Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

bad image pop up

Started by the_student , Aug 03 2011 05:36 PM

Please log in to reply

#1
the_student

Posted 03 August 2011 - 05:36 PM

New Member

Member
7 posts

hi i need some help with my computer i have tried using many thing to get rid of my bad image pop but nothing seems to work i was told this is the place to get help so here i am OTL logfile created on: 8/3/2011 4:30:29 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\claude\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.93 Gb Total Physical Memory | 0.47 Gb Available Physical Memory | 24.43% Memory free
3.87 Gb Paging File | 1.59 Gb Available in Paging File | 41.17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 216.46 Gb Total Space | 121.53 Gb Free Space | 56.14% Space Free | Partition Type: NTFS
Drive D: | 16.12 Gb Total Space | 2.33 Gb Free Space | 14.43% Space Free | Partition Type: NTFS

Computer Name: CLAUDE-HP | User Name: claude | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/03 16:30:03 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\claude\Downloads\OTL.exe
PRC - [2011/08/03 08:38:58 | 000,359,936 | ---- | M] () -- C:\Windows\update.4.1\svchost.exe
PRC - [2011/08/03 08:38:58 | 000,359,936 | ---- | M] () -- C:\Windows\update.4.1\svchost.exe
PRC - [2011/07/27 01:03:22 | 001,017,912 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2011/07/25 16:54:59 | 000,348,672 | ---- | M] () -- C:\Windows\update.5.0\svchost.exe
PRC - [2011/07/25 16:54:59 | 000,348,672 | ---- | M] () -- C:\Windows\update.5.0\svchost.exe
PRC - [2011/07/25 16:54:59 | 000,348,672 | ---- | M] () -- C:\Windows\update.5.0\svchost.exe
PRC - [2011/07/25 14:31:26 | 000,272,896 | ---- | M] () -- C:\Windows\update.3\svchost.exe
PRC - [2011/07/25 14:18:55 | 001,507,840 | ---- | M] () -- C:\Windows\bitcoind.exe
PRC - [2011/07/25 10:38:53 | 000,232,960 | ---- | M] () -- C:\Windows\l1rezerv.exe
PRC - [2011/07/25 10:34:26 | 000,256,000 | ---- | M] () -- C:\Windows\sysdriver32.exe
PRC - [2011/07/25 10:20:49 | 001,185,280 | -H-- | M] () -- C:\Windows\update.tray-7-0-lnk\svchost.exe
PRC - [2011/07/25 10:20:49 | 001,185,280 | -H-- | M] () -- C:\Windows\update.tray-7-0\svchost.exe
PRC - [2011/07/25 10:20:49 | 001,185,280 | -H-- | M] () -- C:\Windows\update.tray-7-0\svchost.exe
PRC - [2011/07/25 10:20:49 | 001,185,280 | -H-- | M] () -- C:\Windows\update.1\svchost.exe
PRC - [2011/06/29 12:20:24 | 000,743,936 | ---- | M] (Ufasoft) -- C:\Windows\ufa\ufa.exe
PRC - [2011/06/14 07:50:33 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/06/01 13:44:15 | 001,546,640 | ---- | M] (Bandoo Media, inc) -- C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe
PRC - [2011/05/25 07:55:00 | 001,221,520 | ---- | M] (Bandoo Media Inc.) -- C:\Program Files (x86)\Bandoo\BndCore.exe
PRC - [2011/05/25 07:54:58 | 001,617,296 | ---- | M] (Bandoo Media Inc.) -- C:\Program Files (x86)\Bandoo\Bandoo.exe
PRC - [2011/05/23 06:26:22 | 000,329,432 | ---- | M] (facemoods.com) -- C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.10\facemoodssrv.exe
PRC - [2011/05/18 09:25:46 | 022,631,608 | ---- | M] (ooVoo LLC) -- C:\Program Files (x86)\ooVoo\ooVoo.exe
PRC - [2011/04/16 05:52:20 | 000,027,648 | ---- | M] (Retrogamer) -- C:\Program Files (x86)\Retrogamer_2z\bar\1.bin\2zbrmon.exe
PRC - [2011/04/01 14:48:47 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2010/12/15 23:12:28 | 002,840,112 | ---- | M] (Trend Media Corporation Limited) -- C:\Program Files (x86)\FlashGet Network\FlashGet 3\Flashget3.exe
PRC - [2010/06/29 19:00:08 | 000,027,192 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2010/06/29 18:58:04 | 000,602,168 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2010/06/25 13:55:34 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/05/21 01:28:36 | 000,140,272 | ---- | M] (CinemaNow, Inc.) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
PRC - [2010/04/12 01:40:16 | 000,180,224 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
PRC - [2010/03/06 04:04:24 | 000,310,224 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2009/09/16 06:27:52 | 000,196,608 | ---- | M] () -- C:\Program Files (x86)\blinkx Remote Toolbar\the_blinkx_toolbar.exe

========== Modules (SafeList) ==========

MOD - [2011/08/03 16:30:03 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\claude\Downloads\OTL.exe
MOD - [2011/04/16 05:52:20 | 000,031,744 | ---- | M] (Retrogamer) -- C:\Program Files (x86)\Retrogamer_2z\bar\1.bin\2zbrstub.dll
MOD - [2010/08/20 22:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/08/03 05:49:22 | 001,030,600 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/06/18 16:26:18 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2010/04/19 18:55:18 | 000,315,392 | ---- | M] (Realtek Semiconductor Corp.) [Auto | Running] -- C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe -- (RtVOsdService)
SRV:64bit: - [2009/11/17 19:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/07/29 04:58:15 | 003,542,616 | ---- | M] () [Auto | Running] -- c:\Program Files (x86)\Common Files\Akamai\netsession_win_2da1ebd.dll -- (Akamai)
SRV - [2011/07/25 10:34:26 | 000,256,000 | ---- | M] () [Auto | Running] -- C:\Windows\sysdriver32.exe -- (srvsysdriver32)
SRV - [2011/06/14 07:50:33 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/05/28 21:32:05 | 000,080,256 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\ezGOSvc.dll -- (ezGOSvc)
SRV - [2011/05/25 07:54:58 | 001,617,296 | ---- | M] (Bandoo Media Inc.) [Auto | Running] -- C:\Program Files (x86)\Bandoo\Bandoo.exe -- (Bandoo Coordinator)
SRV - [2011/04/24 15:11:00 | 004,160,376 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2010/06/29 19:00:08 | 000,027,192 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2010/06/25 13:55:34 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/05/21 01:28:36 | 000,140,272 | ---- | M] (CinemaNow, Inc.) [Auto | Running] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/03/10 23:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/08/25 19:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/06/16 13:38:08 | 000,092,160 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2010/04/22 18:17:40 | 000,318,000 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/04/13 09:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/03/22 18:57:20 | 000,347,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/02/04 20:06:00 | 001,093,152 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/07/13 16:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/06/10 14:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 14:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 14:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 13:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 13:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 13:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/01/09 16:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV - [2005/01/01 20:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoo...earchTerms}&f=4
IE - HKLM\..\URLSearchHook: {e5a1e26f-0d1d-4307-868f-fbd9a374ab54} - C:\Program Files (x86)\ooVoo_Video_Chat\prxtbooVo.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.search...si=10211&home=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.search...si=10211&home=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.search...si=10211&home=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchPage =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://search.search...si=10211&home=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7B CD DF 84 93 F0 CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.search...si=10211&home=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://search.search...si=10211&home=1
IE - HKCU\..\URLSearchHook: {e5a1e26f-0d1d-4307-868f-fbd9a374ab54} - C:\Program Files (x86)\ooVoo_Video_Chat\prxtbooVo.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {F08555B0-9CC3-11D2-AA8E-000000000567} - C:\Program Files (x86)\blinkx Remote Toolbar\the_blinkx_shook.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaultthis.engineName: "ooVoo Video Chat Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....ch?fr=ffsp1&p="
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: false
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com"
FF - prefs.js..keyword.URL: "http://search.yahoo....ch?fr=ffds1&p="
FF - prefs.js..browser.search.defaultengine: "Complitly"
FF - prefs.js..browser.search.order.1: "Search Results"

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.633: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.633: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.633: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.633: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\claude\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\claude\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/04/01 14:48:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011/04/08 13:35:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011/04/08 13:35:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ClickPotatoLite@ClickPotatoLite.com: C:\Program Files (x86)\ClickPotatoLite\bin\10.0.668.0\firefox\extensions [2011/04/26 16:23:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\crossriderapp435@crossrider.com: C:\ProgramData\CodecCheck\firefox [2011/07/19 07:39:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/05/09 18:03:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/06/28 12:26:30 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\ffox@bandoo.com: C:\Users\claude\AppData\Roaming\Mozilla\Firefox\Profiles/jpprcmhg.default\extensions\ffox@bandoo.com [2011/07/10 13:27:06 | 000,000,000 | ---D | M]

[2011/07/10 13:26:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\claude\AppData\Roaming\Mozilla\Extensions
[2011/08/03 15:03:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\claude\AppData\Roaming\Mozilla\Firefox\Profiles\jpprcmhg.default\extensions
[2011/04/03 21:46:43 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\claude\AppData\Roaming\Mozilla\Firefox\Profiles\jpprcmhg.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/07/10 13:25:57 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\claude\AppData\Roaming\Mozilla\Firefox\Profiles\jpprcmhg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
[2011/04/01 20:56:16 | 000,000,000 | ---D | M] (ooVoo Video Chat Community Toolbar) -- C:\Users\claude\AppData\Roaming\Mozilla\Firefox\Profiles\jpprcmhg.default\extensions\{e5a1e26f-0d1d-4307-868f-fbd9a374ab54}
[2011/04/01 20:56:16 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\claude\AppData\Roaming\Mozilla\Firefox\Profiles\jpprcmhg.default\extensions\engine@conduit.com
[2011/07/10 13:27:06 | 000,000,000 | ---D | M] (Bandoo for Firefox) -- C:\Users\claude\AppData\Roaming\Mozilla\Firefox\Profiles\jpprcmhg.default\extensions\ffox@bandoo.com
[2011/08/03 15:05:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\claude\AppData\Roaming\Mozilla\Firefox\Profiles\jpprcmhg.default\extensions\ffxtlbr@Facemoods.com
[2011/04/15 12:16:18 | 000,000,000 | ---D | M] (GameBox) -- C:\Users\claude\AppData\Roaming\Mozilla\Firefox\Profiles\jpprcmhg.default\extensions\gamebox@toolbar
[2011/03/23 17:45:10 | 000,000,935 | ---- | M] () -- C:\Users\claude\AppData\Roaming\Mozilla\Firefox\Profiles\jpprcmhg.default\searchplugins\conduit.xml
[2011/04/16 07:14:28 | 000,009,946 | ---- | M] () -- C:\Users\claude\AppData\Roaming\Mozilla\Firefox\Profiles\jpprcmhg.default\searchplugins\Retrogamer_2z.xml
[2011/07/10 13:25:53 | 000,002,501 | ---- | M] () -- C:\Users\claude\AppData\Roaming\Mozilla\Firefox\Profiles\jpprcmhg.default\searchplugins\SearchResults.xml
[2011/04/26 07:48:37 | 000,000,000 | ---- | M] () -- C:\Users\claude\AppData\Roaming\Mozilla\Firefox\Profiles\jpprcmhg.default\searchplugins\SoccerInferno.xml
[2011/07/10 13:26:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/06/30 19:12:37 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/05/09 10:15:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/07/08 23:00:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/04/16 05:52:31 | 000,000,000 | ---D | M] (GameTap) -- C:\Program Files (x86)\Mozilla Firefox\extensions\GameTapPlayer@gametap.com
File not found (No name found) --
[2011/04/26 16:23:34 | 000,000,000 | ---D | M] (ClickPotatoLite Component) -- C:\PROGRAM FILES (X86)\CLICKPOTATOLITE\BIN\10.0.668.0\FIREFOX\EXTENSIONS
File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64}
[2011/08/03 15:15:21 | 000,000,000 | ---D | M] (No name found) -- C:\PROGRAM FILES (X86)\RETROGAMER_2Z\BAR\1.BIN
File not found (No name found) -- C:\PROGRAM FILES (X86)\SOCCERINFERNO\BAR\1.BIN
[2011/04/01 14:48:51 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2011/05/09 18:03:51 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/07/27 16:13:46 | 000,027,136 | ---- | M] (NHN USA Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
[2009/09/16 06:27:52 | 000,057,344 | ---- | M] (blinkx) -- C:\Program Files (x86)\mozilla firefox\plugins\np_blinkx_plugin.dll
[2010/01/01 01:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/06/28 12:26:30 | 000,001,132 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\blinkxtoolbar.xml
[2010/01/01 01:00:00 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/06/19 19:42:16 | 000,003,195 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Complitly.xml
[2010/01/01 01:00:00 | 000,001,180 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/07/19 07:40:55 | 000,002,045 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
[2011/07/10 13:25:53 | 000,002,501 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\SearchResults.xml
[2010/01/01 01:00:00 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/08/03 05:42:31 | 000,000,000 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - File not found
O2:64bit: - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\IEBHO.dll (Bandoo Media, inc)
O2 - BHO: (The blinkx Toolbar) - {0069B690-7A2B-41C5-98CA-9F535B4C8532} - C:\Program Files (x86)\blinkx Remote Toolbar\the_blinkx_bho.dll ()
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (ALOT Toolbar Helper) - {14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} - C:\Program Files (x86)\alot\bin\BHO\alotBHO.dll (Vertro)
O2 - BHO: (ShoppingReport2) - {258C9770-1713-4021-8D7E-1F184A2BD754} - File not found
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - File not found
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (FlashGetBHO) - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\claude\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll (Trend Media Group)
O2 - BHO: (ooVoo Video Chat Toolbar) - {e5a1e26f-0d1d-4307-868f-fbd9a374ab54} - C:\Program Files (x86)\ooVoo_Video_Chat\prxtbooVo.dll (Conduit Ltd.)
O2 - BHO: (BandooIEPlugin Class) - {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - C:\Program Files (x86)\Bandoo\Plugins\IE\ieplugin.dll (Bandoo Media Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ALOT Toolbar) - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files (x86)\alot\bin\alot.dll (Vertro)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - File not found
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (ooVoo Video Chat Toolbar) - {e5a1e26f-0d1d-4307-868f-fbd9a374ab54} - C:\Program Files (x86)\ooVoo_Video_Chat\prxtbooVo.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (The blinkx Toolbar) - {E5A1ECE5-3E3D-4FE7-8447-78CB1FD377C6} - C:\Program Files (x86)\blinkx Remote Toolbar\the_blinkx_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (ooVoo Video Chat Toolbar) - {E5A1E26F-0D1D-4307-868F-FBD9A374AB54} - C:\Program Files (x86)\ooVoo_Video_Chat\prxtbooVo.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [20356661-loader2.exe] C:\Windows\Temp\20356661-loader2.exe ()
O4 - HKLM..\Run: [4177812.exe] C:\Windows\Temp\4177812.exe ()
O4 - HKLM..\Run: [4987444.exe] C:\Windows\TEMP\4987444.exe ()
O4 - HKLM..\Run: [952688.exe] C:\Windows\Temp\952688.exe ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast] File not found
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [l1rezerv.exe] C:\Windows\l1rezerv.exe ()
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [sysdriver32.exe] C:\Windows\sysdriver32.exe ()
O4 - HKLM..\Run: [sysdriver32_.exe] C:\Windows\sysdriver32_.exe ()
O4 - HKLM..\Run: [systemup] C:\Windows\systemup.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [tray_ico] File not found
O4 - HKLM..\Run: [tray_ico0] C:\Windows\update.tray-7-0\svchost.exe ()
O4 - HKLM..\Run: [tray_ico1] File not found
O4 - HKLM..\Run: [tray_ico2] File not found
O4 - HKLM..\Run: [tray_ico3] File not found
O4 - HKLM..\Run: [tray_ico4] File not found
O4 - HKLM..\Run: [tsnpstd3] C:\Windows\tsnpstd3.exe (SONIX)
O4 - HKLM..\Run: [w_distrib.exe] C:\Windows\update.3\svchost.exe ()
O4 - HKLM..\Run: [wxpdrv] C:\Windows\services32.exe ()
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [blinkx_toolbar] C:\Program Files (x86)\blinkx Remote Toolbar\the_blinkx_toolbar.exe ()
O4 - HKCU..\Run: [ciedeih] File not found
O4 - HKCU..\Run: [FlashGet 3] C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe (Trend Media Corporation Limited)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe (ooVoo LLC)
O4 - HKLM..\RunOnce: [Retrogamer_2zbar Uninstall] C:\Program Files (x86)\Uninstall Retrogamer.dll (Retrogamer)
O4 - HKCU..\RunOnce: [ypagerps] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Users\claude\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZooskMessenger.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8:64bit: - Extra context menu item: Download all by FlashGet3 - C:\Users\claude\AppData\Roaming\FlashGetBHO\GetAllUrl.htm ()
O8:64bit: - Extra context menu item: Download by FlashGet3 - C:\Users\claude\AppData\Roaming\FlashGetBHO\GetUrl.htm ()
O8 - Extra context menu item: Download all by FlashGet3 - C:\Users\claude\AppData\Roaming\FlashGetBHO\GetAllUrl.htm ()
O8 - Extra context menu item: Download by FlashGet3 - C:\Users\claude\AppData\Roaming\FlashGetBHO\GetUrl.htm ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: ShopperReports - Compare product prices - {DB38E21A-0133-419d-92AD-ECDFD5244D6D} - File not found
O9 - Extra Button: ShopperReports - Compare travel rates - {EB620C54-E229-4942-87CE-E717109FC8C6} - File not found
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files%20(x86)/Supercow/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} Reg Error: Key error. (GameTap Player)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files%20(x86)/TextTwist%202/Images/armhelper.ocx (ArmHelper Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.183.0.76 65.183.0.86
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI3C8A~1\Datamngr\x64\datamngr.dll) - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\datamngr.dll (Bandoo Media, inc)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI3C8A~1\Datamngr\x64\IEBHO.dll) - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\IEBHO.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (c:\progra~2\wi3c8a~1\datamngr\datamngr.dll) - c:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (c:\progra~2\wi3c8a~1\datamngr\iebho.dll) - c:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (c:\progra~2\bandoo\bndhook.dll) - c:\Program Files (x86)\Bandoo\BndHook.dll (Discordia Limited)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O31 - SafeBoot: AlternateShell - services32.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/08/02 18:42:19 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\PsychoLauncher.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\Autorun.exe
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/03 15:32:26 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserPlus
[2011/08/03 15:32:25 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\Yahoo!
[2011/08/03 15:31:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
[2011/08/03 15:15:25 | 000,702,464 | ---- | C] (Retrogamer) -- C:\Program Files (x86)\Uninstall Retrogamer.dll
[2011/08/03 14:55:18 | 000,262,144 | ---- | C] (SONIX) -- C:\Windows\tsnpstd3.exe
[2011/08/03 14:55:18 | 000,166,912 | ---- | C] ( ) -- C:\Windows\SysNative\rsnpstd3.dll
[2011/08/03 14:55:14 | 010,246,144 | ---- | C] (Sonix Co. Ltd.) -- C:\Windows\SysWow64\drivers\snpstd3.sys
[2011/08/03 14:55:13 | 000,172,032 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnpstd3.dll
[2011/08/03 14:55:13 | 000,061,440 | ---- | C] ( ) -- C:\Windows\SysWow64\vsnpstd3.dll
[2011/08/03 14:55:13 | 000,053,248 | ---- | C] ( ) -- C:\Windows\csnpstd3.dll
[2011/08/03 14:55:13 | 000,018,944 | ---- | C] ( ) -- C:\Windows\SysNative\csnpstd3.dll
[2011/08/03 14:55:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\snpstd3
[2011/08/03 14:55:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\USB PC Camera Plus
[2011/08/03 14:52:57 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Roaming\InstallShield
[2011/08/03 06:02:38 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2011/08/03 05:49:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2011/08/03 05:48:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
[2011/08/03 05:48:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Autodesk Shared
[2011/08/03 05:46:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Autodesk Shared
[2011/08/03 05:46:42 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Roaming\Autodesk
[2011/08/03 05:46:42 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\Autodesk
[2011/08/03 05:46:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Autodesk
[2011/08/03 05:46:41 | 000,000,000 | ---D | C] -- C:\Program Files\AutoCAD 2010
[2011/08/03 05:37:11 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{3D1DD055-BD4A-40AA-BC3E-197EEC3AC104}
[2011/08/02 19:21:20 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/08/02 19:19:31 | 000,000,000 | ---D | C] -- C:\Users\claude\Desktop\auto cad
[2011/08/02 18:42:19 | 000,000,000 | ---D | C] -- C:\Autodesk
[2011/08/02 16:35:14 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{E53BF349-D267-4216-AAE3-CBD7E8FED27B}
[2011/08/02 04:20:58 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{02387424-5905-47A9-B383-291120EC6237}
[2011/08/01 18:38:21 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Roaming\Super-Cow
[2011/08/01 15:01:17 | 000,000,000 | ---D | C] -- C:\ProgramData\GameHouse
[2011/08/01 15:00:37 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TextTwist 2
[2011/08/01 15:00:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TextTwist 2
[2011/08/01 15:00:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TextTwist 2
[2011/08/01 15:00:33 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Roaming\SpinTop
[2011/08/01 08:47:46 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{E847F255-A096-4C3D-B293-8A07928373AB}
[2011/07/31 17:59:53 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{D7D20864-4929-4CC4-ACBB-DB0EA0EBA8EB}
[2011/07/31 05:58:23 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{BD16F38E-8FE1-4C13-9212-5466FD8161D6}
[2011/07/30 05:29:39 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{5961352A-233B-4D65-8163-4EBED0CADDD7}
[2011/07/29 06:41:57 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{BF8E867C-582F-4D0A-8547-B5692D1CFBF3}
[2011/07/28 18:41:19 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{4804B18F-6DDC-47C1-AB92-4C713F85F147}
[2011/07/28 06:40:50 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{6F1C4916-63E8-4616-9611-C413CF39FDB5}
[2011/07/27 06:40:11 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{46D7B13A-DE60-45D5-8AE8-90F9A7A03B4F}
[2011/07/25 18:02:12 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{25EC26C6-8426-4FD4-B650-19BDF7AAC490}
[2011/07/25 14:12:41 | 000,000,000 | -H-D | C] -- C:\Windows\update.4.1
[2011/07/25 12:40:57 | 000,000,000 | -H-D | C] -- C:\Windows\update.3
[2011/07/25 10:40:08 | 000,000,000 | ---D | C] -- C:\Windows\ufa
[2011/07/25 10:40:08 | 000,000,000 | ---D | C] -- C:\Windows\rpcminer
[2011/07/25 10:40:08 | 000,000,000 | ---D | C] -- C:\Windows\phoenix
[2011/07/25 10:39:05 | 000,000,000 | -H-D | C] -- C:\Windows\update.5.0
[2011/07/25 10:38:33 | 000,000,000 | -H-D | C] -- C:\Windows\update.2
[2011/07/25 10:35:07 | 000,000,000 | ---D | C] -- C:\Windows\av_ico
[2011/07/25 10:33:13 | 000,000,000 | -H-D | C] -- C:\Windows\update.1
[2011/07/25 10:33:09 | 000,000,000 | -H-D | C] -- C:\Windows\update.tray-7-0-lnk
[2011/07/25 10:33:09 | 000,000,000 | -H-D | C] -- C:\Windows\update.tray-7-0
[2011/07/25 06:01:35 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{F616519F-B030-4565-A81C-E81C943D40F2}
[2011/07/23 11:50:20 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{362E5320-B142-4E5B-92EE-71061E25F5BB}
[2011/07/22 19:26:56 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{A9290098-B1F9-4F82-8408-15B6EF62DA8C}
[2011/07/22 07:26:32 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{521E7F4E-2034-4464-A1B3-DA4E41D4CB87}
[2011/07/21 19:25:57 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{9AB8C926-25BE-477A-9E2E-07BF887EBBB1}
[2011/07/21 07:25:32 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{FA231D91-65EA-4DEE-827B-6273C4144E0A}
[2011/07/20 19:25:04 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{F1B283CA-A971-4CA7-9248-20DD05C6019E}
[2011/07/19 19:03:49 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{903C0FF6-C446-4F2A-8E93-A88F50B13B49}
[2011/07/19 07:40:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\facemoods.com
[2011/07/19 07:39:21 | 000,000,000 | ---D | C] -- C:\ProgramData\CodecCheck
[2011/07/19 07:39:17 | 000,000,000 | ---D | C] -- C:\codec-info
[2011/07/19 07:38:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Premium
[2011/07/19 07:38:52 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2011/07/19 07:03:25 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{04DA55DF-6B93-4C04-856B-B4386AADD318}
[2011/07/18 17:55:56 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{7B48D4C5-3E0C-4A0E-845E-623A8F133E1E}
[2011/07/18 05:55:30 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{641520D2-7355-41C2-9168-FAFF31979213}
[2011/07/17 05:45:46 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{115036C0-BC99-4228-A684-D02852AD7BFC}
[2011/07/16 05:31:51 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{4D281D53-FEB1-4ECE-9321-FD96FB7E2E18}
[2011/07/15 12:02:23 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{19B475B9-80C5-4A97-A1AC-58ABA61BAC91}
[2011/07/15 08:44:42 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{B0B37FEE-DB5E-4891-81A2-23DA8D210AE6}
[2011/07/15 05:31:49 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{6DDD1C6D-094C-46CF-8D28-3BE585D1123F}
[2011/07/14 17:31:25 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{B44F928A-CBA9-486F-93A0-3DDBBC8CBD4F}
[2011/07/14 05:30:35 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{B2879EF0-04F8-4F22-8274-AD625BDF5D8D}
[2011/07/13 20:28:13 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{476834BD-EAC3-4BB1-844A-270973D91360}
[2011/07/13 08:27:49 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{757D7964-1386-4CF0-9444-246A3098196D}
[2011/07/12 19:38:06 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{6927D64A-2367-4946-875E-A24277C187C9}
[2011/07/11 17:50:49 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{BEE2A8CC-5C4A-4C34-A447-A3D58B4340CB}
[2011/07/11 05:49:54 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{A34A4887-48B4-49AA-A257-3D02CD78AF5D}
[2011/07/11 05:26:03 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/07/10 20:25:24 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Roaming\Bandoo
[2011/07/10 13:27:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bandoo
[2011/07/10 13:27:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Bandoo
[2011/07/10 13:26:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bandoo
[2011/07/10 13:26:55 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\Ilivid Player
[2011/07/10 13:26:18 | 000,000,000 | -H-D | C] -- C:\ProgramData\{9CD61942-8DA1-4781-925C-4FE1471E0820}
[2011/07/10 13:26:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid
[2011/07/10 13:26:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iLivid
[2011/07/10 13:25:54 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2011/07/10 13:25:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows iLivid Toolbar
[2011/07/10 13:25:42 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\PackageAware
[2011/07/10 05:44:53 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{5F1D66F5-772A-463B-BEA0-DBB13C83CBF7}
[2011/07/09 17:44:18 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{9B98AC60-EECF-4A8C-9C03-F3E7ECF28388}
[2011/07/09 13:08:22 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Roaming\GetRightToGo
[2011/07/09 13:08:22 | 000,000,000 | ---D | C] -- C:\Users\claude\Documents\Downloads
[2011/07/09 04:50:44 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{53F55969-CF53-4A82-82A7-7C1E11A3E7AE}
[2011/07/08 23:01:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/07/08 14:13:59 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{1237D8A9-70C1-4ACF-8762-1516A0DAF3D2}
[2011/07/08 11:24:08 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{FF80601D-DF27-48D7-89B6-23272E525C54}
[2011/07/08 10:25:49 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{B0B32094-984C-4ED4-A6F8-8BDDA6402879}
[2011/07/08 09:32:45 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{25E36425-DF97-4973-972D-0572B903118E}
[2011/07/08 08:36:49 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{88D50325-7770-4C66-B77C-A49399944457}
[2011/07/07 11:16:50 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{233F143E-5E15-4C43-BDA4-3058E23ACE1D}
[2011/07/06 10:01:03 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{807D9D84-A075-4088-ACBC-2754993876AF}
[2011/07/05 14:05:48 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{E0756DB8-73E5-4913-A400-32817A6AD7F4}
[2011/07/04 20:50:26 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{6B7EDB2B-60F7-4DFE-9A2F-3CB10B19A2D2}

========== Files - Modified Within 30 Days ==========

[2011/08/03 16:27:01 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/03 16:14:45 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/03 16:14:45 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/03 15:59:07 | 000,302,592 | ---- | M] () -- C:\Users\claude\Desktop\gmer.exe
[2011/08/03 15:40:11 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/08/03 15:40:11 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/08/03 15:40:11 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/08/03 15:31:49 | 000,001,159 | ---- | M] () -- C:\Users\claude\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2011/08/03 15:31:49 | 000,001,135 | ---- | M] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2011/08/03 09:58:11 | 000,000,202 | ---- | M] () -- C:\Windows\info1
[2011/08/03 06:20:51 | 000,000,206 | -H-- | M] () -- C:\Users\claude\Documents\Drawing1.dwl2
[2011/08/03 06:20:51 | 000,000,056 | -H-- | M] () -- C:\Users\claude\Documents\Drawing1.dwl
[2011/08/03 05:48:38 | 000,001,901 | ---- | M] () -- C:\Users\Public\Desktop\AutoCAD 2010 - English.lnk
[2011/08/03 05:42:31 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/08/03 05:36:42 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/03 05:36:34 | 000,001,935 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/08/03 05:35:49 | 000,000,435 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2011/08/03 05:35:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/03 05:35:18 | 1556,287,488 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/02 18:33:29 | 000,002,063 | ---- | M] () -- C:\Windows\SysWow64\secushr.dat
[2011/08/02 17:29:27 | 000,002,340 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/07/25 14:18:55 | 001,507,840 | ---- | M] () -- C:\Windows\bitcoind.exe
[2011/07/25 10:40:07 | 005,589,370 | ---- | M] () -- C:\Windows\phoenix.rar
[2011/07/25 10:40:07 | 001,075,284 | ---- | M] () -- C:\Windows\rpcminer.rar
[2011/07/25 10:40:07 | 000,246,272 | ---- | M] () -- C:\Windows\unrar.exe
[2011/07/25 10:40:07 | 000,182,617 | ---- | M] () -- C:\Windows\ufa.rar
[2011/07/25 10:39:40 | 000,114,176 | ---- | M] () -- C:\Windows\systemup.exe
[2011/07/25 10:38:56 | 000,000,734 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hîsts
[2011/07/25 10:38:53 | 000,232,960 | ---- | M] () -- C:\Windows\l1rezerv.exe
[2011/07/25 10:37:52 | 000,904,792 | ---- | M] () -- C:\Windows\geoiplist.rar
[2011/07/25 10:34:58 | 000,000,000 | ---- | M] () -- C:\Windows\loader2.exe_ok
[2011/07/25 10:34:26 | 000,256,000 | ---- | M] () -- C:\Windows\sysdriver32_.exe
[2011/07/25 10:34:26 | 000,256,000 | ---- | M] () -- C:\Windows\sysdriver32.exe
[2011/07/25 10:20:49 | 001,185,280 | ---- | M] () -- C:\Windows\services32.exe
[2011/07/18 21:10:49 | 000,061,352 | ---- | M] () -- C:\Users\claude\Desktop\282420_1864058202418_1269872542_31567762_5205799_n.jpg
[2011/07/17 03:24:20 | 004,636,907 | ---- | M] () -- C:\Windows\geoiplist
[2011/07/13 12:54:04 | 004,972,760 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/07/12 12:02:13 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011/07/11 05:25:58 | 325,327,855 | ---- | M] () -- C:\Windows\MEMORY.DMP

========== Files Created - No Company Name ==========

[2011/08/03 15:31:49 | 000,001,159 | ---- | C] () -- C:\Users\claude\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2011/08/03 15:31:49 | 000,001,135 | ---- | C] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2011/08/03 14:55:18 | 000,843,776 | ---- | C] () -- C:\Windows\vsnpstd3.exe
[2011/08/03 14:55:17 | 000,015,498 | ---- | C] () -- C:\Windows\snpstd3.ini
[2011/08/03 14:55:17 | 000,013,023 | ---- | C] () -- C:\Windows\snpstd3.src
[2011/08/03 06:20:51 | 000,000,206 | -H-- | C] () -- C:\Users\claude\Documents\Drawing1.dwl2
[2011/08/03 06:20:51 | 000,000,056 | -H-- | C] () -- C:\Users\claude\Documents\Drawing1.dwl
[2011/08/03 05:48:38 | 000,001,901 | ---- | C] () -- C:\Users\Public\Desktop\AutoCAD 2010 - English.lnk
[2011/07/25 14:18:49 | 001,507,840 | ---- | C] () -- C:\Windows\bitcoind.exe
[2011/07/25 10:40:07 | 005,589,370 | ---- | C] () -- C:\Windows\phoenix.rar
[2011/07/25 10:40:07 | 001,075,284 | ---- | C] () -- C:\Windows\rpcminer.rar
[2011/07/25 10:40:07 | 000,182,617 | ---- | C] () -- C:\Windows\ufa.rar
[2011/07/25 10:39:50 | 000,114,176 | ---- | C] () -- C:\Windows\systemup.exe
[2011/07/25 10:38:58 | 000,232,960 | ---- | C] () -- C:\Windows\l1rezerv.exe
[2011/07/25 10:38:23 | 000,000,202 | ---- | C] () -- C:\Windows\info1
[2011/07/25 10:37:53 | 004,636,907 | ---- | C] () -- C:\Windows\geoiplist
[2011/07/25 10:37:52 | 000,904,792 | ---- | C] () -- C:\Windows\geoiplist.rar
[2011/07/25 10:37:52 | 000,246,272 | ---- | C] () -- C:\Windows\unrar.exe
[2011/07/25 10:34:58 | 000,000,000 | ---- | C] () -- C:\Windows\loader2.exe_ok
[2011/07/25 10:34:55 | 000,256,000 | ---- | C] () -- C:\Windows\sysdriver32_.exe
[2011/07/25 10:34:41 | 000,256,000 | ---- | C] () -- C:\Windows\sysdriver32.exe
[2011/07/25 10:21:25 | 001,185,280 | ---- | C] () -- C:\Windows\services32.exe
[2011/07/18 21:10:51 | 000,061,352 | ---- | C] () -- C:\Users\claude\Desktop\282420_1864058202418_1269872542_31567762_5205799_n.jpg
[2011/07/16 22:21:04 | 000,302,592 | ---- | C] () -- C:\Users\claude\Desktop\gmer.exe
[2011/07/11 05:25:58 | 325,327,855 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/07/10 13:26:58 | 001,524,112 | ---- | C] () -- C:\Windows\SysWow64\bandoolmx.dll
[2011/06/15 14:20:38 | 000,080,256 | ---- | C] () -- C:\Windows\SysWow64\ezGOSvc.dll
[2011/06/14 07:50:36 | 000,281,200 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/06/14 07:50:33 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/04/18 19:02:29 | 000,000,016 | ---- | C] () -- C:\Windows\SysWow64\PCProxyOff.ini
[2011/04/18 19:01:54 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\VistaInfo32.dll
[2011/04/01 10:22:39 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/04/01 10:13:28 | 000,000,188 | ---- | C] () -- C:\Windows\SysWow64\HPWA.ini
[2011/04/01 10:09:07 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2011/04/01 10:05:41 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2011/04/01 10:05:41 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2011/04/01 10:05:41 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2011/04/01 10:05:41 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2011/04/01 10:05:40 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2011/04/01 10:05:24 | 000,000,282 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini
[2011/04/01 10:05:24 | 000,000,223 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini
[2011/04/01 09:39:25 | 000,002,063 | ---- | C] () -- C:\Windows\SysWow64\secushr.dat
[2011/04/01 09:20:50 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI
[2009/07/13 22:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 19:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 19:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 17:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:59:36 | 001,498,564 | ---- | C] () -- C:\Windows\SysWow64\igkrng400.bin
[2009/07/13 14:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/06/25 15:21:24 | 000,000,000 | ---D | M] -- C:\Users\claude\AppData\Roaming\Aquarius Soft
[2011/08/03 06:10:46 | 000,000,000 | ---D | M] -- C:\Users\claude\AppData\Roaming\Autodesk
[2011/07/10 20:25:24 | 000,000,000 | ---D | M] -- C:\Users\claude\AppData\Roaming\Bandoo
[2011/08/03 15:18:23 | 000,000,000 | ---D | M] -- C:\Users\claude\AppData\Roaming\BITS
[2011/04/03 13:45:35 | 000,000,000 | ---D | M] -- C:\Users\claude\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/04/26 16:23:34 | 000,000,000 | ---D | M] -- C:\Users\claude\AppData\Roaming\ClickPotatoLite
[2011/05/04 08:24:13 | 000,000,000 | ---D | M] -- C:\Users\claude\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
[2011/05/10 09:04:13 | 000,000,000 | ---D | M] -- C:\Users\claude\AppData\Roaming\Dev-Cpp
[2011/04/01 09:20:24 | 000,000,000 | ---D | M] -- C:\Users\claude\AppData\Roaming\FlashGet
[2011/04/01 09:20:22 | 000,000,000 | ---D | M] -- C:\Users\claude\AppData\Roaming\FlashGetBHO
[2011/07/09 13:09:57 | 000,000,000 | ---D | M] -- C:\Users\claude\AppData\Roaming\GetRightToGo
[2011/07/13 16:47:13 | 000,000,000 | ---D | M] -- C:\Users\claude\AppData\Roaming\go
[2011/07/11 09:47:33 | 000,000,000 | ---D | M] -- C:\Users\claude\AppData\Roaming\ijjigame
[2011/06/13 11:01:38 | 000,000,000 | ---D | M] -- C:\Users\claude\AppData\Roaming\Need for Speed World
[2011/04/01 08:55:33 | 000,000,000 | ---D | M] -- C:\Users\claude\AppData\Roaming\Notepad++
[2011/04/01 20:56:33 | 000,000,000 | ---D | M] -- C:\Users\claude\AppData\Roaming\ooVoo Details
[2011/04/06 20:33:44 | 000,000,000 | ---D | M] -- C:\Users\claude\AppData\Roaming\Research In Motion
[2011/08/01 15:00:33 | 000,000,000 | ---D | M] -- C:\Users\claude\AppData\Roaming\SpinTop
[2011/08/01 18:41:47 | 000,000,000 | ---D | M] -- C:\Users\claude\AppData\Roaming\Super-Cow
[2011/04/27 18:13:38 | 000,000,000 | ---D | M] -- C:\Users\claude\AppData\Roaming\Unity
[2011/07/08 11:22:43 | 000,032,596 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:60839224
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:43283EB6
@Alternate Data Stream - 106 bytes -> C:\ProgramData\Temp:AD4FECAB
@Alternate Data Stream - 106 bytes -> C:\ProgramData\Temp:036B992F

< End of report >

#2
RKinner

Posted 04 August 2011 - 11:35 AM

Malware Expert

Expert
13,200 posts

Copy the text between the lines of stars by highlighting and Ctrl + c

********************************************************************
:processes
killallprocesses

:OTL
[2011/04/03 21:46:43 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\claude\AppData\Roaming\Mozilla\Firefox\Profiles\jpprcmhg.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/07/10 13:25:57 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\claude\AppData\Roaming\Mozilla\Firefox\Profiles\jpprcmhg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
[2011/04/01 20:56:16 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\claude\AppData\Roaming\Mozilla\Firefox\Profiles\jpprcmhg.default\extensions\engine@conduit.com
[2011/07/10 13:27:06 | 000,000,000 | ---D | M] (Bandoo for Firefox) -- C:\Users\claude\AppData\Roaming\Mozilla\Firefox\Profiles\jpprcmhg.default\extensions\ffox@bandoo.com
[2011/08/03 15:05:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\claude\AppData\Roaming\Mozilla\Firefox\Profiles\jpprcmhg.default\extensions\ffxtlbr@Facemoods.com
[2011/04/15 12:16:18 | 000,000,000 | ---D | M] (GameBox) -- C:\Users\claude\AppData\Roaming\Mozilla\Firefox\Profiles\jpprcmhg.default\extensions\gamebox@toolbar
[2011/03/23 17:45:10 | 000,000,935 | ---- | M] () -- C:\Users\claude\AppData\Roaming\Mozilla\Firefox\Profiles\jpprcmhg.default\searchplugins\conduit.xml
[2011/04/16 07:14:28 | 000,009,946 | ---- | M] () -- C:\Users\claude\AppData\Roaming\Mozilla\Firefox\Profiles\jpprcmhg.default\searchplugins\Retrogamer_2z.xml
[2011/07/10 13:25:53 | 000,002,501 | ---- | M] () -- C:\Users\claude\AppData\Roaming\Mozilla\Firefox\Profiles\jpprcmhg.default\searchplugins\SearchResults.xml
[2011/04/26 07:48:37 | 000,000,000 | ---- | M] () -- C:\Users\claude\AppData\Roaming\Mozilla\Firefox\Profiles\jpprcmhg.default\searchplugins\SoccerInferno.xml
File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64}
[2011/08/03 15:15:21 | 000,000,000 | ---D | M] (No name found) -- C:\PROGRAM FILES (X86)\RETROGAMER_2Z\BAR\1.BIN
File not found (No name found) -- C:\PROGRAM FILES (X86)\SOCCERINFERNO\BAR\1.BIN
[2011/05/09 10:15:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/07/08 23:00:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - File not found
O2:64bit: - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\IEBHO.dll (Bandoo Media, inc)
O2 - BHO: (The blinkx Toolbar) - {0069B690-7A2B-41C5-98CA-9F535B4C8532} - C:\Program Files (x86)\blinkx Remote Toolbar\the_blinkx_bho.dll ()
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (ALOT Toolbar Helper) - {14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} - C:\Program Files (x86)\alot\bin\BHO\alotBHO.dll (Vertro)
O2 - BHO: (ShoppingReport2) - {258C9770-1713-4021-8D7E-1F184A2BD754} - File not found
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - File not found
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
O2 - BHO: (FlashGetBHO) - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\claude\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll (Trend Media Group)
O2 - BHO: (ooVoo Video Chat Toolbar) - {e5a1e26f-0d1d-4307-868f-fbd9a374ab54} - C:\Program Files (x86)\ooVoo_Video_Chat\prxtbooVo.dll (Conduit Ltd.)
O2 - BHO: (BandooIEPlugin Class) - {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - C:\Program Files (x86)\Bandoo\Plugins\IE\ieplugin.dll (Bandoo Media Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ALOT Toolbar) - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files (x86)\alot\bin\alot.dll (Vertro)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - File not found
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (ooVoo Video Chat Toolbar) - {e5a1e26f-0d1d-4307-868f-fbd9a374ab54} - C:\Program Files (x86)\ooVoo_Video_Chat\prxtbooVo.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (The blinkx Toolbar) - {E5A1ECE5-3E3D-4FE7-8447-78CB1FD377C6} - C:\Program Files (x86)\blinkx Remote Toolbar\the_blinkx_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [20356661-loader2.exe] C:\Windows\Temp\20356661-loader2.exe ()
O4 - HKLM..\Run: [4177812.exe] C:\Windows\Temp\4177812.exe ()
O4 - HKLM..\Run: [4987444.exe] C:\Windows\TEMP\4987444.exe ()
O4 - HKLM..\Run: [952688.exe] C:\Windows\Temp\952688.exe ()
O4 - HKLM..\Run: [avast] File not found
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
O4 - HKLM..\Run: [l1rezerv.exe] C:\Windows\l1rezerv.exe ()
O4 - HKLM..\Run: [sysdriver32.exe] C:\Windows\sysdriver32.exe ()
O4 - HKLM..\Run: [sysdriver32_.exe] C:\Windows\sysdriver32_.exe ()
O4 - HKLM..\Run: [systemup] C:\Windows\systemup.exe ()
O4 - HKLM..\Run: [tray_ico] File not found
O4 - HKLM..\Run: [tray_ico0] C:\Windows\update.tray-7-0\svchost.exe ()
O4 - HKLM..\Run: [tray_ico1] File not found
O4 - HKLM..\Run: [tray_ico2] File not found
O4 - HKLM..\Run: [tray_ico3] File not found
O4 - HKLM..\Run: [tray_ico4] File not found
O4 - HKLM..\Run: [w_distrib.exe] C:\Windows\update.3\svchost.exe ()
O4 - HKLM..\Run: [wxpdrv] C:\Windows\services32.exe ()
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [blinkx_toolbar] C:\Program Files (x86)\blinkx Remote Toolbar\the_blinkx_toolbar.exe ()
O4 - HKCU..\Run: [ciedeih] File not found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI3C8A~1\Datamngr\x64\datamngr.dll) - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\datamngr.dll (Bandoo Media, inc)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI3C8A~1\Datamngr\x64\IEBHO.dll) - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\IEBHO.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (c:\progra~2\wi3c8a~1\datamngr\datamngr.dll) - c:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (c:\progra~2\wi3c8a~1\datamngr\iebho.dll) - c:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (c:\progra~2\bandoo\bndhook.dll) - c:\Program Files (x86)\Bandoo\BndHook.dll (Discordia Limited)
O31 - SafeBoot: AlternateShell - services32.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\PsychoLauncher.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\Autorun.exe
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\Autorun.exe

:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
C:\Windows\update.4.1
C:\Windows\update.5.0
C:\Windows\update.3
C:\Windows\update.tray-7-0-lnk
C:\Windows\update.1

:Commands
[purity]
[Reboot]

*******************************************************************

then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done.

Save the log and copy and paste it to a reply.

If one of the following will not run then just skip to the next one then go back and try the things that wouldn't run again after finishing the others.

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

Rightclick on Malwarebytes' Anti-Malware and select Run As Administrator and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.

* Once the program has loaded, select Perform Quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.

ComboFix

You must first uninstall AVG before running Combofix then download and run the AVG removal tool.
http://download.avg....6_2011_1322.exe

:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html

Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.

* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then right click and Run as Administrator

If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Download aswMBR.exe ( 511KB ) to your desktop.

Right click and Run As Administrator the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan (Note if the Fix button is enabled and tell me) click save log, save it to your desktop and post in your next reply
Posted Image

Open OTL again and select the All option in the Extra Registry group then the Run Scan button. Post the two logs it produces in your next reply.

Ron

#3
the_student

Posted 12 August 2011 - 10:47 AM

New Member

Member
7 posts

thank you for replying to my post i followed the step you sent me and no change
first otl report

========== PROCESSES ==========
All processes killed
========== OTL ==========
C:\Users\claude\AppData\Roaming\Mozilla\Firefox\Profiles\jpprcmhg.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\META-INF folder moved successfully.
C:\Users\claude\AppData\Roaming\Mozilla\Firefox\Profiles\jpprcmhg.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\defaults\preferences folder moved successfully.
C:\Users\claude\AppData\Roaming\Mozilla\Firefox\Profiles\jpprcmhg.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\defaults folder moved successfully.
C:\Users\claude\AppData\Roaming\Mozilla\Firefox\Profiles\jpprcmhg.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components folder moved successfully.
C:\Users\claude\AppData\Roaming\Mozilla\Firefox\Profiles\jpprcmhg.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\chrome folder moved successfully.
C:\Users\claude\AppData\Roaming\Mozilla\Firefox\Profiles\jpprcmhg.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} folder moved successfully.
C:\Users\claude\AppData\Roaming\Mozilla\Firefox\Profiles\jpprcmhg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\components folder moved successfully.
C:\Users\claude\AppData\Roaming\Mozilla\Firefox\Profiles\jpprcmhg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\searchbar folder moved successfully.
C:\Users\claude\AppData\Roaming\Mozilla\Firefox\Profiles\jpprcmhg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\options folder moved successfully.
C:\Users\claude\AppData\Roaming\Mozilla\Firefox\Profiles\jpprcmhg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels\images folder moved successfully.
C:\Users\claude\AppData\Roaming\Mozilla\Firefox\Profiles\jpprcmhg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels folder moved successfully.
C:\Users\claude\AppData\Roaming\Mozilla\Firefox\Profiles\jpprcmhg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\icons folder moved successfully.
C:\Users\claude\AppData\Roaming\Mozilla\Firefox\Profiles\jpprcmhg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton folder moved successfully.
C:\Users\claude\AppData\Roaming\Mozilla\Firefox\Profiles\jpprcmhg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\uwa folder moved successfully.
C:\Users\claude\AppData\Roaming\Mozilla\Firefox\Profiles\jpprcmhg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images folder moved successfully.
C:\Users\claude\AppData\Roaming\Mozilla\Firefox\Profiles\jpprcmhg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\css folder moved successfully.
C:\Users\claude\AppData\Roaming\Mozilla\Firefox\Profiles\jpprcmhg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio folder moved successfully.
C:\Users\claude\AppData\Roaming\Mozilla\Firefox\Profiles\jpprcmhg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images folder moved successfully.
C:\Users\claude\AppData\Roaming\Mozilla\Firefox\Profiles\jpprcmhg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\scripts folder moved successfully.
C:\Users\claude\AppData\Roaming\Mozilla\Firefox\Profiles\jpprcmhg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\images folder moved successfully.
C:\Users\claude\AppData\Roaming\Mozilla\Firefox\Profiles\jpprcmhg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\css folder moved successfully.
C:\Users\claude\AppData\Roaming\Mozilla\Firefox\Profiles\jpprcmhg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default folder moved successfully.
C:\Users\claude\AppData\Roaming\Mozilla\Firefox\Profiles\jpprcmhg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\css folder moved successfully.
C:\Users\claude\AppData\Roaming\Mozilla\Firefox\Profiles\jpprcmhg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels folder moved successfully.
C:\Users\claude\AppData\Roaming\Mozilla\Firefox\Profiles\jpprcmhg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib folder moved successfully.
C:\Users\claude\AppData\Roaming\Mozilla\Firefox\Profiles\jpprcmhg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin folder moved successfully.
C:\Users\claude\AppData\Roaming\Mozilla\Firefox\Profiles\jpprcmhg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.PPCBully folder moved successfully.
C:\Users\claude\AppData\Roaming\Mozilla\Firefox\Profiles\jpprcmhg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\scripts folder moved successfully.
C:\Users\claude\AppData\Roaming\Mozilla\Firefox\Profiles\jpprcmhg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images folder moved successfully.
C:\Users\claude\AppData\Roaming\Mozilla\Firefox\Profiles\jpprcmhg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\css folder moved successfully.
C:\Users\claude\AppData\Roaming\Mozilla\Firefox\Profiles\jpprcmhg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin folder moved successfully.
C:\Users\claude\AppData\Roaming\Mozilla\Firefox\Profiles\jpprcmhg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.MyStartFacebook\js folder moved successfully.
C:\Users\claude\AppData\Roaming\Mozilla\Firefox\Profiles\jpprcmhg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.MyStartFacebook\images folder moved successfully.
C:\Users\claude\AppData\Roaming\Mozilla\Firefox\Profiles\jpprcmhg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.MyStartFacebook\css folder moved successfully.
C:\Users\claude\AppData\Roaming\Mozilla\Firefox\Profiles\jpprcmhg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.MyStartFacebook folder moved successfully.
C:\Users\claude\AppData\Roaming\Mozilla\Firefox\Profiles\jpprcmhg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\scripts folder moved successfully.
C:\Users\claude\AppData\Roaming\Mozilla\Firefox\Profiles\jpprcmhg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images folder moved successfully.
C:\Users\claude\AppData\Roaming\Mozilla\Firefox\Profiles\jpprcmhg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\css folder moved successfully.
C:\Users\claude\AppData\Roaming\Mozilla\Firefox\Profiles\jpprcmhg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.Coupons_v2\skin folder moved successfully.
C:\Users\claude\AppData\Roaming\Mozilla\Firefox\Profiles\jpprcmhg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.Coupons_v2\js folder moved successfully.
C:\Users\claude\AppData\Roaming\Mozilla\Firefox\Profiles\jpprcmhg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.Coupons_v2\images folder moved successfully.
C:\Users\claude\AppData\Roaming\Mozilla\Firefox\Profiles\jpprcmhg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.Coupons_v2\css folder moved successfully.
C:\Users\claude\AppData\Roaming\Mozilla\Firefox\Profiles\jpprcmhg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.Coupons_v2 folder moved successfully.
C:\Users\claude\AppData\Roaming\Mozilla\Firefox\Profiles\jpprcmhg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\com.djboxservice.dj.DJBox\thumbs folder moved successfully.
C:\Users\claude\AppData\Roaming\Mozilla\Firefox\Profiles\jpprcmhg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\com.djboxservice.dj.DJBox folder moved successfully.
C:\Users\claude\AppData\Roaming\Mozilla\Firefox\Profiles\jpprcmhg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets folder moved successfully.
C:\Users\claude\AppData\Roaming\Mozilla\Firefox\Profiles\jpprcmhg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\modules folder moved successfully.
C:\Users\claude\AppData\Roaming\Mozilla\Firefox\Profiles\jpprcmhg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\lib folder moved successfully.
C:\Users\claude\AppData\Roaming\Mozilla\Firefox\Profiles\jpprcmhg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\data\search folder moved successfully.
C:\Users\claude\AppData\Roaming\Mozilla\Firefox\Profiles\jpprcmhg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\data folder moved successfully.
C:\Users\claude\AppData\Roaming\Mozilla\Firefox\Profiles\jpprcmhg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content folder moved successfully.
C:\Users\claude\AppData\Roaming\Mozilla\Firefox\Profiles\jpprcmhg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome folder moved successfully.
C:\Users\claude\AppData\Roaming\Mozilla\Firefox\Profiles\jpprcmhg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} folder moved successfully.
C:\Users\claude\AppData\Roaming\Mozilla\Firefox\Profiles\jpprcmhg.default\extensions\engine@conduit.com\searchplugin folder moved successfully.
C:\Users\claude\AppData\Roaming\Mozilla\Firefox\Profiles\jpprcmhg.default\extensions\engine@conduit.com\META-INF folder moved successfully.
C:\Users\claude\AppData\Roaming\Mozilla\Firefox\Profiles\jpprcmhg.default\extensions\engine@conduit.com\lib folder moved successfully.
C:\Users\claude\AppData\Roaming\Mozilla\Firefox\Profiles\jpprcmhg.default\extensions\engine@conduit.com\DualPackage folder moved successfully.
C:\Users\claude\AppData\Roaming\Mozilla\Firefox\Profiles\jpprcmhg.default\extensions\engine@conduit.com\defaults folder moved successfully.
C:\Users\claude\AppData\Roaming\Mozilla\Firefox\Profiles\jpprcmhg.default\extensions\engine@conduit.com\components folder moved successfully.
C:\Users\claude\AppData\Roaming\Mozilla\Firefox\Profiles\jpprcmhg.default\extensions\engine@conduit.com\chrome folder moved successfully.
C:\Users\claude\AppData\Roaming\Mozilla\Firefox\Profiles\jpprcmhg.default\extensions\engine@conduit.com folder moved successfully.
C:\Users\claude\AppData\Roaming\Mozilla\Firefox\Profiles\jpprcmhg.default\extensions\ffox@bandoo.com\content\creatives folder moved successfully.
C:\Users\claude\AppData\Roaming\Mozilla\Firefox\Profiles\jpprcmhg.default\extensions\ffox@bandoo.com\content folder moved successfully.
C:\Users\claude\AppData\Roaming\Mozilla\Firefox\Profiles\jpprcmhg.default\extensions\ffox@bandoo.com\components folder moved successfully.
C:\Users\claude\AppData\Roaming\Mozilla\Firefox\Profiles\jpprcmhg.default\extensions\ffox@bandoo.com folder moved successfully.
Folder C:\Users\claude\AppData\Roaming\Mozilla\Firefox\Profiles\jpprcmhg.default\extensions\ffxtlbr@Facemoods.com\ not found.
C:\Users\claude\AppData\Roaming\Mozilla\Firefox\Profiles\jpprcmhg.default\extensions\gamebox@toolbar\modules folder moved successfully.
C:\Users\claude\AppData\Roaming\Mozilla\Firefox\Profiles\jpprcmhg.default\extensions\gamebox@toolbar\locale\en-US folder moved successfully.
C:\Users\claude\AppData\Roaming\Mozilla\Firefox\Profiles\jpprcmhg.default\extensions\gamebox@toolbar\locale folder moved successfully.
C:\Users\claude\AppData\Roaming\Mozilla\Firefox\Profiles\jpprcmhg.default\extensions\gamebox@toolbar\components\FF4 folder moved successfully.
C:\Users\claude\AppData\Roaming\Mozilla\Firefox\Profiles\jpprcmhg.default\extensions\gamebox@toolbar\components folder moved successfully.
C:\Users\claude\AppData\Roaming\Mozilla\Firefox\Profiles\jpprcmhg.default\extensions\gamebox@toolbar\chrome folder moved successfully.
C:\Users\claude\AppData\Roaming\Mozilla\Firefox\Profiles\jpprcmhg.default\extensions\gamebox@toolbar folder moved successfully.
C:\Users\claude\AppData\Roaming\Mozilla\Firefox\Profiles\jpprcmhg.default\searchplugins\conduit.xml moved successfully.
C:\Users\claude\AppData\Roaming\Mozilla\Firefox\Profiles\jpprcmhg.default\searchplugins\Retrogamer_2z.xml moved successfully.
C:\Users\claude\AppData\Roaming\Mozilla\Firefox\Profiles\jpprcmhg.default\searchplugins\SearchResults.xml moved successfully.
C:\Users\claude\AppData\Roaming\Mozilla\Firefox\Profiles\jpprcmhg.default\searchplugins\SoccerInferno.xml moved successfully.
Folder C:\PROGRAM FILES (X86)\RETROGAMER_2Z\BAR\1.BIN\ not found.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} folder moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\ deleted successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\IEBHO.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0069B690-7A2B-41C5-98CA-9F535B4C8532}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0069B690-7A2B-41C5-98CA-9F535B4C8532}\ deleted successfully.
C:\Program Files (x86)\blinkx Remote Toolbar\the_blinkx_bho.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6}\ deleted successfully.
C:\Program Files (x86)\alot\bin\BHO\alotBHO.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{258C9770-1713-4021-8D7E-1F184A2BD754}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{258C9770-1713-4021-8D7E-1F184A2BD754}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\ deleted successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\IEBHO.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0}\ deleted successfully.
C:\Users\claude\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e5a1e26f-0d1d-4307-868f-fbd9a374ab54}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e5a1e26f-0d1d-4307-868f-fbd9a374ab54}\ deleted successfully.
C:\Program Files (x86)\ooVoo_Video_Chat\prxtbooVo.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EB5CEE80-030A-4ED8-8E20-454E9C68380F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EB5CEE80-030A-4ED8-8E20-454E9C68380F}\ deleted successfully.
C:\Program Files (x86)\Bandoo\Plugins\IE\ieplugin.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}\ deleted successfully.
C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5AA2BA46-9913-4dc7-9620-69AB0FA17AE7}\ deleted successfully.
C:\Program Files (x86)\alot\bin\alot.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
File C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{e5a1e26f-0d1d-4307-868f-fbd9a374ab54} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e5a1e26f-0d1d-4307-868f-fbd9a374ab54}\ not found.
File C:\Program Files (x86)\ooVoo_Video_Chat\prxtbooVo.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{E5A1ECE5-3E3D-4FE7-8447-78CB1FD377C6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E5A1ECE5-3E3D-4FE7-8447-78CB1FD377C6}\ deleted successfully.
C:\Program Files (x86)\blinkx Remote Toolbar\the_blinkx_toolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
File C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\20356661-loader2.exe deleted successfully.
C:\Windows\Temp\20356661-loader2.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\4177812.exe deleted successfully.
C:\Windows\Temp\4177812.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\4987444.exe deleted successfully.
C:\Windows\Temp\4987444.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\952688.exe deleted successfully.
C:\Windows\Temp\952688.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\avast deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DATAMNGR deleted successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\l1rezerv.exe deleted successfully.
C:\Windows\l1rezerv.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\sysdriver32.exe deleted successfully.
C:\Windows\sysdriver32.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\sysdriver32_.exe deleted successfully.
C:\Windows\sysdriver32_.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\systemup deleted successfully.
C:\Windows\systemup.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tray_ico deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tray_ico0 deleted successfully.
C:\Windows\update.tray-7-0\svchost.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tray_ico1 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tray_ico2 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tray_ico3 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tray_ico4 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\w_distrib.exe deleted successfully.
C:\Windows\update.3\svchost.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\wxpdrv deleted successfully.
C:\Windows\services32.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\blinkx_toolbar deleted successfully.
C:\Program Files (x86)\blinkx Remote Toolbar\the_blinkx_toolbar.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ciedeih deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\WI3C8A~1\Datamngr\x64\datamngr.dll deleted successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\datamngr.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\WI3C8A~1\Datamngr\x64\IEBHO.dll deleted successfully.
File C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\IEBHO.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~2\wi3c8a~1\datamngr\datamngr.dll deleted successfully.
c:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngr.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~2\wi3c8a~1\datamngr\iebho.dll deleted successfully.
File c:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\IEBHO.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~2\bandoo\bndhook.dll deleted successfully.
c:\Program Files (x86)\Bandoo\BndHook.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\\AlternateShell deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File F:\PsychoLauncher.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found.
File G:\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ not found.
File H:\Autorun.exe not found.
========== FILES ==========
< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >
0 File(s) copied
C:\Users\claude\Downloads\cmd.bat deleted successfully.
C:\Users\claude\Downloads\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >
0 File(s) copied
C:\Users\claude\Downloads\cmd.bat deleted successfully.
C:\Users\claude\Downloads\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C >
0 File(s) copied
C:\Users\claude\Downloads\cmd.bat deleted successfully.
C:\Users\claude\Downloads\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >
0 File(s) copied
C:\Users\claude\Downloads\cmd.bat deleted successfully.
C:\Users\claude\Downloads\cmd.txt deleted successfully.
C:\Windows\update.4.1 folder moved successfully.
C:\Windows\update.5.0 folder moved successfully.
C:\Windows\update.3 folder moved successfully.
C:\Windows\update.tray-7-0-lnk folder moved successfully.
C:\Windows\update.1 folder moved successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.26.1 log created on 08112011_064956

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

the malwarebytes report

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7434

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

8/11/2011 7:12:14 AM
mbam-log-2011-08-11 (07-12-14).txt

Scan type: Quick scan
Objects scanned: 175734
Time elapsed: 8 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 59
Registry Values Infected: 3
Registry Data Items Infected: 3
Folders Infected: 14
Files Infected: 73

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{1602F07D-8BF3-4c08-BDD6-DDDB1C48AEDC} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{C55CA95C-324B-451c-B2D2-6E895AA75FEC} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{30B15818-E110-4527-9C05-46ACE5A3460D} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ClickPotatoLiteAX.info.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ClickPotatoLiteAX.info (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1602F07D-8BF3-4C08-BDD6-DDDB1C48AEDC} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3E2DFD6A-4E20-4D4C-AA8B-E1F9DBEF3C80} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{F244A744-534D-4A46-855F-C0C7E9F27DAA} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{030C9927-10FC-4169-97A2-55BECD5D88D8} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport2.IEButton.1 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport2.IEButton (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{714E0876-FCEE-49CE-A429-B9AD8AEFCB56} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport2.IEButtonA.1 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport2.IEButtonA (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{AC6D819E-AA8F-4418-A3BB-D165C1B18BB5} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ClickPotatoLiteAX.UserProfiles.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ClickPotatoLiteAX.UserProfiles (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AC6D819E-AA8F-4418-A3BB-D165C1B18BB5} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport2.HbInfoBand.1 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport2.HbInfoBand (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{DD15BCC0-5FE9-4690-A957-99FA60ED9D26} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport2.HbAx.1 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport2.HbAx (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3277CD27-4001-4EF8-9D96-C6CA745AC2F9} (Adware.7FaSSt) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{38493F7F-2922-4C6C-9A9A-8DA2C940D0EE} (Adware.7FaSSt) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{B035BA6B-57CD-4F72-B545-65BE465FCAF6} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{D44FD6F0-9746-484E-B5C4-C66688393872} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{0EB3F101-224A-4B2B-9E5B-DF720857529C} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{258C9770-1713-4021-8D7E-1F184A2BD754} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{258C9770-1713-4021-8D7E-1F184A2BD754} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB38E21A-0133-419D-92AD-ECDFD5244D6D} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{DB38E21A-0133-419D-92AD-ECDFD5244D6D} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EB620C54-E229-4942-87CE-E717109FC8C6} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EB620C54-E229-4942-87CE-E717109FC8C6} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{69725738-CD68-4f36-8D02-8C43722EE5DA} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MenuButtonIE.ButtonIE (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MenuButtonIE.ButtonIE.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport2.RprtCtrl (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport2.RprtCtrl.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\MenuButtonIE.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\clickpotatolitesa (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\ShoppingReport2 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ClickPotatoLite (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ScanQuery (Adware.ScanQuery) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ShoppingReport2 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\sysdriver32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\systeminfog (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\SERVICES32.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\wxpdrivers (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvbtcclient (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvsysdriver32 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WXPDRIVERS (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\ClickPotatoLite@ClickPotatoLite.com (Adware.ClickPotato) -> Value: ClickPotatoLite@ClickPotatoLite.com -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Services32.exe\close (Trojan.Agent) -> Value: close -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wxpDrivers\ImagePath (Trojan.Agent) -> Value: ImagePath -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
c:\Windows\rpcminer (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\programdata\2aca5cc3-0f83-453d-a079-1076fe1a8b65 (Adware.Seekmo) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\Users\claude\AppData\Roaming\clickpotatolite (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files (x86)\clickpotatolite (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files (x86)\clickpotatolite\bin (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files (x86)\clickpotatolite\bin\10.0.668.0 (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files (x86)\clickpotatolite\bin\10.0.668.0\firefox (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files (x86)\clickpotatolite\bin\10.0.668.0\firefox\extensions (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files (x86)\clickpotatolite\bin\10.0.668.0\firefox\extensions\plugins (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files (x86)\shoppingreport2 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
c:\program files (x86)\shoppingreport2\Bin (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
c:\program files (x86)\shoppingreport2\Bin\2.7.34 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\clickpotato (Adware.ClickPotato) -> Quarantined and deleted successfully.

Files Infected:
c:\Users\claude\AppData\Local\Temp\btc_server.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\claude\AppData\Local\Temp\client_8.exe (Trojan.Agent.H) -> Quarantined and deleted successfully.
c:\Users\claude\AppData\Local\Temp\flash32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\claude\AppData\Local\Temp\iecheck11.exe (Trojan.VkHost) -> Quarantined and deleted successfully.
c:\Users\claude\AppData\Local\Temp\loader2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\claude\AppData\Local\Temp\loader_1000.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\claude\AppData\Local\Temp\loader_rezerv.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\claude\AppData\Local\Temp\myrar.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\claude\AppData\Local\Temp\myunrar2.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Users\claude\AppData\Local\Temp\resetsr.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\claude\AppData\Local\Temp\udp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\1321367.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\1703273.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\1791656.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\1860158.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\1900508.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\2293265.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\2517321.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\2593667.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\30208686.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Temp\3302003.exe (Trojan.Agent.H) -> Quarantined and deleted successfully.
c:\Windows\Temp\5200902.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\54276_myunrar2.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Windows\Temp\5894764.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\6108990.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\7725731.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\8358202.exe (Trojan.Downloader.H) -> Quarantined and deleted successfully.
c:\Windows\Temp\890342.exe (Trojan.Agent.H) -> Quarantined and deleted successfully.
c:\Windows\Temp\9114487.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\9565558.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\btc_server.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\client_8.exe (Trojan.Agent.H) -> Quarantined and deleted successfully.
c:\Windows\Temp\flash32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\loader2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\loader_rezerv.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\myrar.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\myunrar2.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Windows\Temp\resetsr.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\udp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\2159410.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\3427187.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\3659872.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\5362293.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\6531254.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\6688469.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\7524269.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\8784612.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\9911247.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\458952376.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
c:\Windows\update.2\svchost.exe (Backdoor.Agent) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\bitcoinmineropencl.cl (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\bitcoinminercuda_10.cubin (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\bitcoinminercuda_11.cubin (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\bitcoinminercuda_20.cubin (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\cudart32_32_16.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\curllib.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\libeay32.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\libsasl.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\openldap.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\rpcminer-4way.exe (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\rpcminer-cpu.exe (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\rpcminer-cuda.exe (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\rpcminer-opencl.exe (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\ssleay32.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa\clickpotatolitesa.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa\clickpotatolitesaabout.mht (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa\clickpotatolitesaau.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa\clickpotatolitesaeula.mht (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa\clickpotatolitesa_kyf_update.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files (x86)\clickpotatolite\bin\10.0.668.0\firefox\extensions\install.rdf (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\clickpotato\About Us.lnk (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\clickpotato\clickpotato customer support.lnk (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\clickpotato\clickpotato uninstall instructions.lnk (Adware.ClickPotato) -> Quarantined and deleted successfully.

the tdsskiller report and i dont see any fix button

2011/08/12 09:29:44.0630 4272 TDSS rootkit removing tool 2.5.15.0 Aug 11 2011 16:32:13
2011/08/12 09:29:44.0973 4272 ================================================================================
2011/08/12 09:29:44.0973 4272 SystemInfo:
2011/08/12 09:29:44.0973 4272
2011/08/12 09:29:44.0973 4272 OS Version: 6.1.7600 ServicePack: 0.0
2011/08/12 09:29:44.0973 4272 Product type: Workstation
2011/08/12 09:29:44.0973 4272 ComputerName: CLAUDE-HP
2011/08/12 09:29:44.0973 4272 UserName: claude
2011/08/12 09:29:44.0973 4272 Windows directory: C:\Windows
2011/08/12 09:29:44.0973 4272 System windows directory: C:\Windows
2011/08/12 09:29:44.0973 4272 Running under WOW64
2011/08/12 09:29:44.0973 4272 Processor architecture: Intel x64
2011/08/12 09:29:44.0973 4272 Number of processors: 1
2011/08/12 09:29:44.0973 4272 Page size: 0x1000
2011/08/12 09:29:44.0973 4272 Boot type: Normal boot
2011/08/12 09:29:44.0973 4272 ================================================================================
2011/08/12 09:29:45.0254 4272 Initialize success
2011/08/12 09:29:49.0294 4044 ================================================================================
2011/08/12 09:29:49.0294 4044 Scan started
2011/08/12 09:29:49.0294 4044 Mode: Manual;
2011/08/12 09:29:49.0294 4044 ================================================================================
2011/08/12 09:29:50.0433 4044 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/08/12 09:29:50.0495 4044 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2011/08/12 09:29:50.0558 4044 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/08/12 09:29:50.0620 4044 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/08/12 09:29:50.0729 4044 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/08/12 09:29:50.0792 4044 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/08/12 09:29:50.0932 4044 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
2011/08/12 09:29:51.0026 4044 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/08/12 09:29:51.0228 4044 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2011/08/12 09:29:51.0260 4044 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/08/12 09:29:51.0322 4044 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/08/12 09:29:51.0384 4044 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/08/12 09:29:51.0494 4044 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
2011/08/12 09:29:51.0572 4044 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/08/12 09:29:51.0618 4044 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
2011/08/12 09:29:51.0712 4044 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/08/12 09:29:51.0852 4044 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/08/12 09:29:51.0884 4044 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/08/12 09:29:51.0993 4044 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/08/12 09:29:52.0040 4044 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/08/12 09:29:52.0149 4044 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/08/12 09:29:52.0211 4044 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/08/12 09:29:52.0336 4044 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/08/12 09:29:52.0414 4044 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/08/12 09:29:52.0476 4044 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
2011/08/12 09:29:52.0523 4044 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/08/12 09:29:52.0601 4044 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/08/12 09:29:52.0664 4044 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/08/12 09:29:52.0695 4044 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/08/12 09:29:52.0726 4044 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/08/12 09:29:52.0757 4044 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/08/12 09:29:52.0820 4044 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/08/12 09:29:52.0913 4044 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/08/12 09:29:52.0991 4044 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/08/12 09:29:53.0069 4044 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/08/12 09:29:53.0132 4044 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/08/12 09:29:53.0210 4044 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/08/12 09:29:53.0256 4044 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2011/08/12 09:29:53.0303 4044 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/08/12 09:29:53.0366 4044 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/08/12 09:29:53.0428 4044 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/08/12 09:29:53.0490 4044 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/08/12 09:29:53.0584 4044 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
2011/08/12 09:29:53.0631 4044 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/08/12 09:29:53.0678 4044 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/08/12 09:29:53.0756 4044 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/08/12 09:29:53.0958 4044 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
2011/08/12 09:29:54.0068 4044 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/08/12 09:29:54.0255 4044 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/08/12 09:29:54.0302 4044 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/08/12 09:29:54.0364 4044 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/08/12 09:29:54.0489 4044 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/08/12 09:29:54.0582 4044 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/08/12 09:29:54.0645 4044 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/08/12 09:29:54.0676 4044 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/08/12 09:29:54.0754 4044 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/08/12 09:29:54.0816 4044 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/08/12 09:29:54.0879 4044 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/08/12 09:29:54.0910 4044 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/08/12 09:29:55.0050 4044 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/08/12 09:29:55.0128 4044 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/08/12 09:29:55.0238 4044 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/08/12 09:29:55.0284 4044 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2011/08/12 09:29:55.0347 4044 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/08/12 09:29:55.0378 4044 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/08/12 09:29:55.0425 4044 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/08/12 09:29:55.0472 4044 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/08/12 09:29:55.0534 4044 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/08/12 09:29:55.0659 4044 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/08/12 09:29:55.0752 4044 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/08/12 09:29:55.0799 4044 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/08/12 09:29:55.0862 4044 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/08/12 09:29:55.0940 4044 iaStor (1384872112e8e7fd5786eceb8bddf4c9) C:\Windows\system32\DRIVERS\iaStor.sys
2011/08/12 09:29:56.0002 4044 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
2011/08/12 09:29:56.0252 4044 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys
2011/08/12 09:29:56.0610 4044 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/08/12 09:29:56.0751 4044 IntcAzAudAddService (b88e24bd77a0ce2cffee2facf1151be0) C:\Windows\system32\drivers\RTKVHD64.sys
2011/08/12 09:29:56.0813 4044 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/08/12 09:29:56.0860 4044 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/08/12 09:29:56.0907 4044 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/08/12 09:29:56.0969 4044 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/08/12 09:29:57.0000 4044 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/08/12 09:29:57.0063 4044 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/08/12 09:29:57.0125 4044 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/08/12 09:29:57.0172 4044 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/08/12 09:29:57.0234 4044 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/08/12 09:29:57.0266 4044 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/08/12 09:29:57.0312 4044 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/08/12 09:29:57.0375 4044 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2011/08/12 09:29:57.0422 4044 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/08/12 09:29:57.0500 4044 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/08/12 09:29:57.0578 4044 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/08/12 09:29:57.0609 4044 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/08/12 09:29:57.0640 4044 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/08/12 09:29:57.0687 4044 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/08/12 09:29:57.0734 4044 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/08/12 09:29:57.0812 4044 MBAMProtector (9c4fb231b6e02f84580de2f00f3c5293) C:\Windows\system32\drivers\mbam.sys
2011/08/12 09:29:57.0890 4044 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/08/12 09:29:57.0936 4044 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/08/12 09:29:58.0014 4044 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/08/12 09:29:58.0061 4044 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/08/12 09:29:58.0124 4044 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/08/12 09:29:58.0202 4044 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/08/12 09:29:58.0233 4044 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/08/12 09:29:58.0264 4044 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2011/08/12 09:29:58.0311 4044 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/08/12 09:29:58.0358 4044 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/08/12 09:29:58.0420 4044 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/08/12 09:29:58.0514 4044 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/08/12 09:29:58.0560 4044 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/08/12 09:29:58.0607 4044 msahci (5e939cf91ea4a841dbafe4627e0292bb) C:\Windows\system32\DRIVERS\msahci.sys
2011/08/12 09:29:58.0654 4044 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2011/08/12 09:29:58.0716 4044 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/08/12 09:29:58.0763 4044 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/08/12 09:29:58.0794 4044 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/08/12 09:29:58.0857 4044 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/08/12 09:29:58.0904 4044 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/08/12 09:29:58.0950 4044 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/08/12 09:29:58.0997 4044 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/08/12 09:29:59.0060 4044 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/08/12 09:29:59.0091 4044 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/08/12 09:29:59.0138 4044 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/08/12 09:29:59.0169 4044 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/08/12 09:29:59.0247 4044 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/08/12 09:29:59.0309 4044 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/08/12 09:29:59.0356 4044 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/08/12 09:29:59.0418 4044 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/08/12 09:29:59.0450 4044 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/08/12 09:29:59.0481 4044 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/08/12 09:29:59.0543 4044 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/08/12 09:29:59.0574 4044 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/08/12 09:29:59.0621 4044 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/08/12 09:29:59.0808 4044 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
2011/08/12 09:30:00.0027 4044 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/08/12 09:30:00.0089 4044 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/08/12 09:30:00.0214 4044 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/08/12 09:30:00.0308 4044 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
2011/08/12 09:30:00.0370 4044 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/08/12 09:30:00.0432 4044 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
2011/08/12 09:30:00.0495 4044 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
2011/08/12 09:30:00.0573 4044 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/08/12 09:30:00.0604 4044 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/08/12 09:30:00.0698 4044 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/08/12 09:30:00.0807 4044 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/08/12 09:30:00.0869 4044 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2011/08/12 09:30:00.0916 4044 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2011/08/12 09:30:00.0947 4044 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/08/12 09:30:00.0994 4044 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/08/12 09:30:01.0041 4044 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/08/12 09:30:01.0212 4044 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/08/12 09:30:01.0259 4044 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/08/12 09:30:01.0337 4044 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/08/12 09:30:01.0400 4044 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/08/12 09:30:01.0462 4044 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/08/12 09:30:01.0493 4044 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/08/12 09:30:01.0540 4044 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/08/12 09:30:01.0602 4044 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/08/12 09:30:01.0649 4044 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/08/12 09:30:01.0696 4044 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/08/12 09:30:01.0727 4044 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/08/12 09:30:01.0790 4044 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/08/12 09:30:01.0836 4044 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/08/12 09:30:01.0868 4044 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/08/12 09:30:01.0930 4044 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/08/12 09:30:01.0977 4044 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/08/12 09:30:02.0008 4044 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/08/12 09:30:02.0055 4044 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2011/08/12 09:30:02.0148 4044 RimUsb (71700b4c5797da5412e9250e26894586) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
2011/08/12 09:30:02.0226 4044 RimVSerPort (c903d49655b4aae46673f0aaa6be0f58) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
2011/08/12 09:30:02.0258 4044 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys
2011/08/12 09:30:02.0336 4044 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/08/12 09:30:02.0382 4044 RTL8167 (4fbda07ef0a3097ce14c5cabf723b278) C:\Windows\system32\DRIVERS\Rt64win7.sys
2011/08/12 09:30:02.0507 4044 rtl8192se (cd8f32bb993b98e6705f11504a7f7250) C:\Windows\system32\DRIVERS\rtl8192se.sys
2011/08/12 09:30:02.0570 4044 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/08/12 09:30:02.0632 4044 SCDEmu (6ce6f98ea3d07a9c2ce3cd0a5a86352d) C:\Windows\system32\drivers\SCDEmu.sys
2011/08/12 09:30:02.0679 4044 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/08/12 09:30:02.0788 4044 sdbus (54e47ad086782d3ae9417c155cdceb9b) C:\Windows\system32\DRIVERS\sdbus.sys
2011/08/12 09:30:02.0850 4044 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/08/12 09:30:02.0944 4044 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/08/12 09:30:02.0991 4044 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/08/12 09:30:03.0038 4044 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/08/12 09:30:03.0474 4044 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/08/12 09:30:04.0052 4044 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/08/12 09:30:04.0145 4044 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/08/12 09:30:04.0208 4044 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/08/12 09:30:04.0364 4044 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/08/12 09:30:04.0410 4044 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/08/12 09:30:04.0598 4044 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/08/12 09:30:04.0707 4044 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/08/12 09:30:04.0956 4044 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
2011/08/12 09:30:05.0627 4044 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
2011/08/12 09:30:06.0002 4044 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
2011/08/12 09:30:07.0001 4044 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
2011/08/12 09:30:08.0250 4044 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
2011/08/12 09:30:09.0478 4044 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
2011/08/12 09:30:10.0149 4044 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/08/12 09:30:10.0590 4044 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/08/12 09:30:11.0610 4044 SynTP (868dfb220a18312a12cef01ba9ac069b) C:\Windows\system32\DRIVERS\SynTP.sys
2011/08/12 09:30:12.0288 4044 Tcpip (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\drivers\tcpip.sys
2011/08/12 09:30:13.0310 4044 TCPIP6 (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\DRIVERS\tcpip.sys
2011/08/12 09:30:13.0664 4044 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/08/12 09:30:13.0904 4044 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/08/12 09:30:14.0216 4044 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/08/12 09:30:14.0642 4044 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/08/12 09:30:15.0145 4044 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/08/12 09:30:15.0342 4044 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/08/12 09:30:15.0673 4044 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/08/12 09:30:15.0844 4044 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/08/12 09:30:15.0922 4044 udfs (c06e6f4679ceb8f430b90a51d76d8d3c) C:\Windows\system32\DRIVERS\udfs.sys
2011/08/12 09:30:16.0078 4044 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/08/12 09:30:16.0172 4044 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/08/12 09:30:16.0250 4044 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/08/12 09:30:16.0344 4044 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\drivers\usbccgp.sys
2011/08/12 09:30:16.0422 4044 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2011/08/12 09:30:16.0500 4044 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\DRIVERS\usbehci.sys
2011/08/12 09:30:16.0687 4044 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys
2011/08/12 09:30:16.0796 4044 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\drivers\usbohci.sys
2011/08/12 09:30:16.0890 4044 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/08/12 09:30:16.0983 4044 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/08/12 09:30:17.0046 4044 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/08/12 09:30:17.0482 4044 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/08/12 09:30:17.0576 4044 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/08/12 09:30:17.0654 4044 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/08/12 09:30:17.0826 4044 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/08/12 09:30:18.0278 4044 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2011/08/12 09:30:18.0730 4044 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/08/12 09:30:18.0777 4044 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/08/12 09:30:18.0824 4044 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2011/08/12 09:30:18.0886 4044 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/08/12 09:30:18.0933 4044 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/08/12 09:30:18.0980 4044 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/08/12 09:30:19.0058 4044 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
2011/08/12 09:30:19.0105 4044 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/08/12 09:30:19.0167 4044 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/12 09:30:19.0198 4044 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/12 09:30:19.0276 4044 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/08/12 09:30:19.0323 4044 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/08/12 09:30:19.0432 4044 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/08/12 09:30:19.0479 4044 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/08/12 09:30:19.0635 4044 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/08/12 09:30:19.0713 4044 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/08/12 09:30:19.0791 4044 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/08/12 09:30:19.0885 4044 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/08/12 09:30:20.0041 4044 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
2011/08/12 09:30:20.0150 4044 MBR (0x1B8) (9c0b8954ee92bf740373389175813818) \Device\Harddisk0\DR0
2011/08/12 09:30:20.0181 4044 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
2011/08/12 09:30:20.0228 4044 Boot (0x1200) (a6a8ca8a345bc9162f6448ad4ac6695a) \Device\Harddisk0\DR0\Partition0
2011/08/12 09:30:20.0259 4044 Boot (0x1200) (0f3c6bee4fcd3b5254ac7f6217913111) \Device\Harddisk0\DR0\Partition1
2011/08/12 09:30:20.0322 4044 Boot (0x1200) (be8de0c08cb30aae73122b3029483ac6) \Device\Harddisk0\DR0\Partition2
2011/08/12 09:30:20.0353 4044 Boot (0x1200) (bf97ed6bed256ef350189a967d97ab9e) \Device\Harddisk0\DR0\Partition3
2011/08/12 09:30:20.0368 4044 Boot (0x1200) (52eb00b20308b1345bf2379b97cc9b57) \Device\Harddisk1\DR1\Partition0
2011/08/12 09:30:20.0384 4044 ================================================================================
2011/08/12 09:30:20.0384 4044 Scan finished
2011/08/12 09:30:20.0384 4044 ================================================================================
2011/08/12 09:30:20.0400 3036 Detected object count: 0
2011/08/12 09:30:20.0400 3036 Actual detected object count: 0
2011/08/12 09:30:38.0731 1980 ================================================================================
2011/08/12 09:30:38.0731 1980 Scan started
2011/08/12 09:30:38.0731 1980 Mode: Manual;
2011/08/12 09:30:38.0731 1980 ================================================================================
2011/08/12 09:30:40.0040 1980 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/08/12 09:30:41.0095 1980 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2011/08/12 09:30:41.0431 1980 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/08/12 09:30:42.0082 1980 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/08/12 09:30:42.0756 1980 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/08/12 09:30:43.0801 1980 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/08/12 09:30:45.0892 1980 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
2011/08/12 09:30:46.0375 1980 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/08/12 09:30:46.0886 1980 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2011/08/12 09:30:47.0365 1980 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/08/12 09:30:47.0936 1980 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/08/12 09:30:48.0479 1980 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/08/12 09:30:49.0243 1980 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
2011/08/12 09:30:49.0836 1980 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/08/12 09:30:50.0647 1980 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
2011/08/12 09:30:51.0567 1980 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/08/12 09:30:52.0410 1980 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/08/12 09:30:53.0086 1980 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/08/12 09:30:53.0743 1980 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/08/12 09:30:54.0400 1980 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/08/12 09:30:56.0108 1980 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/08/12 09:30:57.0519 1980 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/08/12 09:30:59.0472 1980 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/08/12 09:31:00.0009 1980 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/08/12 09:31:00.0909 1980 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
2011/08/12 09:31:01.0562 1980 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/08/12 09:31:01.0922 1980 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/08/12 09:31:02.0164 1980 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/08/12 09:31:02.0336 1980 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/08/12 09:31:02.0413 1980 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/08/12 09:31:02.0483 1980 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/08/12 09:31:02.0557 1980 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/08/12 09:31:02.0860 1980 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/08/12 09:31:02.0914 1980 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/08/12 09:31:03.0285 1980 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/08/12 09:31:04.0159 1980 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/08/12 09:31:04.0457 1980 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/08/12 09:31:04.0504 1980 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2011/08/12 09:31:04.0906 1980 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/08/12 09:31:05.0506 1980 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/08/12 09:31:06.0169 1980 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/08/12 09:31:06.0546 1980 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/08/12 09:31:06.0718 1980 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
2011/08/12 09:31:06.0797 1980 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/08/12 09:31:06.0962 1980 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/08/12 09:31:07.0346 1980 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/08/12 09:31:07.0934 1980 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
2011/08/12 09:31:08.0865 1980 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/08/12 09:31:09.0335 1980 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/08/12 09:31:09.0390 1980 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/08/12 09:31:09.0635 1980 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/08/12 09:31:09.0749 1980 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/08/12 09:31:09.0880 1980 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/08/12 09:31:10.0022 1980 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/08/12 09:31:10.0095 1980 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/08/12 09:31:10.0350 1980 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/08/12 09:31:10.0485 1980 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/08/12 09:31:10.0689 1980 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/08/12 09:31:10.0777 1980 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/08/12 09:31:10.0884 1980 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/08/12 09:31:10.0973 1980 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/08/12 09:31:11.0050 1980 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/08/12 09:31:11.0201 1980 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2011/08/12 09:31:11.0263 1980 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/08/12 09:31:11.0310 1980 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/08/12 09:31:11.0591 1980 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/08/12 09:31:11.0731 1980 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/08/12 09:31:11.0872 1980 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/08/12 09:31:11.0950 1980 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/08/12 09:31:12.0199 1980 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/08/12 09:31:12.0293 1980 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/08/12 09:31:12.0340 1980 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/08/12 09:31:12.0605 1980 iaStor (1384872112e8e7fd5786eceb8bddf4c9) C:\Windows\system32\DRIVERS\iaStor.sys
2011/08/12 09:31:12.0777 1980 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
2011/08/12 09:31:14.0518 1980 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys
2011/08/12 09:31:14.0887 1980 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/08/12 09:31:15.0648 1980 IntcAzAudAddService (b88e24bd77a0ce2cffee2facf1151be0) C:\Windows\system32\drivers\RTKVHD64.sys
2011/08/12 09:31:16.0116 1980 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/08/12 09:31:16.0380 1980 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/08/12 09:31:16.0628 1980 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/08/12 09:31:16.0701 1980 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/08/12 09:31:16.0774 1980 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/08/12 09:31:16.0851 1980 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/08/12 09:31:16.0940 1980 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/08/12 09:31:17.0039 1980 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/08/12 09:31:17.0122 1980 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/08/12 09:31:17.0223 1980 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/08/12 09:31:17.0286 1980 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/08/12 09:31:17.0395 1980 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2011/08/12 09:31:17.0442 1980 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/08/12 09:31:17.0567 1980 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/08/12 09:31:17.0676 1980 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/08/12 09:31:17.0738 1980 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/08/12 09:31:17.0769 1980 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/08/12 09:31:17.0801 1980 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/08/12 09:31:17.0879 1980 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/08/12 09:31:17.0988 1980 MBAMProtector (9c4fb231b6e02f84580de2f00f3c5293) C:\Windows\system32\drivers\mbam.sys
2011/08/12 09:31:18.0050 1980 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/08/12 09:31:18.0113 1980 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/08/12 09:31:18.0206 1980 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/08/12 09:31:18.0253 1980 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/08/12 09:31:18.0300 1980 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/08/12 09:31:18.0331 1980 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/08/12 09:31:18.0378 1980 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/08/12 09:31:18.0425 1980 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2011/08/12 09:31:18.0487 1980 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/08/12 09:31:18.0581 1980 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/08/12 09:31:18.0690 1980 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/08/12 09:31:18.0877 1980 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/08/12 09:31:18.0939 1980 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/08/12 09:31:19.0034 1980 msahci (5e939cf91ea4a841dbafe4627e0292bb) C:\Windows\system32\DRIVERS\msahci.sys
2011/08/12 09:31:19.0088 1980 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2011/08/12 09:31:19.0164 1980 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/08/12 09:31:19.0207 1980 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/08/12 09:31:19.0261 1980 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/08/12 09:31:19.0321 1980 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/08/12 09:31:19.0382 1980 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/08/12 09:31:19.0426 1980 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/08/12 09:31:19.0476 1980 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/08/12 09:31:19.0603 1980 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/08/12 09:31:19.0733 1980 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/08/12 09:31:19.0792 1980 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/08/12 09:31:20.0115 1980 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/08/12 09:31:20.0741 1980 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/08/12 09:31:21.0584 1980 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/08/12 09:31:21.0910 1980 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/08/12 09:31:21.0991 1980 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/08/12 09:31:22.0052 1980 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/08/12 09:31:22.0123 1980 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/08/12 09:31:22.0164 1980 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/08/12 09:31:22.0199 1980 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/08/12 09:31:22.0232 1980 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/08/12 09:31:22.0512 1980 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
2011/08/12 09:31:22.0920 1980 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/08/12 09:31:22.0977 1980 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/08/12 09:31:23.0076 1980 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/08/12 09:31:23.0232 1980 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
2011/08/12 09:31:23.0325 1980 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/08/12 09:31:23.0419 1980 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
2011/08/12 09:31:23.0528 1980 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
2011/08/12 09:31:23.0622 1980 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/08/12 09:31:23.0669 1980 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/08/12 09:31:23.0793 1980 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/08/12 09:31:23.0903 1980 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/08/12 09:31:23.0949 1980 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2011/08/12 09:31:24.0043 1980 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2011/08/12 09:31:24.0137 1980 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/08/12 09:31:24.0168 1980 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/08/12 09:31:24.0246 1980 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/08/12 09:31:24.0480 1980 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/08/12 09:31:24.0527 1980 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/08/12 09:31:24.0663 1980 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/08/12 09:31:24.0774 1980 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/08/12 09:31:24.0873 1980 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/08/12 09:31:24.0947 1980 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/08/12 09:31:25.0007 1980 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/08/12 09:31:25.0087 1980 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/08/12 09:31:25.0163 1980 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/08/12 09:31:25.0237 1980 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/08/12 09:31:25.0292 1980 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/08/12 09:31:25.0462 1980 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/08/12 09:31:25.0527 1980 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/08/12 09:31:25.0593 1980 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/08/12 09:31:25.0687 1980 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/08/12 09:31:25.0749 1980 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/08/12 09:31:25.0796 1980 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/08/12 09:31:25.0921 1980 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2011/08/12 09:31:26.0015 1980 RimUsb (71700b4c5797da5412e9250e26894586) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
2011/08/12 09:31:26.0061 1980 RimVSerPort (c903d49655b4aae46673f0aaa6be0f58) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
2011/08/12 09:31:26.0108 1980 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys
2011/08/12 09:31:26.0202 1980 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/08/12 09:31:26.0280 1980 RTL8167 (4fbda07ef0a3097ce14c5cabf723b278) C:\Windows\system32\DRIVERS\Rt64win7.sys
2011/08/12 09:31:26.0467 1980 rtl8192se (cd8f32bb993b98e6705f11504a7f7250) C:\Windows\system32\DRIVERS\rtl8192se.sys
2011/08/12 09:31:26.0873 1980 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/08/12 09:31:27.0060 1980 SCDEmu (6ce6f98ea3d07a9c2ce3cd0a5a86352d) C:\Windows\system32\drivers\SCDEmu.sys
2011/08/12 09:31:27.0153 1980 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/08/12 09:31:27.0309 1980 sdbus (54e47ad086782d3ae9417c155cdceb9b) C:\Windows\system32\DRIVERS\sdbus.sys
2011/08/12 09:31:27.0637 1980 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/08/12 09:31:27.0699 1980 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/08/12 09:31:27.0762 1980 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/08/12 09:31:27.0809 1980 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/08/12 09:31:27.0918 1980 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/08/12 09:31:27.0965 1980 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/08/12 09:31:28.0027 1980 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/08/12 09:31:28.0058 1980 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/08/12 09:31:28.0136 1980 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/08/12 09:31:28.0183 1980 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/08/12 09:31:28.0230 1980 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/08/12 09:31:28.0339 1980 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/08/12 09:31:28.0448 1980 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
2011/08/12 09:31:28.0511 1980 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
2011/08/12 09:31:28.0620 1980 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
2011/08/12 09:31:28.0885 1980 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
2011/08/12 09:31:29.0322 1980 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
2011/08/12 09:31:29.0415 1980 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
2011/08/12 09:31:29.0478 1980 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/08/12 09:31:29.0556 1980 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/08/12 09:31:29.0696 1980 SynTP (868dfb220a18312a12cef01ba9ac069b) C:\Windows\system32\DRIVERS\SynTP.sys
2011/08/12 09:31:29.0930 1980 Tcpip (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\drivers\tcpip.sys
2011/08/12 09:31:30.0461 1980 TCPIP6 (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\DRIVERS\tcpip.sys
2011/08/12 09:31:30.0882 1980 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/08/12 09:31:31.0241 1980 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/08/12 09:31:31.0334 1980 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/08/12 09:31:31.0443 1980 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/08/12 09:31:31.0521 1980 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/08/12 09:31:31.0631 1980 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/08/12 09:31:31.0677 1980 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/08/12 09:31:31.0755 1980 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/08/12 09:31:31.0989 1980 udfs (c06e6f4679ceb8f430b90a51d76d8d3c) C:\Windows\system32\DRIVERS\udfs.sys
2011/08/12 09:31:32.0083 1980 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/08/12 09:31:32.0145 1980 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/08/12 09:31:32.0192 1980 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/08/12 09:31:32.0286 1980 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\drivers\usbccgp.sys
2011/08/12 09:31:32.0348 1980 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2011/08/12 09:31:32.0411 1980 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\DRIVERS\usbehci.sys
2011/08/12 09:31:32.0504 1980 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys
2011/08/12 09:31:32.0582 1980 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\drivers\usbohci.sys
2011/08/12 09:31:32.0629 1980 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/08/12 09:31:32.0723 1980 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/08/12 09:31:32.0816 1980 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/08/12 09:31:32.0925 1980 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/08/12 09:31:33.0003 1980 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/08/12 09:31:33.0050 1980 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/08/12 09:31:33.0128 1980 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/08/12 09:31:33.0191 1980 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2011/08/12 09:31:33.0253 1980 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/08/12 09:31:33.0331 1980 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/08/12 09:31:33.0393 1980 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2011/08/12 09:31:33.0471 1980 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/08/12 09:31:33.0565 1980 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/08/12 09:31:33.0612 1980 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/08/12 09:31:33.0659 1980 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
2011/08/12 09:31:33.0721 1980 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/08/12 09:31:33.0768 1980 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/12 09:31:33.0815 1980 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/12 09:31:34.0033 1980 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/08/12 09:31:34.0173 1980 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/08/12 09:31:34.0345 1980 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/08/12 09:31:34.0361 1980 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/08/12 09:31:34.0501 1980 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/08/12 09:31:34.0579 1980 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/08/12 09:31:34.0657 1980 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/08/12 09:31:34.0704 1980 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/08/12 09:31:34.0829 1980 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
2011/08/12 09:31:34.0907 1980 MBR (0x1B8) (9c0b8954ee92bf740373389175813818) \Device\Harddisk0\DR0
2011/08/12 09:31:34.0938 1980 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
2011/08/12 09:31:34.0985 1980 Boot (0x1200) (a6a8ca8a345bc9162f6448ad4ac6695a) \Device\Harddisk0\DR0\Partition0
2011/08/12 09:31:35.0031 1980 Boot (0x1200) (0f3c6bee4fcd3b5254ac7f6217913111) \Device\Harddisk0\DR0\Partition1
2011/08/12 09:31:35.0109 1980 Boot (0x1200) (be8de0c08cb30aae73122b3029483ac6) \Device\Harddisk0\DR0\Partition2
2011/08/12 09:31:35.0203 1980 Boot (0x1200) (bf97ed6bed256ef350189a967d97ab9e) \Device\Harddisk0\DR0\Partition3
2011/08/12 09:31:35.0234 1980 Boot (0x1200) (52eb00b20308b1345bf2379b97cc9b57) \Device\Harddisk1\DR1\Partition0
2011/08/12 09:31:35.0234 1980 ================================================================================
2011/08/12 09:31:35.0234 1980 Scan finished
2011/08/12 09:31:35.0234 1980 ================================================================================
2011/08/12 09:31:35.0265 4088 Detected object count: 0
2011/08/12 09:31:35.0265 4088 Actual detected object count: 0

the sencond otl scan

OTL logfile created on: 8/12/2011 9:33:44 AM - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\claude\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.93 Gb Total Physical Memory | 0.66 Gb Available Physical Memory | 34.01% Memory free
3.87 Gb Paging File | 2.19 Gb Available in Paging File | 56.54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 216.46 Gb Total Space | 83.45 Gb Free Space | 38.55% Space Free | Partition Type: NTFS
Drive D: | 16.12 Gb Total Space | 2.33 Gb Free Space | 14.43% Space Free | Partition Type: NTFS
Drive F: | 7.54 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive G: | 3.73 Gb Total Space | 0.19 Gb Free Space | 5.17% Space Free | Partition Type: FAT32

Computer Name: CLAUDE-HP | User Name: claude | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/12 08:33:04 | 001,404,720 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\claude\Desktop\tdsskiller.exe
PRC - [2011/08/05 19:21:27 | 001,017,912 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2011/08/03 16:30:03 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\claude\Downloads\OTL.exe
PRC - [2011/07/06 19:52:38 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/06/14 07:50:33 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/05/25 07:54:58 | 001,617,296 | ---- | M] (Bandoo Media Inc.) -- C:\Program Files (x86)\Bandoo\Bandoo.exe
PRC - [2011/05/18 09:25:46 | 022,631,608 | ---- | M] (ooVoo LLC) -- C:\Program Files (x86)\ooVoo\ooVoo.exe
PRC - [2011/04/01 14:48:47 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2010/12/15 23:12:28 | 002,840,112 | ---- | M] (Trend Media Corporation Limited) -- C:\Program Files (x86)\FlashGet Network\FlashGet 3\Flashget3.exe
PRC - [2010/06/29 19:00:08 | 000,027,192 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2010/06/29 18:58:04 | 000,602,168 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2010/06/25 13:55:34 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/05/21 01:28:36 | 000,140,272 | ---- | M] (CinemaNow, Inc.) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
PRC - [2010/04/12 01:40:16 | 000,180,224 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
PRC - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

========== Modules (SafeList) ==========

MOD - [2011/08/03 16:30:03 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\claude\Downloads\OTL.exe
MOD - [2010/08/20 22:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/08/03 05:49:22 | 001,030,600 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/06/18 16:26:18 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2010/04/19 18:55:18 | 000,315,392 | ---- | M] (Realtek Semiconductor Corp.) [Auto | Running] -- C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe -- (RtVOsdService)
SRV:64bit: - [2009/11/17 19:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/07/29 04:58:15 | 003,542,616 | ---- | M] () [Auto | Running] -- c:\Program Files (x86)\Common Files\Akamai\netsession_win_2da1ebd.dll -- (Akamai)
SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/06/14 07:50:33 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/05/28 21:32:05 | 000,080,256 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\ezGOSvc.dll -- (ezGOSvc)
SRV - [2011/05/25 07:54:58 | 001,617,296 | ---- | M] (Bandoo Media Inc.) [Auto | Running] -- C:\Program Files (x86)\Bandoo\Bandoo.exe -- (Bandoo Coordinator)
SRV - [2011/04/24 15:11:00 | 004,160,376 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2010/06/29 19:00:08 | 000,027,192 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2010/06/25 13:55:34 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/05/21 01:28:36 | 000,140,272 | ---- | M] (CinemaNow, Inc.) [Auto | Running] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/07/06 19:52:42 | 000,025,912 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/03/10 23:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/08/25 19:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/06/16 13:38:08 | 000,092,160 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2010/04/22 18:17:40 | 000,318,000 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/04/13 09:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/03/22 18:57:20 | 000,347,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/02/04 20:06:00 | 001,093,152 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/07/13 16:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/06/10 14:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 14:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 14:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 13:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 13:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 13:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/01/09 16:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV - [2005/01/01 20:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.myheritage.com
IE - HKLM\..\URLSearchHook: {e5a1e26f-0d1d-4307-868f-fbd9a374ab54} - Reg Error: Key error. File not found

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2660888795-401891558-4255709297-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.search...si=10211&home=1
IE - HKU\S-1-5-21-2660888795-401891558-4255709297-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchPage =
IE - HKU\S-1-5-21-2660888795-401891558-4255709297-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://search.search...si=10211&home=1
IE - HKU\S-1-5-21-2660888795-401891558-4255709297-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.myheritage.com
IE - HKU\S-1-5-21-2660888795-401891558-4255709297-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-2660888795-401891558-4255709297-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7B CD DF 84 93 F0 CB 01 [binary data]
IE - HKU\S-1-5-21-2660888795-401891558-4255709297-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.search...si=10211&home=1
IE - HKU\S-1-5-21-2660888795-401891558-4255709297-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://search.search...si=10211&home=1
IE - HKU\S-1-5-21-2660888795-401891558-4255709297-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Complitly"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaultthis.engineName: "ooVoo Video Chat Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....ch?fr=ffsp1&p="
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: false
FF - prefs.js..browser.startup.homepage: "http://www.searchqu.com/406"
FF - prefs.js..keyword.URL: "http://dts.search-re...ystemid=406&q="

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.633: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.633: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.633: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.633: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\claude\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\claude\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/04/01 14:48:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011/04/08 13:35:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011/04/08 13:35:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\crossriderapp435@crossrider.com: C:\ProgramData\CodecCheck\firefox [2011/07/19 07:39:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/05/09 18:03:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/06/28 12:26:30 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\ffox@bandoo.com: C:\Users\claude\AppData\Roaming\Mozilla\Firefox\Profiles/jpprcmhg.default\extensions\ffox@bandoo.com

[2011/07/10 13:26:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\claude\AppData\Roaming\Mozilla\Extensions
[2011/08/11 06:51:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\claude\AppData\Roaming\Mozilla\Firefox\Profiles\jpprcmhg.default\extensions
[2011/04/01 20:56:16 | 000,000,000 | ---D | M] (ooVoo Video Chat Community Toolbar) -- C:\Users\claude\AppData\Roaming\Mozilla\Firefox\Profiles\jpprcmhg.default\extensions\{e5a1e26f-0d1d-4307-868f-fbd9a374ab54}
[2011/08/11 06:51:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/06/30 19:12:37 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/04/16 05:52:31 | 000,000,000 | ---D | M] (GameTap) -- C:\Program Files (x86)\Mozilla Firefox\extensions\GameTapPlayer@gametap.com
File not found (No name found) --
[2011/06/28 12:26:30 | 000,000,000 | ---D | M] (blinkx toolbar) -- C:\PROGRAM FILES (X86)\BLINKX REMOTE TOOLBAR\BLINKXTOOLBAR
File not found (No name found) -- C:\PROGRAM FILES (X86)\CLICKPOTATOLITE\BIN\10.0.668.0\FIREFOX\EXTENSIONS
File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/07/10 13:26:01 | 000,000,000 | ---D | M] (DataMngr) -- C:\PROGRAM FILES (X86)\WINDOWS ILIVID TOOLBAR\DATAMNGR\FIREFOXEXTENSION
[2011/07/19 07:39:23 | 000,000,000 | ---D | M] ("Premiumplay Codec-C") -- C:\PROGRAMDATA\CODECCHECK\FIREFOX
[2011/04/01 14:48:51 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
File not found (No name found) -- C:\USERS\CLAUDE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JPPRCMHG.DEFAULT\EXTENSIONS\{635ABD67-4FE9-1B23-4F01-E679FA7484C1}
File not found (No name found) -- C:\USERS\CLAUDE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JPPRCMHG.DEFAULT\EXTENSIONS\ENGINE@CONDUIT.COM
File not found (No name found) -- C:\USERS\CLAUDE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JPPRCMHG.DEFAULT\EXTENSIONS\FFOX@BANDOO.COM
File not found (No name found) -- C:\USERS\CLAUDE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JPPRCMHG.DEFAULT\EXTENSIONS\GAMEBOX@TOOLBAR
[2011/05/09 18:03:51 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/07/27 16:13:46 | 000,027,136 | ---- | M] (NHN USA Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
[2009/09/16 06:27:52 | 000,057,344 | ---- | M] (blinkx) -- C:\Program Files (x86)\mozilla firefox\plugins\np_blinkx_plugin.dll
[2010/01/01 01:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/06/28 12:26:30 | 000,001,132 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\blinkxtoolbar.xml
[2010/01/01 01:00:00 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/06/19 19:42:16 | 000,003,195 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Complitly.xml
[2010/01/01 01:00:00 | 000,001,180 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/07/19 07:40:55 | 000,002,045 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
[2011/07/10 13:25:53 | 000,002,501 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\SearchResults.xml
[2010/01/01 01:00:00 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/08/11 09:46:23 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (FlashGetBHO) - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGetBHO3.dll (Trend Media Group)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Family Tree Builder Update] C:\Program Files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe (MyHeritage)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [tsnpstd3] C:\Windows\tsnpstd3.exe (SONIX)
O4 - HKU\S-1-5-21-2660888795-401891558-4255709297-1000..\Run: [FlashGet 3] C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe (Trend Media Corporation Limited)
O4 - HKU\S-1-5-21-2660888795-401891558-4255709297-1000..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-2660888795-401891558-4255709297-1000..\Run: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe (ooVoo LLC)
O4 - Startup: C:\Users\claude\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZooskMessenger.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2660888795-401891558-4255709297-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2660888795-401891558-4255709297-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Download all by FlashGet3 - C:\Users\claude\AppData\Roaming\FlashGetBHO\GetAllUrl.htm ()
O8:64bit: - Extra context menu item: Download by FlashGet3 - C:\Users\claude\AppData\Roaming\FlashGetBHO\GetUrl.htm ()
O8 - Extra context menu item: Download all by FlashGet3 - C:\Users\claude\AppData\Roaming\FlashGetBHO\GetAllUrl.htm ()
O8 - Extra context menu item: Download by FlashGet3 - C:\Users\claude\AppData\Roaming\FlashGetBHO\GetUrl.htm ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files%20(x86)/Supercow/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} Reg Error: Key error. (GameTap Player)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files%20(x86)/TextTwist%202/Images/armhelper.ocx (ArmHelper Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.183.0.76 65.183.0.86
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/08/02 18:42:19 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2008/07/15 17:51:45 | 000,000,139 | R--- | M] () - F:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2011/07/25 19:50:08 | 000,000,125 | RHS- | M] () - G:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/12 09:29:13 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{A564FA73-A945-4498-ACB2-34E4EB431DAD}
[2011/08/12 09:29:01 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{BDA133E9-8203-49FD-B04C-B5E5A42B7AA7}
[2011/08/12 08:34:59 | 001,404,720 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\claude\Desktop\tdsskiller.exe
[2011/08/12 08:15:08 | 000,000,000 | ---D | C] -- C:\Users\claude\Desktop\007
[2011/08/12 08:08:17 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive
[2011/08/12 07:22:08 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{F0EE78AC-8C5B-4D5D-AE1E-1DF1D4A0841F}
[2011/08/12 06:33:38 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{D368A323-0380-45C3-8465-94D18EC89217}
[2011/08/12 06:33:08 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/08/11 09:47:37 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{1D592E78-81C0-4E0F-BF8A-CB0583963B08}
[2011/08/11 09:47:20 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{6263F696-A9D7-42CC-A359-F5F82A57410E}
[2011/08/11 09:27:10 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/08/11 09:27:10 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/08/11 09:27:10 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/08/11 09:26:59 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/08/11 09:26:58 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/08/11 09:26:51 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/08/11 07:15:20 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{AC62D79F-A453-4266-820F-3506C8125793}
[2011/08/11 07:15:03 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{B1798460-17A8-4FC9-A6F1-F66A339BEF7B}
[2011/08/11 07:00:52 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Roaming\Malwarebytes
[2011/08/11 07:00:46 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/08/11 07:00:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/08/11 07:00:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/08/11 07:00:43 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/08/11 07:00:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/08/11 06:54:04 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{C3E2A9F9-6423-41E7-B382-6F2A9C7CEFA6}
[2011/08/11 06:53:49 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{771D7E43-3CFC-4D28-A232-3500D9C7872C}
[2011/08/11 06:49:56 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/08/11 06:03:08 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{B537A329-A428-45A3-BEDF-77250111F67E}
[2011/08/11 06:02:48 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{DE8AC289-9FCA-420B-B9FB-B61F7BA6E0B2}
[2011/08/10 16:58:11 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{902E2620-1500-4EB3-BD38-2A506DD2A666}
[2011/08/10 07:16:10 | 005,507,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2011/08/10 07:16:09 | 003,957,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2011/08/10 07:16:09 | 003,902,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2011/08/10 07:16:02 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll
[2011/08/10 07:16:01 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbcjt32.dll
[2011/08/10 07:16:01 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbctrac.dll
[2011/08/10 07:16:01 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbctrac.dll
[2011/08/10 07:16:01 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccp32.dll
[2011/08/10 07:16:01 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccp32.dll
[2011/08/10 07:16:01 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccu32.dll
[2011/08/10 07:16:01 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccr32.dll
[2011/08/10 07:16:01 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccu32.dll
[2011/08/10 07:16:01 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccr32.dll
[2011/08/10 07:14:24 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2011/08/10 07:14:23 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2011/08/10 07:14:23 | 000,422,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2011/08/10 07:14:23 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2011/08/10 07:14:23 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2011/08/10 07:14:22 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2011/08/10 07:14:22 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2011/08/10 07:14:22 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2011/08/10 07:14:22 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2011/08/10 07:14:22 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2011/08/10 07:14:21 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2011/08/10 07:14:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2011/08/10 07:14:20 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2011/08/10 07:14:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/08/10 07:14:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2011/08/10 07:14:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2011/08/10 07:14:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2011/08/10 07:14:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/08/10 07:14:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/08/10 07:14:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2011/08/10 07:14:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/08/10 07:14:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2011/08/10 07:14:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2011/08/10 07:14:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2011/08/10 07:14:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/08/10 07:14:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2011/08/10 07:14:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2011/08/10 07:14:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2011/08/10 07:14:19 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2011/08/10 07:14:19 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2011/08/10 07:14:19 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2011/08/10 07:14:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/08/10 07:14:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2011/08/10 07:14:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/08/10 07:14:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2011/08/10 07:14:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2011/08/10 07:14:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2011/08/10 07:14:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2011/08/10 07:14:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/08/10 07:14:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2011/08/10 07:14:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2011/08/10 07:14:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2011/08/10 07:14:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2011/08/10 07:14:18 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2011/08/10 07:14:18 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2011/08/10 07:14:18 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2011/08/10 07:14:18 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2011/08/10 07:14:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2011/08/10 07:14:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2011/08/10 07:14:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/08/10 07:14:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/08/10 07:14:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2011/08/10 07:14:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2011/08/10 07:14:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/08/10 07:14:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2011/08/10 07:14:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2011/08/10 07:14:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2011/08/10 07:14:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2011/08/10 07:14:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2011/08/10 07:14:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2011/08/10 07:14:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/08/10 07:14:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2011/08/10 07:14:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2011/08/10 07:14:17 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2011/08/10 07:14:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2011/08/10 07:14:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2011/08/10 07:14:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2011/08/10 07:14:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2011/08/10 07:14:16 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2011/08/10 07:13:40 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/08/10 07:13:40 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2011/08/10 07:13:37 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/08/10 07:13:36 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011/08/10 07:13:36 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/08/10 07:13:36 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011/08/10 07:13:36 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/08/10 07:13:36 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/08/10 07:13:36 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/08/10 07:13:36 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/08/10 07:13:35 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011/08/10 07:13:35 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011/08/10 07:13:34 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011/08/10 07:13:34 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011/08/10 07:13:34 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011/08/10 07:13:34 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011/08/10 04:55:20 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{2B689A5D-871E-445F-9BC3-153886E216CA}
[2011/08/09 21:10:25 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{E89FDCF0-A469-47BB-BA9D-7AE6E79ACE7A}
[2011/08/09 21:10:13 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{761DB808-F3C4-4C6B-8EF9-6DF3E2C3721B}
[2011/08/09 19:01:34 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{11FB2D0F-01A9-4502-B661-58941225E88E}
[2011/08/09 19:01:20 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{8DD5DA6E-7CB0-46CF-988E-6800A32B60D0}
[2011/08/09 05:06:00 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{FDEBDBC4-599B-4C34-8D83-0E4B0F530E84}
[2011/08/09 05:05:46 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{6D54DCBF-1C20-4636-A1C1-600C3399C426}
[2011/08/08 16:25:50 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{7C87F1F6-9789-4D9C-8B66-8CD46FB2DF0D}
[2011/08/08 16:23:10 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\ElevatedDiagnostics
[2011/08/08 14:58:07 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{6A8887A2-ACCE-4D01-91D0-3FCC1FF255EB}
[2011/08/08 04:20:13 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{4E686328-66E7-46F1-87E2-63EB3D0BDE0D}
[2011/08/07 12:31:06 | 000,000,000 | ---D | C] -- C:\Users\claude\Desktop\Need For Speed Underground 2
[2011/08/07 12:14:12 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\NFS Underground 2
[2011/08/07 12:08:42 | 000,000,000 | ---D | C] -- C:\Users\claude\Desktop\Crack
[2011/08/07 12:06:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES
[2011/08/07 12:02:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EA GAMES
[2011/08/07 11:47:59 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{AC981247-16F5-4445-8296-C4CF6AD82A55}
[2011/08/07 07:39:58 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{701B2140-B473-4A95-8EFA-8688BB561413}
[2011/08/07 07:39:42 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{0092B0A2-76CD-4DF1-89A7-D9FDA403DE72}
[2011/08/06 16:54:19 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{04B57317-12BF-43B9-A76C-667834C22ED2}
[2011/08/06 08:11:16 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{63374295-B031-4E34-AA04-5455A141F54F}
[2011/08/06 08:11:02 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{1C5D10BD-A8AB-4492-A6A3-C050C6424B86}
[2011/08/05 16:47:03 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{FE932DBA-B4BC-4CF8-ABC7-401DADEFA4E1}
[2011/08/05 10:47:29 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{F3E31072-0A93-49C7-A119-A30A0EEBE534}
[2011/08/05 10:47:19 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{F7585BAD-1BBD-45E3-8A52-211DC902397D}
[2011/08/05 07:10:12 | 000,000,000 | ---D | C] -- C:\Users\claude\Documents\MyHeritage
[2011/08/05 07:10:12 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Roaming\MyHeritage
[2011/08/05 07:10:12 | 000,000,000 | ---D | C] -- C:\ProgramData\MyHeritage
[2011/08/05 07:10:01 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyHeritage.com
[2011/08/05 07:10:00 | 000,372,736 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\ijl15.dll
[2011/08/05 07:10:00 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmapi32.ocx
[2011/08/05 07:10:00 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSSTDFMT.DLL
[2011/08/05 07:10:00 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Roaming\The Complete Genealogy Reporter - FTB
[2011/08/05 07:09:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyHeritage
[2011/08/05 06:11:21 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{1D3D881B-CD52-4901-A888-F108F4480114}
[2011/08/04 22:15:56 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{1C5AFB84-A222-413B-A3C4-696004C47405}
[2011/08/04 21:55:25 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Roaming\vlc
[2011/08/04 18:36:14 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{287FA331-1AC0-4C7D-97B0-204A226FC7A1}
[2011/08/04 06:35:48 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{022BCF2A-BFBC-4646-8AEE-5BA572022E61}
[2011/08/03 15:32:26 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserPlus
[2011/08/03 15:32:25 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\Yahoo!
[2011/08/03 15:31:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
[2011/08/03 14:55:21 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\amcap.exe
[2011/08/03 14:55:18 | 000,262,144 | ---- | C] (SONIX) -- C:\Windows\tsnpstd3.exe
[2011/08/03 14:55:18 | 000,166,912 | ---- | C] ( ) -- C:\Windows\SysNative\rsnpstd3.dll
[2011/08/03 14:55:14 | 010,246,144 | ---- | C] (Sonix Co. Ltd.) -- C:\Windows\SysWow64\drivers\snpstd3.sys
[2011/08/03 14:55:13 | 000,172,032 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnpstd3.dll
[2011/08/03 14:55:13 | 000,061,440 | ---- | C] ( ) -- C:\Windows\SysWow64\vsnpstd3.dll
[2011/08/03 14:55:13 | 000,053,248 | ---- | C] ( ) -- C:\Windows\csnpstd3.dll
[2011/08/03 14:55:13 | 000,018,944 | ---- | C] ( ) -- C:\Windows\SysNative\csnpstd3.dll
[2011/08/03 14:55:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\snpstd3
[2011/08/03 14:55:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\USB PC Camera Plus
[2011/08/03 14:52:57 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Roaming\InstallShield
[2011/08/03 06:02:38 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2011/08/03 05:49:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2011/08/03 05:48:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
[2011/08/03 05:48:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Autodesk Shared
[2011/08/03 05:46:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Autodesk Shared
[2011/08/03 05:46:42 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Roaming\Autodesk
[2011/08/03 05:46:42 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\Autodesk
[2011/08/03 05:46:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Autodesk
[2011/08/03 05:46:41 | 000,000,000 | ---D | C] -- C:\Program Files\AutoCAD 2010
[2011/08/03 05:37:11 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{3D1DD055-BD4A-40AA-BC3E-197EEC3AC104}
[2011/08/02 19:21:20 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/08/02 19:19:31 | 000,000,000 | ---D | C] -- C:\Users\claude\Desktop\auto cad
[2011/08/02 18:42:19 | 000,000,000 | ---D | C] -- C:\Autodesk
[2011/08/02 16:35:14 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{E53BF349-D267-4216-AAE3-CBD7E8FED27B}
[2011/08/02 04:20:58 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{02387424-5905-47A9-B383-291120EC6237}
[2011/08/01 18:38:21 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Roaming\Super-Cow
[2011/08/01 15:01:17 | 000,000,000 | ---D | C] -- C:\ProgramData\GameHouse
[2011/08/01 15:00:37 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TextTwist 2
[2011/08/01 15:00:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TextTwist 2
[2011/08/01 15:00:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TextTwist 2
[2011/08/01 15:00:33 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Roaming\SpinTop
[2011/08/01 08:47:46 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{E847F255-A096-4C3D-B293-8A07928373AB}
[2011/07/31 17:59:53 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{D7D20864-4929-4CC4-ACBB-DB0EA0EBA8EB}
[2011/07/31 05:58:23 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{BD16F38E-8FE1-4C13-9212-5466FD8161D6}
[2011/07/30 05:29:39 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{5961352A-233B-4D65-8163-4EBED0CADDD7}
[2011/07/29 06:41:57 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{BF8E867C-582F-4D0A-8547-B5692D1CFBF3}
[2011/07/28 18:41:19 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{4804B18F-6DDC-47C1-AB92-4C713F85F147}
[2011/07/28 06:40:50 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{6F1C4916-63E8-4616-9611-C413CF39FDB5}
[2011/07/27 06:40:11 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{46D7B13A-DE60-45D5-8AE8-90F9A7A03B4F}
[2011/07/25 18:02:12 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{25EC26C6-8426-4FD4-B650-19BDF7AAC490}
[2011/07/25 10:40:08 | 000,000,000 | ---D | C] -- C:\Windows\ufa
[2011/07/25 10:35:07 | 000,000,000 | ---D | C] -- C:\Windows\av_ico
[2011/07/25 10:33:09 | 000,000,000 | -H-D | C] -- C:\Windows\update.tray-7-0
[2011/07/25 06:01:35 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{F616519F-B030-4565-A81C-E81C943D40F2}
[2011/07/23 11:50:20 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{362E5320-B142-4E5B-92EE-71061E25F5BB}
[2011/07/22 19:26:56 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{A9290098-B1F9-4F82-8408-15B6EF62DA8C}
[2011/07/22 07:26:32 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{521E7F4E-2034-4464-A1B3-DA4E41D4CB87}
[2011/07/21 19:25:57 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{9AB8C926-25BE-477A-9E2E-07BF887EBBB1}
[2011/07/21 07:25:32 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{FA231D91-65EA-4DEE-827B-6273C4144E0A}
[2011/07/20 19:25:04 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{F1B283CA-A971-4CA7-9248-20DD05C6019E}
[2011/07/19 19:03:49 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{903C0FF6-C446-4F2A-8E93-A88F50B13B49}
[2011/07/19 07:39:21 | 000,000,000 | ---D | C] -- C:\ProgramData\CodecCheck
[2011/07/19 07:39:17 | 000,000,000 | ---D | C] -- C:\codec-info
[2011/07/19 07:38:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Premium
[2011/07/19 07:38:52 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2011/07/19 07:03:25 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{04DA55DF-6B93-4C04-856B-B4386AADD318}
[2011/07/18 17:55:56 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{7B48D4C5-3E0C-4A0E-845E-623A8F133E1E}
[2011/07/18 08:35:12 | 000,389,136 | ---- | C] (MyHeritage) -- C:\Windows\SysWow64\FTBSaver.scr
[2011/07/18 05:55:30 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{641520D2-7355-41C2-9168-FAFF31979213}
[2011/07/17 05:45:46 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{115036C0-BC99-4228-A684-D02852AD7BFC}
[2011/07/16 05:31:51 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{4D281D53-FEB1-4ECE-9321-FD96FB7E2E18}
[2011/07/15 12:02:23 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{19B475B9-80C5-4A97-A1AC-58ABA61BAC91}
[2011/07/15 08:44:42 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{B0B37FEE-DB5E-4891-81A2-23DA8D210AE6}
[2011/07/15 05:31:49 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{6DDD1C6D-094C-46CF-8D28-3BE585D1123F}
[2011/07/14 17:31:25 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{B44F928A-CBA9-486F-93A0-3DDBBC8CBD4F}
[2011/07/14 05:30:35 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{B2879EF0-04F8-4F22-8274-AD625BDF5D8D}
[2011/07/13 20:28:13 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{476834BD-EAC3-4BB1-844A-270973D91360}

========== Files - Modified Within 30 Days ==========

[2011/08/12 09:36:40 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/12 09:36:39 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/12 09:28:47 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/12 09:28:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/12 09:27:38 | 1556,287,488 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/12 09:18:02 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/12 08:33:04 | 001,404,720 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\claude\Desktop\tdsskiller.exe
[2011/08/12 07:43:33 | 000,730,320 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/08/12 07:43:33 | 000,627,082 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/08/12 07:43:33 | 000,107,366 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/08/11 12:27:30 | 000,041,325 | ---- | M] () -- C:\Windows\SysWow64\secushr.dat
[2011/08/11 09:46:23 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/08/11 07:00:46 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/10 12:37:16 | 000,101,380 | ---- | M] () -- C:\Users\claude\Desktop\how-to-draw-the-grim-reaper-step-7.jpg
[2011/08/10 12:34:54 | 000,059,080 | ---- | M] () -- C:\Users\claude\Desktop\3305554_f496.jpg
[2011/08/10 12:32:02 | 000,006,690 | ---- | M] () -- C:\Users\claude\Desktop\images (4).jpg
[2011/08/10 12:27:07 | 000,248,133 | ---- | M] () -- C:\Users\claude\Desktop\Charlie_Theron___Mother_Nature_by_jjara.jpg
[2011/08/10 12:24:48 | 000,010,215 | ---- | M] () -- C:\Users\claude\Desktop\images (3).jpg
[2011/08/10 12:23:44 | 000,096,283 | ---- | M] () -- C:\Users\claude\Desktop\mother_nature.19232326_std.jpg
[2011/08/10 12:18:22 | 000,021,172 | ---- | M] () -- C:\Users\claude\Desktop\step2.jpg
[2011/08/10 11:31:52 | 000,274,250 | ---- | M] () -- C:\Users\claude\Desktop\fairy-tattoo-with-a-flower-a-t-tattoodonkey.com.jpg
[2011/08/10 11:18:13 | 000,007,447 | ---- | M] () -- C:\Users\claude\Desktop\images.jpg
[2011/08/10 04:54:38 | 000,000,434 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2011/08/09 17:23:35 | 000,002,340 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/08/08 17:39:01 | 000,743,534 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/08/08 13:51:25 | 000,004,936 | ---- | M] () -- C:\Users\claude\Desktop\images (2).jpg
[2011/08/08 13:51:02 | 000,012,355 | ---- | M] () -- C:\Users\claude\Desktop\imgres.htm
[2011/08/08 13:50:49 | 000,004,868 | ---- | M] () -- C:\Users\claude\Desktop\images (1).jpg
[2011/08/08 13:48:58 | 000,036,108 | ---- | M] () -- C:\Users\claude\Desktop\crosman-c11-bb-gun_1085.jpg
[2011/08/08 04:19:20 | 005,043,664 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/08/06 11:21:48 | 000,000,348 | ---- | M] () -- C:\Windows\MyHeritage.INI
[2011/08/05 07:10:01 | 000,001,121 | ---- | M] () -- C:\Users\claude\Desktop\MyHeritage Family Tree Builder.lnk
[2011/08/03 15:59:07 | 000,302,592 | ---- | M] () -- C:\Users\claude\Desktop\gmer.exe
[2011/08/03 15:31:49 | 000,001,159 | ---- | M] () -- C:\Users\claude\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2011/08/03 15:31:49 | 000,001,135 | ---- | M] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2011/08/03 14:58:28 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/08/03 06:20:51 | 000,000,206 | -H-- | M] () -- C:\Users\claude\Documents\Drawing1.dwl2
[2011/08/03 06:20:51 | 000,000,056 | -H-- | M] () -- C:\Users\claude\Documents\Drawing1.dwl
[2011/08/03 05:48:38 | 000,001,901 | ---- | M] () -- C:\Users\Public\Desktop\AutoCAD 2010 - English.lnk
[2011/07/25 14:18:55 | 001,507,840 | ---- | M] () -- C:\Windows\bitcoind.exe
[2011/07/25 10:40:07 | 000,246,272 | ---- | M] () -- C:\Windows\unrar.exe
[2011/07/18 21:10:49 | 000,061,352 | ---- | M] () -- C:\Users\claude\Desktop\282420_1864058202418_1269872542_31567762_5205799_n.jpg
[2011/07/18 08:35:12 | 000,389,136 | ---- | M] (MyHeritage) -- C:\Windows\SysWow64\FTBSaver.scr
[2011/07/15 22:26:54 | 000,362,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2011/07/15 22:26:53 | 000,243,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2011/07/15 22:26:53 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2011/07/15 22:26:18 | 000,214,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2011/07/15 22:24:09 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2011/07/15 22:21:32 | 001,162,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2011/07/15 22:21:32 | 000,422,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2011/07/15 22:17:46 | 000,338,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2011/07/15 22:04:54 | 000,006,144 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2011/07/15 22:04:54 | 000,005,120 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2011/07/15 22:04:54 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2011/07/15 22:04:54 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2011/07/15 22:04:54 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/07/15 22:04:54 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2011/07/15 22:04:54 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2011/07/15 22:04:54 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2011/07/15 22:04:54 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/07/15 22:04:54 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/07/15 22:04:54 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/07/15 22:04:54 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2011/07/15 22:04:54 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2011/07/15 22:04:54 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/07/15 22:04:54 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2011/07/15 22:04:54 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2011/07/15 22:04:54 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2011/07/15 22:04:54 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2011/07/15 22:04:54 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2011/07/15 22:04:54 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2011/07/15 22:04:54 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2011/07/15 22:04:54 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2011/07/15 22:04:54 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2011/07/15 22:04:54 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/07/15 22:04:54 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2011/07/15 22:04:54 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2011/07/15 22:04:54 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2011/07/15 22:04:54 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2011/07/15 21:36:09 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2011/07/15 21:31:50 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2011/07/15 21:30:29 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2011/07/15 21:19:58 | 000,005,120 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2011/07/15 21:19:58 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2011/07/15 21:19:58 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/07/15 21:19:58 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2011/07/15 21:19:58 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2011/07/15 21:19:58 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2011/07/15 21:19:58 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2011/07/15 21:19:58 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/07/15 21:19:58 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/07/15 21:19:58 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2011/07/15 21:19:58 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/07/15 21:19:58 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2011/07/15 21:19:58 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2011/07/15 21:19:58 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2011/07/15 21:19:58 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/07/15 21:19:58 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2011/07/15 21:19:58 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2011/07/15 21:19:58 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2011/07/15 21:19:58 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2011/07/15 21:19:58 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/07/15 21:19:58 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2011/07/15 21:19:58 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2011/07/15 21:19:58 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2011/07/15 21:19:58 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2011/07/15 19:26:12 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2011/07/15 19:26:11 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2011/07/15 19:21:47 | 000,006,144 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2011/07/15 19:21:47 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2011/07/15 19:21:47 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2011/07/15 19:21:47 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

========== Files Created - No Company Name ==========

[2011/08/11 09:27:10 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/08/11 09:27:10 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/08/11 09:27:10 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/08/11 09:27:10 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/08/11 09:27:10 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/08/11 07:00:46 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/10 12:47:22 | 000,059,080 | ---- | C] () -- C:\Users\claude\Desktop\3305554_f496.jpg
[2011/08/10 12:47:12 | 000,021,172 | ---- | C] () -- C:\Users\claude\Desktop\step2.jpg
[2011/08/10 12:46:56 | 000,096,283 | ---- | C] () -- C:\Users\claude\Desktop\mother_nature.19232326_std.jpg
[2011/08/10 12:44:57 | 000,101,380 | ---- | C] () -- C:\Users\claude\Desktop\how-to-draw-the-grim-reaper-step-7.jpg
[2011/08/10 12:44:39 | 000,274,250 | ---- | C] () -- C:\Users\claude\Desktop\fairy-tattoo-with-a-flower-a-t-tattoodonkey.com.jpg
[2011/08/10 12:44:09 | 000,248,133 | ---- | C] () -- C:\Users\claude\Desktop\Charlie_Theron___Mother_Nature_by_jjara.jpg
[2011/08/08 17:39:01 | 000,743,534 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/08/08 13:55:09 | 000,006,690 | ---- | C] () -- C:\Users\claude\Desktop\images (4).jpg
[2011/08/08 13:53:21 | 000,010,215 | ---- | C] () -- C:\Users\claude\Desktop\images (3).jpg
[2011/08/08 13:51:28 | 000,004,936 | ---- | C] () -- C:\Users\claude\Desktop\images (2).jpg
[2011/08/08 13:51:04 | 000,012,355 | ---- | C] () -- C:\Users\claude\Desktop\imgres.htm
[2011/08/08 13:50:51 | 000,004,868 | ---- | C] () -- C:\Users\claude\Desktop\images (1).jpg
[2011/08/08 13:49:54 | 000,007,447 | ---- | C] () -- C:\Users\claude\Desktop\images.jpg
[2011/08/08 13:49:28 | 000,036,108 | ---- | C] () -- C:\Users\claude\Desktop\crosman-c11-bb-gun_1085.jpg
[2011/08/05 07:11:57 | 000,000,348 | ---- | C] () -- C:\Windows\MyHeritage.INI
[2011/08/05 07:10:01 | 000,001,121 | ---- | C] () -- C:\Users\claude\Desktop\MyHeritage Family Tree Builder.lnk
[2011/08/05 07:10:00 | 000,454,656 | ---- | C] () -- C:\Windows\SysWow64\PaintX.dll
[2011/08/03 15:31:49 | 000,001,159 | ---- | C] () -- C:\Users\claude\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2011/08/03 15:31:49 | 000,001,135 | ---- | C] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2011/08/03 14:55:18 | 000,843,776 | ---- | C] () -- C:\Windows\vsnpstd3.exe
[2011/08/03 14:55:17 | 000,015,498 | ---- | C] () -- C:\Windows\snpstd3.ini
[2011/08/03 14:55:17 | 000,013,023 | ---- | C] () -- C:\Windows\snpstd3.src
[2011/08/03 06:20:51 | 000,000,206 | -H-- | C] () -- C:\Users\claude\Documents\Drawing1.dwl2
[2011/08/03 06:20:51 | 000,000,056 | -H-- | C] () -- C:\Users\claude\Documents\Drawing1.dwl
[2011/08/03 05:48:38 | 000,001,901 | ---- | C] () -- C:\Users\Public\Desktop\AutoCAD 2010 - English.lnk
[2011/07/25 14:18:49 | 001,507,840 | ---- | C] () -- C:\Windows\bitcoind.exe
[2011/07/25 10:37:52 | 000,246,272 | ---- | C] () -- C:\Windows\unrar.exe
[2011/07/18 21:10:51 | 000,061,352 | ---- | C] () -- C:\Users\claude\Desktop\282420_1864058202418_1269872542_31567762_5205799_n.jpg
[2011/07/16 22:21:04 | 000,302,592 | ---- | C] () -- C:\Users\claude\Desktop\gmer.exe
[2011/07/10 13:26:58 | 001,524,112 | ---- | C] () -- C:\Windows\SysWow64\bandoolmx.dll
[2011/06/15 14:20:38 | 000,080,256 | ---- | C] () -- C:\Windows\SysWow64\ezGOSvc.dll
[2011/06/14 07:50:36 | 000,281,200 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/06/14 07:50:33 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/04/18 19:02:29 | 000,000,016 | ---- | C] () -- C:\Windows\SysWow64\PCProxyOff.ini
[2011/04/18 19:01:54 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\VistaInfo32.dll
[2011/04/01 10:22:39 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/04/01 10:13:28 | 000,000,188 | ---- | C] () -- C:\Windows\SysWow64\HPWA.ini
[2011/04/01 10:09:07 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2011/04/01 10:05:41 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2011/04/01 10:05:41 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2011/04/01 10:05:41 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2011/04/01 10:05:41 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2011/04/01 10:05:40 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2011/04/01 10:05:24 | 000,000,282 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini
[2011/04/01 10:05:24 | 000,000,223 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini
[2011/04/01 09:39:25 | 000,041,325 | ---- | C] () -- C:\Windows\SysWow64\secushr.dat
[2011/04/01 09:20:50 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI
[2009/07/13 22:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 19:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 19:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 17:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:59:36 | 001,498,564 | ---- | C] () -- C:\Windows\SysWow64\igkrng400.bin
[2009/07/13 14:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2007/11/26 21:56:28 | 000,151,415 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

========== Alternate Data Streams ==========

@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:60839224
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:43283EB6
@Alternate Data Stream - 106 bytes -> C:\ProgramData\Temp:AD4FECAB
@Alternate Data Stream - 106 bytes -> C:\ProgramData\Temp:036B992F

< End of report >

and still no change with the images

#4
RKinner

Posted 12 August 2011 - 11:37 AM

Malware Expert

Expert
13,200 posts

TDSSKiller has no fix button but aswMBR does so please make sure you run it per the directions. Also it looks like you ran Combofix but I don't see the log.

Copy the text in the code box by highlighting and Ctrl + c


:processes
killallprocesses

:OTL
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - Startup: C:\Users\claude\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZooskMessenger.lnk = File not found
O32 - AutoRun File - [2011/08/02 18:42:19 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2008/07/15 17:51:45 | 000,000,139 | R--- | M] () - F:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2011/07/25 19:50:08 | 000,000,125 | RHS- | M] () - G:\autorun.inf -- [ FAT32 ]

    
:Commands
[Reboot]

then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done.

#5
the_student

Posted 13 August 2011 - 01:16 PM

New Member

Member
7 posts

========== PROCESSES ==========
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
C:\Users\claude\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZooskMessenger.lnk moved successfully.
File not found.
File move failed. F:\autorun.inf scheduled to be moved on reboot.
File G:\autorun.inf not found.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.26.1 log created on 08132011_120943

Files\Folders moved on Reboot...
File\Folder F:\autorun.inf not found!

Registry entries deleted on Reboot...

sorry i thought i had place the combofix text but here it is

ComboFix 11-08-11.02 - claude 08/11/2011 9:29.1.1 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1979.1199 [GMT -7:00]
Running from: c:\users\claude\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\users\claude\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E186A9E2-3767-4FD0-8AD0-C6296F27DBA1}.xps
c:\windows\btc_client_iplist.txt
c:\windows\ddh_iplist.txt
c:\windows\front_ip_list.txt
c:\windows\geoiplist
c:\windows\geoiplist.rar
c:\windows\iecheck_iplist.txt
c:\windows\info1
c:\windows\iplist.txt
c:\windows\loader2.exe_ok
c:\windows\phoenix
c:\windows\phoenix.rar
c:\windows\phoenix\kernels\phatk\__init__.py
c:\windows\phoenix\kernels\phatk\__init__.pyc
c:\windows\phoenix\kernels\phatk\BFIPatcher.py
c:\windows\phoenix\kernels\phatk\kernel.cl
c:\windows\phoenix\kernels\poclbm\__init__.py
c:\windows\phoenix\kernels\poclbm\__init__.pyc
c:\windows\phoenix\kernels\poclbm\BFIPatcher.py
c:\windows\phoenix\kernels\poclbm\kernel.cl
c:\windows\phoenix\phoenix.exe
c:\windows\proc_list1.log
c:\windows\rpcminer.rar
c:\windows\system32\drivers\etc\HSTS~1
c:\windows\ufa.rar
c:\windows\update.2
c:\windows\w_distrib_iplist.txt
c:\windows\winlog-dirs.txt
c:\windows\winlog-ids.txt
c:\windows\winsetupapi.log
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_srvbtc1
.
.
((((((((((((((((((((((((( Files Created from 2011-07-11 to 2011-08-11 )))))))))))))))))))))))))))))))
.
.
2011-08-11 16:40 . 2011-08-11 16:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-11 14:00 . 2011-08-11 14:00 -------- d-----w- c:\users\claude\AppData\Roaming\Malwarebytes
2011-08-11 14:00 . 2011-08-11 14:00 -------- d-----w- c:\programdata\Malwarebytes
2011-08-11 14:00 . 2011-07-07 02:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-08-11 14:00 . 2011-08-11 14:00 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-08-11 14:00 . 2011-07-07 02:52 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-11 13:49 . 2011-08-11 13:49 -------- d-----w- C:\_OTL
2011-08-10 14:14 . 2011-07-16 05:17 338432 ----a-w- c:\windows\system32\conhost.exe
2011-08-09 12:09 . 2011-07-13 04:53 8578896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{50A135F6-1D13-40AE-9246-41F358E0CEB1}\mpengine.dll
2011-08-08 23:23 . 2011-08-08 23:23 -------- d-----w- c:\users\claude\AppData\Local\ElevatedDiagnostics
2011-08-07 19:14 . 2011-08-08 23:20 -------- d-----w- c:\users\claude\AppData\Local\NFS Underground 2
2011-08-07 19:02 . 2011-08-07 19:02 -------- d-----w- c:\program files (x86)\EA GAMES
2011-08-05 14:10 . 2011-08-05 14:15 -------- d-----w- c:\users\claude\AppData\Roaming\MyHeritage
2011-08-05 14:10 . 2011-08-05 14:12 -------- d-----w- c:\programdata\MyHeritage
2011-08-05 14:10 . 2011-08-05 14:10 -------- d-----w- c:\users\claude\AppData\Roaming\The Complete Genealogy Reporter - FTB
2011-08-05 14:10 . 2003-07-06 20:07 372736 ----a-w- c:\windows\SysWow64\ijl15.dll
2011-08-05 14:10 . 2002-03-07 07:19 454656 ----a-w- c:\windows\SysWow64\PaintX.dll
2011-08-05 14:10 . 2000-03-14 06:00 118784 ----a-w- c:\windows\SysWow64\MSSTDFMT.DLL
2011-08-05 14:10 . 1998-06-24 07:00 137000 ----a-w- c:\windows\SysWow64\msmapi32.ocx
2011-08-05 14:09 . 2011-08-05 14:09 -------- d-----w- c:\program files (x86)\MyHeritage
2011-08-05 04:55 . 2011-08-05 05:49 -------- d-----w- c:\users\claude\AppData\Roaming\vlc
2011-08-03 22:32 . 2011-08-03 22:32 -------- d-----w- c:\users\claude\AppData\Local\Yahoo!
2011-08-03 21:55 . 2006-07-03 17:31 94208 ----a-w- c:\windows\amcap.exe
2011-08-03 21:55 . 2007-03-31 00:44 262144 ----a-w- c:\windows\tsnpstd3.exe
2011-08-03 21:55 . 2007-03-21 22:23 166912 ----a-w- c:\windows\system32\rsnpstd3.dll
2011-08-03 21:55 . 2006-09-18 21:12 843776 ----a-w- c:\windows\vsnpstd3.exe
2011-08-03 21:55 . 2007-04-14 02:24 10246144 ----a-w- c:\windows\SysWow64\drivers\snpstd3.sys
2011-08-03 21:55 . 2011-08-03 22:29 -------- d-----w- c:\program files (x86)\Common Files\snpstd3
2011-08-03 21:55 . 2007-03-30 22:09 61440 ----a-w- c:\windows\SysWow64\vsnpstd3.dll
2011-08-03 21:55 . 2007-03-21 22:23 172032 ----a-w- c:\windows\SysWow64\rsnpstd3.dll
2011-08-03 21:55 . 2005-11-23 20:55 53248 ----a-w- c:\windows\csnpstd3.dll
2011-08-03 21:55 . 2005-11-23 03:40 18944 ----a-w- c:\windows\system32\csnpstd3.dll
2011-08-03 21:52 . 2011-08-03 21:52 -------- d-----w- c:\users\claude\AppData\Roaming\InstallShield
2011-08-03 13:02 . 2011-08-03 13:02 -------- d-----w- c:\programdata\FLEXnet
2011-08-03 12:49 . 2011-08-03 12:49 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2011-08-03 12:48 . 2011-08-03 12:48 -------- d-----w- c:\program files (x86)\Common Files\Autodesk Shared
2011-08-03 12:46 . 2011-08-03 13:10 -------- d-----w- c:\users\claude\AppData\Roaming\Autodesk
2011-08-03 12:46 . 2011-08-03 12:51 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2011-08-03 12:46 . 2011-08-03 12:46 -------- d-----w- c:\users\claude\AppData\Local\Autodesk
2011-08-03 12:46 . 2011-08-03 12:46 -------- d-----w- c:\programdata\Autodesk
2011-08-03 12:46 . 2011-08-03 12:51 -------- d-----w- c:\program files\AutoCAD 2010
2011-08-03 01:42 . 2011-08-03 01:42 -------- d-----w- C:\Autodesk
2011-08-02 01:38 . 2011-08-02 01:41 -------- d-----w- c:\users\claude\AppData\Roaming\Super-Cow
2011-08-01 22:01 . 2011-08-01 22:01 -------- d-----w- c:\programdata\GameHouse
2011-08-01 22:00 . 2011-08-01 22:00 -------- d-----w- c:\program files (x86)\TextTwist 2
2011-08-01 22:00 . 2011-08-01 22:00 -------- d-----w- c:\users\claude\AppData\Roaming\SpinTop
2011-07-25 21:18 . 2011-07-25 21:18 1507840 ----a-w- c:\windows\bitcoind.exe
2011-07-25 17:40 . 2011-07-25 17:40 -------- d-----w- c:\windows\ufa
2011-07-25 17:37 . 2011-07-25 17:40 246272 ----a-w- c:\windows\unrar.exe
2011-07-25 17:35 . 2011-07-25 17:35 -------- d-----w- c:\windows\av_ico
2011-07-25 17:33 . 2011-08-11 13:51 -------- d--h--w- c:\windows\update.tray-7-0
2011-07-19 14:40 . 2011-05-10 01:03 781272 ----a-w- c:\program files (x86)\Mozilla Firefox\sqlite3.dll
2011-07-19 14:39 . 2011-07-19 14:39 -------- d-----w- c:\programdata\CodecCheck
2011-07-19 14:39 . 2011-07-19 14:39 -------- d-----w- C:\codec-info
2011-07-19 14:38 . 2011-07-19 14:38 -------- d-----w- c:\programdata\Premium
2011-07-19 14:38 . 2011-07-19 14:41 -------- d-----w- c:\programdata\InstallMate
2011-07-18 15:35 . 2011-07-18 15:35 389136 ----a-w- c:\windows\SysWow64\FTBSaver.scr
2011-07-13 02:44 . 2011-06-11 02:56 3134464 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-08 14:32 . 2011-06-03 15:09 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2011-08-08 14:31 . 2011-06-03 15:09 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-08-08 14:31 . 2011-06-03 15:08 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-08-07 01:52 . 2011-06-14 17:12 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-08-04 00:03 . 2011-06-05 17:19 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2011-08-04 00:01 . 2011-06-05 17:19 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-08-03 23:49 . 2011-06-05 17:19 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-08-03 23:49 . 2011-06-03 15:08 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-08-03 21:58 . 2011-05-21 16:10 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-07-16 04:32 . 2011-08-10 14:14 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-07-04 11:43 . 2011-06-26 01:22 40112 ----a-w- c:\windows\avastSS.scr
2011-07-04 11:43 . 2011-06-26 01:22 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-07-04 11:43 . 2011-06-26 01:22 253888 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-04 11:36 . 2011-06-26 01:22 600920 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-04 11:36 . 2011-06-26 01:22 288088 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-04 11:35 . 2011-06-26 01:22 45400 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-04 11:32 . 2011-06-26 01:22 31064 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-04 11:32 . 2011-06-26 01:22 64856 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-07-04 11:32 . 2011-06-26 01:22 22360 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-07-02 17:57 . 2011-07-02 17:57 98304 ----a-w- c:\windows\SysWow64\CmdLineExt.dll
2011-06-14 16:27 . 2011-06-14 14:54 281200 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-06-14 16:27 . 2011-06-14 14:50 281200 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-06-14 16:13 . 2011-06-14 14:50 281200 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2011-06-14 14:50 . 2011-06-14 14:50 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-05-29 04:32 . 2011-06-15 21:20 80256 ----a-w- c:\windows\SysWow64\ezGOSvc.dll
2011-05-29 04:32 . 2011-06-15 21:20 718208 ----a-w- c:\windows\SysWow64\ezGOSvcApp.exe
2011-05-25 14:55 . 2011-07-10 20:26 1524112 ----a-w- c:\windows\SysWow64\bandoolmx.dll
2011-05-25 02:14 . 2011-04-01 15:52 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-05-24 11:21 . 2011-06-29 02:24 404992 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-05-24 10:34 . 2011-06-29 02:24 64512 ----a-w- c:\windows\SysWow64\devobj.dll
2011-05-24 10:34 . 2011-06-29 02:24 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
2011-05-24 10:34 . 2011-06-29 02:24 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
2011-05-24 10:32 . 2011-06-29 02:24 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FlashGet 3"="c:\program files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe" [2010-12-16 2840112]
"ooVoo.exe"="c:\program files (x86)\ooVoo\oovoo.exe" [2011-05-18 22631608]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-06-15 15141768]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\MESSEN~1\YahooMessenger.exe" [2011-06-16 6276408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-06-30 602168]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2011-04-01 273544]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2007-03-31 262144]
"Family Tree Builder Update"="c:\program files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe" [2011-07-18 225280]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-07 449584]
.
c:\users\claude\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ZooskMessenger.lnk - c:\program files (x86)\ZooskMessenger\ZooskMessenger.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-26 136176]
R3 dump_wmimmc;dump_wmimmc;c:\ijji\ENGLISH\AVA\Binaries\GameGuard\dump_wmimmc.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-08-03 1030600]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-26 136176]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-05-21 140272]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 ezGOSvc;Easybits GO Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-06-18 103992]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-06-25 92216]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-06-30 27192]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-07 366640]
S2 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [2010-04-20 315392]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\shell\AutoRun\command - F:\RunGame.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-26 01:22]
.
2011-08-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-26 01:22]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF11871.cfxxe" [X]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-05-26 6245408]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-06-18 8192]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezGOSvc
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.myheritage.com
uDefault_Search_URL = hxxp://search.searchcompletion.com/?si=10211&home=1
mStart Page = hxxp://search.myheritage.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Download all by FlashGet3 - c:\users\claude\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
IE: Download by FlashGet3 - c:\users\claude\AppData\Roaming\FlashGetBHO\GetUrl.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 65.183.0.76 65.183.0.86
TCP: Interfaces\{3BC3DEC1-070F-402A-97C4-AB102E2F1236}: NameServer = 192.168.1.1
DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} - hxxp://archives.gametap.com/static/cab_headless/GameTapWebPlayer.cab
FF - ProfilePath - c:\users\claude\AppData\Roaming\Mozilla\Firefox\Profiles\jpprcmhg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.searchqu.com/406
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=102&systemid=406&q=
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{e5a1e26f-0d1d-4307-868f-fbd9a374ab54} - (no file)
Toolbar-10 - (no file)
WebBrowser-{E5A1E26F-0D1D-4307-868F-FBD9A374AB54} - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - c:\program files\AVAST Software\Avast\ashShA64.dll
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-avast - c:\program files\AVAST Software\Avast\aswRunDll.exe
AddRemove-{CF1A69F1-4335-4322-A137-235E3AE36BB0} - c:\program files (x86)\InstallShield Installation Information\{CF1A69F1-4335-4322-A137-235E3AE36BB0}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
c:\progra~2\Bandoo\Bandoo.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files (x86)\Google\Chrome\Application\chrome.exe
c:\program files (x86)\Google\Chrome\Application\chrome.exe
c:\program files (x86)\Google\Chrome\Application\chrome.exe
c:\program files (x86)\Google\Chrome\Application\chrome.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Google\Chrome\Application\chrome.exe
.
**************************************************************************
.
Completion time: 2011-08-11 09:57:02 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-11 16:57
.
Pre-Run: 101,773,365,248 bytes free
Post-Run: 102,823,170,048 bytes free
.
- - End Of File - - 14F88EE01F0D1C9649032BF00E46F6B8

#6
RKinner

Posted 14 August 2011 - 08:55 AM

Malware Expert

Expert
13,200 posts

You may have an infected USB drive. See if this will work on win 7:

Download Flash_Disinfector.exe by sUBs
http://download.blee...Disinfector.exe
and save it to your desktop.

* Right-click Flash_Disinfector.exe and Run As Administrator and follow any prompts that may appear.
* The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
* Wait until it has finished scanning and then exit the program.
* Reboot your computer when done.

Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.

If the above doesn't work then try:
AutoRun Eater v2.5
http://download.cnet...4-10752777.html
Right-click AutoRun Eater v2.5.exe and Run As Administrator

It will stay resident and prevent USB drives from infecting your PC.

You have a file called:
c:\users\claude\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZooskMessenger.lnk
which doesn't seem to want to go away. It refers to a program:
c:\program files (x86)\ZooskMessenger\ZooskMessenger.exe which doesn't seem to be there.

I never got your Extras log so can't see if you have the program installed or not. If Zoosk is there then I would uninstall it then run Combofix again.

1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc /scannow

(SPACE after sfc. This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)

sigverif

Press Start in the new window. This will check your drivers. If you just get a few when it finishes tell me what they are. If you get a lot just look for those with newish dates (since about the time the problem started.)

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning

Then use the 'Number of events' as follows:

1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.

Please post the Output log in your next reply then repeat but select Application.

Ron

#7
the_student

Posted 03 September 2011 - 08:19 AM

New Member

Member
7 posts

ok the zoosk program is not there so that should be there and the sigverif said that everything was digital sign and notthing more

ok for the viewer the system one said
Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 03/09/2011 9:07:36 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 03/09/2011 4:01:01 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name hphotos-ash4.fbcdn.net timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 03/09/2011 3:24:02 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name isatap.cm.flowja.com timed out after none of the configured DNS servers responded.

and the application one said

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 03/09/2011 9:08:38 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 03/09/2011 3:23:32 PM
Type: Error Category: 2
Event: 2002 Source: Microsoft-Windows-EapHost
Skipping: Eap method DLL path name validation failed. Error: typeId=43, authorId=9, vendorId=0, vendorType=0

Log: 'Application' Date/Time: 03/09/2011 3:23:32 PM
Type: Error Category: 2
Event: 2002 Source: Microsoft-Windows-EapHost
Skipping: Eap method DLL path name validation failed. Error: typeId=17, authorId=9, vendorId=0, vendorType=0

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

the problem still is there

#8
RKinner

Posted 03 September 2011 - 10:06 AM

Malware Expert

Expert
13,200 posts

Since it's been a while please run OTL:

Run OTL (Vista or Win 7 => right click and Run As Administrator)

select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them. (Please make sure you include the Extras log this time.)

Looking at your event logs we have some weird stuff going on so let's see if we can figure out why. (Has this PC ever had Vista or Symantec on it?)

Copy the next line:

reg query HKLM\System\CurrentControlSet\services\RasMan\PPP\EAP /s > \junk.txt

Start, All Programs, Accessories, then right click on Command Prompt and select Run as Administrator (Continue)

right click in the Command window and select Paste or Edit then Paste and the copied line should appear. Hit Enter.

now type with an Enter after the line:

notepad \junk.txt

(Space before \ . Copy and paste the text into a reply)

Ron

#9
the_student

Posted 03 September 2011 - 10:22 PM

New Member

Member
7 posts

ok the the otl

OTL logfile created on: 9/3/2011 11:11:12 PM - Run 3
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\claude\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.93 Gb Total Physical Memory | 0.60 Gb Available Physical Memory | 31.04% Memory free
3.87 Gb Paging File | 1.31 Gb Available in Paging File | 33.79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 216.46 Gb Total Space | 90.36 Gb Free Space | 41.74% Space Free | Partition Type: NTFS
Drive D: | 16.12 Gb Total Space | 2.29 Gb Free Space | 14.19% Space Free | Partition Type: NTFS
Drive E: | 1.41 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: CLAUDE-HP | User Name: claude | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/03 05:28:25 | 001,017,912 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2011/08/04 12:25:02 | 000,074,240 | ---- | M] (Freemake) -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
PRC - [2011/08/03 16:30:03 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\claude\Downloads\OTL.exe
PRC - [2011/07/06 19:52:38 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/06/14 07:50:33 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/05/25 07:54:58 | 001,617,296 | ---- | M] (Bandoo Media Inc.) -- C:\Program Files (x86)\Bandoo\Bandoo.exe
PRC - [2011/05/18 09:25:46 | 022,631,608 | ---- | M] (ooVoo LLC) -- C:\Program Files (x86)\ooVoo\ooVoo.exe
PRC - [2010/12/15 23:12:28 | 002,840,112 | ---- | M] (Trend Media Corporation Limited) -- C:\Program Files (x86)\FlashGet Network\FlashGet 3\Flashget3.exe
PRC - [2010/06/29 19:00:08 | 000,027,192 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2010/06/29 18:58:04 | 000,602,168 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2010/06/25 13:55:34 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/05/21 01:28:36 | 000,140,272 | ---- | M] (CinemaNow, Inc.) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
PRC - [2010/05/06 19:09:06 | 000,415,638 | ---- | M] (Old McDonald's Farm) -- C:\Program Files (x86)\Autorun Eater\billy.exe
PRC - [2010/05/06 18:59:36 | 000,516,216 | ---- | M] (Old McDonald's Farm) -- C:\Program Files (x86)\Autorun Eater\oldmcdonald.exe
PRC - [2010/04/12 01:40:16 | 000,180,224 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files (x86)\PowerISO\PWRISOVM.EXE

========== Modules (SafeList) ==========

MOD - [2011/08/03 16:30:03 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\claude\Downloads\OTL.exe
MOD - [2010/11/20 04:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/08/15 13:13:32 | 000,036,160 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2011/08/03 05:49:22 | 001,030,600 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/06/18 16:26:18 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2010/04/19 18:55:18 | 000,315,392 | ---- | M] (Realtek Semiconductor Corp.) [Auto | Running] -- C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe -- (RtVOsdService)
SRV:64bit: - [2009/11/17 19:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/08/20 13:50:56 | 000,013,312 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Connectify\ConnectifyService.exe -- (Connectify)
SRV - [2011/08/15 13:18:36 | 002,027,840 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011/08/15 13:13:22 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2011/08/04 12:25:02 | 000,074,240 | ---- | M] (Freemake) [Auto | Running] -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe -- (FreemakeUtilsService)
SRV - [2011/07/29 04:58:15 | 003,542,616 | ---- | M] () [Auto | Running] -- c:\Program Files (x86)\Common Files\Akamai\netsession_win_2da1ebd.dll -- (Akamai)
SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/06/14 07:50:33 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/28 21:32:05 | 000,080,256 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\ezGOSvc.dll -- (ezGOSvc)
SRV - [2011/05/25 07:54:58 | 001,617,296 | ---- | M] (Bandoo Media Inc.) [Auto | Running] -- C:\Program Files (x86)\Bandoo\Bandoo.exe -- (Bandoo Coordinator)
SRV - [2011/04/24 15:11:00 | 004,160,376 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2010/11/20 05:21:36 | 000,351,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2010/06/29 19:00:08 | 000,027,192 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2010/06/25 13:55:34 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/05/21 01:28:36 | 000,140,272 | ---- | M] (CinemaNow, Inc.) [Auto | Running] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/07/06 19:52:42 | 000,025,912 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 02:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/08/25 19:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/06/16 13:38:08 | 000,092,160 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2010/04/22 18:17:40 | 000,318,000 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/04/13 09:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/03/22 18:57:20 | 000,347,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/02/04 20:06:00 | 001,093,152 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/06/10 14:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 14:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 14:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 13:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 13:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 13:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/01/09 16:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV - [2011/06/06 16:03:54 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2005/01/01 20:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.myheritage.com
IE - HKLM\..\URLSearchHook: {e5a1e26f-0d1d-4307-868f-fbd9a374ab54} - Reg Error: Key error. File not found

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.search...si=10211&home=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchPage =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://search.search...si=10211&home=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.myheritage.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7B CD DF 84 93 F0 CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.search...si=10211&home=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://search.search...si=10211&home=1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 172.16.30.1:8080

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.633: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.633: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.633: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.633: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\claude\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\claude\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/04/01 14:48:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\crossriderapp435@crossrider.com: C:\ProgramData\CodecCheck\firefox [2011/07/19 07:39:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmconverter@gmail.com: C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2011/08/19 07:57:06 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\ffox@bandoo.com: C:\Users\claude\AppData\Roaming\Mozilla\Firefox\Profiles/jpprcmhg.default\extensions\ffox@bandoo.com

[2011/07/10 13:26:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\claude\AppData\Roaming\Mozilla\Extensions

O1 HOSTS File: ([2011/08/11 09:46:23 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {326E768D-4182-46FD-9C16-1449A49795F4} - No CLSID value found.
O2 - BHO: (no name) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (FlashGetBHO) - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGetBHO3.dll (Trend Media Group)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Autorun Eater] C:\Program Files (x86)\Autorun Eater\oldmcdonald.exe (Old McDonald's Farm)
O4 - HKLM..\Run: [Family Tree Builder Update] C:\Program Files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe (MyHeritage)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [Connectify] C:\Program Files (x86)\Connectify\Connectify.exe (Connectify)
O4 - HKCU..\Run: [FlashGet 3] C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe (Trend Media Corporation Limited)
O4 - HKCU..\Run: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe (ooVoo LLC)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Download all by FlashGet3 - C:\Users\claude\AppData\Roaming\FlashGetBHO\GetAllUrl.htm ()
O8:64bit: - Extra context menu item: Download by FlashGet3 - C:\Users\claude\AppData\Roaming\FlashGetBHO\GetUrl.htm ()
O8 - Extra context menu item: Download all by FlashGet3 - C:\Users\claude\AppData\Roaming\FlashGetBHO\GetAllUrl.htm ()
O8 - Extra context menu item: Download by FlashGet3 - C:\Users\claude\AppData\Roaming\FlashGetBHO\GetUrl.htm ()
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files%20(x86)/Text%20Twist/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} Reg Error: Key error. (GameTap Player)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files%20(x86)/TextTwist%202/Images/armhelper.ocx (ArmHelper Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.183.0.76 65.183.0.86
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - Explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/08/02 18:42:19 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/03 18:46:51 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{90C7E4BA-8887-42E6-9F9C-2761FACAA1D8}
[2011/09/03 13:23:59 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Connectify
[2011/09/03 13:23:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Connectify
[2011/09/03 11:14:03 | 000,034,624 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe
[2011/09/03 11:13:57 | 000,036,160 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\uxtuneup.dll
[2011/09/03 11:13:57 | 000,029,504 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\uxtuneup.dll
[2011/09/03 11:13:57 | 000,025,920 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll
[2011/09/03 11:13:55 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2011/09/03 11:13:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2011
[2011/09/03 11:13:33 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Roaming\TuneUp Software
[2011/09/03 11:13:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2011
[2011/09/03 11:12:45 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2011/09/03 11:12:34 | 000,000,000 | -HSD | C] -- C:\ProgramData\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2011/09/03 08:59:45 | 000,061,440 | ---- | C] ( ) -- C:\Users\claude\Desktop\VEW.exe
[2011/09/03 06:45:25 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{5D478F37-40B7-4F7D-A309-181EB892ECD2}
[2011/09/03 06:44:56 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{31762911-89B3-455C-A77D-CDDD1B9B3B34}
[2011/09/02 22:45:22 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{C9917CC4-A0E2-4885-932B-5ECAB0A5ABAD}
[2011/09/02 18:33:14 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2011/09/02 18:31:10 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2011/09/02 18:22:44 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{E4F0BFE1-A86F-4F19-8267-3BF978567344}
[2011/09/02 18:22:25 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{3F5079A1-260F-46B5-A007-74979373D65A}
[2011/09/02 18:16:13 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive
[2011/09/02 18:16:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2011/09/02 17:18:50 | 000,000,000 | R--D | C] -- C:\Users\claude\Documents\Downloads
[2011/09/02 08:28:07 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{9634524E-0091-4C44-A6E7-D3E255B15998}
[2011/09/02 07:49:33 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{F9446E06-B76E-48B6-AAF8-1F8EDDDF0075}
[2011/09/01 19:31:06 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{0F13F19D-2381-40C1-B325-E0A415982DAD}
[2011/09/01 18:32:44 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{8A8576E6-1D75-4302-98B9-3BC95E0BAA8C}
[2011/09/01 16:04:27 | 000,000,000 | ---D | C] -- C:\Users\claude\Documents\Adobe Scripts
[2011/09/01 11:26:47 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{E5D8FB78-FA44-444E-857C-338BF505CC03}
[2011/09/01 10:56:22 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{77A8E9E9-544B-400D-B0EF-1C4B061C207E}
[2011/09/01 10:06:00 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{5B63355C-4DD2-4C81-A85D-E41E9ED3E120}
[2011/09/01 06:55:19 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{630FA7C9-6B07-4CCC-8FD1-C97687710362}
[2011/08/31 20:35:41 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{91E81B20-5756-43ED-A129-A1842C357B97}
[2011/08/30 07:16:28 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{328ADC2A-6BE6-4D9B-AAFA-2D40F8A8E4A9}
[2011/08/29 10:12:27 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{8FD7F711-CBC2-41A7-A245-BABD88A50D89}
[2011/08/29 08:17:57 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{1157E91E-4431-4AC8-ABDC-7955F3E3A819}
[2011/08/28 18:49:24 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{C5296895-8BA1-403F-810A-64F1EE60F614}
[2011/08/26 21:39:31 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{429BA241-7AF8-486C-8DCF-D8546DA83BF8}
[2011/08/26 09:39:25 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{B0BBA555-189A-46E3-8FD3-08FDB8C6EDE8}
[2011/08/25 13:48:08 | 000,000,000 | ---D | C] -- C:\Users\claude\Documents\rudy
[2011/08/25 06:00:37 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{87A69D06-50AE-4E27-A839-BF507577FFDB}
[2011/08/24 17:41:01 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{36CBB319-31A0-4467-9A71-2D8DCB8F3ACC}
[2011/08/23 17:00:25 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{F93A22C7-3B3B-4C00-A129-CAE671A2B341}
[2011/08/23 05:00:12 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{CE2D31AE-E9D4-45C3-998E-B0AAD7A6FCE1}
[2011/08/22 18:54:33 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{39075FB4-C28E-499A-8148-563CB117CB6B}
[2011/08/22 18:54:20 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{BEAD535B-05B0-47BF-A829-10D246D33F0C}
[2011/08/20 17:30:31 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{DD2FF797-BCA5-44FA-9649-59C569EA20D6}
[2011/08/20 16:20:37 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{8FB1730E-E7E1-43DA-95EA-3FA419BA9DCA}
[2011/08/20 10:29:14 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{558DCDF5-5764-4F85-A7E0-5F808012D2E2}
[2011/08/20 07:29:59 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{9AF19750-2FFE-415A-92A0-002ADA047EF8}
[2011/08/20 05:13:14 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{BC890C36-75A0-4210-B93A-7E27E713B716}
[2011/08/19 14:36:50 | 000,000,000 | ---D | C] -- C:\Users\claude\Documents\Adobe
[2011/08/19 07:57:13 | 000,000,000 | ---D | C] -- C:\Users\claude\Documents\Freemake
[2011/08/19 07:57:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
[2011/08/19 07:57:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Freemake
[2011/08/19 07:56:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Freemake
[2011/08/19 07:36:20 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Roaming\Ashampoo
[2011/08/19 07:35:21 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\ashampoo
[2011/08/19 07:35:21 | 000,000,000 | ---D | C] -- C:\ProgramData\ashampoo
[2011/08/19 07:35:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
[2011/08/19 07:35:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ashampoo
[2011/08/19 05:21:28 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{F91AAFFE-8401-486A-B971-6894E64D76DF}
[2011/08/18 16:52:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/08/18 16:52:05 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{A40F036E-BC13-4C3B-B3D6-62F5329337D4}
[2011/08/18 16:51:50 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{35B26466-18AD-4958-B0AC-FFED8AD72713}
[2011/08/18 03:51:04 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{70C9171D-79F7-497B-B52B-49AB0A726863}
[2011/08/18 03:50:51 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{6DB66E7B-7029-4A59-9F4F-3F1D10D6A4CF}
[2011/08/17 15:53:02 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{98EE7F2E-C6D3-44CF-B0C0-27AB5A87846A}
[2011/08/17 13:30:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\EasyInfo
[2011/08/17 03:52:46 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{B5560B67-BBEF-4DB2-8911-0078818D9105}
[2011/08/16 18:49:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Games
[2011/08/16 18:40:35 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{FF8AE875-E557-4A4B-A085-D49BC9EA3BB4}
[2011/08/16 17:36:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Text Twist
[2011/08/16 13:26:08 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{A55463FF-D60C-41BD-A1DB-BFD94F3CD26F}
[2011/08/16 13:25:56 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{A167442A-BE16-4511-B273-FE203A18FDEC}
[2011/08/16 11:46:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Autorun Eater
[2011/08/16 11:46:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autorun Eater
[2011/08/16 11:46:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Autorun Eater
[2011/08/15 09:18:39 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{85F341E3-1C68-4F9B-ACA6-D05B2341CCFE}
[2011/08/15 07:26:38 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Roaming\Activision
[2011/08/15 07:26:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Activision
[2011/08/15 05:44:04 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{7C1D0109-0E5F-454F-8FAF-B83FA1DE3E7B}
[2011/08/14 14:45:31 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{00F4B3E1-0D6A-40B5-918A-B5E2C338ABBE}
[2011/08/14 14:45:21 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{FEB16063-414C-4EBB-B456-0641F7C770F7}
[2011/08/14 03:01:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
[2011/08/13 12:11:57 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{D6916A89-5C55-4B88-8196-B0475C4E6387}
[2011/08/13 12:11:39 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{6A95F827-64B0-4B6A-B509-B3B7623AA23F}
[2011/08/13 11:34:05 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{E016E782-A6D0-4965-9B42-3EA534BF626D}
[2011/08/13 08:53:11 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{7299D007-9ACF-487A-AB92-805B2805FC7D}
[2011/08/13 05:40:53 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{CC0AC89C-AB66-4FC7-8E46-A0FB22F6FC21}
[2011/08/13 05:21:59 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{B49A790C-E27C-4A75-A5A9-01E9233FFE0D}
[2011/08/12 09:29:13 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{A564FA73-A945-4498-ACB2-34E4EB431DAD}
[2011/08/12 09:29:01 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{BDA133E9-8203-49FD-B04C-B5E5A42B7AA7}
[2011/08/12 07:22:08 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{F0EE78AC-8C5B-4D5D-AE1E-1DF1D4A0841F}
[2011/08/12 06:33:38 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{D368A323-0380-45C3-8465-94D18EC89217}
[2011/08/12 06:33:08 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/08/11 09:47:37 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{1D592E78-81C0-4E0F-BF8A-CB0583963B08}
[2011/08/11 09:47:20 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{6263F696-A9D7-42CC-A359-F5F82A57410E}
[2011/08/11 09:27:10 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/08/11 09:27:10 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/08/11 09:27:10 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/08/11 09:26:59 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/08/11 09:26:58 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/08/11 09:26:51 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/08/11 07:15:20 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{AC62D79F-A453-4266-820F-3506C8125793}
[2011/08/11 07:15:03 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{B1798460-17A8-4FC9-A6F1-F66A339BEF7B}
[2011/08/11 07:00:52 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Roaming\Malwarebytes
[2011/08/11 07:00:46 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/08/11 07:00:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/08/11 07:00:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/08/11 07:00:43 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/08/11 07:00:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/08/11 06:54:04 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{C3E2A9F9-6423-41E7-B382-6F2A9C7CEFA6}
[2011/08/11 06:53:49 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{771D7E43-3CFC-4D28-A232-3500D9C7872C}
[2011/08/11 06:49:56 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/08/11 06:03:08 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{B537A329-A428-45A3-BEDF-77250111F67E}
[2011/08/11 06:02:48 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{DE8AC289-9FCA-420B-B9FB-B61F7BA6E0B2}
[2011/08/10 16:58:11 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{902E2620-1500-4EB3-BD38-2A506DD2A666}
[2011/08/10 07:16:09 | 005,561,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2011/08/10 07:16:09 | 003,912,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2011/08/10 07:16:08 | 003,967,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2011/08/10 07:16:02 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll
[2011/08/10 07:16:01 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbcjt32.dll
[2011/08/10 07:16:01 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbctrac.dll
[2011/08/10 07:16:01 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbctrac.dll
[2011/08/10 07:16:01 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccp32.dll
[2011/08/10 07:16:01 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccp32.dll
[2011/08/10 07:16:01 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccu32.dll
[2011/08/10 07:16:01 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccr32.dll
[2011/08/10 07:16:01 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccu32.dll
[2011/08/10 07:16:01 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccr32.dll
[2011/08/10 07:14:24 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2011/08/10 07:14:23 | 001,162,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2011/08/10 07:14:23 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2011/08/10 07:14:22 | 000,421,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2011/08/10 07:14:22 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2011/08/10 07:14:22 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2011/08/10 07:14:22 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2011/08/10 07:14:22 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2011/08/10 07:14:22 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2011/08/10 07:14:22 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2011/08/10 07:14:21 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2011/08/10 07:14:21 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2011/08/10 07:14:21 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2011/08/10 07:14:21 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2011/08/10 07:14:21 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2011/08/10 07:14:21 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2011/08/10 07:14:21 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/08/10 07:14:21 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/08/10 07:14:21 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2011/08/10 07:14:21 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2011/08/10 07:14:21 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2011/08/10 07:14:21 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2011/08/10 07:14:21 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2011/08/10 07:14:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/08/10 07:14:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2011/08/10 07:14:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/08/10 07:14:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2011/08/10 07:14:20 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2011/08/10 07:14:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/08/10 07:14:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/08/10 07:14:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/08/10 07:14:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2011/08/10 07:14:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2011/08/10 07:14:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/08/10 07:14:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/08/10 07:14:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2011/08/10 07:14:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2011/08/10 07:14:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2011/08/10 07:14:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2011/08/10 07:14:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2011/08/10 07:14:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2011/08/10 07:14:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2011/08/10 07:14:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/08/10 07:14:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2011/08/10 07:14:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2011/08/10 07:14:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2011/08/10 07:14:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2011/08/10 07:14:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2011/08/10 07:14:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2011/08/10 07:14:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2011/08/10 07:14:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2011/08/10 07:14:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2011/08/10 07:14:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2011/08/10 07:14:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/08/10 07:14:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2011/08/10 07:14:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2011/08/10 07:14:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2011/08/10 07:14:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2011/08/10 07:14:18 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2011/08/10 07:14:18 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2011/08/10 07:14:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2011/08/10 07:14:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2011/08/10 07:14:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/08/10 07:14:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2011/08/10 07:14:17 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2011/08/10 07:14:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2011/08/10 07:14:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2011/08/10 07:14:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2011/08/10 07:14:16 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2011/08/10 07:13:42 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/08/10 07:13:41 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2011/08/10 07:13:37 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/08/10 07:13:36 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/08/10 07:13:36 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/08/10 07:13:36 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/08/10 07:13:36 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/08/10 07:13:36 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/08/10 04:55:20 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{2B689A5D-871E-445F-9BC3-153886E216CA}
[2011/08/09 21:10:25 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{E89FDCF0-A469-47BB-BA9D-7AE6E79ACE7A}
[2011/08/09 21:10:13 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{761DB808-F3C4-4C6B-8EF9-6DF3E2C3721B}
[2011/08/09 19:01:34 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{11FB2D0F-01A9-4502-B661-58941225E88E}
[2011/08/09 19:01:20 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{8DD5DA6E-7CB0-46CF-988E-6800A32B60D0}
[2011/08/09 05:06:00 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{FDEBDBC4-599B-4C34-8D83-0E4B0F530E84}
[2011/08/09 05:05:46 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{6D54DCBF-1C20-4636-A1C1-600C3399C426}
[2011/08/08 16:25:50 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{7C87F1F6-9789-4D9C-8B66-8CD46FB2DF0D}
[2011/08/08 16:23:10 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\ElevatedDiagnostics
[2011/08/08 14:58:07 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{6A8887A2-ACCE-4D01-91D0-3FCC1FF255EB}
[2011/08/08 04:20:13 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{4E686328-66E7-46F1-87E2-63EB3D0BDE0D}
[2011/08/07 12:14:12 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\NFS Underground 2
[2011/08/07 12:06:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES
[2011/08/07 11:47:59 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{AC981247-16F5-4445-8296-C4CF6AD82A55}
[2011/08/07 07:39:58 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{701B2140-B473-4A95-8EFA-8688BB561413}
[2011/08/07 07:39:42 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{0092B0A2-76CD-4DF1-89A7-D9FDA403DE72}
[2011/08/06 16:54:19 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{04B57317-12BF-43B9-A76C-667834C22ED2}
[2011/08/06 08:11:16 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{63374295-B031-4E34-AA04-5455A141F54F}
[2011/08/06 08:11:02 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{1C5D10BD-A8AB-4492-A6A3-C050C6424B86}
[2011/08/05 16:47:03 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{FE932DBA-B4BC-4CF8-ABC7-401DADEFA4E1}
[2011/08/05 10:47:29 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{F3E31072-0A93-49C7-A119-A30A0EEBE534}
[2011/08/05 10:47:19 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{F7585BAD-1BBD-45E3-8A52-211DC902397D}
[2011/08/05 07:10:12 | 000,000,000 | ---D | C] -- C:\Users\claude\Documents\MyHeritage
[2011/08/05 07:10:12 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Roaming\MyHeritage
[2011/08/05 07:10:12 | 000,000,000 | ---D | C] -- C:\ProgramData\MyHeritage
[2011/08/05 07:10:01 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyHeritage.com
[2011/08/05 07:10:00 | 000,372,736 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\ijl15.dll
[2011/08/05 07:10:00 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmapi32.ocx
[2011/08/05 07:10:00 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSSTDFMT.DLL
[2011/08/05 07:10:00 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Roaming\The Complete Genealogy Reporter - FTB
[2011/08/05 07:09:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyHeritage
[2011/08/05 06:11:21 | 000,000,000 | ---D | C] -- C:\Users\claude\AppData\Local\{1D3D881B-CD52-4901-A888-F108F4480114}

========== Files - Modified Within 30 Days ==========

[2011/09/03 22:18:02 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/03 17:18:01 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/03 14:20:27 | 000,002,340 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/09/03 13:23:59 | 000,001,031 | ---- | M] () -- C:\Users\claude\Desktop\Connectify.lnk
[2011/09/03 13:05:50 | 000,000,435 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2011/09/03 12:52:43 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/03 12:52:42 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/03 12:50:55 | 000,730,320 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/09/03 12:50:55 | 000,627,082 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/09/03 12:50:55 | 000,107,366 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/09/03 12:43:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/03 12:43:23 | 1556,287,488 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/03 11:13:51 | 000,002,209 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Click Maintenance.lnk
[2011/09/03 11:13:51 | 000,002,191 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2011.lnk
[2011/09/03 09:00:05 | 000,061,440 | ---- | M] ( ) -- C:\Users\claude\Desktop\VEW.exe
[2011/09/03 08:22:45 | 000,003,544 | ---- | M] () -- C:\bootsqm.dat
[2011/09/03 06:43:21 | 005,043,664 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/09/02 18:56:24 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msclmd.dll
[2011/09/02 18:56:22 | 000,175,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msclmd.dll
[2011/09/01 11:11:55 | 000,001,194 | ---- | M] () -- C:\Users\claude\Desktop\Adobe After Effects CS5.lnk
[2011/08/25 12:20:32 | 000,047,478 | ---- | M] () -- C:\Windows\SysWow64\secushr.dat
[2011/08/23 09:29:09 | 000,002,239 | ---- | M] () -- C:\Users\claude\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/08/19 07:35:15 | 000,001,191 | ---- | M] () -- C:\Users\Public\Desktop\Ashampoo Burning Studio 6 FREE.lnk
[2011/08/15 13:19:12 | 000,034,624 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe
[2011/08/15 13:13:38 | 000,025,920 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll
[2011/08/15 13:13:34 | 000,021,312 | ---- | M] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2011/08/15 13:13:32 | 000,036,160 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\uxtuneup.dll
[2011/08/15 13:13:22 | 000,029,504 | ---- | M] (TuneUp Software) -- C:\Windows\SysWow64\uxtuneup.dll
[2011/08/14 14:48:31 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/08/11 09:46:23 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/08/11 07:00:46 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/08 17:39:01 | 000,743,534 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/08/06 11:21:48 | 000,000,348 | ---- | M] () -- C:\Windows\MyHeritage.INI

========== Files Created - No Company Name ==========

[2011/09/03 13:23:59 | 000,001,031 | ---- | C] () -- C:\Users\claude\Desktop\Connectify.lnk
[2011/09/03 11:13:51 | 000,002,209 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Click Maintenance.lnk
[2011/09/03 11:13:51 | 000,002,191 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2011.lnk
[2011/09/03 11:13:48 | 000,002,203 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2011.lnk
[2011/09/03 08:22:45 | 000,003,544 | ---- | C] () -- C:\bootsqm.dat
[2011/09/01 11:11:55 | 000,001,194 | ---- | C] () -- C:\Users\claude\Desktop\Adobe After Effects CS5.lnk
[2011/09/01 11:10:38 | 000,001,194 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe After Effects CS5.lnk
[2011/09/01 11:10:05 | 000,001,261 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mocha for After Effects CS5.lnk
[2011/08/19 07:35:15 | 000,001,191 | ---- | C] () -- C:\Users\Public\Desktop\Ashampoo Burning Studio 6 FREE.lnk
[2011/08/14 14:48:31 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/08/14 14:48:31 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/08/11 09:27:10 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/08/11 09:27:10 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/08/11 09:27:10 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/08/11 09:27:10 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/08/11 09:27:10 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/08/11 07:00:46 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/08 17:39:01 | 000,743,534 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/08/05 07:11:57 | 000,000,348 | ---- | C] () -- C:\Windows\MyHeritage.INI
[2011/08/05 07:10:00 | 000,454,656 | ---- | C] () -- C:\Windows\SysWow64\PaintX.dll
[2011/07/25 14:18:49 | 001,507,840 | ---- | C] () -- C:\Windows\bitcoind.exe
[2011/07/25 10:37:52 | 000,246,272 | ---- | C] () -- C:\Windows\unrar.exe
[2011/07/10 13:26:58 | 001,524,112 | ---- | C] () -- C:\Windows\SysWow64\bandoolmx.dll
[2011/06/15 14:20:38 | 000,080,256 | ---- | C] () -- C:\Windows\SysWow64\ezGOSvc.dll
[2011/06/14 07:50:36 | 000,281,200 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/06/14 07:50:33 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/04/18 19:02:29 | 000,000,016 | ---- | C] () -- C:\Windows\SysWow64\PCProxyOff.ini
[2011/04/18 19:01:54 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\VistaInfo32.dll
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/04/01 10:22:39 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/04/01 10:13:28 | 000,000,188 | ---- | C] () -- C:\Windows\SysWow64\HPWA.ini
[2011/04/01 10:09:07 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2011/04/01 10:05:41 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2011/04/01 10:05:41 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2011/04/01 10:05:41 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2011/04/01 10:05:41 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2011/04/01 10:05:40 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2011/04/01 10:05:24 | 000,000,282 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini
[2011/04/01 10:05:24 | 000,000,223 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini
[2011/04/01 09:39:25 | 000,047,478 | ---- | C] () -- C:\Windows\SysWow64\secushr.dat
[2011/04/01 09:20:50 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI
[2009/07/13 22:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 19:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 19:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 17:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:59:36 | 001,498,564 | ---- | C] () -- C:\Windows\SysWow64\igkrng400.bin
[2009/07/13 14:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\Temp:E49FC3A5
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:60839224
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:E13861A5
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:43283EB6
@Alternate Data Stream - 106 bytes -> C:\ProgramData\Temp:AD4FECAB
@Alternate Data Stream - 106 bytes -> C:\ProgramData\Temp:036B992F

< End of report >

the extra log

OTL Extras logfile created on: 9/3/2011 11:11:12 PM - Run 3
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\claude\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.93 Gb Total Physical Memory | 0.60 Gb Available Physical Memory | 31.04% Memory free
3.87 Gb Paging File | 1.31 Gb Available in Paging File | 33.79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 216.46 Gb Total Space | 90.36 Gb Free Space | 41.74% Space Free | Partition Type: NTFS
Drive D: | 16.12 Gb Total Space | 2.29 Gb Free Space | 14.19% Space Free | Partition Type: NTFS
Drive E: | 1.41 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: CLAUDE-HP | User Name: claude | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\SysWow64\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
.scr [@ = AutoCADScriptFile] -- C:\Windows\SysWow64\notepad.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %* File not found
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallOverride" = 1
"DisableThumbnailCache" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3 -- (Trend Media Corporation Limited)
"C:\Users\claude\Downloads\Flash-Player.exe" = C:\Users\claude\Downloads\Flash-Player.exe:*:Enabled:C:\Users\claude\Downloads\Flash-Player.exe
"C:\Windows\update.1\svchost.exe" = C:\Windows\update.1\svchost.exe:*:Enabled:C:\Windows\update.1\svchost.exe
"C:\Windows\services32.exe" = C:\Windows\services32.exe:*:Enabled:C:\Windows\services32.exe
"C:\Windows\update.2\svchost.exe" = C:\Windows\update.2\svchost.exe:*:Enabled:C:\Windows\update.2\svchost.exe
"C:\Windows\update.3\svchost.exe" = C:\Windows\update.3\svchost.exe:*:Enabled:C:\Windows\update.3\svchost.exe
"C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3 -- (Trend Media Corporation Limited)
"C:\Users\claude\Downloads\Flash-Player.exe" = C:\Users\claude\Downloads\Flash-Player.exe:*:Enabled:C:\Users\claude\Downloads\Flash-Player.exe
"C:\Windows\update.1\svchost.exe" = C:\Windows\update.1\svchost.exe:*:Enabled:C:\Windows\update.1\svchost.exe
"C:\Windows\services32.exe" = C:\Windows\services32.exe:*:Enabled:C:\Windows\services32.exe
"C:\Windows\update.2\svchost.exe" = C:\Windows\update.2\svchost.exe:*:Enabled:C:\Windows\update.2\svchost.exe
"C:\Windows\update.3\svchost.exe" = C:\Windows\update.3\svchost.exe:*:Enabled:C:\Windows\update.3\svchost.exe

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{5783F2D7-8001-0409-0102-0060B0CE6BBA}" = AutoCAD 2010 - English
"{5783F2D7-8001-0409-1102-0060B0CE6BBA}" = AutoCAD 2010 Language Pack - English
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{B5FC1E1B-E70D-45F1-8E40-A3C30698B323}" = HP Wireless Assistant
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F3D7AC17-1FF4-41A8-BB18-3FC39C65AEB9}" = RtVOsd
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AutoCAD 2010 - English" = AutoCAD 2010 - English
"Connectify" = Connectify
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = Roxio CinemaNow 2.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{23BE4DF2-293D-4077-82F4-1FD8C269277C}" = TuneUp Utilities Language Pack (en-US)
"{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 26
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C122441-1861-4CD7-B1C5-A163A6984E12}" = CinemaNow Media Manager
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84A78614-0E4B-4A4E-BA8C-2B0A05A08E4E}" = BlackBerry Desktop Software 6.0.1
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}" = iLivid
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MediaSmart CinemaNow 2.0
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}" = REACTOR
"{901F0D4C-009D-1112-8DE4-03599E7B0C5C}" = REALTEK Wireless LAN Software
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Click to Call with Skype
"{CDF29D6C-AA05-49F9-A55A-89C2F8F4F46E}" = Quantum of Solace™
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF1A69F1-4335-4322-A137-235E3AE36BB0}" = HP Support Assistant
"{CFC9F871-7C40-40B6-BE4A-B98A5B309716}" = Adobe Flash Professional CS5
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D7BF3B76-EEF9-4868-9B2B-42ABF60B279A}" = Microsoft_VC80_CRT_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA1B174B-4297-467C-9EF8-0AB8D4D5171E}" = Adobe After Effects CS5
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E05DB9F9-C8E7-45F2-BE9E-76D4C447CE9B}" = HP Software Framework
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E342D296-DB9D-4FC7-ACB0-39926C0BFA16}" = HP Quick Launch
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Akamai" = Akamai NetSession Interface
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE v.6.80
"Autorun Eater_is1" = Autorun Eater v2.5
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.0.1
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"conduitEngine" = Conduit Engine
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"Family Tree Builder" = MyHeritage Family Tree Builder
"FlashGet 3.7" = FlashGet 3.7
"Freemake Video Converter_is1" = Freemake Video Converter version 2.3.3
"Google Chrome" = Google Chrome
"iLivid" = iLivid
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{CDF29D6C-AA05-49F9-A55A-89C2F8F4F46E}" = Quantum of Solace™
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Notepad++" = Notepad++
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"ooVoo_Video_Chat Toolbar" = ooVoo Video Chat Toolbar
"PowerISO" = PowerISO
"RealPlayer 12.0" = RealPlayer
"Searchqu 406 MediaBar" = Windows iLivid Toolbar
"Text Twist 2 1.00" = Text Twist 2 1.00
"TuneUp Utilities 2011" = TuneUp Utilities 2011
"WinLiveSuite" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/3/2011 3:43:42 PM | Computer Name = claude-HP | Source = Microsoft-Windows-EapHost | ID = 2002
Description = Skipping: Eap method DLL path name validation failed. Error: typeId=43,
authorId=9, vendorId=0, vendorType=0

Error - 9/3/2011 4:01:23 PM | Computer Name = claude-HP | Source = Microsoft-Windows-EapHost | ID = 2002
Description = Skipping: Eap method DLL path validation failed. Error: typeId=17,
authorId=9, vendorId=0, vendorType=0

Error - 9/3/2011 4:01:23 PM | Computer Name = claude-HP | Source = Microsoft-Windows-EapHost | ID = 2002
Description = Skipping: Eap method DLL path validation failed. Error: typeId=43,
authorId=9, vendorId=0, vendorType=0

Error - 9/3/2011 4:01:29 PM | Computer Name = claude-HP | Source = Microsoft-Windows-EapHost | ID = 2002
Description = Skipping: Eap method DLL path validation failed. Error: typeId=17,
authorId=9, vendorId=0, vendorType=0

Error - 9/3/2011 4:01:29 PM | Computer Name = claude-HP | Source = Microsoft-Windows-EapHost | ID = 2002
Description = Skipping: Eap method DLL path validation failed. Error: typeId=43,
authorId=9, vendorId=0, vendorType=0

Error - 9/3/2011 4:01:29 PM | Computer Name = claude-HP | Source = Microsoft-Windows-EapHost | ID = 2002
Description = Skipping: Eap method DLL path validation failed. Error: typeId=17,
authorId=9, vendorId=0, vendorType=0

Error - 9/3/2011 4:01:29 PM | Computer Name = claude-HP | Source = Microsoft-Windows-EapHost | ID = 2002
Description = Skipping: Eap method DLL path validation failed. Error: typeId=43,
authorId=9, vendorId=0, vendorType=0

Error - 9/3/2011 4:24:34 PM | Computer Name = claude-HP | Source = ConnectifySvc | ID = 0
Description =

Error - 9/3/2011 9:06:08 PM | Computer Name = claude-HP | Source = Application Hang | ID = 1002
Description = The program chrome.exe version 0.0.0.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 1220 Start Time:
01cc6a90b071b16f Termination Time: 141 Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Report
Id: 04d5e3c9-d692-11e0-bfcd-60eb6903f40a

Error - 9/3/2011 10:01:59 PM | Computer Name = claude-HP | Source = Application Error | ID = 1000
Description = Faulting application name: Adobe QT32 Server.exe, version: 0.0.0.0,
time stamp: 0x4bb2f299 Faulting module name: QuickTime.qts_unloaded, version: 0.0.0.0,
time stamp: 0x4cf4536a Exception code: 0xc0000005 Fault offset: 0x6338bb89 Faulting
process id: 0x17b8 Faulting application start time: 0x01cc6aa69f07c98c Faulting application
path: C:\Program Files\Adobe\Adobe After Effects CS5\Support Files\32\Adobe QT32
Server.exe Faulting module path: QuickTime.qts Report Id: df4bc94c-d699-11e0-bfcd-60eb6903f40a

[ Hewlett-Packard Events ]
Error - 4/7/2011 10:00:26 PM | Computer Name = claude-HP | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find a part of the path 'C:\ProgramData\Hewlett-Packard\HP
Support Framework\Logs\Temp\HPSA\HPSASession_201104071900.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at
System.IO.StreamWriter.CreateFile(String path, Boolean append) at System.IO.StreamWriter..ctor(String
path, Boolean append, Encoding encoding, Int32 bufferSize) at System.IO.StreamWriter..ctor(String
path, Boolean append, Encoding encoding) at System.IO.File.WriteAllText(String
path, String contents, Encoding encoding) at HP.ActiveSupportLibrary.Issues.HPSFSession.closeSaveSession()

Error - 4/14/2011 4:37:36 PM | Computer Name = claude-HP | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find a part of the path 'C:\ProgramData\Hewlett-Packard\HP
Support Framework\Logs\Temp\HPSA\HPSASession_201104141337.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at
System.IO.StreamWriter.CreateFile(String path, Boolean append) at System.IO.StreamWriter..ctor(String
path, Boolean append, Encoding encoding, Int32 bufferSize) at System.IO.StreamWriter..ctor(String
path, Boolean append, Encoding encoding) at System.IO.File.WriteAllText(String
path, String contents, Encoding encoding) at HP.ActiveSupportLibrary.Issues.HPSFSession.closeSaveSession()

Error - 4/21/2011 6:09:03 PM | Computer Name = claude-HP | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find a part of the path 'C:\ProgramData\Hewlett-Packard\HP
Support Framework\Logs\Temp\HPSA\HPSASession_201104211509.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at
System.IO.StreamWriter.CreateFile(String path, Boolean append) at System.IO.StreamWriter..ctor(String
path, Boolean append, Encoding encoding, Int32 bufferSize) at System.IO.StreamWriter..ctor(String
path, Boolean append, Encoding encoding) at System.IO.File.WriteAllText(String
path, String contents, Encoding encoding) at HP.ActiveSupportLibrary.Issues.HPSFSession.closeSaveSession()

Error - 4/28/2011 4:17:01 PM | Computer Name = claude-HP | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find a part of the path 'C:\ProgramData\Hewlett-Packard\HP
Support Framework\Logs\Temp\HPSA\HPSASession_201104281317.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at
System.IO.StreamWriter.CreateFile(String path, Boolean append) at System.IO.StreamWriter..ctor(String
path, Boolean append, Encoding encoding, Int32 bufferSize) at System.IO.StreamWriter..ctor(String
path, Boolean append, Encoding encoding) at System.IO.File.WriteAllText(String
path, String contents, Encoding encoding) at HP.ActiveSupportLibrary.Issues.HPSFSession.closeSaveSession()

Error - 5/5/2011 8:09:47 PM | Computer Name = claude-HP | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find a part of the path 'C:\ProgramData\Hewlett-Packard\HP
Support Framework\Logs\Temp\HPSA\HPSASession_201105051709.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at
System.IO.StreamWriter.CreateFile(String path, Boolean append) at System.IO.StreamWriter..ctor(String
path, Boolean append, Encoding encoding, Int32 bufferSize) at System.IO.StreamWriter..ctor(String
path, Boolean append, Encoding encoding) at System.IO.File.WriteAllText(String
path, String contents, Encoding encoding) at HP.ActiveSupportLibrary.Issues.HPSFSession.closeSaveSession()

Error - 5/12/2011 6:08:09 PM | Computer Name = claude-HP | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find a part of the path 'C:\ProgramData\Hewlett-Packard\HP
Support Framework\Logs\Temp\HPSA\HPSASession_201105121508.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at
System.IO.StreamWriter.CreateFile(String path, Boolean append) at System.IO.StreamWriter..ctor(String
path, Boolean append, Encoding encoding, Int32 bufferSize) at System.IO.StreamWriter..ctor(String
path, Boolean append, Encoding encoding) at System.IO.File.WriteAllText(String
path, String contents, Encoding encoding) at HP.ActiveSupportLibrary.Issues.HPSFSession.closeSaveSession()

Error - 5/19/2011 4:54:22 PM | Computer Name = claude-HP | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find a part of the path 'C:\ProgramData\Hewlett-Packard\HP
Support Framework\Logs\Temp\HPSA\HPSASession_201105191354.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at
System.IO.StreamWriter.CreateFile(String path, Boolean append) at System.IO.StreamWriter..ctor(String
path, Boolean append, Encoding encoding, Int32 bufferSize) at System.IO.StreamWriter..ctor(String
path, Boolean append, Encoding encoding) at System.IO.File.WriteAllText(String
path, String contents, Encoding encoding) at HP.ActiveSupportLibrary.Issues.HPSFSession.closeSaveSession()

Error - 5/26/2011 4:13:04 PM | Computer Name = claude-HP | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\051126011247.xml
File not created by asset agent

Error - 5/26/2011 4:36:45 PM | Computer Name = claude-HP | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find a part of the path 'C:\ProgramData\Hewlett-Packard\HP
Support Framework\Logs\Temp\HPSA\HPSASession_201105261336.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at
System.IO.StreamWriter.CreateFile(String path, Boolean append) at System.IO.StreamWriter..ctor(String
path, Boolean append, Encoding encoding, Int32 bufferSize) at System.IO.StreamWriter..ctor(String
path, Boolean append, Encoding encoding) at System.IO.File.WriteAllText(String
path, String contents, Encoding encoding) at HP.ActiveSupportLibrary.Issues.HPSFSession.closeSaveSession()

Error - 6/2/2011 4:58:43 PM | Computer Name = claude-HP | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find a part of the path 'C:\ProgramData\Hewlett-Packard\HP
Support Framework\Logs\Temp\HPSA\HPSASession_201106021358.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at
System.IO.StreamWriter.CreateFile(String path, Boolean append) at System.IO.StreamWriter..ctor(String
path, Boolean append, Encoding encoding, Int32 bufferSize) at System.IO.StreamWriter..ctor(String
path, Boolean append, Encoding encoding) at System.IO.File.WriteAllText(String
path, String contents, Encoding encoding) at HP.ActiveSupportLibrary.Issues.HPSFSession.closeSaveSession()

[ HP Wireless Assistant Events ]
Error - 4/1/2011 4:29:00 PM | Computer Name = claude-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 4/1/2011 4:30:06 PM | Computer Name = claude-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 4/1/2011 4:31:11 PM | Computer Name = claude-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 4/1/2011 4:32:16 PM | Computer Name = claude-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 4/1/2011 4:33:21 PM | Computer Name = claude-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 4/1/2011 4:34:26 PM | Computer Name = claude-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 4/1/2011 4:35:31 PM | Computer Name = claude-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 4/1/2011 4:36:37 PM | Computer Name = claude-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 4/1/2011 4:37:42 PM | Computer Name = claude-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 4/16/2011 8:56:55 AM | Computer Name = claude-HP | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

[ Media Center Events ]
Error - 8/22/2011 8:28:15 AM | Computer Name = claude-HP | Source = MCUpdate | ID = 0
Description = 5:28:14 AM - Error connecting to the internet. 5:28:14 AM - Unable
to contact server..

Error - 8/22/2011 8:28:35 AM | Computer Name = claude-HP | Source = MCUpdate | ID = 0
Description = 5:28:20 AM - Error connecting to the internet. 5:28:20 AM - Unable
to contact server..

Error - 8/24/2011 8:25:07 AM | Computer Name = claude-HP | Source = MCUpdate | ID = 0
Description = 5:20:39 AM - Error connecting to the internet. 5:20:40 AM - Unable
to contact server..

Error - 8/24/2011 8:40:50 AM | Computer Name = claude-HP | Source = MCUpdate | ID = 0
Description = 5:25:13 AM - Error connecting to the internet. 5:25:13 AM - Unable
to contact server..

Error - 8/24/2011 9:44:32 AM | Computer Name = claude-HP | Source = MCUpdate | ID = 0
Description = 6:43:51 AM - Error connecting to the internet. 6:44:01 AM - Unable
to contact server..

Error - 8/24/2011 9:49:17 AM | Computer Name = claude-HP | Source = MCUpdate | ID = 0
Description = 6:44:45 AM - Error connecting to the internet. 6:44:45 AM - Unable
to contact server..

Error - 8/24/2011 10:51:01 AM | Computer Name = claude-HP | Source = MCUpdate | ID = 0
Description = 7:50:25 AM - Error connecting to the internet. 7:50:35 AM - Unable
to contact server..

Error - 8/24/2011 11:26:32 AM | Computer Name = claude-HP | Source = MCUpdate | ID = 0
Description = 7:51:12 AM - Error connecting to the internet. 7:51:12 AM - Unable
to contact server..

Error - 8/24/2011 12:48:42 PM | Computer Name = claude-HP | Source = MCUpdate | ID = 0
Description = 9:38:46 AM - Error connecting to the internet. 9:38:47 AM - Unable
to contact server..

Error - 8/24/2011 1:00:45 PM | Computer Name = claude-HP | Source = MCUpdate | ID = 0
Description = 9:59:12 AM - Error connecting to the internet. 9:59:12 AM - Unable
to contact server..

[ System Events ]
Error - 9/3/2011 2:23:02 PM | Computer Name = claude-HP | Source = ipnathlp | ID = 30005
Description =

Error - 9/3/2011 2:23:02 PM | Computer Name = claude-HP | Source = ipnathlp | ID = 30009
Description =

Error - 9/3/2011 2:24:07 PM | Computer Name = claude-HP | Source = ipnathlp | ID = 34001
Description =

Error - 9/3/2011 2:26:18 PM | Computer Name = claude-HP | Source = ipnathlp | ID = 34001
Description =

Error - 9/3/2011 2:29:32 PM | Computer Name = claude-HP | Source = ipnathlp | ID = 34001
Description =

Error - 9/3/2011 2:30:39 PM | Computer Name = claude-HP | Source = ipnathlp | ID = 34001
Description =

Error - 9/3/2011 2:31:25 PM | Computer Name = claude-HP | Source = ipnathlp | ID = 30005
Description =

Error - 9/3/2011 11:00:47 PM | Computer Name = claude-HP | Source = ipnathlp | ID = 31004
Description =

Error - 9/3/2011 11:24:42 PM | Computer Name = claude-HP | Source = ipnathlp | ID = 31004
Description =

Error - 9/3/2011 11:25:30 PM | Computer Name = claude-HP | Source = ipnathlp | ID = 31004
Description =

< End of report >

and the junk text

HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\RasMan\PPP\EAP
Path REG_EXPAND_SZ %SystemRoot%\System32\rasppp.dll

HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\RasMan\PPP\EAP\13
(Default) REG_SZ Microsoft
FriendlyName REG_SZ @%SystemRoot%\system32\rastls.dll,-2001
Path REG_EXPAND_SZ %SystemRoot%\System32\rastls.dll
ConfigCLSID REG_SZ {58AB2366-D597-11d1-B90E-00C04FC9B263}
ConfigUiPath REG_EXPAND_SZ %SystemRoot%\System32\rastls.dll
IdentityPath REG_EXPAND_SZ %SystemRoot%\System32\rastls.dll
InteractiveUIPath REG_EXPAND_SZ %SystemRoot%\System32\rastls.dll
InvokePasswordDialog REG_DWORD 0x0
InvokeUsernameDialog REG_DWORD 0x0
MPPEEncryptionSupported REG_DWORD 0x1
NoRootRevocationCheck REG_DWORD 0x1
PerPolicyConfig REG_DWORD 0x1
Properties REG_DWORD 0x1328d8af
RolesSupported REG_DWORD 0x3
StandaloneSupported REG_DWORD 0x0

HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\RasMan\PPP\EAP\25
(Default) REG_SZ Microsoft
FriendlyName REG_SZ @%SystemRoot%\system32\rastls.dll,-2002
Path REG_EXPAND_SZ %SystemRoot%\System32\rastls.dll
ConfigCLSID REG_SZ {58AB2366-D597-11d1-B90E-00C04FC9B263}
ConfigUiPath REG_EXPAND_SZ %SystemRoot%\System32\rastls.dll
IdentityPath REG_EXPAND_SZ %SystemRoot%\System32\rastls.dll
InteractiveUIPath REG_EXPAND_SZ %SystemRoot%\System32\rastls.dll
InvokePasswordDialog REG_DWORD 0x0
InvokeUsernameDialog REG_DWORD 0x0
MPPEEncryptionSupported REG_DWORD 0x1
NoRootRevocationCheck REG_DWORD 0x1
PerPolicyConfig REG_DWORD 0x1
Properties REG_DWORD 0x173ef8bf
RolesSupported REG_DWORD 0x23
StandaloneSupported REG_DWORD 0x1

HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\RasMan\PPP\EAP\26
(Default) REG_SZ Microsoft
FriendlyName REG_SZ @%SystemRoot%\system32\raschap.dll,-2002
Path REG_EXPAND_SZ %SystemRoot%\System32\raschap.dll
ConfigCLSID REG_SZ {2af6bcaa-f526-4803-aeb8-5777ce386647}
ConfigUiPath REG_EXPAND_SZ %SystemRoot%\System32\raschap.dll
IdentityPath REG_EXPAND_SZ %SystemRoot%\System32\raschap.dll
InteractiveUIPath REG_EXPAND_SZ %SystemRoot%\System32\raschap.dll
InvokePasswordDialog REG_DWORD 0x0
InvokeUsernameDialog REG_DWORD 0x0
MPPEEncryptionSupported REG_DWORD 0x1
PerPolicyConfig REG_DWORD 0x1
Properties REG_DWORD 0x32c406e
RolesSupported REG_DWORD 0x17
StandaloneSupported REG_DWORD 0x1

#10
RKinner

Posted 04 September 2011 - 01:16 PM

Malware Expert

Expert
13,200 posts

Can you attach a screen shot of the bad image popup?

http://graphicssoft....nscreenshot.htm explains how. Save the file as a .jpg or the forum won't allow it.

Ron

#11
the_student

Posted 04 September 2011 - 08:55 PM

New Member

Member
7 posts

there are more but they all look the same

Attached Thumbnails

#12
RKinner

Posted 05 September 2011 - 01:16 AM

Malware Expert

Expert
13,200 posts

Start, All Programs, Accessories then right click on Command Prompt and select Run As Administrator. Then type (with an Enter after the line)

msconfig

click on the Startup tab then find AdobeCS5ServiceManager and Uncheck it. Now find HP Quick Launch and uncheck it. find SwitchBoard or C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe APPLY. Now go to the Services tab and see if you can find switchboard or C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe. Apply. Reboot.

msconfig will come up just cancel it. Did you get bad image errors again? The same number as before or fewer?

Ron

#13
the_student

Posted 05 September 2011 - 10:28 PM

New Member

Member
7 posts

i got fewer than before only one is left to be more specific

#14
RKinner

Posted 05 September 2011 - 11:35 PM

Malware Expert

Expert
13,200 posts

We are on the right track then. Just need to find the last one. Eun msconfig as before and uncheck all of the Startup entries then Apply and reboot. Do you get any bad image errors? IF not it was one of those you unchecked. Go back in and check about half of those you just unchecked. (Don't check the HP and Adobe entries that we have already identified as bad.) Keep doing that until you identify and uncheck the ones that cause the problem. If unchecking the startup entries doesn't do it then go to the Services, check Hide Microsoft Services and then start unchecking the remaining.

Once you identify the culprits then uninstall them (best to check them in MSconfig before you uninstall them so the uninstaller can find all the pieces.) If you really need them then try reinstalling them.

Ron

Back to Virus, Spyware, Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Security Operating Systems Hardware Software Development Community Discussion

View New Content

Virus, Spyware, Malware Removal "cvtres.exe - Bad Image" pop-up Started by abyang4 , 29 Mar 2014 virus, cvtres.exe	8 replies 620 views	zep516 03 Apr 2014
Windows XP™, 2000, 2003, NT STOP: c0000221 Bad Image Checksum Started by skhill62 , 23 Feb 2014 1 2 3 4	Hot 56 replies 1,491 views	phillpower2 14 Mar 2014
Linux Have I burned the Linux file or the image? Started by Plutox , 16 Apr 2014	12 replies 364 views	Trevorever 18 Apr 2014
Computer Won't Boot - Malware Related Windows 7 Blue screen - can't restore Image Started by Kova , 25 Apr 2014 blue screen, malware and 1 more...	Hot 14 replies 788 views	emeraldnzl 01 May 2014
Windows Vista™ and Windows 7™ LogonUI.exe - Bad Image Started by David747 , 01 Jul 2014	3 replies 158 views	donetao 02 Jul 2014

bad image pop up

#1
the_student

Posted 03 August 2011 - 05:36 PM

Similar Topics: bad image pop up x

Virus, Spyware, Malware Removal "cvtres.exe - Bad Image" pop-up

Windows XP™, 2000, 2003, NT STOP: c0000221 Bad Image Checksum

Linux Have I burned the Linux file or the image?

Computer Won't Boot - Malware Related Windows 7 Blue screen - can't restore Image

Windows Vista™ and Windows 7™ LogonUI.exe - Bad Image

#2
RKinner

Posted 04 August 2011 - 11:35 AM

#3
the_student

Posted 12 August 2011 - 10:47 AM

#4
RKinner

Posted 12 August 2011 - 11:37 AM

#5
the_student

Posted 13 August 2011 - 01:16 PM

#6
RKinner

Posted 14 August 2011 - 08:55 AM

#7
the_student

Posted 03 September 2011 - 08:19 AM

#8
RKinner

Posted 03 September 2011 - 10:06 AM

#9
the_student

Posted 03 September 2011 - 10:22 PM

#10
RKinner

Posted 04 September 2011 - 01:16 PM