Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Got the Google Redirect Virus


  • This topic is locked This topic is locked

#1
Sorlin

Sorlin

    New Member

  • Member
  • Pip
  • 5 posts
Hey.

I have the Google Redirect Virus. Whenever I attempt a search and click on any links, I get redirected to some sites called goingoneath.com or thewebtmes.com (although much less frequent). Your assistance to getting rid of this virus and keeping it off my system would be most helpful.

OTL logfile created on: 7/2/2011 1:58:33 AM - Run 5
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\James Boothe\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.99 Gb Total Physical Memory | 6.51 Gb Available Physical Memory | 72.41% Memory free
17.98 Gb Paging File | 14.99 Gb Available in Paging File | 83.36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 372.61 Gb Total Space | 7.75 Gb Free Space | 2.08% Space Free | Partition Type: NTFS
Drive D: | 548.90 Gb Total Space | 6.88 Gb Free Space | 1.25% Space Free | Partition Type: NTFS
Drive E: | 2.56 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: JAMESBOOTHE-PC | User Name: James Boothe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/26 01:46:17 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\James Boothe\Desktop\OTL.exe
PRC - [2011/06/24 10:51:38 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/06/24 04:02:50 | 000,126,715 | ---- | M] () -- C:\Program Files (x86)\Snowflake Pro 1.1.1\SnowflakePro1.1.1.exe
PRC - [2011/05/29 09:11:28 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/05/04 04:52:33 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\javaw.exe
PRC - [2011/03/21 14:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/02/25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/12/29 10:39:34 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010/12/10 19:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2010/12/08 17:15:44 | 000,063,360 | ---- | M] (DivX, LLC) -- C:\Program Files (x86)\DivX\DivX Plus Web Player\DDMService.exe
PRC - [2010/11/20 08:17:00 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cmd.exe
PRC - [2010/11/02 22:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
PRC - [2010/10/16 12:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/02/06 10:49:23 | 000,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\DNA\btdna.exe
PRC - [2009/12/10 11:13:56 | 004,562,944 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe
PRC - [2009/11/27 12:04:44 | 000,278,528 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe
PRC - [2009/09/03 14:41:12 | 003,678,208 | ---- | M] (Datel Design & Development) -- C:\Program Files (x86)\Datel\Action Replay DSi Code Manager\ActionReplayCodeManager.exe
PRC - [2009/08/20 00:55:40 | 000,196,608 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Windows\SysWOW64\AsHookDevice.exe
PRC - [2009/08/20 00:37:26 | 000,225,280 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe
PRC - [2009/08/19 17:18:40 | 001,170,432 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\CPU Level Up\CpuLevelUp.exe
PRC - [2009/06/26 19:08:38 | 006,036,992 | ---- | M] () -- C:\Program Files\ASUS\Six Engine\SixEngine.exe
PRC - [2009/05/18 16:29:16 | 003,866,624 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe
PRC - [2009/04/02 00:27:27 | 000,090,112 | ---- | M] () -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
PRC - [2009/03/16 21:17:04 | 002,835,816 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\NaturallySpeaking10\Program\natspeak.exe
PRC - [2008/12/09 21:54:22 | 001,212,416 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\AI Direct Link\AsShare.exe
PRC - [2008/06/17 14:09:02 | 000,376,832 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Direct Link\AsCmd.exe
PRC - [2008/06/05 18:50:58 | 000,778,240 | ---- | M] () -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
PRC - [2008/06/05 18:50:56 | 000,231,424 | ---- | M] () -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe
PRC - [2008/06/04 19:26:58 | 000,143,467 | ---- | M] () -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsMobileCS.exe


========== Modules (SafeList) ==========

MOD - [2011/06/26 01:46:17 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\James Boothe\Desktop\OTL.exe
MOD - [2010/11/20 07:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/05/05 16:36:05 | 000,022,528 | ---- | M] () [Auto | Running] -- C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe -- (DAZContentManagementService)
SRV:64bit: - [2010/11/15 12:08:10 | 005,716,848 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe -- (TabletServiceWacom)
SRV:64bit: - [2010/11/11 14:36:38 | 000,282,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2010/11/11 14:36:38 | 000,012,784 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/06/05 05:42:04 | 000,111,616 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\AEADISRV.EXE -- (AEADIFilters)
SRV - [2011/06/29 13:38:13 | 003,435,096 | ---- | M] () [Auto | Running] -- c:\Program Files (x86)\Common Files\Akamai\netsession_win_e477fed.dll -- (Akamai)
SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/04/02 12:51:33 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- c:\Program Files (x86)\Steam\steamapps\common\dragon age ultimate edition\bin_ship\DAUpdaterSvc.Service.exe -- (DAUpdaterSvc)
SRV - [2011/02/28 19:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/12/29 10:39:34 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/12/10 19:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$BWDATOOLSET) SQL Server (BWDATOOLSET)
SRV - [2010/11/02 22:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe -- (AVP)
SRV - [2010/10/16 12:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/10 15:56:59 | 000,321,320 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/01/06 12:58:00 | 003,482,384 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2009/11/27 12:04:44 | 000,278,528 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe -- (WSWNA1100)
SRV - [2009/11/05 16:10:22 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\NETGEAR\WNA1100\jswpsapi.exe -- (jswpsapi)
SRV - [2009/08/20 00:55:40 | 000,196,608 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysWOW64\AsHookDevice.exe -- (Device Handle Service)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/04/02 00:27:27 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2008/06/05 18:50:58 | 000,778,240 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe -- (BlueSoleilCS)
SRV - [2008/06/04 19:31:44 | 000,141,824 | ---- | M] () [On_Demand | Running] -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe -- (BsHelpCS)
SRV - [2008/06/04 19:26:58 | 000,143,467 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsMobileCS.exe -- (BsMobileCS)
SRV - [2005/03/09 21:50:18 | 000,018,944 | ---- | M] (http://libusb-win32.sourceforge.net) [Auto | Stopped] -- C:\Windows\SysWOW64\libusbd-nt.exe -- (libusbd)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/06/24 23:20:21 | 000,556,120 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2011/05/29 09:11:20 | 000,025,912 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/03/21 13:22:06 | 000,452,200 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/02 17:07:54 | 000,013,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV:64bit: - [2010/10/25 11:59:28 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid)
DRV:64bit: - [2010/10/24 21:25:38 | 000,072,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/06/09 16:44:00 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)
DRV:64bit: - [2010/06/09 16:43:56 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:64bit: - [2010/04/27 17:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2010/04/27 17:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2010/04/27 15:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2010/04/27 15:02:42 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)
DRV:64bit: - [2010/04/22 18:07:36 | 000,027,736 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2010/04/14 02:01:44 | 000,054,824 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2010/01/07 17:04:07 | 000,310,728 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2010/01/04 09:23:56 | 000,043,168 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2009/12/30 11:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
DRV:64bit: - [2009/11/10 03:04:00 | 001,827,328 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athurx.sys -- (athur)
DRV:64bit: - [2009/11/02 19:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009/10/22 13:54:24 | 000,040,464 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\11087122.sys -- (11087122)
DRV:64bit: - [2009/10/09 23:30:56 | 000,352,784 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\1108712.sys -- (setup_9.0.0.722_30.06.2011_07-07drv)
DRV:64bit: - [2009/09/25 17:59:46 | 000,157,712 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\11087121.sys -- (11087121)
DRV:64bit: - [2009/08/30 22:09:33 | 000,112,240 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2009/08/13 23:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/15 23:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 16:35:35 | 000,620,544 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 05:42:04 | 000,475,136 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV:64bit: - [2008/05/15 02:28:00 | 000,026,624 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\jswpslwfx.sys -- (JSWPSLWF)
DRV:64bit: - [2008/01/21 20:28:14 | 000,016,904 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btnetdrv.sys -- (BT)
DRV:64bit: - [2008/01/21 20:28:10 | 000,031,752 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IvtBtBus.sys -- (IvtBtBUs)
DRV:64bit: - [2008/01/21 20:28:06 | 000,025,480 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\BtHidBus.sys -- (BtHidBus)
DRV:64bit: - [2008/01/21 20:27:58 | 000,038,664 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VCommMgr.sys -- (VcommMgr)
DRV:64bit: - [2008/01/21 20:27:52 | 000,017,032 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VComm.sys -- (VComm)
DRV:64bit: - [2007/02/16 11:12:36 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV:64bit: - [2007/02/08 09:48:04 | 000,051,600 | ---- | M] (Thesycon GmbH, Germany) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dsiarhwprog_x64.sys -- (usbio)
DRV:64bit: - [2007/01/19 18:24:24 | 000,025,312 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SCMNdisP.sys -- (SCMNdisP)
DRV - [2010/03/27 13:51:51 | 000,004,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\nocashio.sys -- (nocashio)
DRV - [2005/03/09 21:50:16 | 000,033,792 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\libusb0.sys -- (libusb0)
DRV - [2005/01/01 23:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpr...C-1192658E30E7}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoo...earchTerms}&f=4
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL LLC.)
IE - HKLM\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\prxtbXfi2.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {c2db4fe6-8409-45ce-8010-189a7b5cce86} - C:\Program Files (x86)\NCH\prxtbNC2.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {d22f6f66-2f47-4184-8625-fbfa4cbdb7ce} - C:\Program Files (x86)\OnRPG\prxtbOnR0.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.startnow....ion=6.1-x64-SP1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://asus.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "XfireXO Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.startnow....on=6.1-x64-SP1"
FF - prefs.js..extensions.enabledItems: {d22f6f66-2f47-4184-8625-fbfa4cbdb7ce}:2.7.2.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.1.3.0244
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {c2db4fe6-8409-45ce-8010-189a7b5cce86}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {5e5ab302-7f65-44cd-8211-c1d4caaccea3}:3.2.5.2
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: [email protected]:1.2.1
FF - prefs.js..extensions.enabledItems: [email protected]:3.2.5.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.20.0.66
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {c0326c12-9f06-4344-aa25-60267226bb7d}:1.0.0.0
FF - prefs.js..keyword.URL: "http://www.sitfy.com...ls=BzTtqdo8&q="

FF - user.js..browser.search.selectedEngine: "Search"
FF - user.js..keyword.URL: "http://www.sitfy.com...ls=BzTtqdo8&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2010/12/12 12:25:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2010/12/12 12:25:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\[email protected] [2011/06/24 23:31:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\[email protected] [2011/06/24 23:31:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\[email protected] [2011/06/24 23:31:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{74c841e3-b59f-479e-8d7a-e26a942a87c8}: C:\Program Files (x86)\WinZip Courier\FFExt [2011/06/30 17:36:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/06/24 10:51:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/06/14 10:22:45 | 000,000,000 | ---D | M]

[2010/09/07 19:02:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\James Boothe\AppData\Roaming\Mozilla\Extensions
[2010/09/07 19:02:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\James Boothe\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/07/01 05:53:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\James Boothe\AppData\Roaming\Mozilla\Firefox\Profiles\bgfqex79.default\extensions
[2011/06/25 13:28:28 | 000,000,000 | ---D | M] (XfireXO Community Toolbar) -- C:\Users\James Boothe\AppData\Roaming\Mozilla\Firefox\Profiles\bgfqex79.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
[2011/04/25 23:50:29 | 000,000,000 | ---D | M] (GPotato Toolbar) -- C:\Users\James Boothe\AppData\Roaming\Mozilla\Firefox\Profiles\bgfqex79.default\extensions\{c0326c12-9f06-4344-aa25-60267226bb7d}
[2011/06/25 13:28:31 | 000,000,000 | ---D | M] (NCH Community Toolbar) -- C:\Users\James Boothe\AppData\Roaming\Mozilla\Firefox\Profiles\bgfqex79.default\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86}
[2011/06/25 13:28:34 | 000,000,000 | ---D | M] (OnRPG Community Toolbar) -- C:\Users\James Boothe\AppData\Roaming\Mozilla\Firefox\Profiles\bgfqex79.default\extensions\{d22f6f66-2f47-4184-8625-fbfa4cbdb7ce}
[2011/05/07 04:06:05 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\James Boothe\AppData\Roaming\Mozilla\Firefox\Profiles\bgfqex79.default\extensions\[email protected]
[2011/05/10 07:59:00 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Users\James Boothe\AppData\Roaming\Mozilla\Firefox\Profiles\bgfqex79.default\extensions\[email protected]
[2011/05/21 15:23:35 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\James Boothe\AppData\Roaming\Mozilla\Firefox\Profiles\bgfqex79.default\extensions\[email protected]
[2010/12/15 06:57:57 | 000,000,000 | ---D | M] (Facemoods) -- C:\Users\James Boothe\AppData\Roaming\Mozilla\Firefox\Profiles\bgfqex79.default\extensions\[email protected]
[2011/07/01 05:53:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\James Boothe\AppData\Roaming\Mozilla\Firefox\Profiles\bgfqex79.default\extensions\staged
[2010/06/12 21:29:59 | 000,002,331 | ---- | M] () -- C:\Users\James Boothe\AppData\Roaming\Mozilla\Firefox\Profiles\bgfqex79.default\searchplugins\bigseekpro.xml
[2011/04/25 23:50:32 | 000,002,269 | ---- | M] () -- C:\Users\James Boothe\AppData\Roaming\Mozilla\Firefox\Profiles\bgfqex79.default\searchplugins\bing-zugo.xml
[2010/10/20 23:35:36 | 000,000,917 | ---- | M] () -- C:\Users\James Boothe\AppData\Roaming\Mozilla\Firefox\Profiles\bgfqex79.default\searchplugins\conduit.xml
[2010/04/10 12:44:24 | 000,002,059 | ---- | M] () -- C:\Users\James Boothe\AppData\Roaming\Mozilla\Firefox\Profiles\bgfqex79.default\searchplugins\daemon-search.xml
[2011/03/04 15:00:03 | 000,002,197 | ---- | M] () -- C:\Users\James Boothe\AppData\Roaming\Mozilla\Firefox\Profiles\bgfqex79.default\searchplugins\google-search.xml
[2011/06/08 07:27:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/05/28 23:16:15 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/06/20 22:03:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/03/26 12:59:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/05/30 23:24:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2011/06/08 07:27:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
[2011/06/24 10:51:38 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/05/07 04:05:48 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml
[2010/12/13 08:36:54 | 000,002,035 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\fcmdSrchddr.xml
[2011/03/04 15:00:03 | 000,002,197 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\google-search.xml

O1 HOSTS File: ([2010/04/30 15:56:09 | 000,001,798 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 adobe.activate.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 125.252.224.90
O1 - Hosts: 127.0.0.1 125.252.224.91
O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\prxtbXfi2.dll (Conduit Ltd.)
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.3\bh\facemoods.dll (facemoods.com BHO)
O2 - BHO: (WinZip Courier BHO) - {A8FB70FA-0FDF-4601-9DC4-BFA1B357204F} - C:\Program Files (x86)\WinZip Courier\wzwmcie.dll (WinZip Computing, S.L.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL LLC.)
O2 - BHO: (GPotato Toolbar) - {c0326c12-9f06-4344-aa25-60267226bb7d} - C:\Program Files (x86)\gpotatotoolbar\vmntemplateX.dll ()
O2 - BHO: (NCH Toolbar) - {c2db4fe6-8409-45ce-8010-189a7b5cce86} - C:\Program Files (x86)\NCH\prxtbNC2.dll (Conduit Ltd.)
O2 - BHO: (OnRPG Toolbar) - {d22f6f66-2f47-4184-8625-fbfa4cbdb7ce} - C:\Program Files (x86)\OnRPG\prxtbOnR0.dll (Conduit Ltd.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\prxtbXfi2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (GPotato Toolbar) - {c0326c12-9f06-4344-aa25-60267226bb7d} - C:\Program Files (x86)\gpotatotoolbar\vmntemplateX.dll ()
O3 - HKLM\..\Toolbar: (NCH Toolbar) - {c2db4fe6-8409-45ce-8010-189a7b5cce86} - C:\Program Files (x86)\NCH\prxtbNC2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (OnRPG Toolbar) - {d22f6f66-2f47-4184-8625-fbfa4cbdb7ce} - C:\Program Files (x86)\OnRPG\prxtbOnR0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.3\facemoodsTlbr.dll (facemoods.com)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (XfireXO Toolbar) - {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - C:\Program Files (x86)\XfireXO\prxtbXfi2.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (NCH Toolbar) - {C2DB4FE6-8409-45CE-8010-189A7B5CCE86} - C:\Program Files (x86)\NCH\prxtbNC2.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (OnRPG Toolbar) - {D22F6F66-2F47-4184-8625-FBFA4CBDB7CE} - C:\Program Files (x86)\OnRPG\prxtbOnR0.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [SoundMAX] C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe (Analog Devices, Inc.)
O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [BtTray] C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe ()
O4 - HKLM..\Run: [CPU Level Up] C:\Program Files\ASUS\CPU Level Up\CpuLevelUp.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [DNS7reminder] C:\Program Files (x86)\Nuance\NaturallySpeaking10\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [facemoods] C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.3\facemoodssrv.exe (facemoods.com)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [LTCM Client] C:\Program Files (x86)\LTCM Client\ltcmClient.exe (Leader Technologies Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RunAIShell] C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Verbose] C:\Program Files (x86)\NCH Swift Sound\Verbose\verbose.exe (NCH Software)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [Aim] C:\Program Files (x86)\AIM\aim.exe (AOL Inc.)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Program Files (x86)\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [Comrade.exe] C:\Program Files (x86)\GameSpy\Comrade\Comrade.exe (IGN Entertainment Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [EPSON NX110 Series] File not found
O4 - HKCU..\Run: [Steam] c:\program files (x86)\steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\James Boothe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dragon NaturallySpeaking.lnk = C:\Program Files (x86)\Nuance\NaturallySpeaking10\Program\natspeak.exe (Nuance Communications, Inc.)
O4 - Startup: C:\Users\James Boothe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Users\James Boothe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup_9.0.0.722_30.06.2011_07-07.lnk = C:\Users\James Boothe\Desktop\Virus Removal Tool\setup_9.0.0.722_30.06.2011_07-07\startup.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm ()
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm ()
O9:64bit: - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWOW64\skype4com.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\kloehk.dll (Kaspersky Lab ZAO)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\sbhook64.dll (Kaspersky Lab ZAO)
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\sbhook.dll (Kaspersky Lab ZAO)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\klogon: DllName - Reg Error: Key error. - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/10/05 18:36:26 | 000,465,408 | R--- | M] (BioWare Corp.) - E:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2005/10/07 13:24:42 | 000,000,547 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{568b4825-44fc-11df-8603-90e6ba889ccb}\Shell - "" = AutoRun
O33 - MountPoints2\{568b4825-44fc-11df-8603-90e6ba889ccb}\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\{a945daf9-f940-11de-8002-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{a945daf9-f940-11de-8002-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe -- [2005/10/05 18:36:26 | 000,465,408 | R--- | M] (BioWare Corp.)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/01 17:52:56 | 000,000,000 | ---D | C] -- C:\Users\James Boothe\AppData\Local\{9A0F30A9-8D5E-45B6-AF20-246846E7D029}
[2011/07/01 05:51:12 | 000,000,000 | ---D | C] -- C:\Users\James Boothe\AppData\Local\{38D7AFC6-5F48-4361-A303-B1D5E9A2E24B}
[2011/07/01 05:40:04 | 000,000,000 | ---D | C] -- C:\Users\James Boothe\AppData\Local\{4AD9C8A0-9E24-4CF7-B663-1D6DC8EEAB73}
[2011/06/30 19:16:20 | 000,000,000 | ---D | C] -- C:\Users\James Boothe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/06/30 19:16:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/06/30 18:44:39 | 000,000,000 | ---D | C] -- C:\Users\James Boothe\AppData\Local\WinZip Courier
[2011/06/30 18:44:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\(Default)
[2011/06/30 17:36:04 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZipEC
[2011/06/30 17:36:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Courier
[2011/06/30 17:36:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinZip Courier
[2011/06/30 12:59:15 | 000,000,000 | ---D | C] -- C:\Users\James Boothe\AppData\Local\{A529F8DC-CCBA-43AB-9F36-5D685BFB7DF6}
[2011/06/30 01:27:51 | 000,352,784 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\1108712.sys
[2011/06/30 01:27:51 | 000,157,712 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\11087121.sys
[2011/06/30 01:27:51 | 000,040,464 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\11087122.sys
[2011/06/30 01:27:51 | 000,000,000 | ---D | C] -- C:\Users\James Boothe\Desktop\Virus Removal Tool
[2011/06/30 00:25:51 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/06/30 00:25:51 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/06/30 00:25:51 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/06/30 00:25:32 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/06/30 00:25:05 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2011/06/30 00:23:12 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/06/30 00:19:17 | 004,129,550 | R--- | C] (Swearware) -- C:\Users\James Boothe\Desktop\ComboFix.exe
[2011/06/30 00:16:11 | 001,904,128 | ---- | C] (AVAST Software) -- C:\Users\James Boothe\Desktop\aswMBR.exe
[2011/06/29 20:41:48 | 000,000,000 | ---D | C] -- C:\Users\James Boothe\AppData\Local\{5EBA118E-2C77-47B9-B035-864D6AF245E9}
[2011/06/29 18:40:48 | 000,000,000 | ---D | C] -- C:\Users\James Boothe\AppData\Roaming\Queue Manager
[2011/06/29 18:40:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Queue Manager
[2011/06/29 18:28:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAZ Productions
[2011/06/29 18:25:42 | 000,090,112 | ---- | C] (MindVision Software) -- C:\Windows\unvise32.exe
[2011/06/29 08:40:57 | 000,000,000 | ---D | C] -- C:\Users\James Boothe\AppData\Local\{6B8C8FC1-C06A-4BFB-BBF7-4A68B3ADB6DF}
[2011/06/29 01:59:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAZ
[2011/06/28 23:22:55 | 000,000,000 | ---D | C] -- C:\Users\James Boothe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DAZ 3D
[2011/06/28 23:22:48 | 000,000,000 | ---D | C] -- C:\ProgramData\DAZ 3D
[2011/06/28 23:22:47 | 000,000,000 | ---D | C] -- C:\Program Files\DAZ 3D
[2011/06/28 23:22:22 | 000,000,000 | ---D | C] -- C:\Users\James Boothe\Documents\DAZ 3D
[2011/06/28 23:21:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAZ 3D
[2011/06/28 23:20:25 | 000,000,000 | ---D | C] -- C:\Users\James Boothe\AppData\Roaming\DAZ 3D
[2011/06/28 18:50:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2011/06/28 18:50:37 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/06/28 18:45:47 | 000,000,000 | ---D | C] -- C:\Users\James Boothe\AppData\Local\{D01D0EF8-5A33-491A-B0E7-409CB679DFAA}
[2011/06/28 02:43:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAZ 3D
[2011/06/28 02:43:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DAZ
[2011/06/28 02:43:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Curious Labs
[2011/06/28 02:13:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smith Micro
[2011/06/28 02:11:50 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2011/06/28 02:11:32 | 000,000,000 | ---D | C] -- C:\Program Files\Smith Micro
[2011/06/28 02:11:32 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Poser Pro 2010 Content
[2011/06/26 17:37:25 | 000,000,000 | ---D | C] -- C:\Users\James Boothe\AppData\Local\{720A09C5-2B14-45D3-A7AF-0471BC001AAD}
[2011/06/26 15:41:19 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/26 02:43:25 | 000,000,000 | ---D | C] -- C:\Users\James Boothe\AppData\Local\dxhr
[2011/06/26 02:43:08 | 000,000,000 | ---D | C] -- C:\Users\James Boothe\AppData\Local\ALI213
[2011/06/26 02:42:37 | 000,000,000 | ---D | C] -- C:\Users\James Boothe\AppData\Local\28070
[2011/06/26 01:46:17 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Users\James Boothe\Desktop\OTL.exe
[2011/06/26 01:39:54 | 001,441,584 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\James Boothe\Desktop\TDSSKiller.exe
[2011/06/26 01:37:28 | 000,000,000 | ---D | C] -- C:\Users\James Boothe\Desktop\GooredFix Backups
[2011/06/26 01:17:15 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/06/26 01:16:46 | 000,522,752 | ---- | C] (OldTimer Tools) -- C:\Users\James Boothe\Desktop\OTM.exe
[2011/06/26 01:16:32 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/06/26 01:16:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/06/26 01:16:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2011/06/25 19:39:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Combined Community Codec Pack
[2011/06/25 19:39:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Combined Community Codec Pack
[2011/06/25 13:28:25 | 000,000,000 | ---D | C] -- C:\Users\James Boothe\AppData\Local\{8ADB5E79-F228-4384-B640-24CF90035423}
[2011/06/24 23:21:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2011
[2011/06/24 23:20:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2011/06/24 23:20:21 | 000,556,120 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2011/06/24 23:19:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2011/06/24 22:45:43 | 000,000,000 | ---D | C] -- C:\Users\James Boothe\AppData\Local\{9AFCA6C4-6623-4E0F-8ADF-D372CA308E56}
[2011/06/24 22:24:14 | 000,000,000 | ---D | C] -- C:\Users\James Boothe\AppData\Local\Scansoft
[2011/06/24 11:28:48 | 000,000,000 | ---D | C] -- C:\Users\James Boothe\AppData\Roaming\IngermansonCommunications
[2011/06/24 10:45:01 | 000,000,000 | ---D | C] -- C:\Users\James Boothe\AppData\Local\{CE89449A-B2DC-46E1-AFC8-B135DB32C5C8}
[2011/06/24 04:03:05 | 000,000,000 | ---D | C] -- C:\Users\James Boothe\Documents\Snowflake Pro User Data
[2011/06/24 04:02:51 | 000,000,000 | -H-D | C] -- C:\ProgramData\JExpress
[2011/06/24 04:02:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Snowflake Pro 1.1.1
[2011/06/24 04:02:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Snowflake Pro 1.1.1
[2011/06/24 02:20:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Liquid Story Binder XE
[2011/06/24 02:20:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Liquid Story Binder XE
[2011/06/24 02:19:45 | 000,163,840 | ---- | C] (Bmegpaqab Mfcusoydrec) -- C:\Windows\SysWow64\d3dcsx_429.dll
[2011/06/23 12:51:14 | 000,000,000 | ---D | C] -- C:\Users\James Boothe\AppData\Local\{5AD597EA-84A8-4D0F-9F33-4B0476C2D291}
[2011/06/23 12:39:27 | 000,000,000 | ---D | C] -- C:\Users\James Boothe\AppData\Local\{A52A6272-36FD-4463-970D-CD976EE9879C}
[2011/06/22 22:19:51 | 000,000,000 | ---D | C] -- C:\Users\James Boothe\AppData\Local\{6FBAA5FB-1EE4-430F-82AD-766D25610BCB}
[2011/06/22 10:19:26 | 000,000,000 | ---D | C] -- C:\Users\James Boothe\AppData\Local\{22AC1121-97CA-46A0-9C89-7E0D7C389BD8}
[2011/06/21 23:19:56 | 000,000,000 | ---D | C] -- C:\Users\James Boothe\AppData\Roaming\VBA-M
[2011/06/21 22:18:47 | 000,000,000 | ---D | C] -- C:\Users\James Boothe\AppData\Local\{1A8EC42B-2A66-4653-A40A-D000E078852B}
[2011/06/20 22:44:50 | 000,000,000 | ---D | C] -- C:\Users\James Boothe\AppData\Local\{EB52511E-3E29-4A41-82B8-B60AC0E11E76}
[2011/06/20 10:44:12 | 000,000,000 | ---D | C] -- C:\Users\James Boothe\AppData\Local\{1F1B5D0F-5F0B-4D88-B921-34793D9B32C1}
[2011/06/19 22:48:23 | 001,974,352 | ---- | C] (None) -- C:\Users\James Boothe\Desktop\VisualBoyAdvance.exe
[2011/06/19 22:44:12 | 000,000,000 | ---D | C] -- C:\Users\James Boothe\AppData\Local\{922276A7-9BA3-4491-B71E-342B9910058C}
[2011/06/19 20:11:33 | 000,000,000 | ---D | C] -- C:\Users\James Boothe\AppData\Roaming\Nuance
[2011/06/19 20:11:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dragon NaturallySpeaking 10.0
[2011/06/19 20:10:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ScanSoft Shared
[2011/06/19 20:10:42 | 000,000,000 | ---D | C] -- C:\ProgramData\ScanSoft
[2011/06/19 20:10:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nuance
[2011/06/19 20:10:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Nuance
[2011/06/19 20:10:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nuance
[2011/06/19 10:43:31 | 000,000,000 | ---D | C] -- C:\Users\James Boothe\AppData\Local\{5FA3E973-9B0C-4138-ADBA-48001173B93A}
[2011/06/18 22:43:06 | 000,000,000 | ---D | C] -- C:\Users\James Boothe\AppData\Local\{E5B6C573-AF37-44DE-83FE-2EB30706DD08}
[2011/06/18 10:42:41 | 000,000,000 | ---D | C] -- C:\Users\James Boothe\AppData\Local\{4F3986A1-FD49-4FB9-9F51-68B0CCDB7132}
[2011/06/17 22:42:17 | 000,000,000 | ---D | C] -- C:\Users\James Boothe\AppData\Local\{26805192-555F-489E-9C88-C8B1F7C0D903}
[2011/06/17 10:41:38 | 000,000,000 | ---D | C] -- C:\Users\James Boothe\AppData\Local\{3306714C-1B89-4CC7-8C28-9875F027A282}
[2011/06/16 16:43:21 | 000,000,000 | ---D | C] -- C:\Users\James Boothe\AppData\Local\{EA68AA5B-5213-49AB-BBAC-9DDE8AE67323}
[2011/06/14 20:07:33 | 000,000,000 | ---D | C] -- C:\Users\James Boothe\AppData\Local\{FAFBEA32-4A5F-4ADE-BD0F-90A8F22D1C6E}
[2011/06/14 08:06:55 | 000,000,000 | ---D | C] -- C:\Users\James Boothe\AppData\Local\{635F0C50-5F22-42CC-9454-EC26A1644F5A}
[2011/06/14 00:13:13 | 000,000,000 | ---D | C] -- C:\Users\James Boothe\Desktop\Anathema
[2011/06/14 00:13:00 | 000,000,000 | ---D | C] -- C:\Users\James Boothe\Desktop\DQIX
[2011/06/13 21:08:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SDFormatter
[2011/06/13 21:08:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SDA
[2011/06/13 20:06:30 | 000,000,000 | ---D | C] -- C:\Users\James Boothe\AppData\Local\{3B7004F6-B8EA-4B8A-8222-B4679274FA1B}
[2011/06/10 20:03:26 | 000,000,000 | ---D | C] -- C:\Users\James Boothe\AppData\Local\{4E57331D-E6E3-4405-8884-FDF18B0658BC}
[2011/06/09 19:41:32 | 000,000,000 | ---D | C] -- C:\Users\James Boothe\AppData\Local\{59C0EC91-438F-4BA4-806E-81B017850F4C}
[2011/06/08 20:09:12 | 000,000,000 | ---D | C] -- C:\Users\James Boothe\AppData\Local\{E55F90F5-677C-4D76-AA8C-DFBA301A26BB}
[2011/06/08 08:08:33 | 000,000,000 | ---D | C] -- C:\Users\James Boothe\AppData\Local\{22C7C2D7-D737-4DE1-9268-2BEA72C38704}
[2011/06/08 07:29:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/06/07 20:07:56 | 000,000,000 | ---D | C] -- C:\Users\James Boothe\AppData\Local\{93A01F0E-D0D1-4371-8E54-DA6073C0D8E2}
[2011/06/06 00:23:51 | 000,000,000 | ---D | C] -- C:\Users\James Boothe\AppData\Local\{72A41C22-D67B-4CDE-B6E5-CF68491805FB}
[2011/06/05 12:23:12 | 000,000,000 | ---D | C] -- C:\Users\James Boothe\AppData\Local\{946BED28-E929-477A-AF25-64F835844800}
[2011/06/05 08:45:14 | 000,000,000 | ---D | C] -- C:\Windows\XSxS
[2011/06/05 08:45:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xenocode
[2011/06/05 00:22:35 | 000,000,000 | ---D | C] -- C:\Users\James Boothe\AppData\Local\{6A2F19CE-D6AB-4BAA-9591-807F74312F63}
[2011/06/04 12:21:59 | 000,000,000 | ---D | C] -- C:\Users\James Boothe\AppData\Local\{0B2247A3-FB3D-43E4-8EE2-25128922105C}
[2011/06/04 00:21:23 | 000,000,000 | ---D | C] -- C:\Users\James Boothe\AppData\Local\{42C7A62F-2B5A-49DB-B401-C800DC4BF482}
[2011/06/03 12:20:46 | 000,000,000 | ---D | C] -- C:\Users\James Boothe\AppData\Local\{2E7CDF7B-AF66-4EB3-9408-C97A9E9DD29A}
[2011/06/02 12:19:45 | 000,000,000 | ---D | C] -- C:\Users\James Boothe\AppData\Local\{B28CE4B6-1F13-49C3-BBC3-494C9BFDD111}
[5 C:\Users\James Boothe\Documents\*.tmp files -> C:\Users\James Boothe\Documents\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/02 01:34:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/01 20:34:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/01 17:49:56 | 000,014,185 | ---- | M] () -- C:\Users\James Boothe\Documents\When the Wheel of Fate is in God's Hand.snowXML
[2011/07/01 09:38:15 | 000,003,531 | ---- | M] () -- C:\Users\James Boothe\Documents\Pokemon.dsf
[2011/07/01 07:43:38 | 000,002,554 | ---- | M] () -- C:\Users\James Boothe\Desktop\vba.ini
[2011/07/01 05:58:04 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/01 05:58:04 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/01 05:48:44 | 000,000,849 | ---- | M] () -- C:\Windows\SysWow64\bscs.ini
[2011/07/01 05:48:42 | 000,000,326 | -HS- | M] () -- C:\Windows\tasks\Vwmnze.job
[2011/07/01 05:48:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/07/01 05:48:27 | 2945,802,239 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/01 05:43:24 | 000,862,344 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/07/01 05:43:24 | 000,718,122 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/07/01 05:43:24 | 000,144,202 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/06/30 22:28:39 | 000,236,749 | ---- | M] () -- C:\Users\James Boothe\Documents\Reina.png
[2011/06/30 18:44:36 | 000,002,115 | ---- | M] () -- C:\Users\Public\Desktop\Poser Pro 2010 (x86).lnk
[2011/06/30 18:44:36 | 000,001,940 | ---- | M] () -- C:\Users\Public\Desktop\Queue Manager 2010.lnk
[2011/06/30 18:44:36 | 000,001,912 | ---- | M] () -- C:\Users\Public\Desktop\Poser Pro 2010.lnk
[2011/06/30 13:48:41 | 000,002,521 | ---- | M] () -- C:\Users\Public\Desktop\Update Michael 4 Base.lnk
[2011/06/30 01:28:42 | 000,002,302 | ---- | M] () -- C:\Users\James Boothe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup_9.0.0.722_30.06.2011_07-07.lnk
[2011/06/30 00:51:27 | 004,991,704 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/06/30 00:24:33 | 004,129,550 | R--- | M] (Swearware) -- C:\Users\James Boothe\Desktop\ComboFix.exe
[2011/06/30 00:19:56 | 000,000,512 | ---- | M] () -- C:\Users\James Boothe\Desktop\MBR.dat
[2011/06/30 00:16:19 | 001,904,128 | ---- | M] (AVAST Software) -- C:\Users\James Boothe\Desktop\aswMBR.exe
[2011/06/29 19:35:08 | 000,002,340 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/06/29 08:47:17 | 000,105,390 | ---- | M] () -- C:\Users\James Boothe\Documents\Nimevere.jpg
[2011/06/29 08:47:07 | 000,769,678 | ---- | M] () -- C:\Users\James Boothe\Documents\Nimevere.psd
[2011/06/29 08:42:19 | 000,177,024 | ---- | M] () -- C:\Users\James Boothe\Documents\Nimevere.png
[2011/06/29 02:34:41 | 000,002,521 | ---- | M] () -- C:\Users\Public\Desktop\Update Victoria 4.2 Base.lnk
[2011/06/28 23:45:17 | 000,002,500 | ---- | M] () -- C:\Users\Public\Desktop\Update Victoria 4 Base.lnk
[2011/06/28 23:44:29 | 000,000,718 | ---- | M] () -- C:\Users\James Boothe\Documents\James Boothe - Shortcut.lnk
[2011/06/28 23:25:41 | 001,030,399 | ---- | M] () -- C:\Users\James Boothe\Documents\Reina.psd
[2011/06/28 23:22:56 | 000,002,051 | ---- | M] () -- C:\Users\James Boothe\Desktop\DAZ Studio 4.lnk
[2011/06/28 22:51:31 | 000,262,038 | ---- | M] () -- C:\Users\James Boothe\Documents\Untitled.png
[2011/06/28 18:50:57 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/06/28 18:50:49 | 000,876,002 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/06/28 01:48:25 | 003,913,298 | ---- | M] () -- C:\Users\James Boothe\Reina2.psd
[2011/06/28 00:08:59 | 003,813,291 | ---- | M] () -- C:\Users\James Boothe\Documents\Reina2.psd
[2011/06/27 17:54:41 | 000,172,066 | ---- | M] () -- C:\Users\James Boothe\Documents\Reina.jpg
[2011/06/26 23:38:27 | 016,974,214 | ---- | M] () -- C:\Users\James Boothe\Documents\Serph.psd
[2011/06/26 21:35:29 | 006,757,992 | ---- | M] () -- C:\Users\James Boothe\Documents\Specs.nfo
[2011/06/26 17:41:51 | 000,164,067 | ---- | M] () -- C:\Users\James Boothe\Documents\Serph Morris.jpg
[2011/06/26 15:39:48 | 000,000,713 | ---- | M] () -- C:\Users\James Boothe\Desktop\Dolphin - Shortcut.lnk
[2011/06/26 02:45:56 | 000,256,000 | ---- | M] () -- C:\Windows\PEV.exe
[2011/06/26 01:46:17 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\James Boothe\Desktop\OTL.exe
[2011/06/26 01:16:46 | 000,522,752 | ---- | M] (OldTimer Tools) -- C:\Users\James Boothe\Desktop\OTM.exe
[2011/06/26 01:16:25 | 000,001,104 | ---- | M] () -- C:\Users\James Boothe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/06/26 01:16:24 | 000,000,924 | ---- | M] () -- C:\Users\James Boothe\Desktop\NTREGOPT.lnk
[2011/06/26 01:16:24 | 000,000,905 | ---- | M] () -- C:\Users\James Boothe\Desktop\ERUNT.lnk
[2011/06/26 01:13:22 | 001,273,053 | ---- | M] () -- C:\Users\James Boothe\Documents\Outfit.psd
[2011/06/25 03:13:39 | 000,001,133 | ---- | M] () -- C:\Users\James Boothe\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/06/25 03:13:39 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/24 23:31:20 | 000,152,233 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat
[2011/06/24 23:31:20 | 000,107,075 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat
[2011/06/24 23:26:56 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/06/24 23:20:21 | 000,556,120 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2011/06/24 10:51:56 | 000,002,048 | ---- | M] () -- C:\Users\James Boothe\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/06/24 04:45:41 | 000,010,884 | ---- | M] () -- C:\Users\James Boothe\Documents\Proposal.rtf
[2011/06/24 04:02:50 | 000,001,969 | ---- | M] () -- C:\Users\Public\Desktop\Snowflake Pro 1.1.1.lnk
[2011/06/24 02:20:38 | 000,001,175 | ---- | M] () -- C:\Users\Public\Desktop\Liquid Story Binder XE.lnk
[2011/06/24 02:19:45 | 000,163,840 | ---- | M] (Bmegpaqab Mfcusoydrec) -- C:\Windows\SysWow64\d3dcsx_429.dll
[2011/06/22 01:18:27 | 000,001,535 | ---- | M] () -- C:\Users\James Boothe\Desktop\VisualBoyAdvance-M - Shortcut.lnk
[2011/06/21 02:09:02 | 002,215,635 | ---- | M] () -- C:\Users\James Boothe\Documents\Serph Morris.psd
[2011/06/19 20:28:34 | 000,000,215 | ---- | M] () -- C:\Users\James Boothe\Documents\Pokemon Fire Red.cht
[2011/06/19 20:11:13 | 000,001,265 | ---- | M] () -- C:\Users\James Boothe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dragon NaturallySpeaking.lnk
[2011/06/19 20:11:01 | 000,002,799 | ---- | M] () -- C:\Users\Public\Desktop\Dragon NaturallySpeaking 10.0.lnk
[2011/06/16 15:28:52 | 001,441,584 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\James Boothe\Desktop\TDSSKiller.exe
[2011/06/15 20:43:48 | 000,000,612 | ---- | M] () -- C:\Users\James Boothe\Desktop\DeSmuME_x64 - Shortcut.lnk
[2011/06/14 10:22:46 | 000,002,018 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/06/13 21:08:47 | 000,002,090 | ---- | M] () -- C:\Users\Public\Desktop\SDFormatter.lnk
[2011/06/13 12:24:32 | 000,001,466 | ---- | M] () -- C:\Users\James Boothe\Documents\Norse.dsf
[2011/06/11 09:45:18 | 000,000,236 | ---- | M] () -- C:\Users\James Boothe\Documents\pan.pkm
[2011/06/10 23:11:37 | 000,000,236 | ---- | M] () -- C:\Users\James Boothe\Documents\Snivy.pkm
[2011/06/10 23:08:39 | 000,000,236 | ---- | M] () -- C:\Users\James Boothe\Documents\Tepig.pkm
[2011/06/09 10:50:19 | 000,008,192 | ---- | M] () -- C:\digital devil story (j) [t-eng].srm
[2011/06/09 10:48:12 | 000,000,531 | ---- | M] () -- C:\Users\James Boothe\Desktop\zsnesw - Shortcut.lnk
[2011/06/09 10:47:25 | 000,008,192 | ---- | M] () -- C:\Shin Megami Tensei.srm
[2011/06/09 10:46:55 | 000,008,192 | ---- | M] () -- C:\Shin Megami Tensei II (J) [T+Eng1.00_AGTP].srm
[2011/06/08 11:12:02 | 000,015,222 | ---- | M] () -- C:\Users\James Boothe\Documents\Succubus.dsf
[2011/06/06 16:47:02 | 003,539,936 | ---- | M] () -- C:\Users\James Boothe\Documents\Archer and Nimevere.psd
[2011/06/06 08:40:15 | 000,104,142 | ---- | M] () -- C:\Users\James Boothe\Documents\Archer and Nimevere.jpg
[2011/06/05 17:04:20 | 000,211,619 | ---- | M] () -- C:\Users\James Boothe\Documents\Archer and Nimevere.png
[2011/06/05 17:04:20 | 000,000,132 | ---- | M] () -- C:\Users\James Boothe\AppData\Roaming\Adobe PNG Format CS5 Prefs
[5 C:\Users\James Boothe\Documents\*.tmp files -> C:\Users\James Boothe\Documents\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/30 13:13:57 | 000,002,521 | ---- | C] () -- C:\Users\Public\Desktop\Update Michael 4 Base.lnk
[2011/06/30 01:28:42 | 000,002,302 | ---- | C] () -- C:\Users\James Boothe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup_9.0.0.722_30.06.2011_07-07.lnk
[2011/06/30 00:25:51 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/06/30 00:25:51 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/06/30 00:25:51 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/06/30 00:25:51 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/06/30 00:25:51 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/06/30 00:19:56 | 000,000,512 | ---- | C] () -- C:\Users\James Boothe\Desktop\MBR.dat
[2011/06/29 02:34:41 | 000,002,521 | ---- | C] () -- C:\Users\Public\Desktop\Update Victoria 4.2 Base.lnk
[2011/06/28 23:44:29 | 000,000,718 | ---- | C] () -- C:\Users\James Boothe\Documents\James Boothe - Shortcut.lnk
[2011/06/28 23:22:56 | 000,002,051 | ---- | C] () -- C:\Users\James Boothe\Desktop\DAZ Studio 4.lnk
[2011/06/28 19:12:02 | 000,262,038 | ---- | C] () -- C:\Users\James Boothe\Documents\Untitled.png
[2011/06/28 18:50:57 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/06/28 18:50:41 | 000,001,901 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/06/28 03:52:19 | 000,236,749 | ---- | C] () -- C:\Users\James Boothe\Documents\Reina.png
[2011/06/28 02:44:08 | 000,002,500 | ---- | C] () -- C:\Users\Public\Desktop\Update Victoria 4 Base.lnk
[2011/06/28 02:13:24 | 000,002,115 | ---- | C] () -- C:\Users\Public\Desktop\Poser Pro 2010 (x86).lnk
[2011/06/28 02:13:24 | 000,001,940 | ---- | C] () -- C:\Users\Public\Desktop\Queue Manager 2010.lnk
[2011/06/28 02:13:24 | 000,001,912 | ---- | C] () -- C:\Users\Public\Desktop\Poser Pro 2010.lnk
[2011/06/28 01:08:27 | 003,913,298 | ---- | C] () -- C:\Users\James Boothe\Reina2.psd
[2011/06/27 17:43:06 | 000,172,066 | ---- | C] () -- C:\Users\James Boothe\Documents\Reina.jpg
[2011/06/27 11:03:06 | 003,813,291 | ---- | C] () -- C:\Users\James Boothe\Documents\Reina2.psd
[2011/06/27 00:14:03 | 001,030,399 | ---- | C] () -- C:\Users\James Boothe\Documents\Reina.psd
[2011/06/26 21:35:14 | 006,757,992 | ---- | C] () -- C:\Users\James Boothe\Documents\Specs.nfo
[2011/06/26 17:41:46 | 000,164,067 | ---- | C] () -- C:\Users\James Boothe\Documents\Serph Morris.jpg
[2011/06/26 01:16:25 | 000,001,104 | ---- | C] () -- C:\Users\James Boothe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/06/26 01:16:24 | 000,000,924 | ---- | C] () -- C:\Users\James Boothe\Desktop\NTREGOPT.lnk
[2011/06/26 01:16:24 | 000,000,905 | ---- | C] () -- C:\Users\James Boothe\Desktop\ERUNT.lnk
[2011/06/26 01:13:21 | 001,273,053 | ---- | C] () -- C:\Users\James Boothe\Documents\Outfit.psd
[2011/06/26 01:05:22 | 016,974,214 | ---- | C] () -- C:\Users\James Boothe\Documents\Serph.psd
[2011/06/25 03:13:39 | 000,001,133 | ---- | C] () -- C:\Users\James Boothe\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/06/24 23:21:42 | 000,152,233 | ---- | C] () -- C:\Windows\SysNative\drivers\klin.dat
[2011/06/24 23:21:41 | 000,107,075 | ---- | C] () -- C:\Windows\SysNative\drivers\klick.dat
[2011/06/24 04:45:41 | 000,010,884 | ---- | C] () -- C:\Users\James Boothe\Documents\Proposal.rtf
[2011/06/24 04:03:58 | 000,014,185 | ---- | C] () -- C:\Users\James Boothe\Documents\When the Wheel of Fate is in God's Hand.snowXML
[2011/06/24 04:02:50 | 000,001,969 | ---- | C] () -- C:\Users\Public\Desktop\Snowflake Pro 1.1.1.lnk
[2011/06/24 02:20:38 | 000,001,175 | ---- | C] () -- C:\Users\Public\Desktop\Liquid Story Binder XE.lnk
[2011/06/24 02:19:45 | 000,000,326 | -HS- | C] () -- C:\Windows\tasks\Vwmnze.job
[2011/06/22 01:18:27 | 000,001,535 | ---- | C] () -- C:\Users\James Boothe\Desktop\VisualBoyAdvance-M - Shortcut.lnk
[2011/06/21 22:35:33 | 000,000,713 | ---- | C] () -- C:\Users\James Boothe\Desktop\Dolphin - Shortcut.lnk
[2011/06/19 22:48:33 | 000,002,554 | ---- | C] () -- C:\Users\James Boothe\Desktop\vba.ini
[2011/06/19 20:28:34 | 000,000,215 | ---- | C] () -- C:\Users\James Boothe\Documents\Pokemon Fire Red.cht
[2011/06/19 20:11:13 | 000,001,265 | ---- | C] () -- C:\Users\James Boothe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dragon NaturallySpeaking.lnk
[2011/06/19 20:11:01 | 000,002,799 | ---- | C] () -- C:\Users\Public\Desktop\Dragon NaturallySpeaking 10.0.lnk
[2011/06/17 00:55:09 | 002,215,635 | ---- | C] () -- C:\Users\James Boothe\Documents\Serph Morris.psd
[2011/06/15 20:43:50 | 000,000,612 | ---- | C] () -- C:\Users\James Boothe\Desktop\DeSmuME_x64 - Shortcut.lnk
[2011/06/13 21:08:47 | 000,002,090 | ---- | C] () -- C:\Users\Public\Desktop\SDFormatter.lnk
[2011/06/13 12:24:32 | 000,001,466 | ---- | C] () -- C:\Users\James Boothe\Documents\Norse.dsf
[2011/06/11 09:45:18 | 000,000,236 | ---- | C] () -- C:\Users\James Boothe\Documents\pan.pkm
[2011/06/10 23:11:36 | 000,000,236 | ---- | C] () -- C:\Users\James Boothe\Documents\Snivy.pkm
[2011/06/10 23:08:39 | 000,000,236 | ---- | C] () -- C:\Users\James Boothe\Documents\Tepig.pkm
[2011/06/09 10:50:07 | 000,008,192 | ---- | C] () -- C:\digital devil story (j) [t-eng].srm
[2011/06/09 10:48:14 | 000,000,531 | ---- | C] () -- C:\Users\James Boothe\Desktop\zsnesw - Shortcut.lnk
[2011/06/09 10:47:50 | 002,097,664 | ---- | C] () -- C:\digital devil story (j) [t-eng].smc
[2011/06/09 10:47:23 | 000,008,192 | ---- | C] () -- C:\Shin Megami Tensei.srm
[2011/06/05 20:32:57 | 000,105,390 | ---- | C] () -- C:\Users\James Boothe\Documents\Nimevere.jpg
[2011/06/05 20:32:32 | 000,104,142 | ---- | C] () -- C:\Users\James Boothe\Documents\Archer and Nimevere.jpg
[2011/06/05 17:04:18 | 000,211,619 | ---- | C] () -- C:\Users\James Boothe\Documents\Archer and Nimevere.png
[2011/06/05 17:03:58 | 000,000,132 | ---- | C] () -- C:\Users\James Boothe\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/06/05 17:03:56 | 000,177,024 | ---- | C] () -- C:\Users\James Boothe\Documents\Nimevere.png
[2011/06/05 16:50:46 | 000,769,678 | ---- | C] () -- C:\Users\James Boothe\Documents\Nimevere.psd
[2011/06/05 16:17:06 | 003,539,936 | ---- | C] () -- C:\Users\James Boothe\Documents\Archer and Nimevere.psd
[2011/05/30 23:48:04 | 000,003,463 | ---- | C] () -- C:\Users\James Boothe\AppData\Local\gcs.pref
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/03/07 14:05:26 | 000,000,017 | ---- | C] () -- C:\Users\James Boothe\AppData\Local\resmon.resmoncfg
[2011/01/01 22:45:13 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2010/12/29 10:39:35 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010/12/29 10:39:34 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/12/29 10:39:33 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2010/12/19 04:57:07 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\BSPRINT.INI
[2010/11/25 02:59:28 | 000,033,792 | ---- | C] () -- C:\Windows\SysWow64\drivers\libusb0.sys
[2010/10/19 17:48:04 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2010/09/16 01:56:51 | 001,530,368 | ---- | C] () -- C:\Windows\SysWow64\online.exe
[2010/09/16 01:56:37 | 001,530,368 | ---- | C] () -- C:\Windows\SysWow64\_online.exe
[2010/06/12 01:39:14 | 000,000,100 | ---- | C] () -- C:\Users\James Boothe\AppData\Local\fusioncache.dat
[2010/06/05 23:47:38 | 000,000,033 | ---- | C] () -- C:\Windows\SysWow64\grecorder.dll
[2010/06/05 14:51:52 | 000,003,584 | ---- | C] () -- C:\Users\James Boothe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/28 23:17:27 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/03/27 13:51:51 | 000,004,096 | ---- | C] () -- C:\Windows\SysWow64\drivers\nocashio.sys
[2010/02/12 16:29:19 | 000,000,056 | RHS- | C] () -- C:\Windows\SysWow64\26951A4CB9.sys
[2010/02/12 16:29:18 | 000,001,734 | -HS- | C] () -- C:\Windows\SysWow64\KGyGaAvL.sys
[2010/02/11 19:43:47 | 000,230,752 | ---- | C] () -- C:\Windows\patchw32.dll
[2010/02/11 19:43:46 | 000,118,176 | ---- | C] () -- C:\Windows\patchw.dll
[2010/02/06 13:00:00 | 000,000,155 | ---- | C] () -- C:\Windows\GKLauncherInfo.ini
[2010/01/17 15:54:53 | 000,000,306 | ---- | C] () -- C:\Windows\PowerReg.dat
[2010/01/16 22:48:04 | 000,000,000 | ---- | C] () -- C:\Users\James Boothe\AppData\Roaming\wklnhst.dat
[2010/01/13 22:55:09 | 000,876,002 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/01/12 00:10:33 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2010/01/11 18:21:37 | 000,004,288 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010/01/11 18:21:37 | 000,000,168 | RHS- | C] () -- C:\ProgramData\B94C1A9526.sys
[2010/01/09 15:05:22 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2010/01/09 15:05:22 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2010/01/09 15:05:22 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2010/01/09 15:05:22 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2010/01/09 15:05:22 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2010/01/09 15:05:22 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2010/01/09 15:05:22 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2010/01/09 15:05:22 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2010/01/09 15:05:22 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2010/01/09 15:05:22 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2010/01/09 15:05:22 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2010/01/09 15:05:22 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2010/01/09 15:05:22 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2010/01/09 15:05:22 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2010/01/09 15:05:22 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2010/01/09 15:05:22 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2010/01/04 09:27:16 | 000,000,071 | ---- | C] () -- C:\Windows\EPNX110.ini
[2009/10/10 01:08:49 | 000,221,184 | ---- | C] () -- C:\Windows\SysWow64\drivers\ServiceHelp.dll
[2009/10/10 01:08:21 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2009/10/10 01:08:21 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2009/10/10 01:07:58 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2009/10/10 01:07:58 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2009/10/10 00:58:31 | 000,007,443 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2009/10/10 00:58:27 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2009/10/10 00:58:26 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2009/10/10 00:58:26 | 000,004,811 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:59:36 | 000,982,196 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009/07/13 17:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/07/13 17:59:36 | 000,097,448 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009/07/13 17:59:35 | 000,417,344 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/07/08 21:03:02 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008/06/05 18:51:08 | 000,000,849 | ---- | C] () -- C:\Windows\SysWow64\bscs.ini
[2008/06/04 19:30:44 | 000,405,589 | ---- | C] () -- C:\Windows\SysWow64\BsUI.dll
[2008/06/04 19:30:22 | 000,278,647 | ---- | C] () -- C:\Windows\SysWow64\outlookAddin.dll
[2008/06/04 19:30:04 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\HtmPrintHelper.dll
[2008/06/04 19:29:48 | 000,622,693 | ---- | C] () -- C:\Windows\SysWow64\BsShell.dll
[2008/06/04 19:29:38 | 000,106,597 | ---- | C] () -- C:\Windows\SysWow64\BsAddin.dll
[2008/06/04 19:27:44 | 000,098,403 | ---- | C] () -- C:\Windows\SysWow64\Bs2Res.dll
[2008/06/04 19:27:10 | 000,118,880 | ---- | C] () -- C:\Windows\SysWow64\BsMobileSDK.dll
[2008/06/04 19:27:02 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\BsMobileCSps.dll
[2008/03/07 14:54:22 | 017,907,824 | ---- | C] () -- C:\Windows\SysWow64\BsLangInDepRes.dll
[2007/03/19 11:59:18 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\BsVistaCommon.dll
[2005/08/30 01:00:00 | 000,781,312 | ---- | C] () -- C:\Windows\SysWow64\RGSS102J.dll
[2005/08/30 01:00:00 | 000,778,752 | ---- | C] () -- C:\Windows\SysWow64\RGSS102E.dll
[2005/08/30 01:00:00 | 000,771,584 | ---- | C] () -- C:\Windows\SysWow64\RGSS100J.dll

========== LOP Check ==========

[2010/01/10 21:48:48 | 000,000,000 | ---D | M] -- C:\Users\James Boothe\AppData\Roaming\acccore
[2010/12/21 15:30:40 | 000,000,000 | ---D | M] -- C:\Users\James Boothe\AppData\Roaming\Audacity
[2011/01/09 00:53:18 | 000,000,000 | ---D | M] -- C:\Users\James Boothe\AppData\Roaming\Bioshock
[2010/04/10 20:21:16 | 000,000,000 | ---D | M] -- C:\Users\James Boothe\AppData\Roaming\DAEMON Tools Lite
[2011/06/28 23:22:14 | 000,000,000 | ---D | M] -- C:\Users\James Boothe\AppData\Roaming\DAZ 3D
[2011/07/02 02:01:06 | 000,000,000 | ---D | M] -- C:\Users\James Boothe\AppData\Roaming\DNA
[2010/11/30 22:30:34 | 000,000,000 | ---D | M] -- C:\Users\James Boothe\AppData\Roaming\Dragon Age Toolset
[2011/02/18 15:25:30 | 000,000,000 | ---D | M] -- C:\Users\James Boothe\AppData\Roaming\Epson
[2011/01/13 05:46:18 | 000,000,000 | ---D | M] -- C:\Users\James Boothe\AppData\Roaming\FaceGen
[2010/10/23 20:20:58 | 000,000,000 | ---D | M] -- C:\Users\James Boothe\AppData\Roaming\FALCOM
[2011/05/08 06:01:15 | 000,000,000 | ---D | M] -- C:\Users\James Boothe\AppData\Roaming\GetRightToGo
[2011/06/24 11:28:48 | 000,000,000 | ---D | M] -- C:\Users\James Boothe\AppData\Roaming\IngermansonCommunications
[2011/02/18 15:47:23 | 000,000,000 | ---D | M] -- C:\Users\James Boothe\AppData\Roaming\Leader Technologies
[2010/01/09 15:08:31 | 000,000,000 | ---D | M] -- C:\Users\James Boothe\AppData\Roaming\Leadertech
[2010/12/12 12:25:30 | 000,000,000 | ---D | M] -- C:\Users\James Boothe\AppData\Roaming\Local
[2011/02/23 12:50:58 | 000,000,000 | ---D | M] -- C:\Users\James Boothe\AppData\Roaming\LSMGUIAIR.64AAB1E9DCCE40D96A4E881F8BD26884D826DB32.1
[2010/11/25 02:56:11 | 000,000,000 | ---D | M] -- C:\Users\James Boothe\AppData\Roaming\MotioninJoy
[2010/11/18 02:09:09 | 000,000,000 | ---D | M] -- C:\Users\James Boothe\AppData\Roaming\NCH Swift Sound
[2010/11/22 01:11:24 | 000,000,000 | ---D | M] -- C:\Users\James Boothe\AppData\Roaming\NeopleLauncherDFO
[2011/05/21 15:20:57 | 000,000,000 | ---D | M] -- C:\Users\James Boothe\AppData\Roaming\Nitroplus
[2011/06/19 20:11:33 | 000,000,000 | ---D | M] -- C:\Users\James Boothe\AppData\Roaming\Nuance
[2011/02/23 05:27:07 | 000,000,000 | ---D | M] -- C:\Users\James Boothe\AppData\Roaming\Poser
[2011/06/28 02:31:15 | 000,000,000 | ---D | M] -- C:\Users\James Boothe\AppData\Roaming\Poser Pro
[2010/11/12 03:05:37 | 000,000,000 | ---D | M] -- C:\Users\James Boothe\AppData\Roaming\Publish Providers
[2011/06/29 18:40:48 | 000,000,000 | ---D | M] -- C:\Users\James Boothe\AppData\Roaming\Queue Manager
[2010/10/27 15:48:33 | 000,000,000 | ---D | M] -- C:\Users\James Boothe\AppData\Roaming\Razer
[2011/06/02 03:42:49 | 000,000,000 | ---D | M] -- C:\Users\James Boothe\AppData\Roaming\RIFT
[2011/02/22 08:48:28 | 000,000,000 | ---D | M] -- C:\Users\James Boothe\AppData\Roaming\Smith Micro
[2011/01/10 07:14:29 | 000,000,000 | ---D | M] -- C:\Users\James Boothe\AppData\Roaming\Sony
[2010/01/16 22:37:53 | 000,000,000 | ---D | M] -- C:\Users\James Boothe\AppData\Roaming\Spacejock Software
[2011/01/10 18:09:37 | 000,000,000 | ---D | M] -- C:\Users\James Boothe\AppData\Roaming\SystemRequirementsLab
[2010/04/03 13:53:10 | 000,000,000 | ---D | M] -- C:\Users\James Boothe\AppData\Roaming\thriXXX
[2010/06/12 01:39:21 | 000,000,000 | ---D | M] -- C:\Users\James Boothe\AppData\Roaming\Turbine
[2010/12/17 13:43:37 | 000,000,000 | ---D | M] -- C:\Users\James Boothe\AppData\Roaming\Ubisoft
[2011/07/01 05:32:45 | 000,000,000 | ---D | M] -- C:\Users\James Boothe\AppData\Roaming\uTorrent
[2011/06/22 01:20:53 | 000,000,000 | ---D | M] -- C:\Users\James Boothe\AppData\Roaming\VBA-M
[2010/02/17 00:29:21 | 000,000,000 | ---D | M] -- C:\Users\James Boothe\AppData\Roaming\Writer's Cafe 2
[2010/12/28 16:12:49 | 000,032,612 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/07/01 05:48:42 | 000,000,326 | -HS- | M] () -- C:\Windows\Tasks\Vwmnze.job

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2010/10/13 22:10:08 | 000,000,000 | ---D | M](C:\Users\James Boothe\Documents\?? ???) -- C:\Users\James Boothe\Documents\넥슨 플러그
[2010/10/13 22:10:08 | 000,000,000 | ---D | C](C:\Users\James Boothe\Documents\?? ???) -- C:\Users\James Boothe\Documents\넥슨 플러그

========== Alternate Data Streams ==========

@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:05EE1EEF
@Alternate Data Stream - 1219 bytes -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\View Baldur's Gate: Tales of The Sword Coast Readme.lnk
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:D06A4C76
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:F35A93AD

< End of report >

Edited by Sorlin, 02 July 2011 - 12:05 AM.

  • 0

Advertisements


#2
Sorlin

Sorlin

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Um, any help with this at all?
  • 0

#3
Sorlin

Sorlin

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Guys, please. I could really use some help here getting rid of this thing.
  • 0

#4
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

Download aswMBR.exe ( 1.8mb ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image
  • 0

#5
Sorlin

Sorlin

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Here is what I got from the scan. And thank you very much for the reply!


aswMBR version 0.9.7.675 Copyright© 2011 AVAST Software
Run date: 2011-07-04 13:18:54
-----------------------------
13:18:54.269 OS Version: Windows x64 6.1.7601 Service Pack 1
13:18:54.270 Number of processors: 8 586 0x1A05
13:18:54.271 ComputerName: JAMESBOOTHE-PC UserName: James Boothe
13:18:59.887 Initialize success
13:19:10.395 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
13:19:10.396 Disk 0 Vendor: ST31000528AS CC44 Size: 953869MB BusType: 3
13:19:12.409 Disk 0 MBR read successfully
13:19:12.411 Disk 0 MBR scan
13:19:12.413 Disk 0 unknown MBR code
13:19:12.414 Service scanning
13:19:13.772 Disk 0 trace - called modules:
13:19:13.775 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
13:19:13.777 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8008a66790]
13:19:13.780 3 CLASSPNP.SYS[fffff88001a0143f] -> nt!IofCallDriver -> [0xfffffa8008709520]
13:19:13.782 5 ACPI.sys[fffff88000fac7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800870b060]
13:19:13.785 Scan finished successfully
13:19:20.624 Disk 0 MBR has been saved successfully to "C:\Users\James Boothe\Desktop\MBR.dat"
13:19:20.636 The log file has been saved successfully to "C:\Users\James Boothe\Desktop\aswMBR.txt"
  • 0

#6
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

Download ComboFix here :

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them

    Click me

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply
  • 0

#7
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

Download ComboFix here :

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them

    Click me

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply
  • 0

#8
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP