo? Fake.Virus? All Kinds of Problems


  • This topic is locked This topic is locked
5 replies to this topic

#1 liberalgoddess

liberalgoddess

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:03 AM

Posted 24 April 2010 - 05:02 AM

A few weeks perhaps 2 or 3 my computer had BSODs all over so I ran a malware checker and it found several virus/malware problems which I thought were taken care of. However weird folders are showing up on my computer and some programs like MSE don't work properly anymore. I have attached the required logs, but one of them grayed out most of the options and would only let me scan Registry, Programs and Services. For what it's worth, I hope you can help.Attached File  DDS.zip   10.24KB   8 downloads

BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:03 AM

Posted 28 April 2010 - 05:33 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.

Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.

We need to create an OTL report,
  • Please download OTL from this link.
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in:

    netsvcs
    msconfig
    activex
    drivers32
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32
    ahcix86s.sys
    nvrd32.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT

  • Click the Quick Scan button.
  • The scan should take a few minutes.
  • Please copy and paste both logs in your reply.

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new OTL log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


In your reply, please post both OTL logs and the GMER log. Please also let me know what weird folders you are seeing. Please also copy and paste the logs directly into your reply instead of attaching...makes it much easier for me. Thanks!


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#3 liberalgoddess

liberalgoddess
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:03 AM

Posted 28 April 2010 - 06:20 PM

What I've done: The boot mgr was corrupt so I fixed that with a disk. Then I checked for corrupt microsoft files and it fixed those (which ones? I didn't look).

The folders I'm seeing are named dl;soe or a variation of letters and special character which look empty and I can delete but another folder shows up.

Next I ran the OTL:

OTL logfile created on: 4/28/2010 4:02:08 PM - Run 1
OTL by OldTimer - Version 3.2.3.0 Folder = J:\downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 56.00% Memory free
15.00 Gb Paging File | 12.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): c:\pagefile.sys 8830 8830 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 686.54 Gb Total Space | 618.06 Gb Free Space | 90.03% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 3.76 Gb Total Space | 0.04 Gb Free Space | 0.98% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 93.16 Gb Total Space | 53.43 Gb Free Space | 57.36% Space Free | Partition Type: NTFS
Drive K: | 139.73 Gb Total Space | 82.96 Gb Free Space | 59.37% Space Free | Partition Type: NTFS
Drive M: | 3.73 Gb Total Space | 3.61 Gb Free Space | 96.81% Space Free | Partition Type: NTFS
Drive N: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive O: | 1.86 Gb Total Space | 1.75 Gb Free Space | 93.84% Space Free | Partition Type: FAT

Computer Name: APHRODITE
Current User Name: liberalgoddess
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/04/28 16:01:17 | 000,563,712 | ---- | M] (OldTimer Tools) -- J:\Downloads\OTL.exe
PRC - [2010/04/14 09:47:08 | 002,790,472 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/04/14 09:47:05 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/04/01 10:58:04 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/03/30 00:12:02 | 002,815,488 | ---- | M] (SpeedBit Ltd.) -- C:\Program Files (x86)\DAP\DAP.exe
PRC - [2010/03/10 22:32:26 | 000,648,536 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
PRC - [2010/03/08 20:58:36 | 000,031,856 | ---- | M] (Arainia Solutions) -- C:\Program Files (x86)\Gizmo\gservice.exe
PRC - [2010/03/07 11:57:20 | 000,160,328 | ---- | M] (Siber Systems) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2010/02/18 01:17:08 | 000,226,304 | ---- | M] () -- C:\Program Files (x86)\Quick Config\QCService.exe
PRC - [2010/02/06 15:03:46 | 000,049,536 | ---- | M] () -- C:\Program Files (x86)\AyRecovery\ShieldClnt.exe
PRC - [2010/02/06 15:03:44 | 004,108,672 | ---- | M] () -- C:\Program Files (x86)\AyRecovery\shieldtray.exe
PRC - [2010/02/06 15:03:44 | 000,217,472 | ---- | M] () -- C:\Program Files (x86)\AyRecovery\SHDSERV.exe
PRC - [2010/01/26 18:02:52 | 000,389,120 | R--- | M] (Teleca) -- C:\Program Files (x86)\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
PRC - [2010/01/26 18:02:46 | 000,249,856 | R--- | M] (Teleca Sweden AB) -- C:\Program Files (x86)\HTC\HTC Sync\Sync Manager\SyncIndicator.exe
PRC - [2009/12/11 14:50:34 | 000,557,056 | R--- | M] (Teleca AB) -- C:\Program Files (x86)\Common Files\Teleca Shared\Generic.exe
PRC - [2009/12/03 16:52:32 | 001,980,560 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) -- C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteService.exe
PRC - [2009/11/19 16:19:48 | 000,598,016 | R--- | M] (Teleca Sweden AB) -- C:\Program Files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe
PRC - [2009/10/10 14:07:08 | 000,320,832 | ---- | M] (BillP Studios) -- C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2009/10/01 16:03:14 | 001,858,144 | ---- | M] (Emsi Software GmbH) -- C:\Program Files (x86)\a-squared Free\a2service.exe
PRC - [2009/09/29 12:29:00 | 000,356,352 | R--- | M] (Teleca Sweden AB) -- C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\dbgout.exe
PRC - [2009/09/29 12:28:26 | 001,011,712 | R--- | M] (Teleca Sweden AB) -- C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
PRC - [2009/09/29 12:03:26 | 000,253,952 | R--- | M] (TODO: <Company name>) -- C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
PRC - [2009/09/29 12:03:02 | 000,462,848 | R--- | M] (Teleca AB) -- C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
PRC - [2009/08/21 01:15:32 | 000,900,816 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi.exe
PRC - [2009/06/26 09:26:20 | 000,085,504 | ---- | M] (PC Pitstop LLC) -- C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe
PRC - [2009/06/03 09:25:16 | 000,106,496 | R--- | M] (Popwire AB) -- C:\Program Files (x86)\Common Files\Teleca Shared\logger.exe
PRC - [2009/04/14 12:14:26 | 000,139,264 | ---- | M] (Teleca Sweden AB) -- C:\Program Files (x86)\Common Files\Teleca Shared\CapabilityManager.exe
PRC - [2009/02/26 15:24:50 | 001,001,840 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\Office12\ONENOTE.EXE
PRC - [2008/09/19 15:44:16 | 000,459,408 | ---- | M] (N.E.W. North America, Corp.) -- C:\Program Files (x86)\PC Care Center\Bin\EndUserService.exe
PRC - [2008/07/09 08:58:42 | 000,143,360 | ---- | M] () -- C:\Windows\SysWOW64\ANIWConnService.exe
PRC - [2006/10/26 13:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe


========== Modules (SafeList) ==========

MOD - [2010/04/28 16:01:17 | 000,563,712 | ---- | M] (OldTimer Tools) -- J:\Downloads\OTL.exe
MOD - [2010/02/06 15:03:48 | 000,057,728 | ---- | M] () -- C:\Program Files (x86)\AyRecovery\idle.dll
MOD - [2009/07/13 18:15:07 | 000,486,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
MOD - [2009/07/13 18:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll
MOD - [2007/03/26 11:03:20 | 000,057,344 | ---- | M] (BillP Studios) -- C:\Program Files (x86)\BillP Studios\WinPatrol\patrolpro.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/04/14 09:47:05 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV:64bit: - [2010/04/14 09:47:05 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV:64bit: - [2010/04/14 09:47:05 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010/02/23 17:20:23 | 001,255,736 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV:64bit: - [2010/02/10 17:24:54 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 18:41:59 | 000,229,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wwansvc.dll -- (WwanSvc)
SRV:64bit: - [2009/07/13 18:41:56 | 000,202,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\wbiosrvc.dll -- (WbioSrvc)
SRV:64bit: - [2009/07/13 18:41:56 | 000,195,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2009/07/13 18:41:56 | 000,163,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpo.dll -- (Power)
SRV:64bit: - [2009/07/13 18:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2009/07/13 18:41:54 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sppuinotify.dll -- (sppuinotify)
SRV:64bit: - [2009/07/13 18:41:54 | 000,029,184 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\sensrsvc.dll -- (SensrSvc)
SRV:64bit: - [2009/07/13 18:41:53 | 001,361,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc)
SRV:64bit: - [2009/07/13 18:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\pnrpsvc.dll -- (PNRPsvc)
SRV:64bit: - [2009/07/13 18:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\pnrpsvc.dll -- (p2pimsvc)
SRV:64bit: - [2009/07/13 18:41:53 | 000,187,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\provsvc.dll -- (HomeGroupProvider)
SRV:64bit: - [2009/07/13 18:41:53 | 000,067,072 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\SysNative\RpcEpMap.dll -- (RpcEptMapper)
SRV:64bit: - [2009/07/13 18:41:53 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpauto.dll -- (PNRPAutoReg)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 18:41:18 | 000,231,936 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ListSvc.dll -- (HomeGroupListener)
SRV:64bit: - [2009/07/13 18:41:08 | 000,451,072 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\inetsrv\iisw3adm.dll -- (WAS)
SRV:64bit: - [2009/07/13 18:41:08 | 000,451,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\inetsrv\iisw3adm.dll -- (W3SVC)
SRV:64bit: - [2009/07/13 18:40:54 | 001,127,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FntCache.dll -- (FontCache)
SRV:64bit: - [2009/07/13 18:40:28 | 000,314,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2009/07/13 18:40:28 | 000,291,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\defragsvc.dll -- (defragsvc)
SRV:64bit: - [2009/07/13 18:40:24 | 000,689,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2009/07/13 18:40:13 | 000,083,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\bthserv.dll -- (bthserv)
SRV:64bit: - [2009/07/13 18:40:10 | 000,100,864 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\bdesvc.dll -- (BDESVC)
SRV:64bit: - [2009/07/13 18:40:05 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AxInstSv.dll -- (AxInstSV)
SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/07/13 18:40:01 | 000,065,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV:64bit: - [2009/07/13 18:40:01 | 000,032,256 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appidsvc.dll -- (AppIDSvc)
SRV:64bit: - [2009/07/13 18:39:56 | 000,010,752 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\inetsrv\WMSvc.exe -- (WMSVC)
SRV:64bit: - [2009/07/13 18:39:51 | 001,503,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbengine.exe -- (wbengine)
SRV:64bit: - [2009/07/13 18:39:28 | 003,524,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\sppsvc.exe -- (sppsvc)
SRV:64bit: - [2009/07/13 18:39:13 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\inetsrv\inetinfo.exe -- (IISADMIN)
SRV:64bit: - [2009/07/13 18:39:11 | 000,689,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FXSSVC.exe -- (Fax)
SRV:64bit: - [2009/07/13 18:38:59 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\CISVC.EXE -- (CISVC)
SRV - [2010/03/08 20:58:36 | 000,031,856 | ---- | M] (Arainia Solutions) [Auto | Running] -- C:\Program Files (x86)\Gizmo\gservice.exe -- (Gizmo Central)
SRV - [2010/02/18 01:17:08 | 000,226,304 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Quick Config\QCService.exe -- (Quick Config Service)
SRV - [2010/02/06 15:03:46 | 000,049,536 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\AyRecovery\ShieldClnt.exe -- (ShieldClientService)
SRV - [2010/02/06 15:03:44 | 000,217,472 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\AyRecovery\SHDSERV.exe -- (SHDSERV)
SRV - [2009/12/03 16:52:32 | 001,980,560 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Running] -- C:\Program Files (x86)\Carbonite\Carbonite Backup\carboniteservice.exe -- (CarboniteService)
SRV - [2009/10/07 03:44:38 | 001,007,448 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.21006\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2009/10/07 03:44:38 | 000,138,560 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.21006\mscorsvw.exe -- (clr_optimization_v4.0.21006_64)
SRV - [2009/10/07 02:44:58 | 000,129,856 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.21006\mscorsvw.exe -- (clr_optimization_v4.0.21006_32)
SRV - [2009/10/01 16:03:14 | 001,858,144 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files (x86)\a-squared Free\a2service.exe -- (a2free)
SRV - [2009/09/20 11:55:20 | 001,037,824 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/07/13 20:20:14 | 000,000,000 | ---D | M] [On_Demand | Stopped] -- C:\Windows\Vss -- (VSS)
SRV - [2009/07/13 20:20:14 | 000,000,000 | ---D | M] [Unknown | Running] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2009/07/13 18:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 18:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2009/07/13 18:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2009/07/13 18:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 18:14:53 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2009/07/13 13:30:11 | 000,061,056 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2009/06/26 09:26:20 | 000,085,504 | ---- | M] (PC Pitstop LLC) [Auto | Running] -- C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe -- (PCPitstop Scheduling)
SRV - [2009/06/10 13:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2009/06/10 13:39:44 | 000,042,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_state.exe -- (aspnet_state)
SRV - [2008/10/25 11:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008/09/19 15:44:16 | 000,459,408 | ---- | M] (N.E.W. North America, Corp.) [Auto | Running] -- C:\Program Files (x86)\PC Care Center\Bin\EndUserService.exe -- (WarrantyWare)
SRV - [2008/07/09 08:58:42 | 000,143,360 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\ANIWConnService.exe -- (ANIWConnService)
SRV - [2006/10/26 13:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe -- (MDM)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/04/14 09:35:51 | 000,051,280 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2010/04/14 09:35:31 | 000,121,936 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2010/04/14 09:31:42 | 000,028,752 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2010/04/14 09:31:27 | 000,063,568 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2010/04/14 09:31:03 | 000,022,096 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2010/03/08 20:58:38 | 000,032,840 | ---- | M] (Arainia Solutions LLC) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gizmodrv.sys -- (GizmoDrv)
DRV:64bit: - [2010/02/24 07:06:20 | 000,726,816 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364)
DRV:64bit: - [2010/02/10 17:47:56 | 006,377,472 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010/02/10 17:47:56 | 006,377,472 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/02/10 16:31:26 | 000,186,880 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/01/28 17:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/01/25 20:37:02 | 000,232,992 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/11/10 04:53:32 | 000,112,144 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouKE.Sys -- (LMouKE)
DRV:64bit: - [2009/11/10 04:53:16 | 000,058,384 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009/11/10 04:53:00 | 000,056,336 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009/11/10 04:52:12 | 000,089,616 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L8042mou.Sys -- (L8042mou)
DRV:64bit: - [2009/10/26 16:54:22 | 000,032,768 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009/10/26 03:45:34 | 001,624,096 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTL8192u.sys -- (RTL8192u)
DRV:64bit: - [2009/07/13 18:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 18:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,153,152 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ksecpkg.sys -- (KSecPkg)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:48:04 | 000,014,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hwpolicy.sys -- (hwpolicy)
DRV:64bit: - [2009/07/13 18:47:49 | 000,055,376 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fsdepends.sys -- (FsDepends)
DRV:64bit: - [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 18:45:56 | 000,022,096 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wimmount.sys -- (WIMMount)
DRV:64bit: - [2009/07/13 18:45:55 | 000,217,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vhdmp.sys -- (vhdmp)
DRV:64bit: - [2009/07/13 18:45:55 | 000,036,432 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vdrvroot.sys -- (vdrvroot)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:45:46 | 000,214,096 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\rdyboost.sys -- (rdyboost)
DRV:64bit: - [2009/07/13 18:45:45 | 000,050,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pcw.sys -- (pcw)
DRV:64bit: - [2009/07/13 18:43:14 | 000,460,504 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\cng.sys -- (CNG)
DRV:64bit: - [2009/07/13 18:43:13 | 000,223,448 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fvevol.sys -- (fvevol)
DRV:64bit: - [2009/07/13 17:17:46 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rdpbus.sys -- (rdpbus)
DRV:64bit: - [2009/07/13 17:16:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV:64bit: - [2009/07/13 17:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/07/13 17:10:24 | 000,060,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV:64bit: - [2009/07/13 17:09:26 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\wfplwf.sys -- (WfpLwf)
DRV:64bit: - [2009/07/13 17:08:13 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ndiscap.sys -- (NdisCap)
DRV:64bit: - [2009/07/13 17:07:28 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vwifimp.sys -- (vwifimp)
DRV:64bit: - [2009/07/13 17:07:22 | 000,059,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vwififlt.sys -- (vwififlt)
DRV:64bit: - [2009/07/13 17:07:21 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vwifibus.sys -- (vwifibus)
DRV:64bit: - [2009/07/13 17:07:13 | 000,227,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\1394ohci.sys -- (1394ohci)
DRV:64bit: - [2009/07/13 17:07:00 | 000,350,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService)
DRV:64bit: - [2009/07/13 17:06:52 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\umpass.sys -- (UmPass)
DRV:64bit: - [2009/07/13 17:06:24 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV:64bit: - [2009/07/13 17:05:37 | 000,112,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WUDFPf.sys -- (WudfPf)
DRV:64bit: - [2009/07/13 17:02:08 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MTConfig.sys -- (MTConfig)
DRV:64bit: - [2009/07/13 17:00:34 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CompositeBus.sys -- (CompositeBus)
DRV:64bit: - [2009/07/13 17:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\beep.sys -- (Beep)
DRV:64bit: - [2009/07/13 16:52:39 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\appid.sys -- (AppID)
DRV:64bit: - [2009/07/13 16:50:17 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\SysNative\drivers\scfilter.sys -- (scfilter)
DRV:64bit: - [2009/07/13 16:37:18 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\discache.sys -- (discache)
DRV:64bit: - [2009/07/13 16:31:06 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidbatt.sys -- (HidBatt)
DRV:64bit: - [2009/07/13 16:31:03 | 000,017,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CmBatt.sys -- (CmBatt)
DRV:64bit: - [2009/07/13 16:27:17 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipmi.sys -- (AcpiPmi)
DRV:64bit: - [2009/07/13 16:24:27 | 000,514,048 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)
DRV:64bit: - [2009/07/13 16:19:25 | 000,060,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdppm.sys -- (AmdPPM)
DRV:64bit: - [2009/06/30 09:37:16 | 000,033,800 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\pavboot64.sys -- (pavboot)
DRV:64bit: - [2009/06/17 05:19:14 | 000,015,208 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI)
DRV:64bit: - [2009/06/10 13:35:36 | 000,867,328 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2009/06/10 13:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/30 03:53:56 | 000,311,656 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\RsFx0103.sys -- (RsFx0103)
DRV:64bit: - [2009/01/09 15:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2008/07/28 19:47:00 | 001,075,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrxusb.sys -- (athrusb)
DRV:64bit: - [2008/05/20 19:33:36 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2008/05/06 10:27:06 | 000,015,872 | ---- | M] (Alpha Networks Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\anodlwfx.sys -- (anodlwf)
DRV:64bit: - [2005/05/06 10:12:40 | 000,037,376 | ---- | M] (AMD, Inc.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\AmdTools64.sys -- (AmdTools)
DRV - [2010/04/03 22:48:16 | 000,021,712 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\DrvAgent64.SYS -- (DrvAgent64)
DRV - [2010/03/11 00:32:17 | 000,028,656 | ---- | M] (Systems Internals) [Kernel | On_Demand | Stopped] -- C:\Windows\SysInternals\PORTMSYS.SYS -- (PORTMON)
DRV - [2010/02/17 10:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/17 10:15:58 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 10:15:58 | 000,012,872 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/02/06 15:03:40 | 000,098,688 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\DRIVERS\Shield.sys -- (Shield)
DRV - [2010/02/06 15:03:40 | 000,032,128 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\SysWOW64\DRIVERS\Shieldf.sys -- (Shieldf)
DRV - [2010/02/06 15:03:40 | 000,018,304 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\DRIVERS\Shieldm.sys -- (Shieldm)
DRV - [2010/02/06 15:03:38 | 000,012,672 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\DRIVERS\Shdbus.sys -- (Shdbus)
DRV - [2010/01/28 12:18:13 | 000,000,000 | ---D | M] [Kernel | System | Running] -- C:\Windows\CSC -- (CSC)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/13 18:16:02 | 000,014,336 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\netbios.dll -- (NetBIOS)
DRV - [2009/06/10 14:28:14 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)
DRV - [2009/06/10 14:15:18 | 000,003,066 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)
DRV - [2007/09/04 19:26:38 | 000,039,968 | ---- | M] (NVidia Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\nvoclk64.sys -- (NVR0Dev)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=A...05v105r48l1s215
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com/rdr.aspx?b=A...05v105r48l1s215


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1372860862-3026946464-2822180479-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=A...05v105r48l1s215
IE - HKU\S-1-5-21-1372860862-3026946464-2822180479-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1372860862-3026946464-2822180479-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.igoogle.com
IE - HKU\S-1-5-21-1372860862-3026946464-2822180479-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-1372860862-3026946464-2822180479-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1372860862-3026946464-2822180479-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5B C6 39 B5 83 82 CA 01 [binary data]
IE - HKU\S-1-5-21-1372860862-3026946464-2822180479-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AddThis"
FF - prefs.js..browser.search.defaultthis.engineName: "Free TV Bar Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2319576&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "chrome://speeddial/content/speeddial.xul"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {3e0e7d2a-070f-4a47-b019-91fe5385ba79}:3.0.1
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.4
FF - prefs.js..extensions.enabledItems: bizdom@wizbites.com:1.1.5
FF - prefs.js..extensions.enabledItems: {F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}:9.4.0.1
FF - prefs.js..extensions.enabledItems: {F8A55C97-3DB6-4961-A81D-0DE0080E53CB}:0.9.2
FF - prefs.js..extensions.enabledItems: fabtab@captaincaveman.nl:1.3.4.1
FF - prefs.js..extensions.enabledItems: {51ef49d2-624b-4194-8b97-1c468e9b0efe}:1.300.306
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.3
FF - prefs.js..extensions.enabledItems: {5F590AA2-1221-4113-A6F4-A4BB62414FAC}:0.45.6.20100202.1
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.64
FF - prefs.js..extensions.enabledItems: FFToolbar@bitdefender.com:2.0
FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.9.98
FF - prefs.js..extensions.enabledItems: {99658e7b-0194-41f6-b6c6-f6c97f58da89}:1.0.5
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.6.7
FF - prefs.js..extensions.enabledItems: wisestamp@wisestamp.com:1.3.6
FF - prefs.js..extensions.enabledItems: checkplaces@andyhalford.com:2.2.1
FF - prefs.js..extensions.enabledItems: openinie@wittersworld.com:1.2
FF - prefs.js..extensions.enabledItems: {a92aadf8-193f-4a62-8740-5cce81775afc}:1.0.7
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.5.7.3
FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.9.5
FF - prefs.js..extensions.enabledItems: DeviceDetection@logitech.com:1.0.176.0
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.3
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.51
FF - prefs.js..extensions.enabledItems: support@lastpass.com:1.68.0
FF - prefs.js..keyword.URL: "https://www.mypoints.com/emp/u/mysearch.vm?st=mypWeb&fctb.dns=1&q="

FF - user.js..browser.search.openintab: true

FF - HKLM\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\ [2010/04/11 15:06:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2010/01/15 17:12:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/04/10 22:54:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/04/03 23:35:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/04/06 11:23:10 | 000,000,000 | ---D | M]

[2010/01/15 20:51:02 | 000,000,000 | ---D | M] -- C:\Users\liberalgoddess\AppData\Roaming\Mozilla\Extensions
[2010/04/28 10:55:52 | 000,000,000 | ---D | M] -- C:\Users\liberalgoddess\AppData\Roaming\Mozilla\Firefox\Profiles\t9x30u9s.default\extensions
[2010/04/27 15:43:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\liberalgoddess\AppData\Roaming\Mozilla\Firefox\Profiles\t9x30u9s.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2010/03/25 18:43:15 | 000,000,000 | ---D | M] (AddThis) -- C:\Users\liberalgoddess\AppData\Roaming\Mozilla\Firefox\Profiles\t9x30u9s.default\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}
[2010/01/31 09:19:56 | 000,000,000 | ---D | M] (MyPoints Point Finder) -- C:\Users\liberalgoddess\AppData\Roaming\Mozilla\Firefox\Profiles\t9x30u9s.default\extensions\{51ef49d2-624b-4194-8b97-1c468e9b0efe}
[2010/02/02 10:41:47 | 000,000,000 | ---D | M] (SmoothWheel (mozdev.org)) -- C:\Users\liberalgoddess\AppData\Roaming\Mozilla\Firefox\Profiles\t9x30u9s.default\extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}
[2010/03/16 22:49:52 | 000,000,000 | ---D | M] (Speed Dial) -- C:\Users\liberalgoddess\AppData\Roaming\Mozilla\Firefox\Profiles\t9x30u9s.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}
[2010/03/08 22:54:49 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Users\liberalgoddess\AppData\Roaming\Mozilla\Firefox\Profiles\t9x30u9s.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2010/02/17 16:34:33 | 000,000,000 | ---D | M] (SimilarStumble) -- C:\Users\liberalgoddess\AppData\Roaming\Mozilla\Firefox\Profiles\t9x30u9s.default\extensions\{99658e7b-0194-41f6-b6c6-f6c97f58da89}
[2010/01/23 18:17:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\liberalgoddess\AppData\Roaming\Mozilla\Firefox\Profiles\t9x30u9s.default\extensions\{9fb8c270-7124-11dd-ad8b-0800200c9a66}-trash
[2010/03/06 13:03:43 | 000,000,000 | ---D | M] (Woot Watcher) -- C:\Users\liberalgoddess\AppData\Roaming\Mozilla\Firefox\Profiles\t9x30u9s.default\extensions\{a92aadf8-193f-4a62-8740-5cce81775afc}
[2010/04/16 15:31:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\liberalgoddess\AppData\Roaming\Mozilla\Firefox\Profiles\t9x30u9s.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2010/01/18 10:56:52 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\liberalgoddess\AppData\Roaming\Mozilla\Firefox\Profiles\t9x30u9s.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/03/22 16:10:20 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlusŪ)) -- C:\Users\liberalgoddess\AppData\Roaming\Mozilla\Firefox\Profiles\t9x30u9s.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/01/31 09:20:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\liberalgoddess\AppData\Roaming\Mozilla\Firefox\Profiles\t9x30u9s.default\extensions\{e36db930-f18d-4449-b45f-e286cfb9e03a}-trash
[2010/04/10 08:57:21 | 000,000,000 | ---D | M] (FoxTab) -- C:\Users\liberalgoddess\AppData\Roaming\Mozilla\Firefox\Profiles\t9x30u9s.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2010/02/22 20:00:49 | 000,000,000 | ---D | M] (Download Manager Tweak) -- C:\Users\liberalgoddess\AppData\Roaming\Mozilla\Firefox\Profiles\t9x30u9s.default\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}
[2010/02/22 20:00:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\liberalgoddess\AppData\Roaming\Mozilla\Firefox\Profiles\t9x30u9s.default\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}-trash
[2010/01/17 19:37:40 | 000,000,000 | ---D | M] -- C:\Users\liberalgoddess\AppData\Roaming\Mozilla\Firefox\Profiles\t9x30u9s.default\extensions\bizdom@wizbites.com
[2010/03/27 16:19:23 | 000,000,000 | ---D | M] -- C:\Users\liberalgoddess\AppData\Roaming\Mozilla\Firefox\Profiles\t9x30u9s.default\extensions\checkplaces@andyhalford.com
[2010/03/19 07:41:16 | 000,000,000 | ---D | M] -- C:\Users\liberalgoddess\AppData\Roaming\Mozilla\Firefox\Profiles\t9x30u9s.default\extensions\DeviceDetection@logitech.com
[2010/01/17 19:37:40 | 000,000,000 | ---D | M] -- C:\Users\liberalgoddess\AppData\Roaming\Mozilla\Firefox\Profiles\t9x30u9s.default\extensions\fabtab@captaincaveman.nl
[2010/02/26 21:21:38 | 000,000,000 | ---D | M] -- C:\Users\liberalgoddess\AppData\Roaming\Mozilla\Firefox\Profiles\t9x30u9s.default\extensions\fbdislike@doweb.fr
[2010/02/27 08:25:21 | 000,000,000 | ---D | M] -- C:\Users\liberalgoddess\AppData\Roaming\Mozilla\Firefox\Profiles\t9x30u9s.default\extensions\fbdislike@doweb.fr-trash
[2010/04/14 00:16:38 | 000,000,000 | ---D | M] -- C:\Users\liberalgoddess\AppData\Roaming\Mozilla\Firefox\Profiles\t9x30u9s.default\extensions\foxmarks@kei.com
[2010/02/27 08:25:58 | 000,000,000 | ---D | M] -- C:\Users\liberalgoddess\AppData\Roaming\Mozilla\Firefox\Profiles\t9x30u9s.default\extensions\openinie@wittersworld.com
[2010/04/14 00:16:34 | 000,000,000 | ---D | M] -- C:\Users\liberalgoddess\AppData\Roaming\Mozilla\Firefox\Profiles\t9x30u9s.default\extensions\personas@christopher.beard
[2010/04/28 10:55:43 | 000,000,000 | ---D | M] -- C:\Users\liberalgoddess\AppData\Roaming\Mozilla\Firefox\Profiles\t9x30u9s.default\extensions\support@lastpass.com
[2010/04/10 08:55:12 | 000,000,000 | ---D | M] -- C:\Users\liberalgoddess\AppData\Roaming\Mozilla\Firefox\Profiles\t9x30u9s.default\extensions\wisestamp@wisestamp.com
[2010/02/19 17:03:22 | 000,000,925 | ---- | M] () -- C:\Users\liberalgoddess\AppData\Roaming\Mozilla\Firefox\Profiles\t9x30u9s.default\searchplugins\conduit.xml
[2009/12/30 21:14:53 | 000,004,779 | ---- | M] () -- C:\Users\liberalgoddess\AppData\Roaming\Mozilla\Firefox\Profiles\t9x30u9s.default\searchplugins\web-search.xml
[2009/12/24 10:25:30 | 000,001,250 | ---- | M] () -- C:\Users\liberalgoddess\AppData\Roaming\Mozilla\Firefox\Profiles\t9x30u9s.default\searchplugins\winamp-search.xml
[2010/04/28 10:55:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2009/08/03 15:07:42 | 000,373,104 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npOGAPlugin.dll
[2010/03/15 12:55:26 | 000,164,120 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll

O1 HOSTS File: ([2010/03/30 01:35:08 | 000,000,738 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2:64bit: - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - No CLSID value found.
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No CLSID value found.
O2:64bit: - BHO: (DAPIELoader Class) - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files (x86)\DAP\DAPIELoader64.dll (SpeedBit Ltd.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (DAPIELoader Class) - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files (x86)\DAP\dapieloader.dll (SpeedBit Ltd.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3:64bit: - HKU\S-1-5-21-1372860862-3026946464-2822180479-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-1372860862-3026946464-2822180479-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-1372860862-3026946464-2822180479-1000\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [Mobile Connectivity Suite] C:\Program Files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe (Teleca Sweden AB)
O4 - HKLM..\Run: [shield] C:\Program Files (x86)\AyRecovery\shieldtray.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1372860862-3026946464-2822180479-1000..\Run: [DownloadAccelerator] C:\Program Files (x86)\DAP\DAP.EXE (SpeedBit Ltd.)
O4 - HKU\S-1-5-21-1372860862-3026946464-2822180479-1000..\Run: [GizmoDriveDelegate] C:\Program Files (x86)\Gizmo\gdrive.dll ()
O4 - HKU\S-1-5-21-1372860862-3026946464-2822180479-1000..\Run: [WinPatrol System Monitor] C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: UseDefaultTile = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStrCmpLogical = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Privacy present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Privacy present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Privacy present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Privacy present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-1372860862-3026946464-2822180479-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1372860862-3026946464-2822180479-1000\Software\Policies\Microsoft\Internet Explorer\Privacy present
O7 - HKU\S-1-5-21-1372860862-3026946464-2822180479-1000\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-1372860862-3026946464-2822180479-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1372860862-3026946464-2822180479-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 0
O7 - HKU\S-1-5-21-1372860862-3026946464-2822180479-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = [binary data]
O7 - HKU\S-1-5-21-1372860862-3026946464-2822180479-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoThumbnail = 1
O7 - HKU\S-1-5-21-1372860862-3026946464-2822180479-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCloseDragDropBands = 0
O7 - HKU\S-1-5-21-1372860862-3026946464-2822180479-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSearchInternetInStartMenu = 1
O7 - HKU\S-1-5-21-1372860862-3026946464-2822180479-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AlwaysShowClassicMenu = 1
O7 - HKU\S-1-5-21-1372860862-3026946464-2822180479-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionName =
O7 - HKU\S-1-5-21-1372860862-3026946464-2822180479-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionAction =
O8:64bit: - Extra context menu item: &Clean Traces - C:\Program Files (x86)\DAP\Privacy Package\dapcleanerie.htm ()
O8:64bit: - Extra context menu item: &Download with &DAP - C:\Program Files (x86)\DAP\dapextie.htm ()
O8:64bit: - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8:64bit: - Extra context menu item: Download &all with DAP - C:\Program Files (x86)\DAP\dapextie2.htm ()
O8:64bit: - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8:64bit: - Extra context menu item: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8:64bit: - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: &Clean Traces - C:\Program Files (x86)\DAP\Privacy Package\dapcleanerie.htm ()
O8 - Extra context menu item: &Download with &DAP - C:\Program Files (x86)\DAP\dapextie.htm ()
O8 - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Download &all with DAP - C:\Program Files (x86)\DAP\dapextie2.htm ()
O8 - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15:64bit: - ..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKLM\..Trusted Domains: localhost ([]http in Local intranet)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/C/B.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://support.gateway.com/support/profiler/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab (PCMaticVer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E6BB2089-163F-466B-812A-748096614DFD} http://cainternetsecurity.net/scanner/cascanner.cab (CAScanner Control)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/da2/PCPitStop2.cab (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O22:64bit: - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll (Stardock)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/10/12 23:17:24 | 000,000,000 | -H-D | M] - C:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/10/12 23:17:25 | 000,000,000 | -H-D | M] - J:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2008/05/06 05:26:23 | 000,000,309 | R--- | M] () - N:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2010/04/26 12:13:42 | 000,000,090 | ---- | M] () - O:\AUTORUN.INF -- [ FAT ]
O33 - MountPoints2\{e0437145-01ef-11df-9b64-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{e0437145-01ef-11df-9b64-806e6f6e6963}\Shell\AutoRun\command - "" = N:\LaunchU3.exe -- [2007/10/23 00:45:39 | 001,336,632 | R--- | M] ()
O33 - MountPoints2\N\Shell - "" = AutoRun
O33 - MountPoints2\N\Shell\AutoRun\command - "" = N:\LaunchU3.exe -- [2007/10/23 00:45:39 | 001,336,632 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk /r \??\C:) - File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: Ias - C:\Windows\SysNative\ias [2009/07/13 20:20:14 | 000,000,000 | ---D | M]
NetSvcs:64bit: Irmon - C:\Windows\SysNative\irmon.dll (Microsoft Corporation)
NetSvcs:64bit: Wmi - C:\Windows\SysNative\wmi.dll (Microsoft Corporation)
NetSvcs:64bit: Themes - C:\Windows\SysNative\themeservice.dll (Microsoft Corporation)
NetSvcs:64bit: BDESVC - C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation)
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
NetSvcs: Ias - C:\Windows\SysWOW64\ias.dll (Microsoft Corporation)
NetSvcs: Wmi - C:\Windows\SysWOW64\wmi.dll (Microsoft Corporation)

MsConfig:64bit - StartUpFolder: C:^Users^liberalgoddess^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Desktop Manager.lnk - C:\Program Files (x86)\Research In Motion\BlackBerry\DesktopMgr.exe - (Research In Motion Limited)
MsConfig:64bit - StartUpReg: BitDefender Antiphishing Helper - hkey= - key= - Reg Error: Value error. File not found
MsConfig:64bit - StartUpReg: DriverMax - hkey= - key= - C:\Program Files (x86)\Innovative Solutions\DriverMax\devices.exe (Innovative Solutions)
MsConfig:64bit - StartUpReg: DriverMax_RESTART - hkey= - key= - C:\Program Files (x86)\Innovative Solutions\DriverMax\devices.exe (Innovative Solutions)
MsConfig:64bit - StartUpReg: EvtMgr6 - hkey= - key= - Reg Error: Value error. File not found
MsConfig:64bit - StartUpReg: Google Update - hkey= - key= - Reg Error: Value error. File not found
MsConfig:64bit - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: swg - hkey= - key= - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig:64bit - State: "bootini" - Reg Error: Key error.
MsConfig:64bit - State: "startup" - Reg Error: Key error.

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E856E900-52DE-3F06-B493-B39442A717F6} - .NET Framework
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E856E900-52DE-3F06-B493-B39442A717F6} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: aux - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: aux1 - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi1 - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midimapper - C:\Windows\SysNative\midimap.dll (Microsoft Corporation)
Drivers32:64bit: mixer - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer1 - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: msacm.imaadpcm - C:\Windows\SysNative\imaadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.l3acm - C:\Windows\SysNative\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: msacm.msadpcm - C:\Windows\SysNative\msadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msg711 - C:\Windows\SysNative\msg711.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msgsm610 - C:\Windows\SysNative\msgsm32.acm (Microsoft Corporation)
Drivers32:64bit: vidc.i420 - C:\Windows\SysNative\iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.iyuv - C:\Windows\SysNative\iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.mrle - C:\Windows\SysNative\msrle32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.msvc - C:\Windows\SysNative\msvidc32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.uyvy - C:\Windows\SysNative\msyuv.dll (Microsoft Corporation)
Drivers32:64bit: vidc.yuy2 - C:\Windows\SysNative\msyuv.dll (Microsoft Corporation)
Drivers32:64bit: vidc.yvu9 - C:\Windows\SysNative\tsbyuv.dll (Microsoft Corporation)
Drivers32:64bit: vidc.yvyu - C:\Windows\SysNative\msyuv.dll (Microsoft Corporation)
Drivers32:64bit: wave - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave1 - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wavemapper - C:\Windows\SysNative\msacm32.drv (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\Windows\SysWow64\sirenacm.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.MP42 - C:\Windows\SysWow64\mpg4c32.dll (Microsoft Corporation)
Drivers32: VIDC.MPG4 - C:\Windows\SysWow64\mpg4c32.dll (Microsoft Corporation)
OTL cannot create restorepoints on Vista OSs!

========== Files/Folders - Created Within 90 Days ==========

[2289/08/02 23:35:47 | 000,000,000 | R--D | C] -- C:\Videos
[2010/04/17 20:28:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\configfix
[2010/04/17 20:28:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AyRecovery
[2010/04/16 15:09:46 | 000,000,000 | ---D | C] -- C:\Users\liberalgoddess\AppData\Roaming\ComodoGroup
[2010/04/14 11:24:37 | 000,000,000 | ---D | C] -- C:\Users\liberalgoddess\AppData\Local\HTC
[2010/04/14 11:24:18 | 000,000,000 | ---D | C] -- C:\ProgramData\HTC
[2010/04/14 11:24:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Teleca Shared
[2010/04/14 11:24:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Teleca
[2010/04/14 11:23:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spirent Communications
[2010/04/14 11:23:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HTC
[2010/04/13 23:07:30 | 000,000,000 | ---D | C] -- C:\Users\liberalgoddess\AppData\Roaming\Teleca
[2010/04/13 23:04:53 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2010/04/12 20:33:20 | 000,000,000 | ---D | C] -- C:\Users\liberalgoddess\AppData\Local\HP
[2010/04/12 07:49:57 | 000,000,000 | ---D | C] -- C:\Program Files\Yamicsoft
[2010/04/12 03:30:24 | 000,022,096 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2010/04/12 03:30:21 | 000,121,936 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2010/04/12 03:30:20 | 000,028,752 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2010/04/12 03:30:16 | 000,051,280 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2010/04/12 03:30:09 | 000,063,568 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2010/04/12 03:29:56 | 000,153,184 | ---- | C] (ALWIL Software) -- C:\Windows\SysWow64\aswBoot.exe
[2010/04/12 03:29:56 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\Windows\SysWow64\avastSS.scr
[2010/04/10 22:51:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Hewlett-Packard
[2010/04/10 22:50:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\HP
[2010/04/10 22:48:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2010/04/10 22:48:48 | 000,000,000 | -H-D | C] -- C:\Config.Msi
[2010/04/10 22:40:42 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2010/04/10 20:14:00 | 000,000,000 | ---D | C] -- C:\Unreal Commander
[2010/04/07 15:58:07 | 000,000,000 | ---D | C] -- C:\Users\liberalgoddess\AppData\Roaming\GetRightToGo
[2010/04/07 15:07:06 | 000,000,000 | ---D | C] -- C:\Users\liberalgoddess\Documents\AnyBizSoft PDF to Word
[2010/04/06 11:23:08 | 000,000,000 | ---D | C] -- C:\Program Files\Tracker Software
[2010/04/06 10:16:36 | 000,000,000 | ---D | C] -- C:\Program Files\EnhanceMySe7en
[2010/04/05 17:01:59 | 000,000,000 | ---D | C] -- C:\ProgramData\PCPitstop
[2010/04/05 17:01:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PCPitstop
[2010/04/04 22:46:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010/04/04 22:46:46 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/04/04 10:35:11 | 000,033,800 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysNative\drivers\pavboot64.sys
[2010/04/04 10:34:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda Security
[2010/04/03 23:10:26 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/04/03 23:10:06 | 000,000,000 | ---D | C] -- C:\Users\liberalgoddess\AppData\Roaming\SUPERAntiSpyware.com
[2010/04/03 23:10:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SUPERAntiSpyware
[2010/04/03 23:08:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SaftBackup
[2010/04/03 22:48:16 | 000,021,712 | ---- | C] (Phoenix Technologies) -- C:\Windows\SysWow64\drivers\DrvAgent64.SYS
[2010/04/03 22:48:16 | 000,000,000 | ---D | C] -- C:\Users\liberalgoddess\AppData\Local\eSupport.com
[2010/04/03 10:03:06 | 000,000,000 | ---D | C] -- C:\Users\liberalgoddess\AppData\Roaming\TweakNow PowerPack 2010
[2010/04/03 10:03:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TweakNow PowerPack 2010
[2010/04/02 22:48:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Program Files
[2010/04/02 22:31:09 | 000,000,000 | ---D | C] -- C:\Windows\RegisteredPackages
[2010/04/02 22:21:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Media Components
[2010/04/02 22:20:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Ulead Systems
[2010/04/02 16:32:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/04/02 16:32:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/04/02 11:14:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010/04/02 11:14:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010/04/02 09:00:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RemoteCalendars
[2010/04/02 08:51:11 | 000,000,000 | ---D | C] -- C:\Users\liberalgoddess\Documents\Visual Studio 2005
[2010/04/02 00:51:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secunia
[2010/04/01 23:13:26 | 000,000,000 | ---D | C] -- C:\Users\liberalgoddess\AppData\Roaming\BitTorrent
[2010/04/01 23:13:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BitTorrent
[2010/04/01 00:02:09 | 000,000,000 | ---D | C] -- C:\Users\liberalgoddess\Documents\gegl-0.0
[2010/03/29 22:36:13 | 000,000,000 | ---D | C] -- C:\Users\liberalgoddess\AppData\Roaming\Amazon
[2010/03/28 09:40:57 | 000,000,000 | --SD | C] -- C:\Users\liberalgoddess\Documents\My Data Sources
[2010/03/24 22:44:37 | 000,116,736 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysNative\drivers\AtiHdmi.sys
[2010/03/20 09:19:06 | 000,000,000 | -H-D | C] -- C:\Sandbox
[2010/03/20 09:16:51 | 000,000,000 | ---D | C] -- C:\ProgramData\COMODO
[2010/03/19 23:47:06 | 000,000,000 | ---D | C] -- C:\Users\liberalgoddess\Documents\a-squared Free
[2010/03/19 23:47:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\a-squared Free
[2010/03/19 23:33:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo Downloader
[2010/03/19 23:30:58 | 000,000,000 | ---D | C] -- C:\Users\liberalgoddess\AppData\Roaming\Malwarebytes
[2010/03/19 23:30:53 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/03/19 23:30:51 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/03/19 23:30:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/03/19 23:30:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/03/19 11:12:24 | 000,000,000 | ---D | C] -- C:\Users\liberalgoddess\Documents\Outlook Files
[2010/03/19 08:31:14 | 000,274,432 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\Oemdspif.dll
[2010/03/19 08:31:14 | 000,055,296 | ---- | C] (AMD) -- C:\Windows\SysNative\coinst.dll
[2010/03/19 08:31:11 | 000,420,864 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysNative\atipdl64.dll
[2010/03/19 08:31:11 | 000,356,352 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\atipdlxx.dll
[2010/03/19 08:31:11 | 000,120,320 | ---- | C] (AMD) -- C:\Windows\SysNative\atitmm64.dll
[2010/03/19 08:30:56 | 000,012,288 | ---- | C] (AMD) -- C:\Windows\SysNative\atimuixx.dll
[2010/03/19 08:30:55 | 000,059,392 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysNative\atiedu64.dll
[2010/03/19 08:30:51 | 000,043,520 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\ati2edxx.dll
[2010/03/18 22:43:26 | 000,000,000 | ---D | C] -- C:\Users\liberalgoddess\Documents\Gizmo
[2010/03/18 22:43:11 | 000,000,000 | ---D | C] -- C:\Users\liberalgoddess\Documents\My Drivers
[2010/03/18 15:33:23 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/03/18 05:24:16 | 000,000,000 | ---D | C] -- C:\ProgramData\NOS
[2010/03/18 05:24:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NOS
[2010/03/18 02:15:48 | 000,000,000 | ---D | C] -- C:\Windows\BDOSCAN8
[2010/03/15 16:42:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2010/03/15 16:41:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio
[2010/03/15 13:57:42 | 000,000,000 | ---D | C] -- C:\Users\liberalgoddess\AppData\Roaming\SeriousBit
[2010/03/14 20:55:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GIMP-2.0
[2010/03/13 16:34:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2010/03/13 08:40:34 | 000,000,000 | ---D | C] -- C:\Users\liberalgoddess\AppData\Local\IsolatedStorage
[2010/03/13 08:40:26 | 000,000,000 | ---D | C] -- C:\Users\liberalgoddess\AppData\Local\ClearContext
[2010/03/13 08:16:25 | 000,000,000 | ---D | C] -- C:\Users\liberalgoddess\AppData\Roaming\Intelloware
[2010/03/13 01:11:57 | 000,000,000 | ---D | C] -- C:\c860ece835f419af16
[2010/03/13 00:20:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ClearContext
[2010/03/11 09:50:44 | 000,000,000 | ---D | C] -- C:\Users\liberalgoddess\AppData\Roaming\EurekaLog
[2010/03/11 01:21:38 | 000,000,000 | ---D | C] -- C:\ProgramData\JAM Software
[2010/03/11 01:20:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JAM Software
[2010/03/11 01:20:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\JAM Software
[2010/03/11 01:01:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Quick Config
[2010/03/11 00:48:20 | 000,000,000 | ---D | C] -- C:\Users\liberalgoddess\AppData\Roaming\aignes
[2010/03/11 00:47:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AM-DeadLink
[2010/03/11 00:41:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pothos
[2010/03/10 23:59:22 | 000,000,000 | ---D | C] -- C:\Windows\SysInternals
[2010/03/10 23:58:12 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\SysInternals
[2010/03/10 23:56:23 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\New folder
[2010/03/09 16:15:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Antimalware
[2010/03/08 20:58:40 | 000,000,000 | ---D | C] -- C:\Users\liberalgoddess\AppData\Roaming\Gizmo
[2010/03/08 20:58:38 | 000,032,840 | ---- | C] (Arainia Solutions LLC) -- C:\Windows\SysNative\drivers\gizmodrv.sys
[2010/03/08 20:58:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Gizmo
[2010/03/08 19:11:19 | 000,000,000 | --SD | C] -- C:\Windows\SysWow64\Microsoft
[2010/03/08 19:10:30 | 000,000,000 | ---D | C] -- C:\Users\liberalgoddess\Microsoft CCR and DSS Toolkit 2008 R2
[2010/03/08 19:08:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2010/03/08 16:28:06 | 000,000,000 | ---D | C] -- C:\ATI
[2010/03/07 16:22:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft VSTO Power Tools 1.0
[2010/03/07 00:43:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD
[2010/03/07 00:42:33 | 000,037,376 | ---- | C] (AMD, Inc.) -- C:\Windows\SysNative\drivers\AmdTools64.sys
[2010/03/07 00:40:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2010/03/07 00:30:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RMClock
[2010/03/06 10:50:53 | 000,000,000 | ---D | C] -- C:\Users\liberalgoddess\AppData\Local\Innovative Solutions
[2010/03/06 10:50:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Innovative Solutions
[2010/03/06 10:50:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Innovative Solutions
[2010/03/03 23:38:02 | 000,000,000 | ---D | C] -- C:\Users\liberalgoddess\AppData\Local\Logishrd
[2010/03/03 23:37:52 | 000,018,960 | ---- | C] (Logitech, Inc.) -- C:\Windows\SysNative\drivers\LNonPnP.sys
[2010/03/03 23:36:23 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\LogiShrd
[2010/03/03 23:36:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Logishrd
[2010/03/03 23:28:24 | 000,000,000 | ---D | C] -- C:\Users\liberalgoddess\AppData\Roaming\Logishrd
[2010/02/28 16:05:14 | 000,000,000 | ---D | C] -- C:\ProgramData\CA
[2010/02/26 23:45:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2010/02/26 22:34:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco
[2010/02/26 22:33:59 | 000,612,352 | ---- | C] (Realtek Semiconductor Corporation ) -- C:\Windows\SysNative\drivers\rtl819xp.sys
[2010/02/26 22:33:59 | 000,380,928 | ---- | C] (Realtek) -- C:\Windows\RtlUI2.exe
[2010/02/26 22:33:58 | 000,380,928 | ---- | C] (Realtek) -- C:\Windows\SysNative\RtlUI2.exe
[2010/02/26 22:33:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\REALTEK Wireless LAN Driver
[2010/02/26 22:07:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NirSoft
[2010/02/26 11:10:28 | 000,000,000 | ---D | C] -- C:\Users\liberalgoddess\Desktop\GodMode.{ED7BA470-8E54-465E-825C-99712043E01C}
[2010/02/26 06:34:58 | 000,692,224 | ---- | C] (Wireless Service) -- C:\Windows\SysWow64\ANIWZCS2.dll
[2010/02/26 06:34:58 | 000,204,800 | ---- | C] (Alpha Networks Inc.) -- C:\Windows\SysWow64\aIPH.dll
[2010/02/26 06:34:58 | 000,049,152 | ---- | C] (Alpha Networks Inc.) -- C:\Windows\SysWow64\AQCKGen.dll
[2010/02/26 06:34:58 | 000,045,115 | ---- | C] (Alpha Networks Inc.) -- C:\Windows\SysWow64\ANICtl.dll
[2010/02/26 06:34:57 | 000,262,144 | ---- | C] (Wireless Service) -- C:\Windows\SysWow64\wnicapi.dll
[2010/02/26 06:34:50 | 001,327,189 | ---- | C] (Funk Software, Inc.) -- C:\Windows\SysWow64\odSupp_M.dll
[2010/02/26 06:34:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ANI
[2010/02/26 06:33:20 | 000,000,000 | ---D | C] -- C:\Users\liberalgoddess\AppData\Roaming\InstallShield
[2010/02/24 07:06:20 | 000,726,816 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\SysNative\drivers\netr7364.sys
[2010/02/24 06:07:08 | 000,311,072 | ---- | C] (Ralink Technology, Inc.) -- C:\Windows\SysNative\RaCoInstx.dll
[2010/02/23 18:07:38 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2010/02/23 18:07:38 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2010/02/21 18:59:13 | 000,000,000 | ---D | C] -- C:\Users\liberalgoddess\AppData\Roaming\Uniblue
[2010/02/21 18:58:11 | 004,004,928 | ---- | C] (Uniblue Systems Ltd ) -- C:\Windows\SysWow64\registryboosterplc.exe
[2010/02/21 18:55:56 | 000,923,280 | ---- | C] (Uniblue ) -- C:\Windows\SysWow64\processscanner.exe
[2010/02/20 21:12:25 | 000,000,000 | ---D | C] -- C:\Users\liberalgoddess\AppData\Roaming\Alien Skin
[2010/02/20 20:31:36 | 001,056,768 | ---- | C] (Blue Sky Software Corporation.) -- C:\Windows\SysWow64\ROBOEX32.DLL
[2010/02/20 20:31:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ulead Systems
[2010/02/20 20:00:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Jasc Software Inc
[2010/02/20 19:37:18 | 001,077,208 | ---- | C] (Lifehacker) -- C:\Windows\SysWow64\belvedere_0.5_installer.exe
[2010/02/19 20:48:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LookInMyPC
[2010/02/16 16:45:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lame for Audacity
[2010/02/16 11:33:11 | 000,000,000 | ---D | C] -- C:\Users\liberalgoddess\AppData\Roaming\Audacity
[2010/02/16 11:32:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)
[2010/02/15 22:20:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2010/02/15 22:19:49 | 000,000,000 | ---D | C] -- C:\Users\liberalgoddess\AppData\Local\Apple
[2010/02/15 22:19:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2010/02/15 22:19:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2010/02/13 15:40:13 | 000,000,000 | ---D | C] -- C:\Users\liberalgoddess\AppData\Roaming\Chart Advisor from Office Labs
[2010/02/13 10:22:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Photosynth
[2010/02/13 10:16:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Search Commands
[2010/02/12 20:59:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OneNote Web Exporter (0.5.0)
[2010/02/11 22:38:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA nTune Performance Application
[2010/02/11 16:24:33 | 000,000,000 | ---D | C] -- C:\Users\liberalgoddess\AppData\Roaming\TweakNow PowerPack 2009
[2010/02/11 16:24:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TweakNow PowerPack 2009
[2010/02/11 16:19:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Macrium
[2010/02/11 15:30:30 | 000,000,000 | ---D | C] -- C:\Users\liberalgoddess\AppData\Roaming\Auslogics
[2010/02/11 15:30:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Auslogics
[2010/02/11 02:35:57 | 000,000,000 | ---D | C] -- C:\Users\liberalgoddess\AppData\Roaming\Tracker Software
[2010/02/10 20:15:54 | 000,000,000 | ---D | C] -- C:\ProgramData\ukl
[2010/02/10 20:15:33 | 000,000,000 | ---D | C] -- C:\ProgramData\uklpr
[2010/02/08 10:15:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Simpo PDF Merge & Split
[2010/02/06 23:07:49 | 000,000,000 | ---D | C] -- C:\Users\liberalgoddess\AppData\Local\Stardock
[2010/02/06 23:07:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Stardock
[2010/02/06 05:39:45 | 000,000,000 | ---D | C] -- C:\ProgramData\PassMark
[2010/02/05 16:24:10 | 000,000,000 | ---D | C] -- C:\Users\liberalgoddess\AppData\Local\assembly
[2010/02/05 16:24:00 | 000,000,000 | ---D | C] -- C:\Users\liberalgoddess\AppData\Local\Deployment
[2010/02/05 16:24:00 | 000,000,000 | ---D | C] -- C:\Users\liberalgoddess\AppData\Local\Apps
[2010/02/05 16:21:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office Labs
[2010/02/05 16:20:17 | 000,000,000 | ---D | C] -- C:\95b3209361e1ed1919e0d68a6d43
[2010/02/05 12:48:48 | 000,000,000 | ---D | C] -- C:\Users\liberalgoddess\AppData\Roaming\XWindows Dock
[2010/02/05 11:50:18 | 000,000,000 | ---D | C] -- C:\Users\liberalgoddess\AppData\Local\Xmarks
[2010/02/05 11:50:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xmarks
[2010/02/04 08:37:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2010/02/04 08:33:30 | 002,719,504 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
[2010/02/04 08:33:29 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2010/02/04 08:33:29 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2010/02/04 08:33:29 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2010/02/04 08:33:28 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2010/02/04 08:33:20 | 000,372,936 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2010/02/04 08:33:20 | 000,201,928 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2010/02/04 08:33:20 | 000,099,016 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2010/02/04 08:33:20 | 000,076,488 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2010/02/04 08:33:19 | 000,307,920 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2010/02/04 08:33:18 | 000,307,920 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2010/02/04 08:33:16 | 002,197,264 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll
[2010/02/04 08:33:15 | 000,325,904 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2010/02/04 08:33:13 | 000,474,896 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll
[2010/02/04 08:33:13 | 000,328,608 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2010/02/04 08:33:12 | 001,325,328 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll
[2010/02/04 08:33:12 | 001,178,384 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll
[2010/02/04 08:33:12 | 000,315,152 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll
[2010/02/04 08:33:12 | 000,268,560 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll
[2010/02/04 08:33:12 | 000,123,664 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll
[2010/02/04 08:33:11 | 001,110,800 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll
[2010/02/04 08:33:11 | 000,504,592 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll
[2010/02/04 08:33:11 | 000,265,488 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll
[2010/02/04 08:33:11 | 000,123,152 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll
[2010/02/03 22:09:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Learning Essentials
[2010/02/03 21:12:12 | 000,000,000 | ---D | C] -- C:\Users\liberalgoddess\AppData\Roaming\KeePass
[2010/02/03 21:07:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner
[2010/02/03 21:05:25 | 000,000,000 | ---D | C] -- C:\Python26
[2010/02/02 11:22:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Shiretoko
[2010/02/01 16:10:24 | 000,000,000 | ---D | C] -- C:\archive_db
[2010/02/01 13:25:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Paragon
[2010/02/01 12:57:01 | 000,000,000 | ---D | C] -- C:\Users\liberalgoddess\Tracing
[2010/02/01 11:39:50 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2010/02/01 11:38:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Paragon Software
[2010/01/31 15:54:52 | 000,000,000 | ---D | C] -- C:\Users\liberalgoddess\AppData\Roaming\OpenDNS Updater
[2010/01/31 15:19:13 | 000,000,000 | ---D | C] -- C:\Xobni
[2010/01/31 14:37:32 | 000,000,000 | ---D | C] -- C:\Users\liberalgoddess\AppData\Roaming\Download Manager
[2010/01/30 22:01:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SystemRequirementsLab
[2010/01/30 22:01:21 | 000,000,000 | ---D | C] -- C:\Users\liberalgoddess\AppData\Roaming\SystemRequirementsLab
[2010/01/30 20:28:57 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2010/01/30 20:05:05 | 000,000,000 | ---D | C] -- C:\ProgramData\rVXd7nU}u`{mS
[2010/01/30 20:05:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ma-config.com
[2010/01/30 19:19:07 | 000,000,000 | ---D | C] -- C:\Users\liberalgoddess\AppData\Local\Xobni
[2010/01/30 19:18:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xobni
[2010/01/30 11:10:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Belkin
[2010/01/30 11:09:19 | 000,000,000 | ---D | C] -- C:\Windows\{9044EB87-7F7C-4801-9A35-1481E1017EAE}
[2010/01/28 23:14:26 | 000,000,000 | ---D | C] -- C:\Users\liberalgoddess\AppData\Local\Microsoft_Corporation
[2010/01/28 22:44:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Math Add-in for Word 2007
[2010/01/28 22:41:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Corporation
[2010/01/28 22:39:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server 2005 DM Add-Ins
[2010/01/28 19:49:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\COMODO
[2010/01/28 16:25:00 | 000,038,368 | ---- | C] (Macrium Software) -- C:\Windows\SysNative\drivers\psmounter.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/04/28 16:02:24 | 007,340,032 | ---- | M] () -- C:\Users\liberalgoddess\ntuser.dat
[2010/04/28 15:06:28 | 000,000,486 | ---- | M] () -- C:\Windows\tasks\COMODO System Cleaner Update.job
[2010/04/28 09:41:39 | 000,977,272 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/04/28 09:41:39 | 000,801,070 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/04/28 09:41:39 | 000,172,162 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/04/27 19:44:10 | 000,024,432 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/04/27 19:44:10 | 000,024,432 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/04/27 09:10:10 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/04/27 09:10:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/04/27 09:09:58 | 536,354,815 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/17 20:30:41 | 002,071,145 | -H-- | M] () -- C:\Users\liberalgoddess\AppData\Local\IconCache.db
[2010/04/16 15:05:13 | 000,001,081 | ---- | M] () -- C:\Users\Public\Desktop\COMODO System - Cleaner.lnk
[2010/04/14 22:40:16 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2010/04/14 09:47:23 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\Windows\SysWow64\avastSS.scr
[2010/04/14 09:47:03 | 000,153,184 | ---- | M] (ALWIL Software) -- C:\Windows\SysWow64\aswBoot.exe
[2010/04/14 09:35:51 | 000,051,280 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2010/04/14 09:35:31 | 000,121,936 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2010/04/14 09:31:42 | 000,028,752 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2010/04/14 09:31:27 | 000,063,568 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2010/04/14 09:31:03 | 000,022,096 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2010/04/14 00:28:40 | 000,000,039 | ---- | M] () -- C:\Windows\vbaddin.ini
[2010/04/13 20:48:39 | 000,000,256 | ---- | M] () -- C:\Windows\SysWow64\pool.bin
[2010/04/13 20:30:19 | 001,718,880 | ---- | M] () -- C:\Users\liberalgoddess\Documents\LoaderBackup-(2010-04-13).ipd
[2010/04/13 20:23:27 | 000,000,587 | ---- | M] () -- C:\Windows\win.ini
[2010/04/12 13:18:14 | 000,002,016 | ---- | M] () -- C:\Users\Public\Desktop\Belarc Advisor.lnk
[2010/04/12 07:50:06 | 000,002,089 | ---- | M] () -- C:\Users\Public\Desktop\1-Click Cleaner.lnk
[2010/04/12 07:50:06 | 000,002,048 | ---- | M] () -- C:\Users\Public\Desktop\Windows 7 Manager.lnk
[2010/04/12 03:30:24 | 000,001,821 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010/04/12 00:07:22 | 000,007,049 | ---- | M] () -- C:\Users\liberalgoddess\.recently-used.xbel
[2010/04/11 21:15:49 | 000,001,048 | ---- | M] () -- C:\Users\Public\Desktop\GIMP 2.lnk
[2010/04/10 23:13:19 | 001,841,784 | ---- | M] () -- C:\Users\liberalgoddess\Documents\AutoBackup-(2010-04-10).ipd
[2010/04/10 23:11:21 | 000,003,284 | ---- | M] () -- C:\Windows\SysWow64\ANIWZCS{844747ED-09FD-490D-BC06-7A7704B005C6}
[2010/04/10 23:11:17 | 000,000,015 | ---- | M] () -- C:\Windows\SysWow64\ANIWZCSUSERNAME{844747ED-09FD-490D-BC06-7A7704B005C6}
[2010/04/10 23:06:28 | 000,221,158 | ---- | M] () -- C:\Windows\hpoins19.dat
[2010/04/10 22:55:31 | 000,002,296 | ---- | M] () -- C:\Users\Public\Desktop\Add a Device - All-In-One Series.lnk
[2010/04/10 22:53:42 | 000,002,136 | ---- | M] () -- C:\Users\Public\Desktop\HP Photosmart Essential 3.5.lnk
[2010/04/09 23:58:26 | 000,002,033 | ---- | M] () -- C:\Users\Public\Desktop\Carbonite Backup Drive.lnk
[2010/04/06 15:47:25 | 000,448,800 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/04/06 11:23:12 | 000,001,014 | ---- | M] () -- C:\Users\Public\Desktop\PDF-XChange Viewer.lnk
[2010/04/06 10:42:58 | 000,001,020 | ---- | M] () -- C:\Users\liberalgoddess\Desktop\RightMark CPU Clock Utility.lnk
[2010/04/05 15:48:11 | 003,907,460 | ---- | M] () -- C:\Users\liberalgoddess\Desktop\ComboFix.exe
[2010/04/04 23:14:46 | 000,125,816 | ---- | M] () -- C:\Users\liberalgoddess\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/04/04 10:08:00 | 001,907,299 | ---- | M] () -- C:\Users\liberalgoddess\Documents\AutoBackup-(2010-04-04).ipd
[2010/04/03 23:10:08 | 000,001,002 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/04/03 23:08:30 | 000,000,919 | ---- | M] () -- C:\Users\Public\Desktop\SaftBackup.lnk
[2010/04/03 23:00:28 | 000,001,716 | ---- | M] () -- C:\Users\Public\Desktop\Eraser.lnk
[2010/04/03 22:48:18 | 000,001,112 | ---- | M] () -- C:\Users\liberalgoddess\Desktop\BiosAgent Plus.lnk
[2010/04/03 22:48:16 | 000,021,712 | ---- | M] (Phoenix Technologies) -- C:\Windows\SysWow64\drivers\DrvAgent64.SYS
[2010/04/02 23:29:50 | 000,005,018 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2010/04/02 23:28:28 | 000,000,088 | RHS- | M] () -- C:\ProgramData\C7682E1B89.sys
[2010/04/02 16:14:52 | 000,000,052 | ---- | M] () -- C:\Windows\SysNative\ashttpstats.csv
[2010/04/02 11:17:21 | 000,001,814 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/03/30 22:20:59 | 001,474,832 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat
[2010/03/30 19:09:38 | 002,276,528 | ---- | M] () -- C:\Users\liberalgoddess\Documents\LoaderBackup-(2010-03-30).ipd
[2010/03/30 19:02:08 | 002,260,394 | ---- | M] () -- C:\Users\liberalgoddess\Documents\Backup-(2010-03-30).ipd
[2010/03/30 19:01:00 | 000,000,256 | ---- | M] () -- C:\Users\liberalgoddess\Documents\pool.bin
[2010/03/30 01:35:08 | 000,000,738 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010/03/30 00:09:37 | 000,001,018 | ---- | M] () -- C:\Users\Public\Desktop\Notepad++.lnk
[2010/03/29 23:03:32 | 000,001,976 | ---- | M] () -- C:\Users\Public\Desktop\MemoMaster 3.lnk
[2010/03/29 22:48:38 | 000,001,218 | ---- | M] () -- C:\Users\liberalgoddess\Desktop\CNET TechTracker.lnk
[2010/03/29 21:56:30 | 000,001,858 | ---- | M] () -- C:\Users\liberalgoddess\Desktop\CCleaner.lnk
[2010/03/29 15:24:58 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/03/29 15:24:46 | 000,024,664 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/03/27 19:21:56 | 000,002,115 | ---- | M] () -- C:\Users\liberalgoddess\Desktop\Desktop Manager.lnk
[2010/03/21 10:28:54 | 000,000,102 | ---- | M] () -- C:\Users\liberalgoddess\AppData\Local\fusioncache.dat
[2010/03/21 08:21:03 | 000,000,058 | ---- | M] () -- C:\Users\liberalgoddess\AppData\Roaming\ANIOIDCONFIG_{844747ED-09FD-490D-BC06-7A7704B005C6}.ini
[2010/03/21 08:11:55 | 000,524,288 | -HS- | M] () -- C:\Users\liberalgoddess\ntuser.dat{0d70c707-346b-11df-a73e-002511603739}.TMContainer00000000000000000002.regtrans-ms
[2010/03/21 08:11:55 | 000,524,288 | -HS- | M] () -- C:\Users\liberalgoddess\ntuser.dat{0d70c707-346b-11df-a73e-002511603739}.TMContainer00000000000000000001.regtrans-ms
[2010/03/21 08:11:55 | 000,065,536 | -HS- | M] () -- C:\Users\liberalgoddess\ntuser.dat{0d70c707-346b-11df-a73e-002511603739}.TM.blf
[2010/03/19 12:14:14 | 000,000,115 | ---- | M] () -- C:\Windows\SysWow64\_WKERNEL.SYL
[2010/03/19 08:18:01 | 000,018,960 | ---- | M] (Logitech, Inc.) -- C:\Windows\SysNative\drivers\LNonPnP.sys
[2010/03/16 07:00:03 | 000,001,908 | ---- | M] () -- C:\Windows\diagwrn.xml
[2010/03/16 07:00:03 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml
[2010/03/16 06:58:31 | 000,005,274 | ---- | M] () -- C:\Users\liberalgoddess\Desktop\Windows Compatibility Report.htm
[2010/03/13 21:42:13 | 000,024,146 | ---- | M] () -- C:\Windows\SysWow64\reports
[2010/03/13 17:42:07 | 000,524,288 | -HS- | M] () -- C:\Users\liberalgoddess\ntuser.dat{588196c4-2f02-11df-b8a0-0022b0e010ad}.TMContainer00000000000000000002.regtrans-ms
[2010/03/13 17:42:07 | 000,524,288 | -HS- | M] () -- C:\Users\liberalgoddess\ntuser.dat{588196c4-2f02-11df-b8a0-0022b0e010ad}.TMContainer00000000000000000001.regtrans-ms
[2010/03/13 17:42:07 | 000,065,536 | -HS- | M] () -- C:\Users\liberalgoddess\ntuser.dat{588196c4-2f02-11df-b8a0-0022b0e010ad}.TM.blf
[2010/03/11 01:19:03 | 002,174,991 | ---- | M] () -- C:\Users\liberalgoddess\Desktop\bookmarks.html
[2010/03/11 01:01:34 | 000,000,880 | ---- | M] () -- C:\Users\Public\Desktop\Quick Config.lnk
[2010/03/11 00:50:52 | 000,594,817 | ---- | M] () -- C:\Users\liberalgoddess\Desktop\bookmarks.html_bak2
[2010/03/08 20:58:38 | 000,032,840 | ---- | M] (Arainia Solutions LLC) -- C:\Windows\SysNative\drivers\gizmodrv.sys
[2010/03/08 20:58:38 | 000,001,000 | ---- | M] () -- C:\Users\Public\Desktop\Gizmo.lnk
[2010/03/07 18:55:27 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2010/03/06 10:50:52 | 000,001,087 | ---- | M] () -- C:\Users\liberalgoddess\Desktop\DriverMax.lnk
[2010/03/02 16:45:04 | 000,000,258 | ---- | M] () -- C:\Users\liberalgoddess\AppData\Roaming\ANICONFIG_{844747ED-09FD-490D-BC06-7A7704B005C6}.ini
[2010/03/02 11:58:31 | 000,003,284 | ---- | M] () -- C:\Windows\SysWow64\ANIWZCS{C1C4ADBD-E104-42F7-8404-A0A62F588F23}
[2010/03/02 11:52:17 | 000,000,436 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2010/03/02 11:36:21 | 000,000,015 | ---- | M] () -- C:\Windows\SysWow64\ANIWZCSUSERNAME{C1C4ADBD-E104-42F7-8404-A0A62F588F23}
[2010/03/02 11:34:50 | 000,000,113 | ---- | M] () -- C:\Users\liberalgoddess\AppData\Roaming\ANIOIDCONFIG_{C1C4ADBD-E104-42F7-8404-A0A62F588F23}.ini
[2010/02/28 21:26:38 | 000,002,639 | ---- | M] () -- C:\Users\Public\Desktop\Macrium Reflect.lnk
[2010/02/28 08:51:13 | 000,000,256 | ---- | M] () -- C:\pool.bin
[2010/02/26 06:34:08 | 000,001,700 | ---- | M] () -- C:\Users\Public\Desktop\Wireless Connection Manager.lnk
[2010/02/26 06:27:16 | 000,101,748 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010/02/25 10:05:44 | 000,000,053 | ---- | M] () -- C:\Users\liberalgoddess\AppData\Roaming\ANIOIDCONFIG_{776B34E2-9C97-4B11-B129-73451BDCC5E8}.ini
[2010/02/24 07:06:20 | 000,726,816 | ---- | M] (Ralink Technology, Corp.) -- C:\Windows\SysNative\drivers\netr7364.sys
[2010/02/24 06:07:08 | 000,311,072 | ---- | M] (Ralink Technology, Inc.) -- C:\Windows\SysNative\RaCoInstx.dll
[2010/02/23 19:55:39 | 000,003,284 | ---- | M] () -- C:\Windows\SysWow64\ANIWZCS{776B34E2-9C97-4B11-B129-73451BDCC5E8}
[2010/02/23 19:55:35 | 000,000,015 | ---- | M] () -- C:\Windows\SysWow64\ANIWZCSUSERNAME{776B34E2-9C97-4B11-B129-73451BDCC5E8}
[2010/02/22 20:51:13 | 000,001,053 | ---- | M] () -- C:\Users\Public\Desktop\LookInMyPC.lnk
[2010/02/21 18:58:33 | 004,004,928 | ---- | M] (Uniblue Systems Ltd ) -- C:\Windows\SysWow64\registryboosterplc.exe
[2010/02/21 18:56:27 | 000,923,280 | ---- | M] (Uniblue ) -- C:\Windows\SysWow64\processscanner.exe
[2010/02/20 19:37:26 | 001,077,208 | ---- | M] (Lifehacker) -- C:\Windows\SysWow64\belvedere_0.5_installer.exe
[2010/02/20 15:46:49 | 000,000,000 | ---- | M] () -- C:\Users\liberalgoddess\.gtk-bookmarks
[2010/02/20 14:52:26 | 000,524,288 | -HS- | M] () -- C:\Users\liberalgoddess\ntuser.dat{dbfcb7f0-1e69-11df-bee7-ebb36fe6a44b}.TMContainer00000000000000000002.regtrans-ms
[2010/02/20 14:52:26 | 000,524,288 | -HS- | M] () -- C:\Users\liberalgoddess\ntuser.dat{dbfcb7f0-1e69-11df-bee7-ebb36fe6a44b}.TMContainer00000000000000000001.regtrans-ms
[2010/02/20 14:52:26 | 000,065,536 | -HS- | M] () -- C:\Users\liberalgoddess\ntuser.dat{dbfcb7f0-1e69-11df-bee7-ebb36fe6a44b}.TM.blf
[2010/02/16 11:33:03 | 000,001,015 | ---- | M] () -- C:\Users\liberalgoddess\Desktop\Audacity 1.3 Beta (Unicode).lnk
[2010/02/15 23:14:38 | 000,711,737 | ---- | M] () -- C:\Users\liberalgoddess\.fonts.cache-1
[2010/02/14 21:41:24 | 000,001,313 | ---- | M] () -- C:\Users\liberalgoddess\Desktop\Revo Uninstaller.lnk
[2010/02/13 20:45:23 | 000,215,202 | ---- | M] () -- C:\Windows\1.rrc
[2010/02/13 16:08:24 | 000,000,162 | ---- | M] () -- C:\Windows\ODBC.INI
[2010/02/10 17:27:06 | 000,031,240 | ---- | M] () -- C:\Windows\SysNative\atiapfxx.blb
[2010/02/10 17:25:30 | 000,454,144 | ---- | M] (AMD) -- C:\Windows\SysNative\atieclxx.exe
[2010/02/10 17:24:54 | 000,202,752 | ---- | M] (AMD) -- C:\Windows\SysNative\atiesrxx.exe
[2010/02/10 17:23:34 | 000,120,320 | ---- | M] (AMD) -- C:\Windows\SysNative\atitmm64.dll
[2010/02/10 17:23:14 | 000,420,864 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\SysNative\atipdl64.dll
[2010/02/10 17:23:06 | 000,356,352 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\atipdlxx.dll
[2010/02/10 17:22:52 | 000,274,432 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\Oemdspif.dll
[2010/02/10 17:22:44 | 000,012,288 | ---- | M] (AMD) -- C:\Windows\SysNative\atimuixx.dll
[2010/02/10 17:22:40 | 000,059,392 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\SysNative\atiedu64.dll
[2010/02/10 17:22:34 | 000,043,520 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\ati2edxx.dll
[2010/02/10 16:51:56 | 000,055,296 | ---- | M] (AMD) -- C:\Windows\SysNative\coinst.dll
[2010/02/10 16:48:28 | 000,497,760 | ---- | M] () -- C:\Windows\SysNative\atiumd6a.cap
[2010/02/10 16:44:24 | 000,497,760 | ---- | M] () -- C:\Windows\SysWow64\atiumdva.cap
[2010/02/10 09:13:38 | 000,524,288 | -HS- | M] () -- C:\Users\liberalgoddess\ntuser.dat{1dffdf45-136c-11df-9441-cdc530259803}.TMContainer00000000000000000002.regtrans-ms
[2010/02/10 09:13:38 | 000,065,536 | -HS- | M] () -- C:\Users\liberalgoddess\ntuser.dat{1dffdf45-136c-11df-9441-cdc530259803}.TM.blf
[2010/02/10 09:13:37 | 000,524,288 | -HS- | M] () -- C:\Users\liberalgoddess\ntuser.dat{1dffdf45-136c-11df-9441-cdc530259803}.TMContainer00000000000000000001.regtrans-ms
[2010/02/09 06:18:38 | 000,102,720 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Windows\SysNative\drivers\bdhv.sys
[2010/02/06 23:07:29 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ObjectDock.lnk
[2010/02/06 15:03:40 | 000,098,688 | ---- | M] () -- C:\Windows\SysWow64\drivers\Shield.sys
[2010/02/06 15:03:40 | 000,032,128 | ---- | M] () -- C:\Windows\SysWow64\drivers\Shieldf.sys
[2010/02/06 15:03:40 | 000,018,304 | ---- | M] () -- C:\Windows\SysWow64\drivers\Shieldm.sys
[2010/02/06 15:03:38 | 000,012,672 | ---- | M] () -- C:\Windows\SysWow64\drivers\Shdbus.sys
[2010/02/06 15:03:28 | 000,027,392 | ---- | M] () -- C:\Windows\SysWow64\drivers\ShieldmNt.sys
[2010/02/06 13:39:03 | 000,524,288 | -HS- | M] () -- C:\Users\liberalgoddess\ntuser.dat{70d9bea9-135e-11df-a01b-002511603739}.TMContainer00000000000000000002.regtrans-ms
[2010/02/06 13:39:03 | 000,524,288 | -HS- | M] () -- C:\Users\liberalgoddess\ntuser.dat{70d9bea9-135e-11df-a01b-002511603739}.TMContainer00000000000000000001.regtrans-ms
[2010/02/06 13:39:03 | 000,065,536 | -HS- | M] () -- C:\Users\liberalgoddess\ntuser.dat{70d9bea9-135e-11df-a01b-002511603739}.TM.blf
[2010/02/04 08:27:00 | 000,524,288 | -HS- | M] () -- C:\Users\liberalgoddess\ntuser.dat{ff8e3430-119c-11df-a29a-002511603739}.TMContainer00000000000000000002.regtrans-ms
[2010/02/04 08:27:00 | 000,524,288 | -HS- | M] () -- C:\Users\liberalgoddess\ntuser.dat{ff8e3430-119c-11df-a29a-002511603739}.TMContainer00000000000000000001.regtrans-ms
[2010/02/04 08:27:00 | 000,065,536 | -HS- | M] () -- C:\Users\liberalgoddess\ntuser.dat{ff8e3430-119c-11df-a29a-002511603739}.TM.blf
[2010/02/03 21:59:35 | 000,000,600 | ---- | M] () -- C:\Users\liberalgoddess\AppData\Roaming\winscp.rnd
[2010/02/01 21:55:13 | 000,000,074 | ---- | M] () -- C:\Users\liberalgoddess\Desktop\Clear_Cache.bat
[2010/01/29 20:03:47 | 000,000,716 | ---- | M] () -- C:\Users\liberalgoddess\My Pictures.lnk
[2010/01/28 18:46:31 | 000,001,892 | ---- | M] () -- C:\bar.emf
[2010/01/28 17:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\SysNative\drivers\AtiHdmi.sys
[2010/01/28 16:25:00 | 000,038,368 | ---- | M] (Macrium Software) -- C:\Windows\SysNative\drivers\psmounter.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/17 20:29:18 | 000,098,688 | ---- | C] () -- C:\Windows\SysWow64\drivers\Shield.sys
[2010/04/17 20:29:18 | 000,032,128 | ---- | C] () -- C:\Windows\SysWow64\drivers\Shieldf.sys
[2010/04/17 20:29:18 | 000,027,392 | ---- | C] () -- C:\Windows\SysWow64\drivers\ShieldmNt.sys
[2010/04/17 20:29:18 | 000,018,304 | ---- | C] () -- C:\Windows\SysWow64\drivers\Shieldm.sys
[2010/04/17 20:29:18 | 000,012,672 | ---- | C] () -- C:\Windows\SysWow64\drivers\Shdbus.sys
[2010/04/16 15:05:17 | 000,000,486 | ---- | C] () -- C:\Windows\tasks\COMODO System Cleaner Update.job
[2010/04/16 15:05:13 | 000,001,081 | ---- | C] () -- C:\Users\Public\Desktop\COMODO System - Cleaner.lnk
[2010/04/13 20:30:19 | 001,718,880 | ---- | C] () -- C:\Users\liberalgoddess\Documents\LoaderBackup-(2010-04-13).ipd
[2010/04/12 07:50:06 | 000,002,089 | ---- | C] () -- C:\Users\Public\Desktop\1-Click Cleaner.lnk
[2010/04/12 07:50:06 | 000,002,048 | ---- | C] () -- C:\Users\Public\Desktop\Windows 7 Manager.lnk
[2010/04/12 03:30:24 | 000,001,821 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010/04/12 00:07:22 | 000,007,049 | ---- | C] () -- C:\Users\liberalgoddess\.recently-used.xbel
[2010/04/10 23:13:19 | 001,841,784 | ---- | C] () -- C:\Users\liberalgoddess\Documents\AutoBackup-(2010-04-10).ipd
[2010/04/10 22:55:31 | 000,002,296 | ---- | C] () -- C:\Users\Public\Desktop\Add a Device - All-In-One Series.lnk
[2010/04/10 22:53:42 | 000,002,136 | ---- | C] () -- C:\Users\Public\Desktop\HP Photosmart Essential 3.5.lnk
[2010/04/10 22:41:23 | 000,001,627 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010/04/10 22:41:22 | 000,221,158 | ---- | C] () -- C:\Windows\hpoins19.dat
[2010/04/10 22:41:22 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2010/04/09 23:58:26 | 000,002,033 | ---- | C] () -- C:\Users\Public\Desktop\Carbonite Backup Drive.lnk
[2010/04/06 11:23:12 | 000,001,014 | ---- | C] () -- C:\Users\Public\Desktop\PDF-XChange Viewer.lnk
[2010/04/05 15:48:15 | 003,907,460 | ---- | C] () -- C:\Users\liberalgoddess\Desktop\ComboFix.exe
[2010/04/04 22:48:27 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2010/04/04 10:08:00 | 001,907,299 | ---- | C] () -- C:\Users\liberalgoddess\Documents\AutoBackup-(2010-04-04).ipd
[2010/04/03 23:10:08 | 000,001,002 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/04/03 23:08:30 | 000,000,919 | ---- | C] () -- C:\Users\Public\Desktop\SaftBackup.lnk
[2010/04/03 23:00:28 | 000,001,716 | ---- | C] () -- C:\Users\Public\Desktop\Eraser.lnk
[2010/04/03 22:48:17 | 000,001,112 | ---- | C] () -- C:\Users\liberalgoddess\Desktop\BiosAgent Plus.lnk
[2010/04/02 22:58:42 | 000,000,088 | RHS- | C] () -- C:\ProgramData\C7682E1B89.sys
[2010/04/02 22:58:40 | 000,005,018 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010/04/02 11:17:21 | 000,001,814 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/03/30 19:09:38 | 002,276,528 | ---- | C] () -- C:\Users\liberalgoddess\Documents\LoaderBackup-(2010-03-30).ipd
[2010/03/30 19:02:08 | 002,260,394 | ---- | C] () -- C:\Users\liberalgoddess\Documents\Backup-(2010-03-30).ipd
[2010/03/30 19:01:00 | 000,000,256 | ---- | C] () -- C:\Users\liberalgoddess\Documents\pool.bin
[2010/03/30 00:09:37 | 000,001,018 | ---- | C] () -- C:\Users\Public\Desktop\Notepad++.lnk
[2010/03/29 23:03:32 | 000,001,976 | ---- | C] () -- C:\Users\Public\Desktop\MemoMaster 3.lnk
[2010/03/29 22:48:38 | 000,001,218 | ---- | C] () -- C:\Users\liberalgoddess\Desktop\CNET TechTracker.lnk
[2010/03/27 19:21:54 | 000,002,115 | ---- | C] () -- C:\Users\liberalgoddess\Desktop\Desktop Manager.lnk
[2010/03/21 10:28:54 | 000,000,102 | ---- | C] () -- C:\Users\liberalgoddess\AppData\Local\fusioncache.dat
[2010/03/20 14:54:29 | 000,524,288 | -HS- | C] () -- C:\Users\liberalgoddess\ntuser.dat{0d70c707-346b-11df-a73e-002511603739}.TMContainer00000000000000000002.regtrans-ms
[2010/03/20 14:54:29 | 000,524,288 | -HS- | C] () -- C:\Users\liberalgoddess\ntuser.dat{0d70c707-346b-11df-a73e-002511603739}.TMContainer00000000000000000001.regtrans-ms
[2010/03/20 14:54:29 | 000,065,536 | -HS- | C] () -- C:\Users\liberalgoddess\ntuser.dat{0d70c707-346b-11df-a73e-002511603739}.TM.blf
[2010/03/20 14:53:48 | 001,474,832 | ---- | C] () -- C:\Windows\SysNative\drivers\sfi.dat
[2010/03/19 08:31:13 | 000,497,760 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.cap
[2010/03/19 08:31:12 | 000,497,760 | ---- | C] () -- C:\Windows\SysNative\atiumd6a.cap
[2010/03/19 08:31:11 | 000,001,035 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/03/19 08:31:11 | 000,001,035 | ---- | C] () -- C:\Windows\SysNative\atipblag.dat
[2010/03/19 08:31:00 | 000,020,274 | ---- | C] () -- C:\Windows\atiogl.xml
[2010/03/19 08:30:56 | 000,198,341 | ---- | C] () -- C:\Windows\SysNative\atiicdxx.dat
[2010/03/19 08:30:51 | 000,031,240 | ---- | C] () -- C:\Windows\SysNative\atiapfxx.blb
[2010/03/16 06:58:31 | 000,005,274 | ---- | C] () -- C:\Users\liberalgoddess\Desktop\Windows Compatibility Report.htm
[2010/03/14 20:55:52 | 000,001,048 | ---- | C] () -- C:\Users\Public\Desktop\GIMP 2.lnk
[2010/03/13 21:42:13 | 000,024,146 | ---- | C] () -- C:\Windows\SysWow64\reports
[2010/03/13 17:42:07 | 000,524,288 | -HS- | C] () -- C:\Users\liberalgoddess\ntuser.dat{588196c4-2f02-11df-b8a0-0022b0e010ad}.TMContainer00000000000000000002.regtrans-ms
[2010/03/13 17:42:07 | 000,524,288 | -HS- | C] () -- C:\Users\liberalgoddess\ntuser.dat{588196c4-2f02-11df-b8a0-0022b0e010ad}.TMContainer00000000000000000001.regtrans-ms
[2010/03/13 17:42:07 | 000,065,536 | -HS- | C] () -- C:\Users\liberalgoddess\ntuser.dat{588196c4-2f02-11df-b8a0-0022b0e010ad}.TM.blf
[2010/03/11 01:19:02 | 000,594,817 | ---- | C] () -- C:\Users\liberalgoddess\Desktop\bookmarks.html_bak2
[2010/03/11 01:01:34 | 000,000,880 | ---- | C] () -- C:\Users\Public\Desktop\Quick Config.lnk
[2010/03/11 00:50:42 | 002,174,991 | ---- | C] () -- C:\Users\liberalgoddess\Desktop\bookmarks.html
[2010/03/08 20:58:38 | 000,001,000 | ---- | C] () -- C:\Users\Public\Desktop\Gizmo.lnk
[2010/03/07 18:55:27 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/03/07 00:30:35 | 000,001,020 | ---- | C] () -- C:\Users\liberalgoddess\Desktop\RightMark CPU Clock Utility.lnk
[2010/03/06 11:10:03 | 000,001,858 | ---- | C] () -- C:\Users\liberalgoddess\Desktop\CCleaner.lnk
[2010/03/06 10:50:52 | 000,001,087 | ---- | C] () -- C:\Users\liberalgoddess\Desktop\DriverMax.lnk
[2010/03/03 23:58:35 | 000,002,016 | ---- | C] () -- C:\Users\Public\Desktop\Belarc Advisor.lnk
[2010/03/02 16:38:04 | 000,000,258 | ---- | C] () -- C:\Users\liberalgoddess\AppData\Roaming\ANICONFIG_{844747ED-09FD-490D-BC06-7A7704B005C6}.ini
[2010/03/02 12:19:04 | 000,003,284 | ---- | C] () -- C:\Windows\SysWow64\ANIWZCS{844747ED-09FD-490D-BC06-7A7704B005C6}
[2010/03/02 12:18:52 | 000,000,058 | ---- | C] () -- C:\Users\liberalgoddess\AppData\Roaming\ANIOIDCONFIG_{844747ED-09FD-490D-BC06-7A7704B005C6}.ini
[2010/03/02 12:14:04 | 000,000,015 | ---- | C] () -- C:\Windows\SysWow64\ANIWZCSUSERNAME{844747ED-09FD-490D-BC06-7A7704B005C6}
[2010/02/28 21:26:38 | 000,002,639 | ---- | C] () -- C:\Users\Public\Desktop\Macrium Reflect.lnk
[2010/02/28 08:51:13 | 000,000,256 | ---- | C] () -- C:\pool.bin
[2010/02/26 22:33:57 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2010/02/26 06:51:27 | 000,003,284 | ---- | C] () -- C:\Windows\SysWow64\ANIWZCS{C1C4ADBD-E104-42F7-8404-A0A62F588F23}
[2010/02/26 06:51:18 | 000,000,113 | ---- | C] () -- C:\Users\liberalgoddess\AppData\Roaming\ANIOIDCONFIG_{C1C4ADBD-E104-42F7-8404-A0A62F588F23}.ini
[2010/02/26 06:51:17 | 000,000,015 | ---- | C] () -- C:\Windows\SysWow64\ANIWZCSUSERNAME{C1C4ADBD-E104-42F7-8404-A0A62F588F23}
[2010/02/26 06:35:41 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\ANIWConnService.exe
[2010/02/26 06:34:56 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\wlanapp.dll
[2010/02/26 06:34:50 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\JJAKEn.dll
[2010/02/26 06:34:18 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\ANIOWPS.dll
[2010/02/26 06:34:18 | 000,233,472 | ---- | C] () -- C:\Windows\SysWow64\ANIWPS.exe
[2010/02/26 06:34:08 | 000,001,700 | ---- | C] () -- C:\Users\Public\Desktop\Wireless Connection Manager.lnk
[2010/02/25 09:28:19 | 000,822,784 | ---- | C] () -- C:\Users\liberalgoddess\Desktop\System BIOS Update SOP.doc
[2010/02/22 20:51:13 | 000,001,053 | ---- | C] () -- C:\Users\Public\Desktop\LookInMyPC.lnk
[2010/02/20 14:52:26 | 000,524,288 | -HS- | C] () -- C:\Users\liberalgoddess\ntuser.dat{dbfcb7f0-1e69-11df-bee7-ebb36fe6a44b}.TMContainer00000000000000000002.regtrans-ms
[2010/02/20 14:52:26 | 000,524,288 | -HS- | C] () -- C:\Users\liberalgoddess\ntuser.dat{dbfcb7f0-1e69-11df-bee7-ebb36fe6a44b}.TMContainer00000000000000000001.regtrans-ms
[2010/02/20 14:52:26 | 000,065,536 | -HS- | C] () -- C:\Users\liberalgoddess\ntuser.dat{dbfcb7f0-1e69-11df-bee7-ebb36fe6a44b}.TM.blf
[2010/02/16 11:33:03 | 000,001,015 | ---- | C] () -- C:\Users\liberalgoddess\Desktop\Audacity 1.3 Beta (Unicode).lnk
[2010/02/15 23:15:35 | 000,000,000 | ---- | C] () -- C:\Users\liberalgoddess\.gtk-bookmarks
[2010/02/15 23:14:38 | 000,711,737 | ---- | C] () -- C:\Users\liberalgoddess\.fonts.cache-1
[2010/02/14 21:41:24 | 000,001,313 | ---- | C] () -- C:\Users\liberalgoddess\Desktop\Revo Uninstaller.lnk
[2010/02/13 20:43:49 | 000,215,202 | ---- | C] () -- C:\Windows\1.rrc
[2010/02/06 23:07:29 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ObjectDock.lnk
[2010/02/06 15:08:51 | 000,524,288 | -HS- | C] () -- C:\Users\liberalgoddess\ntuser.dat{1dffdf45-136c-11df-9441-cdc530259803}.TMContainer00000000000000000002.regtrans-ms
[2010/02/06 15:08:51 | 000,524,288 | -HS- | C] () -- C:\Users\liberalgoddess\ntuser.dat{1dffdf45-136c-11df-9441-cdc530259803}.TMContainer00000000000000000001.regtrans-ms
[2010/02/06 15:08:51 | 000,065,536 | -HS- | C] () -- C:\Users\liberalgoddess\ntuser.dat{1dffdf45-136c-11df-9441-cdc530259803}.TM.blf
[2010/02/06 13:39:03 | 000,524,288 | -HS- | C] () -- C:\Users\liberalgoddess\ntuser.dat{70d9bea9-135e-11df-a01b-002511603739}.TMContainer00000000000000000002.regtrans-ms
[2010/02/06 13:39:03 | 000,524,288 | -HS- | C] () -- C:\Users\liberalgoddess\ntuser.dat{70d9bea9-135e-11df-a01b-002511603739}.TMContainer00000000000000000001.regtrans-ms
[2010/02/06 13:39:02 | 000,065,536 | -HS- | C] () -- C:\Users\liberalgoddess\ntuser.dat{70d9bea9-135e-11df-a01b-002511603739}.TM.blf
[2010/02/04 08:02:15 | 000,524,288 | -HS- | C] () -- C:\Users\liberalgoddess\ntuser.dat{ff8e3430-119c-11df-a29a-002511603739}.TMContainer00000000000000000002.regtrans-ms
[2010/02/04 08:02:15 | 000,524,288 | -HS- | C] () -- C:\Users\liberalgoddess\ntuser.dat{ff8e3430-119c-11df-a29a-002511603739}.TMContainer00000000000000000001.regtrans-ms
[2010/02/04 08:02:15 | 000,065,536 | -HS- | C] () -- C:\Users\liberalgoddess\ntuser.dat{ff8e3430-119c-11df-a29a-002511603739}.TM.blf
[2010/02/03 21:08:03 | 000,000,600 | ---- | C] () -- C:\Users\liberalgoddess\AppData\Roaming\winscp.rnd
[2010/02/01 21:55:13 | 000,000,074 | ---- | C] () -- C:\Users\liberalgoddess\Desktop\Clear_Cache.bat
[2010/01/30 20:29:07 | 000,009,163 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2010/01/30 19:19:13 | 000,000,032 | ---- | C] () -- C:\Users\liberalgoddess\AppData\Local\xobni_installer_updater.log
[2010/01/29 20:02:48 | 000,000,716 | ---- | C] () -- C:\Users\liberalgoddess\My Pictures.lnk
[2010/01/29 19:52:32 | 000,000,261 | ---- | C] () -- C:\Users\liberalgoddess\AppData\Roaming\BBMS_EXCEPTION.txt
[2010/01/28 18:46:31 | 000,001,892 | ---- | C] () -- C:\bar.emf
[2010/01/28 14:20:14 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/01/27 11:33:22 | 000,000,085 | ---- | C] () -- C:\Windows\SysWow64\oeminfo.ini
[2010/01/18 21:29:50 | 000,000,121 | ---- | C] () -- C:\Windows\bdagent.INI
[2010/01/15 13:05:22 | 000,981,022 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\SysWow64\OGACheckControl.DLL
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/01/05 15:44:10 | 000,000,453 | ---- | C] () -- C:\Windows\bdoscandellang.ini
[2008/01/15 03:31:00 | 000,000,530 | ---- | C] () -- C:\Windows\SysWow64\tx14_ic.ini
[2007/03/12 12:01:30 | 000,273,408 | ---- | C] () -- C:\Windows\NVGfxOgl.dll
[1998/08/16 05:00:00 | 000,004,096 | ---- | C] () -- C:\Windows\SysWow64\sysres.dll

========== LOP Check ==========

[2010/03/11 00:48:20 | 000,000,000 | ---D | M] -- C:\Users\liberalgoddess\AppData\Roaming\aignes
[2010/02/20 21:12:25 | 000,000,000 | ---D | M] -- C:\Users\liberalgoddess\AppData\Roaming\Alien Skin
[2010/03/29 22:36:13 | 000,000,000 | ---D | M] -- C:\Users\liberalgoddess\AppData\Roaming\Amazon
[2010/03/21 00:57:00 | 000,000,000 | ---D | M] -- C:\Users\liberalgoddess\AppData\Roaming\Audacity
[2010/03/11 22:21:41 | 000,000,000 | ---D | M] -- C:\Users\liberalgoddess\AppData\Roaming\Auslogics
[2010/01/16 09:30:00 | 000,000,000 | ---D | M] -- C:\Users\liberalgoddess\AppData\Roaming\BitDefender
[2010/04/12 09:10:12 | 000,000,000 | ---D | M] -- C:\Users\liberalgoddess\AppData\Roaming\BitTorrent
[2010/01/19 19:19:17 | 000,000,000 | ---D | M] -- C:\Users\liberalgoddess\AppData\Roaming\Blackberry Desktop
[2010/01/16 20:58:17 | 000,000,000 | ---D | M] -- C:\Users\liberalgoddess\AppData\Roaming\CBS Interactive
[2010/02/13 15:40:14 | 000,000,000 | ---D | M] -- C:\Users\liberalgoddess\AppData\Roaming\Chart Advisor from Office Labs
[2010/01/21 14:17:15 | 000,000,000 | ---D | M] -- C:\Users\liberalgoddess\AppData\Roaming\Digiarty
[2010/01/23 21:02:43 | 000,000,000 | ---D | M] -- C:\Users\liberalgoddess\AppData\Roaming\DonationCoder
[2010/01/31 13:11:37 | 000,000,000 | ---D | M] -- C:\Users\liberalgoddess\AppData\Roaming\Emergency Soft
[2010/03/11 09:51:00 | 000,000,000 | ---D | M] -- C:\Users\liberalgoddess\AppData\Roaming\EurekaLog
[2010/04/07 16:13:49 | 000,000,000 | ---D | M] -- C:\Users\liberalgoddess\AppData\Roaming\GetRightToGo
[2010/03/16 07:02:52 | 000,000,000 | ---D | M] -- C:\Users\liberalgoddess\AppData\Roaming\Gizmo
[2010/04/11 23:50:47 | 000,000,000 | ---D | M] -- C:\Users\liberalgoddess\AppData\Roaming\gtk-2.0
[2010/02/03 21:12:12 | 000,000,000 | ---D | M] -- C:\Users\liberalgoddess\AppData\Roaming\KeePass
[2010/01/17 08:14:44 | 000,000,000 | ---D | M] -- C:\Users\liberalgoddess\AppData\Roaming\Leadertech
[2010/02/06 16:06:54 | 000,000,000 | ---D | M] -- C:\Users\liberalgoddess\AppData\Roaming\Notepad++
[2010/01/31 15:54:52 | 000,000,000 | ---D | M] -- C:\Users\liberalgoddess\AppData\Roaming\OpenDNS Updater
[2010/01/19 19:47:58 | 000,000,000 | ---D | M] -- C:\Users\liberalgoddess\AppData\Roaming\Research In Motion
[2010/03/15 13:57:42 | 000,000,000 | ---D | M] -- C:\Users\liberalgoddess\AppData\Roaming\SeriousBit
[2010/02/14 12:45:16 | 000,000,000 | ---D | M] -- C:\Users\liberalgoddess\AppData\Roaming\Software Informer
[2010/01/15 20:34:05 | 000,000,000 | ---D | M] -- C:\Users\liberalgoddess\AppData\Roaming\Stardock
[2010/01/30 22:01:44 | 000,000,000 | ---D | M] -- C:\Users\liberalgoddess\AppData\Roaming\SystemRequirementsLab
[2010/04/14 11:26:15 | 000,000,000 | ---D | M] -- C:\Users\liberalgoddess\AppData\Roaming\Teleca
[2010/04/17 20:00:27 | 000,000,000 | ---D | M] -- C:\Users\liberalgoddess\AppData\Roaming\TeraCopy
[2010/02/11 02:35:57 | 000,000,000 | ---D | M] -- C:\Users\liberalgoddess\AppData\Roaming\Tracker Software
[2010/02/11 16:24:33 | 000,000,000 | ---D | M] -- C:\Users\liberalgoddess\AppData\Roaming\TweakNow PowerPack 2009
[2010/04/03 10:03:06 | 000,000,000 | ---D | M] -- C:\Users\liberalgoddess\AppData\Roaming\TweakNow PowerPack 2010
[2010/02/19 22:36:55 | 000,000,000 | ---D | M] -- C:\Users\liberalgoddess\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2010/02/21 18:59:13 | 000,000,000 | ---D | M] -- C:\Users\liberalgoddess\AppData\Roaming\Uniblue
[2010/01/15 20:46:17 | 000,000,000 | ---D | M] -- C:\Users\liberalgoddess\AppData\Roaming\WinPatrol
[2010/02/06 16:06:55 | 000,000,000 | ---D | M] -- C:\Users\liberalgoddess\AppData\Roaming\XWindows Dock
[2010/03/17 11:46:04 | 000,032,638 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[2009/07/13 18:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\dxtmsft.dll
[2009/07/13 18:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\dxtrans.dll
[2009/08/17 23:33:52 | 001,193,832 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\FM20.DLL
[2009/07/13 18:16:15 | 000,496,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\taskschd.dll
[2010/03/08 14:33:56 | 000,427,520 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\vbscript.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %SYSTEMDRIVE%\*.exe >
[2008/02/19 22:51:44 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe


< MD5 for: AGP440.SYS >
[2009/07/13 18:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/13 18:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/13 18:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 18:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 18:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/13 18:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: EVENTLOG.DLL >
[2009/06/25 15:06:52 | 000,001,024 | ---- | M] () MD5=231CD46A29C26A58BDE1C7146B702399 -- C:\Program Files (x86)\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\lib\eventlog.dll

< MD5 for: IASTORV.SYS >
[2009/07/13 18:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/13 18:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/07/13 18:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009/07/13 18:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/13 18:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/13 18:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009/07/13 18:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/13 18:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/13 18:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/13 18:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/13 18:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/13 18:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:EEDA5B17
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:D74B6CF5
< End of report >


But I need to download GMER again. Original GMER most option were voided so this is all I could get:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-24 02:25:56
Windows 6.1.7600
Running: gmer.exe


---- Registry - GMER 1.0.15 ----

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{74BBB14B-624C-189B-5AF8-E7F06426279B}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{74BBB14B-624C-189B-5AF8-E7F06426279B}@gbafdgobfndiafnbnlneekeehodniddkfkneojaoanlkom 0x62 0x61 0x6B 0x6E ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{74BBB14B-624C-189B-5AF8-E7F06426279B}@ebafdgobfndiafnbnlneekeehodniddkfkneojaocc 0x61 0x65 0x63 0x63 ...

---- Files - GMER 1.0.15 ----

File C:\Users\liberalgoddess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\85A645E6\io[1].xml 49135 bytes
File C:\Users\liberalgoddess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KAILDHXL\FAQs[1].xml 8806 bytes
File C:\Users\liberalgoddess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YQYMOEQ4\updates[1].xml 0 bytes

---- EOF - GMER 1.0.15 ----

New GMER

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-28 16:42:34
Windows 6.1.7600
Running: gmer.exe


---- Registry - GMER 1.0.15 ----

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{74BBB14B-624C-189B-5AF8-E7F06426279B}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{74BBB14B-624C-189B-5AF8-E7F06426279B}@gbafdgobfndiafnbnlneekeehodniddkfkneojaoanlkom 0x62 0x61 0x6B 0x6E ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{74BBB14B-624C-189B-5AF8-E7F06426279B}@ebafdgobfndiafnbnlneekeehodniddkfkneojaocc 0x61 0x65 0x63 0x63 ...

---- Files - GMER 1.0.15 ----

File C:\Users\liberalgoddess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R0CGBSFC\rss[1].xml 80894 bytes
File C:\Users\liberalgoddess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R0CGBSFC\feed[1].xml 19533 bytes
File C:\Users\liberalgoddess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RG7UJ5H7\Default[1].htm 3197 bytes
File C:\Users\liberalgoddess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SBKOO62H\gizmoshotfinds[2].xml 11921 bytes
File C:\Users\liberalgoddess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X3X7E2QL\makeuseof[2].xml 510229 bytes

---- EOF - GMER 1.0.15 ----

Edited by liberalgoddess, 28 April 2010 - 06:45 PM.


#4 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:03 AM

Posted 29 April 2010 - 05:54 PM

Hello, .

GMER is greyed out since you have a x64 OS. Did you edit your HOSTS file to block an adobe.com site? Just wanted to make sure it wasn't malware. I'm not seeing much in your logs. What did you mean by "MSE" program?





Step 1

please backup manually using ERUNT with the following instructions:
  1. Please locate the ERUNT icon on the desktop. If it is not there, click Start and type ERUNT into the search box.
  2. Right click the ERUNT icon in the desktop or the Start menu, and select Run as Administrator
  3. Click OK at the first message box.
  4. Ensure the checkboxes for both "system registry" and "current user registry" are checked. Leave the default save location in there.
  5. Click OK.
  6. Click Yes to create the new folder.
  7. You'll get a window saying "registry backup complete" once it's done. Click OK. If you get an error message, please STOP here and let me know. Do not proceed with any additional instructions until you check back with me.



Step 2

We need run an OTL Script
  1. Please download OTL from one of the following mirrors if you do not still have it.
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Paste the following code under the Custom Scans/Fixes box at the bottom. Do not include the word "Code".
    CODE
    :OTL
    O2:64bit: - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - No CLSID value found.
    O2:64bit: - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No CLSID value found.
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
    O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
    O18:64bit: - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - Reg Error: Value error. File not found
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:EEDA5B17
    @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
    @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8
    @Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:D74B6CF5
    :files
    C:\32788R22FWJFW
    C:\c860ece835f419af16
    C:\95b3209361e1ed1919e0d68a6d43
  5. Click the Run Fix button at the top.
  6. let the program run unhindered and reboot when it is done.
  7. You will get a log when it is done, please post that in your reply.
  8. Please then create a new OTL report....
  9. Click the "Scan All Users" checkbox.
  10. Push the button.
  11. A report will open, copy and paste it in a reply here.



Step 3

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#5 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:03 AM

Posted 02 May 2010 - 05:58 AM

Hi....still with us?


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#6 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:03 AM

Posted 05 May 2010 - 05:20 PM

Due to the lack of feedback, this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users