Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Fake Flash Updater Trojan In My Son's Computer

Started by Big-Red , Aug 20 2011 12:40 PM

  • This topic is locked This topic is locked

#1
Big-Red
Posted 20 August 2011 - 12:40 PM

Big-Red

    New Member

  • Member
  • Pip
  • 8 posts
My son's computer has gotten infected with a Trojan yesterday. He was looking at his Facebook and was prompted to look at a You-Tube video, when he tried to look at the video he got a message to update his Adobe Flash. Instead of going to the Adobe site, he clicked on the update link. His Norton 360 has now been removed and all attempt's to re-install Norton fails. When I try to re-install the Norton 360, it hangs up on the install, then reboots the computer. The computer re-boots in safe mode but only stays there for about 30 seconds then automatically re-boots back to normal mode. I tried to boot directly to safe mode using the F8 key but again, it only stays there for about 30 seconds and proceeds to re-boot. I went to the Norton community and had a look around. I found the exact same Trojan listed there by another user, I copied the link to his description, he shows a couple of pictures that match the ones found on my son's computer.

Here is that link: http://community.nor...p/515190#M52999

Norton has told me to contact one of 4 on their list of malware professionals. You are the first ones that I have contacted. I have run the Old Timer scan that you have and have a text on the note pad of it. Please let me know if you can help me remove this from my son's computer.
Thanks

OTL logfile created on: 20/08/2011 12:15:13 PM - Run 1
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Users\Pierre\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

7.96 Gb Total Physical Memory | 6.09 Gb Available Physical Memory | 76.55% Memory free
15.92 Gb Paging File | 13.90 Gb Available in Paging File | 87.32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 920.04 Gb Total Space | 284.92 Gb Free Space | 30.97% Space Free | Partition Type: NTFS
Drive D: | 11.38 Gb Total Space | 1.59 Gb Free Space | 13.98% Space Free | Partition Type: NTFS
Drive E: | 931.50 Gb Total Space | 0.02 Gb Free Space | 0.00% Space Free | Partition Type: NTFS
Drive L: | 1.86 Gb Total Space | 1.28 Gb Free Space | 68.91% Space Free | Partition Type: FAT32

Computer Name: PIERRE-PC | User Name: Pierre | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/20 12:10:29 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Pierre\Downloads\OTL.exe
PRC - [2011/08/19 21:40:44 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\firefox.exe
PRC - [2011/08/19 21:40:44 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\plugin-container.exe
PRC - [2011/08/19 21:37:54 | 000,632,832 | ---- | M] () -- C:\Windows\update.2\svchost.exe
PRC - [2011/08/19 21:37:54 | 000,632,832 | ---- | M] () -- C:\Windows\update.2\svchost.exe
PRC - [2011/08/19 21:37:54 | 000,632,832 | ---- | M] () -- C:\Windows\update.2\svchost.exe
PRC - [2011/08/19 21:36:31 | 000,382,464 | ---- | M] () -- C:\Windows\update.7.1\svchostdriver.exe
PRC - [2011/08/19 21:18:24 | 001,215,488 | -H-- | M] () -- C:\Windows\update.tray-10-0\svchost.exe
PRC - [2011/08/19 21:18:24 | 001,215,488 | -H-- | M] () -- C:\Windows\update.1\svchost.exe
PRC - [2011/08/19 21:18:24 | 001,215,488 | -H-- | M] () -- C:\Windows\update.1\svchost.exe
PRC - [2011/08/07 21:18:44 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/05/25 14:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Users\Pierre\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011/04/03 09:36:26 | 000,032,849 | ---- | M] (MyWebSearch.com) -- C:\Program Files (x86)\MyWebSearch\bar\3.bin\MWSOEMON.EXE
PRC - [2011/04/03 09:36:26 | 000,028,762 | ---- | M] (MyWebSearch.com) -- C:\Program Files (x86)\MyWebSearch\bar\3.bin\MWSSVC.EXE
PRC - [2011/01/20 03:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2010/11/30 11:08:30 | 002,222,376 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2010/10/14 18:27:38 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/09/14 13:47:24 | 000,716,024 | ---- | M] (Tunngle.net GmbH) -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe
PRC - [2010/04/03 16:59:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/03/10 02:10:38 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe
PRC - [2009/10/02 15:26:12 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009/10/02 15:26:10 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/08/24 20:11:15 | 000,656,896 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
PRC - [2008/11/20 12:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
PRC - [2007/05/11 18:30:04 | 000,109,344 | ---- | M] (Logitech Inc.) -- c:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
PRC - [2007/05/11 18:26:38 | 000,780,312 | ---- | M] () -- C:\Program Files (x86)\Logitech\QuickCam10\QuickCam10.exe
PRC - [2007/05/11 18:25:40 | 000,505,368 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
PRC - [2007/05/11 18:25:18 | 000,232,472 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe


========== Modules (No Company Name) ==========

MOD - [2011/08/19 21:40:44 | 001,846,232 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\mozjs.dll
MOD - [2011/08/19 21:18:24 | 001,215,488 | -H-- | M] () -- C:\Windows\update.tray-10-0\svchost.exe
MOD - [2011/08/11 11:43:51 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6e9a08576157b4aeb91a3aaa452fcb00\System.Management.ni.dll
MOD - [2011/08/11 11:38:02 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7f94f6b13f92f1e093716d3e15bf86d1\PresentationFramework.Aero.ni.dll
MOD - [2011/08/11 11:37:50 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\e3e3b399b69c569ab1ed3b0ace2c8c20\System.Runtime.Remoting.ni.dll
MOD - [2011/08/11 11:37:48 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\b7d1c271ec6b4df64c95563fc81ffc2f\System.Data.ni.dll
MOD - [2011/08/11 11:37:42 | 014,339,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c60906a715473ceccf93f0559527e84d\PresentationFramework.ni.dll
MOD - [2011/08/11 11:37:32 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\0d43c5e77ee7b8466700b16d7e7d4bb7\System.Windows.Forms.ni.dll
MOD - [2011/08/11 11:37:27 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\9e87dd8fe5d0f925d80a6a6eaf74fdb9\System.Drawing.ni.dll
MOD - [2011/08/11 11:37:26 | 000,185,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\8b3b6ed74cb3d94695b0eaf94a362d42\UIAutomationTypes.ni.dll
MOD - [2011/08/11 11:37:25 | 012,234,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\5566b57732d9edea236f54d06149835a\PresentationCore.ni.dll
MOD - [2011/08/11 11:37:18 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\6124dbbfd45927c4a6226d6e6bca6253\WindowsBase.ni.dll
MOD - [2011/08/11 11:37:14 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\16d2854bf69d59d94e64a918365705f1\System.Xml.ni.dll
MOD - [2011/08/11 11:37:12 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\36d0ed3f2a65b9d67933ed46dfcd2ccb\System.Configuration.ni.dll
MOD - [2011/08/11 11:37:11 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\3da7c6c1a0f26ae91883fd8b03ec192d\System.ni.dll
MOD - [2011/08/11 11:37:07 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\16b68fcaff063835ae0ee348a1201f2a\mscorlib.ni.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/06/11 09:38:05 | 006,271,136 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2010/12/18 08:38:47 | 000,123,448 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll
MOD - [2010/11/04 19:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2009/09/29 17:25:46 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2009/09/29 17:25:44 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
MOD - [2009/09/29 17:25:38 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
MOD - [2009/09/29 17:25:38 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
MOD - [2009/09/29 17:25:38 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll
MOD - [2009/09/29 17:25:36 | 000,005,632 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
MOD - [2009/09/29 17:25:28 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
MOD - [2007/05/11 18:31:58 | 001,132,056 | ---- | M] () -- C:\Program Files (x86)\Logitech\QuickCam10\LAppRes.DLL
MOD - [2007/05/11 18:26:38 | 000,780,312 | ---- | M] () -- C:\Program Files (x86)\Logitech\QuickCam10\QuickCam10.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/05/11 18:31:36 | 000,171,296 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV:64bit: - [2007/05/11 18:29:54 | 000,172,320 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV:64bit: - [2007/05/11 18:28:22 | 000,254,752 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVCSer64.exe -- (LVCOMSer)
SRV - [2011/08/19 21:36:31 | 000,382,464 | ---- | M] () [Auto | Running] -- C:\Windows\update.7.1\svchostdriver.exe -- (ddservice)
SRV - [2011/08/07 21:18:44 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/08/02 08:33:42 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/06/30 17:16:15 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/04/03 09:36:26 | 000,028,762 | ---- | M] (MyWebSearch.com) [Auto | Running] -- C:\Program Files (x86)\MyWebSearch\bar\3.bin\MWSSVC.EXE -- (MyWebSearchService)
SRV - [2010/11/30 11:08:30 | 002,222,376 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010/11/20 06:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 06:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/20 06:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/10/14 18:27:38 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/09/14 13:47:24 | 000,716,024 | ---- | M] (Tunngle.net GmbH) [Auto | Running] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2010/04/03 16:59:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/10 02:10:38 | 000,086,016 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe -- (mi-raysat_3dsmax2011_32)
SRV - [2010/02/24 10:43:00 | 003,461,116 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2009/10/02 15:26:12 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/05 18:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/08/19 23:05:45 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/30 21:00:09 | 000,744,568 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011/03/30 21:00:09 | 000,040,568 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2011/03/29 17:26:04 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/03/21 18:39:49 | 000,382,584 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symnets.sys -- (SymNetS)
DRV:64bit: - [2011/03/14 20:31:23 | 000,912,504 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\SymEFA64.sys -- (SymEFA)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/27 00:47:10 | 000,450,680 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\SymDS64.sys -- (SymDS)
DRV:64bit: - [2011/01/26 23:07:06 | 000,171,128 | R--- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\Ironx64.sys -- (SymIRON)
DRV:64bit: - [2011/01/15 19:17:39 | 000,030,840 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Gun64.sys -- (Gun)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/13 10:44:15 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/08/20 21:59:12 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/10/02 06:58:58 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/09/17 06:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/09/16 09:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t) TAP-Win32 Adapter V9 (Tunngle)
DRV:64bit: - [2009/08/21 01:52:10 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/08/20 18:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 09:10:10 | 001,478,144 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2007/05/11 18:29:18 | 000,030,496 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2007/05/11 18:28:56 | 002,034,208 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV:64bit: - [2007/05/11 18:27:24 | 001,548,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVCKap64.sys -- (LVcKap64)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005/01/02 15:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/4
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCON/4
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/4
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCON/4

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/4
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKCU\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files (x86)\MyWebSearch\bar\3.bin\MWSSRCAS.DLL (MyWebSearch.com)
IE - HKCU\..\URLSearchHook: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {9565115d-c7d6-46d3-bd63-b67b481a4368} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "DAEMON Search"
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.2.0.7165
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: [email protected]:1.1.2.0185
FF - prefs.js..extensions.enabledItems: [email protected]:3.2.5.2
FF - prefs.js..extensions.enabledItems: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}:3.2.5.2
FF - prefs.js..extensions.enabledItems: {75656794-AB59-4712-BFBC-5D816D56F3BC}:1.1.6
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:3.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:2011.7.0.8
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files (x86)\MyWebSearch\bar\3.bin\NPMyWebS.dll (MyWebSearch.com)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Pierre\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Pierre\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\MyWebSearch\bar\3.bin [2011/08/11 11:30:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPlgn\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\coFFPlgn\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/08/09 17:39:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/08/09 17:39:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\components [2011/08/19 21:40:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\plugins

[2010/10/11 21:27:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pierre\AppData\Roaming\Mozilla\Extensions
[2010/10/11 21:27:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pierre\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/07/28 18:42:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pierre\AppData\Roaming\Mozilla\Firefox\Profiles\gsi1pw7i.default\extensions
[2011/07/28 18:42:28 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Pierre\AppData\Roaming\Mozilla\Firefox\Profiles\gsi1pw7i.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010/11/13 10:50:29 | 000,002,059 | ---- | M] () -- C:\Users\Pierre\AppData\Roaming\Mozilla\Firefox\Profiles\gsi1pw7i.default\searchplugins\daemon-search.xml
[2011/06/30 09:49:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/03/11 22:41:57 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/08/19 10:54:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/25 16:46:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/22 13:03:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/04/18 19:05:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/06/30 09:49:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/08/20 11:19:54 | 000,202,984 | -H-- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 facebook.com
O1 - Hosts: 127.0.0.1 www.facebook.com
O1 - Hosts: 127.0.0.1 af-za.facebook.com
O1 - Hosts: 127.0.0.1 az-az.facebook.com
O1 - Hosts: 127.0.0.1 id-id.facebook.com
O1 - Hosts: 127.0.0.1 ms-my.facebook.com
O1 - Hosts: 127.0.0.1 bs-ba.facebook.com
O1 - Hosts: 127.0.0.1 ca-es.facebook.com
O1 - Hosts: 127.0.0.1 cs-cz.facebook.com
O1 - Hosts: 127.0.0.1 cy-gb.facebook.com
O1 - Hosts: 127.0.0.1 da-dk.facebook.com
O1 - Hosts: 127.0.0.1 de-de.facebook.com
O1 - Hosts: 127.0.0.1 et-ee.facebook.com
O1 - Hosts: 127.0.0.1 en-gb.facebook.com
O1 - Hosts: 127.0.0.1 es-la.facebook.com
O1 - Hosts: 127.0.0.1 eo-eo.facebook.com
O1 - Hosts: 127.0.0.1 eu-es.facebook.com
O1 - Hosts: 127.0.0.1 tl-ph.facebook.com
O1 - Hosts: 127.0.0.1 fo-fo.facebook.com
O1 - Hosts: 127.0.0.1 fr-fr.facebook.com
O1 - Hosts: 127.0.0.1 fy-nl.facebook.com
O1 - Hosts: 127.0.0.1 ga-ie.facebook.com
O1 - Hosts: 127.0.0.1 gl-es.facebook.com
O1 - Hosts: 127.0.0.1 ko-kr.facebook.com
O1 - Hosts: 50053 more lines...
O2 - BHO: (MyWebSearch Search Assistant BHO) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files (x86)\MyWebSearch\bar\3.bin\MWSSRCAS.DLL (MyWebSearch.com)
O2 - BHO: (mwsBar BHO) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\3.bin\MWSBAR.DLL (MyWebSearch.com)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - File not found
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - File not found
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - File not found
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - File not found
O3 - HKLM\..\Toolbar: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\3.bin\MWSBAR.DLL (MyWebSearch.com)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - File not found
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - File not found
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - File not found
O3 - HKCU\..\Toolbar\WebBrowser: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\3.bin\MWSBAR.DLL (MyWebSearch.com)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - File not found
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - File not found
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [PC-Doctor for Windows localizer] C:\Program Files\PC-Doctor for Windows\localizer.exe (PC-Doctor, Inc.)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [5291971.exe] C:\Windows\Temp\5291971.exe ()
O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files (x86)\Common Files\LogiShrd\LComMgr\Communications_Helper.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files (x86)\Logitech\QuickCam10\QuickCam10.exe ()
O4 - HKLM..\Run: [My Web Search Bar Search Scope Monitor] C:\Program Files (x86)\MyWebSearch\bar\3.bin\M3SRCHMN.EXE (MyWebSearch.com)
O4 - HKLM..\Run: [MyWebSearch Email Plugin] C:\Program Files (x86)\MyWebSearch\bar\3.bin\MWSOEMON.EXE (MyWebSearch.com)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [TaskTray] File not found
O4 - HKLM..\Run: [tray_ico] File not found
O4 - HKLM..\Run: [tray_ico0] C:\Windows\update.tray-10-0\svchost.exe ()
O4 - HKLM..\Run: [tray_ico1] File not found
O4 - HKLM..\Run: [tray_ico2] File not found
O4 - HKLM..\Run: [tray_ico3] File not found
O4 - HKLM..\Run: [tray_ico4] File not found
O4 - HKLM..\Run: [wxpdrv] C:\Windows\services32.exe ()
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [MyWebSearch Email Plugin] C:\Program Files (x86)\MyWebSearch\bar\3.bin\MWSOEMON.EXE (MyWebSearch.com)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] File not found
O4 - HKCU..\Run: [RGSC] File not found
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Pierre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Pierre\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: Free YouTube to iPod Converter - C:\Users\Pierre\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Pierre\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to iPod Converter - C:\Users\Pierre\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Pierre\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O31 - SafeBoot: AlternateShell - services32.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/06/30 16:52:20 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2009/02/04 16:29:13 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/20 13:14:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Recovery
[2011/08/20 11:13:06 | 000,000,000 | -H-D | C] -- C:\Windows\update.tray-10-0-lnk
[2011/08/20 10:54:12 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\{FDF7A70D-6565-486F-989C-8001E4DAC17D}
[2011/08/20 10:54:07 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\{6D168666-01C3-4F07-85BE-3BD9F588F078}
[2011/08/19 23:05:23 | 000,912,504 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\SymEFA64.sys
[2011/08/19 23:05:23 | 000,744,568 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtsp64.sys
[2011/08/19 23:05:23 | 000,450,680 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\SymDS64.sys
[2011/08/19 23:05:23 | 000,382,584 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symnets.sys
[2011/08/19 23:05:23 | 000,171,128 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\Ironx64.sys
[2011/08/19 23:05:23 | 000,040,568 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtspx64.sys
[2011/08/19 23:05:02 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64
[2011/08/19 23:05:02 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D
[2011/08/19 23:04:54 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
[2011/08/19 21:47:19 | 000,000,000 | ---D | C] -- C:\Windows\ufa
[2011/08/19 21:47:19 | 000,000,000 | ---D | C] -- C:\Windows\rpcminer
[2011/08/19 21:47:19 | 000,000,000 | ---D | C] -- C:\Windows\phoenix
[2011/08/19 21:42:42 | 000,000,000 | -H-D | C] -- C:\Windows\update.5.0
[2011/08/19 21:37:55 | 000,000,000 | -H-D | C] -- C:\Windows\update.2
[2011/08/19 21:36:32 | 000,000,000 | -H-D | C] -- C:\Windows\update.7.1
[2011/08/19 21:32:32 | 000,000,000 | ---D | C] -- C:\Windows\av_ico
[2011/08/19 21:30:26 | 000,000,000 | -H-D | C] -- C:\Windows\update.1
[2011/08/19 21:30:08 | 000,000,000 | -H-D | C] -- C:\Windows\update.tray-10-0
[2011/08/19 16:15:26 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\{10189C69-FC77-445A-9D8A-ADFC05E8D472}
[2011/08/19 16:15:14 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\{6F38AA20-7398-44A9-8A5E-C2426B879B27}
[2011/08/14 12:57:02 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\{29D9FBB2-478D-4943-83EA-9C619B9455E9}
[2011/08/14 12:56:25 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\{03670C97-7EC8-442B-9DB3-A24E84D8610C}
[2011/08/13 12:13:39 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\{3CF875DF-F728-4E30-87BE-7873570F1EFD}
[2011/08/13 12:12:08 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\{6FF14D6A-0F00-4B9B-A6EE-5667C2AFD6BB}
[2011/08/13 00:11:29 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\{C4753B2A-FDF2-4E86-A8A8-18D293272295}
[2011/08/13 00:11:25 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\{CD288DB1-2DF7-446F-8F26-58D16360DB33}
[2011/08/12 12:11:10 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\{1008ECB3-DFC0-40ED-A236-15CD8AD5A049}
[2011/08/12 12:11:06 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\{E1296967-278C-4882-A2D1-A41D14164B95}
[2011/08/12 00:10:17 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\{159086FF-AAF2-47DE-8152-C61E75C83E07}
[2011/08/12 00:09:47 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\{8036ACC0-43F9-47B4-91A9-63C4ABBAB0B7}
[2011/08/11 12:09:02 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\{4B44FFD7-8584-4F97-A1CA-24DA009111D6}
[2011/08/11 12:08:52 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\{6A811815-902C-4FFB-BB58-E1CAA0DB39FD}
[2011/08/11 00:08:28 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\{79C6C639-F78D-4BB2-8CB3-FF20CCD5895A}
[2011/08/10 12:07:40 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\{1B55B135-9ED6-4BCA-9F7D-6BA6E5EBA842}
[2011/08/10 12:07:18 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\{D92FBD98-BF35-4468-B737-D276F12FFE54}
[2011/08/10 09:32:33 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2011/08/10 09:31:59 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2011/08/10 00:06:59 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\{659A1646-7C15-4304-A866-F5E4680B3966}
[2011/08/10 00:06:07 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\{B59C40A5-0297-4A02-946B-85C4376DDC80}
[2011/08/09 19:16:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Nexon
[2011/08/09 17:39:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/08/09 17:39:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2011/08/09 17:37:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/08/09 17:36:39 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/08/09 17:36:39 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/08/09 17:35:01 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/08/09 17:35:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011/08/09 12:05:00 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\{2BA247FD-2A55-41CB-801D-DE559534B8DE}
[2011/08/09 12:04:05 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\{75B5FF76-4EDA-4286-9235-21DBF6C1BCE2}
[2011/08/09 00:03:42 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\{1ECCC113-3066-4646-AE64-DC126CC0E1B3}
[2011/08/09 00:03:14 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\{49F0C8BC-8615-45BE-BFD0-DA4D7C2F262D}
[2011/08/08 21:04:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity
[2011/08/08 20:45:10 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Software
[2011/08/08 12:03:11 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\{0EAC1CBF-B657-4432-B405-7C5EC00F92EC}
[2011/08/08 12:03:07 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\{2C7F5F25-92CA-4BE0-92A8-269E9768398A}
[2011/08/08 00:02:20 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\{F4D956D7-6AAF-4123-B78A-FC69FC9790D6}
[2011/08/08 00:02:18 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\{9AB2A64E-A82F-42B7-9CFE-89E3F326B5EC}
[2011/08/07 12:02:02 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\{724BB75D-F71A-4161-AED8-F33FACC50EF2}
[2011/08/07 12:01:29 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\{4DBB7D2E-A498-4EBE-8767-ED766E0F00F3}
[2011/08/06 23:54:45 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\{C52B44E9-A0D7-49DD-919A-9D8ED09E7ADA}
[2011/08/06 11:53:27 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\{67BE78E8-C109-4B8F-9367-26E922F9580D}
[2011/08/06 11:53:20 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\{3C2398BA-8D2A-41F0-8CDE-BFB4E554C469}
[2011/08/06 11:49:03 | 000,000,000 | ---D | C] -- C:\Windows\en
[2011/08/06 11:37:42 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\{F38E935F-CF59-445C-BD4F-1BAE3F1241FC}
[2011/08/06 11:37:29 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\{415DA0E0-937C-4C4A-A069-34F68187CE93}
[2011/08/06 01:15:10 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\{954688F7-924F-4CBD-AFCA-F6ED0E72A0ED}
[2011/08/06 01:15:09 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\{F535BCDD-D408-4F75-B6CD-06156A5A3CDE}
[2011/08/05 10:54:28 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\{7E65E455-2CA7-47C9-8D4F-CE1C2DC76845}
[2011/08/05 10:54:11 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\{1707AC7B-6C0A-4CC5-AEC4-D5837508214B}
[2011/08/04 11:02:27 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\{92686D2A-3827-481F-A17B-58BB974FBC84}
[2011/08/03 12:29:28 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Roaming\fretsonfire
[2011/08/03 10:29:21 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\{BF7C498E-B6F9-4A3F-9359-43DBCE004307}
[2011/08/02 08:33:39 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\{8A880CAB-BD88-409D-86A9-303396080FD2}
[2011/08/01 11:58:31 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\{2115132D-BE74-49E1-ACB1-B8F5D5773A1D}
[2011/07/31 23:58:17 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\{5AA96C0B-FF83-4E48-8CA5-F11C475C18B9}
[2011/07/31 11:57:52 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\{686FDF3B-0931-4F6B-8D9B-0DF5C11D5DE8}
[2011/07/30 23:53:42 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\{BD650BBF-7F10-4FA3-93F6-E205F848FEFE}
[2011/07/30 11:53:40 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\{9DD06EF3-7B2E-452D-BC30-1414E7A0CA99}
[2011/07/29 23:53:30 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\{8F2B146E-3653-49AF-90F7-0F2F89DB9015}
[2011/07/29 11:53:16 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\{C6984FF8-B7BE-4463-8B66-327D75C0D778}
[2011/07/28 23:53:12 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\{78A319D0-7A6F-4951-9636-E1B038B58254}
[2011/07/28 18:42:32 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Roaming\DVDVideoSoft
[2011/07/28 15:59:09 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2011/07/28 11:53:07 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\{97A09BA4-8E8A-4D5B-9695-16E57D418371}
[2011/07/27 23:52:51 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\{A97B04F8-6413-409A-8EE5-594A6FEE4ED1}
[2011/07/27 11:52:04 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\{68B440B6-7233-4F83-A948-D4EE80C909DD}
[2011/07/27 00:25:24 | 000,000,000 | ---D | C] -- C:\Users\Pierre\Documents\Paint.NET User Files
[2011/07/26 23:51:47 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\{8BA3C49F-00F8-4AFE-B9FA-D9A0AEBFCE27}
[2011/07/26 23:39:35 | 2567,770,660 | ---- | C] (Nexon) -- C:\Users\Pierre\Desktop\MSSetupv99.exe
[2011/07/26 11:51:08 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\{743028B3-BAA7-4359-8E8E-93D40FD148D1}
[2011/07/25 23:49:52 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\{25A18863-F783-42EE-AAA4-2BDA6A4BC934}
[2011/07/25 11:49:05 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\{1EEEAC59-8666-4661-9D15-38BA27AB9D68}
[2011/07/24 23:16:05 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\{3AEB7A91-49CF-443B-B8B9-599CC57ACCBE}
[2011/07/24 11:16:01 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\{1F2D6254-EE50-4D01-9E7D-B52890963917}
[2011/07/23 15:32:29 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\{96A3ADCB-8AAC-4585-B8FE-F38678ED51E6}
[2011/07/23 03:32:15 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\{FCF4EEC0-CF1B-42CC-9E8B-4E3BF2601B8C}
[2011/07/22 15:31:46 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\{993CAED7-5160-4123-AFC4-5F81241CB069}
[2011/07/21 22:13:53 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\{F9836F25-745A-4DD3-944A-9B129DC4169E}
[2011/04/02 20:53:10 | 000,069,750 | ---- | C] (MyWebSearch.com) -- C:\Users\Pierre\AppData\Local\mwsautSp.exe
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/20 11:56:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3665037924-328010524-3248264639-1000UA.job
[2011/08/20 11:52:09 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/20 11:32:49 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForPierre.job
[2011/08/20 11:26:36 | 000,847,984 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/08/20 11:26:36 | 000,715,746 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/08/20 11:26:36 | 000,141,698 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/08/20 11:19:54 | 000,202,984 | -H-- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/08/20 11:19:54 | 000,000,734 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hîsts
[2011/08/20 11:18:53 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/20 11:18:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/20 11:18:25 | 2115,301,375 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/20 11:11:17 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/20 11:11:17 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/20 11:11:17 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\Access.dat
[2011/08/19 23:06:25 | 001,766,412 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\Cat.DB
[2011/08/19 23:05:45 | 000,174,200 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2011/08/19 23:05:45 | 000,007,488 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2011/08/19 23:05:45 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2011/08/19 21:48:29 | 000,000,177 | ---- | M] () -- C:\Windows\info1
[2011/08/19 21:47:18 | 005,589,370 | ---- | M] () -- C:\Windows\phoenix.rar
[2011/08/19 21:47:18 | 001,075,284 | ---- | M] () -- C:\Windows\rpcminer.rar
[2011/08/19 21:47:18 | 000,246,272 | ---- | M] () -- C:\Windows\unrar.exe
[2011/08/19 21:47:18 | 000,182,617 | ---- | M] () -- C:\Windows\ufa.rar
[2011/08/19 21:34:46 | 000,904,792 | ---- | M] () -- C:\Windows\geoiplist.rar
[2011/08/19 21:33:49 | 000,000,000 | ---- | M] () -- C:\Windows\loader2.exe_ok
[2011/08/19 21:18:24 | 001,215,488 | ---- | M] () -- C:\Windows\services32.exe
[2011/08/19 18:56:03 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3665037924-328010524-3248264639-1000Core.job
[2011/08/19 18:00:00 | 000,000,470 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2011/08/13 03:15:01 | 000,000,404 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Pierre.job
[2011/08/13 03:06:46 | 000,013,570 | ---- | M] () -- C:\Users\Pierre\Desktop\History - Shortcut.lnk
[2011/08/12 17:39:58 | 000,007,680 | ---- | M] () -- C:\Users\Pierre\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/12 03:18:00 | 000,000,402 | ---- | M] () -- C:\Windows\tasks\PC Health Advisor Defrag.job
[2011/08/11 22:11:10 | 000,001,152 | ---- | M] () -- C:\Windows\SysWow64\msexcr.ini
[2011/08/11 11:32:14 | 004,990,432 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/08/10 10:30:01 | 000,069,750 | ---- | M] (MyWebSearch.com) -- C:\Users\Pierre\AppData\Local\mwsautSp.exe
[2011/08/10 03:18:00 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\PC Health Advisor.job
[2011/08/09 17:39:22 | 000,001,807 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/08/09 17:37:01 | 000,001,745 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/08/09 17:00:59 | 000,002,366 | ---- | M] () -- C:\Users\Pierre\Desktop\Google Chrome.lnk
[2011/08/08 21:04:41 | 000,000,905 | ---- | M] () -- C:\Users\Pierre\Desktop\Audacity.lnk
[2011/08/07 21:18:44 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/08/07 21:18:18 | 000,280,736 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2011/08/07 21:18:18 | 000,280,736 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/08/07 21:11:51 | 002,434,856 | ---- | M] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2011/08/06 16:09:42 | 000,004,193 | ---- | M] () -- C:\Users\Pierre\Desktop\Automatically Add to iTunes - Shortcut.lnk
[2011/08/04 00:41:04 | 000,002,296 | ---- | M] () -- C:\{DB7517D6-C077-4C8C-88E5-C2DA567E2600}
[2011/07/28 15:59:13 | 000,000,984 | ---- | M] () -- C:\Users\Pierre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2011/07/27 00:32:50 | 000,000,204 | ---- | M] () -- C:\Users\Public\Desktop\MapleStory.url
[2011/07/27 00:31:10 | 2567,770,660 | ---- | M] (Nexon) -- C:\Users\Pierre\Desktop\MSSetupv99.exe
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/20 11:32:49 | 000,000,336 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForPierre.job
[2011/08/19 23:06:20 | 001,766,412 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\Cat.DB
[2011/08/19 23:05:23 | 000,000,000 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\SymDS64.cat
[2011/08/19 23:05:05 | 000,003,373 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\SymEFA.inf
[2011/08/19 23:05:05 | 000,002,792 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\SymDS.inf
[2011/08/19 23:05:05 | 000,001,446 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\SymNet.inf
[2011/08/19 23:05:05 | 000,001,438 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtsp64.inf
[2011/08/19 23:05:05 | 000,001,422 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtspx64.inf
[2011/08/19 23:05:05 | 000,000,772 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\Iron.inf
[2011/08/19 23:05:02 | 000,007,492 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\iron.cat
[2011/08/19 23:05:02 | 000,007,462 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtspx64.cat
[2011/08/19 23:05:02 | 000,007,460 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\SymEFA64.cat
[2011/08/19 23:05:02 | 000,007,458 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symnet64.cat
[2011/08/19 23:05:02 | 000,007,458 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtsp64.cat
[2011/08/19 23:05:02 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\isolate.ini
[2011/08/19 21:47:18 | 005,589,370 | ---- | C] () -- C:\Windows\phoenix.rar
[2011/08/19 21:47:18 | 001,075,284 | ---- | C] () -- C:\Windows\rpcminer.rar
[2011/08/19 21:47:18 | 000,182,617 | ---- | C] () -- C:\Windows\ufa.rar
[2011/08/19 21:36:32 | 000,000,177 | ---- | C] () -- C:\Windows\info1
[2011/08/19 21:34:47 | 004,636,907 | ---- | C] () -- C:\Windows\geoiplist
[2011/08/19 21:34:46 | 000,904,792 | ---- | C] () -- C:\Windows\geoiplist.rar
[2011/08/19 21:34:46 | 000,246,272 | ---- | C] () -- C:\Windows\unrar.exe
[2011/08/19 21:33:25 | 000,000,000 | ---- | C] () -- C:\Windows\loader2.exe_ok
[2011/08/19 21:18:34 | 001,215,488 | ---- | C] () -- C:\Windows\services32.exe
[2011/08/13 03:06:46 | 000,013,570 | ---- | C] () -- C:\Users\Pierre\Desktop\History - Shortcut.lnk
[2011/08/11 22:06:00 | 000,001,152 | ---- | C] () -- C:\Windows\SysWow64\msexcr.ini
[2011/08/09 17:39:22 | 000,001,807 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/08/09 17:37:01 | 000,001,745 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/08/08 21:04:41 | 000,000,917 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
[2011/08/08 21:04:41 | 000,000,905 | ---- | C] () -- C:\Users\Pierre\Desktop\Audacity.lnk
[2011/08/07 21:11:52 | 000,280,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/08/07 21:11:51 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/08/06 16:09:42 | 000,004,193 | ---- | C] () -- C:\Users\Pierre\Desktop\Automatically Add to iTunes - Shortcut.lnk
[2011/08/04 00:41:03 | 000,002,296 | ---- | C] () -- C:\{DB7517D6-C077-4C8C-88E5-C2DA567E2600}
[2011/07/28 15:59:13 | 000,000,984 | ---- | C] () -- C:\Users\Pierre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2011/07/26 22:42:53 | 000,000,204 | ---- | C] () -- C:\Users\Public\Desktop\MapleStory.url
[2011/06/05 00:31:38 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2011/06/05 00:31:38 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2011/06/05 00:31:38 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2011/05/18 16:42:28 | 000,001,940 | ---- | C] () -- C:\Users\Pierre\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/04/29 18:33:09 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/03/31 16:38:19 | 000,000,174 | ---- | C] () -- C:\Windows\game.ini
[2011/03/11 22:42:57 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/01/28 12:59:17 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2010/12/13 17:47:41 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/12/12 20:04:38 | 001,970,176 | ---- | C] () -- C:\Windows\SysWow64\d3dx9.dll
[2010/12/04 12:17:40 | 006,814,952 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe
[2010/09/30 16:35:00 | 000,044,076 | ---- | C] () -- C:\Users\Pierre\AppData\Local\tmpCAPTAIN PIERRE OF THE SHEDIAC BAY CRUISES..3
[2010/09/30 16:34:59 | 000,043,705 | ---- | C] () -- C:\Users\Pierre\AppData\Local\tmpCAPTAIN PIERRE OF THE SHEDIAC BAY CRUISES..2
[2010/09/30 16:34:58 | 000,042,322 | ---- | C] () -- C:\Users\Pierre\AppData\Local\tmpCAPTAIN PIERRE OF THE SHEDIAC BAY CRUISES..1
[2010/09/30 16:34:56 | 000,054,311 | ---- | C] () -- C:\Users\Pierre\AppData\Local\tmpCAPTAIN PIERRE OF THE SHEDIAC BAY CRUISES..JPG
[2010/09/30 16:34:56 | 000,054,311 | ---- | C] () -- C:\Users\Pierre\AppData\Local\tmpCAPTAIN PIERRE OF THE SHEDIAC BAY CRUISES..0
[2010/09/28 16:43:59 | 000,508,698 | ---- | C] () -- C:\Users\Pierre\AppData\Local\tmpXBOXWALLPAPER_1280X1024__0008_.COM 11.JPG
[2010/09/03 20:28:19 | 000,000,582 | ---- | C] () -- C:\Windows\eReg.dat
[2010/07/06 11:31:51 | 000,007,680 | ---- | C] () -- C:\Users\Pierre\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/20 13:46:59 | 000,742,001 | ---- | C] () -- C:\Users\Pierre\AppData\Local\tmpDSCI0146.3
[2010/06/20 13:46:58 | 000,736,294 | ---- | C] () -- C:\Users\Pierre\AppData\Local\tmpDSCI0146.2
[2010/06/20 13:46:57 | 000,740,008 | ---- | C] () -- C:\Users\Pierre\AppData\Local\tmpDSCI0146.1
[2010/06/20 13:46:55 | 004,021,066 | ---- | C] () -- C:\Users\Pierre\AppData\Local\tmpDSCI0146.JPG
[2010/06/20 13:46:55 | 004,021,066 | ---- | C] () -- C:\Users\Pierre\AppData\Local\tmpDSCI0146.0
[2010/06/20 13:44:57 | 003,778,441 | ---- | C] () -- C:\Users\Pierre\AppData\Local\tmpDSCI0114.JPG
[2010/06/19 22:18:05 | 000,792,300 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/06/12 20:54:39 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2009/09/29 17:25:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/07/13 23:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 20:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 20:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 18:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[1997/11/17 17:13:16 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll

========== LOP Check ==========

[2011/01/16 12:19:48 | 000,000,000 | ---D | M] -- C:\Users\Pierre\AppData\Roaming\.minecraft
[2010/07/25 13:06:54 | 000,000,000 | ---D | M] -- C:\Users\Pierre\AppData\Roaming\Audacity
[2011/06/30 18:22:57 | 000,000,000 | ---D | M] -- C:\Users\Pierre\AppData\Roaming\Autodesk
[2011/03/29 14:55:48 | 000,000,000 | ---D | M] -- C:\Users\Pierre\AppData\Roaming\Bioshock
[2010/12/05 12:27:06 | 000,000,000 | ---D | M] -- C:\Users\Pierre\AppData\Roaming\DAEMON Tools Lite
[2010/12/17 20:34:55 | 000,000,000 | ---D | M] -- C:\Users\Pierre\AppData\Roaming\DriverCure
[2011/08/20 11:19:28 | 000,000,000 | ---D | M] -- C:\Users\Pierre\AppData\Roaming\Dropbox
[2011/07/28 18:56:04 | 000,000,000 | ---D | M] -- C:\Users\Pierre\AppData\Roaming\DVDVideoSoft
[2011/07/28 18:56:00 | 000,000,000 | ---D | M] -- C:\Users\Pierre\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/08/03 12:30:23 | 000,000,000 | ---D | M] -- C:\Users\Pierre\AppData\Roaming\fretsonfire
[2010/09/05 19:22:51 | 000,000,000 | ---D | M] -- C:\Users\Pierre\AppData\Roaming\GetRightToGo
[2011/03/20 14:39:56 | 000,000,000 | ---D | M] -- C:\Users\Pierre\AppData\Roaming\MAXON
[2011/03/15 17:09:05 | 000,000,000 | ---D | M] -- C:\Users\Pierre\AppData\Roaming\MP3SkypeRecorder
[2010/12/17 20:34:55 | 000,000,000 | ---D | M] -- C:\Users\Pierre\AppData\Roaming\ParetoLogic
[2010/08/19 14:38:01 | 000,000,000 | ---D | M] -- C:\Users\Pierre\AppData\Roaming\SoftGrid Client
[2010/07/07 14:07:48 | 000,000,000 | ---D | M] -- C:\Users\Pierre\AppData\Roaming\Subversion
[2010/12/19 14:00:05 | 000,000,000 | ---D | M] -- C:\Users\Pierre\AppData\Roaming\TeamViewer
[2010/06/19 22:18:37 | 000,000,000 | ---D | M] -- C:\Users\Pierre\AppData\Roaming\TP
[2011/01/29 00:31:01 | 000,000,000 | ---D | M] -- C:\Users\Pierre\AppData\Roaming\Tunngle
[2010/09/05 19:37:02 | 000,000,000 | ---D | M] -- C:\Users\Pierre\AppData\Roaming\Ubisoft
[2011/08/14 01:45:38 | 000,000,000 | ---D | M] -- C:\Users\Pierre\AppData\Roaming\uTorrent
[2010/11/05 16:30:44 | 000,000,000 | ---D | M] -- C:\Users\Pierre\AppData\Roaming\WhiteSmoke
[2011/07/12 22:54:48 | 000,000,000 | ---D | M] -- C:\Users\Pierre\AppData\Roaming\WildTangent
[2010/08/19 13:40:15 | 000,000,000 | ---D | M] -- C:\Users\Pierre\AppData\Roaming\WinBatch
[2011/07/20 01:29:20 | 000,000,000 | ---D | M] -- C:\Users\Pierre\AppData\Roaming\Xilisoft
[2011/08/19 18:00:00 | 000,000,470 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration3.job
[2010/12/18 08:23:06 | 000,000,444 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Update Version3.job
[2011/08/12 03:18:00 | 000,000,402 | ---- | M] () -- C:\Windows\Tasks\PC Health Advisor Defrag.job
[2011/08/10 03:18:00 | 000,000,384 | ---- | M] () -- C:\Windows\Tasks\PC Health Advisor.job
[2011/06/30 10:45:29 | 000,000,544 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job
[2011/06/23 06:21:31 | 000,032,652 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

Edited by Big-Red, 20 August 2011 - 12:45 PM.

  • 0

Advertisements

#2
Essexboy
Posted 20 August 2011 - 12:58 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there lets see if we can make this go ...

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    PRC - [2011/08/19 21:37:54 | 000,632,832 | ---- | M] () -- C:\Windows\update.2\svchost.exe
    PRC - [2011/08/19 21:37:54 | 000,632,832 | ---- | M] () -- C:\Windows\update.2\svchost.exe
    PRC - [2011/08/19 21:37:54 | 000,632,832 | ---- | M] () -- C:\Windows\update.2\svchost.exe
    PRC - [2011/08/19 21:36:31 | 000,382,464 | ---- | M] () -- C:\Windows\update.7.1\svchostdriver.exe
    PRC - [2011/08/19 21:18:24 | 001,215,488 | -H-- | M] () -- C:\Windows\update.tray-10-0\svchost.exe
    PRC - [2011/08/19 21:18:24 | 001,215,488 | -H-- | M] () -- C:\Windows\update.1\svchost.exe
    PRC - [2011/08/19 21:18:24 | 001,215,488 | -H-- | M] () -- C:\Windows\update.1\svchost.exe
    MOD - [2011/08/19 21:18:24 | 001,215,488 | -H-- | M] () -- C:\Windows\update.tray-10-0\svchost.exe
    SRV - [2011/08/19 21:36:31 | 000,382,464 | ---- | M] () [Auto | Running] -- C:\Windows\update.7.1\svchostdriver.exe -- (ddservice)
    SRV - [2011/04/03 09:36:26 | 000,028,762 | ---- | M] (MyWebSearch.com) [Auto | Running] -- C:\Program Files (x86)\MyWebSearch\bar\3.bin\MWSSVC.EXE -- (MyWebSearchService)
    IE - HKCU\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files (x86)\MyWebSearch\bar\3.bin\MWSSRCAS.DLL (MyWebSearch.com)
    IE - HKCU\..\URLSearchHook: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - Reg Error: Key error. File not found
    IE - HKCU\..\URLSearchHook: {9565115d-c7d6-46d3-bd63-b67b481a4368} - Reg Error: Key error. File not found
    FF - prefs.js..extensions.enabledItems: [email protected]:1.2
    FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files (x86)\MyWebSearch\bar\3.bin\NPMyWebS.dll (MyWebSearch.com)
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\MyWebSearch\bar\3.bin [2011/08/11 11:30:57 | 000,000,000 | ---D | M]
    O2 - BHO: (MyWebSearch Search Assistant BHO) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files (x86)\MyWebSearch\bar\3.bin\MWSSRCAS.DLL (MyWebSearch.com)
    O2 - BHO: (mwsBar BHO) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\3.bin\MWSBAR.DLL (MyWebSearch.com)
    O3 - HKLM\..\Toolbar: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\3.bin\MWSBAR.DLL (MyWebSearch.com)
    O3 - HKCU\..\Toolbar\WebBrowser: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\3.bin\MWSBAR.DLL (MyWebSearch.com)
    O4 - HKLM..\Run: [5291971.exe] C:\Windows\Temp\5291971.exe ()
    O4 - HKLM..\Run: [My Web Search Bar Search Scope Monitor] C:\Program Files (x86)\MyWebSearch\bar\3.bin\M3SRCHMN.EXE (MyWebSearch.com)
    O4 - HKLM..\Run: [MyWebSearch Email Plugin] C:\Program Files (x86)\MyWebSearch\bar\3.bin\MWSOEMON.EXE (MyWebSearch.com)
    O4 - HKLM..\Run: [TaskTray] File not found
    O4 - HKLM..\Run: [tray_ico] File not found
    O4 - HKLM..\Run: [tray_ico0] C:\Windows\update.tray-10-0\svchost.exe ()
    O4 - HKLM..\Run: [tray_ico1] File not found
    O4 - HKLM..\Run: [tray_ico2] File not found
    O4 - HKLM..\Run: [tray_ico3] File not found
    O4 - HKLM..\Run: [tray_ico4] File not found
    O4 - HKLM..\Run: [wxpdrv] C:\Windows\services32.exe ()
    O4 - HKCU..\Run: [MyWebSearch Email Plugin] C:\Program Files (x86)\MyWebSearch\bar\3.bin\MWSOEMON.EXE (MyWebSearch.com)
    O31 - SafeBoot: AlternateShell - services32.exe
    [2011/08/20 13:14:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Recovery
    [2011/08/20 11:13:06 | 000,000,000 | -H-D | C] -- C:\Windows\update.tray-10-0-lnk
    [2011/08/19 21:47:19 | 000,000,000 | ---D | C] -- C:\Windows\ufa
    [2011/08/19 21:47:19 | 000,000,000 | ---D | C] -- C:\Windows\rpcminer
    [2011/08/19 21:47:19 | 000,000,000 | ---D | C] -- C:\Windows\phoenix
    [2011/08/19 21:42:42 | 000,000,000 | -H-D | C] -- C:\Windows\update.5.0
    [2011/08/19 21:37:55 | 000,000,000 | -H-D | C] -- C:\Windows\update.2
    [2011/08/19 21:36:32 | 000,000,000 | -H-D | C] -- C:\Windows\update.7.1
    [2011/08/19 21:32:32 | 000,000,000 | ---D | C] -- C:\Windows\av_ico
    [2011/08/19 21:30:26 | 000,000,000 | -H-D | C] -- C:\Windows\update.1
    [2011/08/19 21:30:08 | 000,000,000 | -H-D | C] -- C:\Windows\update.tray-10-0
    [2011/04/02 20:53:10 | 000,069,750 | ---- | C] (MyWebSearch.com) -- C:\Users\Pierre\AppData\Local\mwsautSp.exe
    [2011/08/19 21:48:29 | 000,000,177 | ---- | M] () -- C:\Windows\info1
    [2011/08/19 21:47:18 | 005,589,370 | ---- | M] () -- C:\Windows\phoenix.rar
    [2011/08/19 21:47:18 | 001,075,284 | ---- | M] () -- C:\Windows\rpcminer.rar
    [2011/08/19 21:47:18 | 000,246,272 | ---- | M] () -- C:\Windows\unrar.exe
    [2011/08/19 21:47:18 | 000,182,617 | ---- | M] () -- C:\Windows\ufa.rar
    [2011/08/19 21:34:46 | 000,904,792 | ---- | M] () -- C:\Windows\geoiplist.rar
    [2011/08/19 21:33:49 | 000,000,000 | ---- | M] () -- C:\Windows\loader2.exe_ok
    [2011/08/19 21:18:24 | 001,215,488 | ---- | M] () -- C:\Windows\services32.exe
    [2011/08/19 21:47:18 | 005,589,370 | ---- | C] () -- C:\Windows\phoenix.rar
    [2011/08/19 21:47:18 | 001,075,284 | ---- | C] () -- C:\Windows\rpcminer.rar
    [2011/08/19 21:47:18 | 000,182,617 | ---- | C] () -- C:\Windows\ufa.rar
    [2011/08/19 21:36:32 | 000,000,177 | ---- | C] () -- C:\Windows\info1
    [2011/08/19 21:34:47 | 004,636,907 | ---- | C] () -- C:\Windows\geoiplist
    [2011/08/19 21:34:46 | 000,904,792 | ---- | C] () -- C:\Windows\geoiplist.rar
    [2011/08/19 21:34:46 | 000,246,272 | ---- | C] () -- C:\Windows\unrar.exe
    [2011/08/19 21:33:25 | 000,000,000 | ---- | C] () -- C:\Windows\loader2.exe_ok
    [2011/08/19 21:18:34 | 001,215,488 | ---- | C] () -- C:\Windows\services32.exe




    :Files
    ipconfig /flushdns /c
    C:\Program Files (x86)\MyWebSearch

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

AND FINALLY

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image
  • 0

#3
Big-Red
Posted 20 August 2011 - 03:21 PM

Big-Red

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
I copied and pasted then ran the fix in OTL Then I rebooted the computer and it booted up in the normal mode. I did a quick scan in OTL and below it the copy and pasted log from the note pad:

OTL logfile created on: 20/08/2011 3:05:52 PM - Run 2
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Users\Pierre\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

7.96 Gb Total Physical Memory | 6.17 Gb Available Physical Memory | 77.56% Memory free
15.92 Gb Paging File | 13.88 Gb Available in Paging File | 87.19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 920.04 Gb Total Space | 284.77 Gb Free Space | 30.95% Space Free | Partition Type: NTFS
Drive D: | 11.38 Gb Total Space | 1.59 Gb Free Space | 13.98% Space Free | Partition Type: NTFS
Drive E: | 931.50 Gb Total Space | 0.08 Gb Free Space | 0.01% Space Free | Partition Type: NTFS
Drive L: | 1.86 Gb Total Space | 1.28 Gb Free Space | 68.91% Space Free | Partition Type: FAT32

Computer Name: PIERRE-PC | User Name: Pierre | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/20 14:57:50 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Pierre\Downloads\OTL(1).exe
PRC - [2011/08/20 12:54:29 | 000,397,880 | ---- | M] (Symantec Corporation) -- C:\Users\Public\Downloads\Norton\{N360S_prod_1.6.18_5.1.0.29}\N360Downloader(1).exe
PRC - [2011/08/19 21:40:44 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\firefox.exe
PRC - [2011/08/07 21:18:44 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/08/02 08:32:52 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2011/05/25 14:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Users\Pierre\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011/01/20 03:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2010/11/30 11:08:30 | 002,222,376 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2010/10/14 18:27:38 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/09/14 13:47:24 | 000,716,024 | ---- | M] (Tunngle.net GmbH) -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe
PRC - [2010/04/03 16:59:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/03/10 02:10:38 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe
PRC - [2009/10/02 15:26:12 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009/10/02 15:26:10 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/08/24 20:11:15 | 000,656,896 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
PRC - [2008/11/20 12:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
PRC - [2007/05/11 18:30:04 | 000,109,344 | ---- | M] (Logitech Inc.) -- c:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
PRC - [2007/05/11 18:26:38 | 000,780,312 | ---- | M] () -- C:\Program Files (x86)\Logitech\QuickCam10\QuickCam10.exe
PRC - [2007/05/11 18:25:40 | 000,505,368 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
PRC - [2007/05/11 18:25:18 | 000,232,472 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe


========== Modules (No Company Name) ==========

MOD - [2011/08/19 21:40:44 | 001,846,232 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\mozjs.dll
MOD - [2011/08/11 11:43:51 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6e9a08576157b4aeb91a3aaa452fcb00\System.Management.ni.dll
MOD - [2011/08/11 11:38:02 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7f94f6b13f92f1e093716d3e15bf86d1\PresentationFramework.Aero.ni.dll
MOD - [2011/08/11 11:37:50 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\e3e3b399b69c569ab1ed3b0ace2c8c20\System.Runtime.Remoting.ni.dll
MOD - [2011/08/11 11:37:48 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\b7d1c271ec6b4df64c95563fc81ffc2f\System.Data.ni.dll
MOD - [2011/08/11 11:37:42 | 014,339,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c60906a715473ceccf93f0559527e84d\PresentationFramework.ni.dll
MOD - [2011/08/11 11:37:32 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\0d43c5e77ee7b8466700b16d7e7d4bb7\System.Windows.Forms.ni.dll
MOD - [2011/08/11 11:37:27 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\9e87dd8fe5d0f925d80a6a6eaf74fdb9\System.Drawing.ni.dll
MOD - [2011/08/11 11:37:26 | 000,185,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\8b3b6ed74cb3d94695b0eaf94a362d42\UIAutomationTypes.ni.dll
MOD - [2011/08/11 11:37:25 | 012,234,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\5566b57732d9edea236f54d06149835a\PresentationCore.ni.dll
MOD - [2011/08/11 11:37:18 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\6124dbbfd45927c4a6226d6e6bca6253\WindowsBase.ni.dll
MOD - [2011/08/11 11:37:14 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\16d2854bf69d59d94e64a918365705f1\System.Xml.ni.dll
MOD - [2011/08/11 11:37:12 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\36d0ed3f2a65b9d67933ed46dfcd2ccb\System.Configuration.ni.dll
MOD - [2011/08/11 11:37:11 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\3da7c6c1a0f26ae91883fd8b03ec192d\System.ni.dll
MOD - [2011/08/11 11:37:07 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\16b68fcaff063835ae0ee348a1201f2a\mscorlib.ni.dll
MOD - [2011/08/02 08:33:41 | 014,401,832 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2011/08/02 08:33:33 | 000,914,216 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-52.dll
MOD - [2011/08/02 08:33:33 | 000,190,248 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2011/08/02 08:33:33 | 000,155,432 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-52.dll
MOD - [2011/08/02 08:33:33 | 000,091,432 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-50.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/12/18 08:38:47 | 000,123,448 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll
MOD - [2010/11/04 19:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2009/09/29 17:25:46 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2009/09/29 17:25:44 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
MOD - [2009/09/29 17:25:38 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
MOD - [2009/09/29 17:25:38 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
MOD - [2009/09/29 17:25:38 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll
MOD - [2009/09/29 17:25:36 | 000,005,632 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
MOD - [2009/09/29 17:25:28 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
MOD - [2007/05/11 18:31:58 | 001,132,056 | ---- | M] () -- C:\Program Files (x86)\Logitech\QuickCam10\LAppRes.DLL
MOD - [2007/05/11 18:26:38 | 000,780,312 | ---- | M] () -- C:\Program Files (x86)\Logitech\QuickCam10\QuickCam10.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/05/11 18:31:36 | 000,171,296 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV:64bit: - [2007/05/11 18:29:54 | 000,172,320 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV:64bit: - [2007/05/11 18:28:22 | 000,254,752 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVCSer64.exe -- (LVCOMSer)
SRV - [2011/08/07 21:18:44 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/08/02 08:33:42 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/06/30 17:16:15 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/11/30 11:08:30 | 002,222,376 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010/11/20 06:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 06:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/20 06:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/10/14 18:27:38 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/09/14 13:47:24 | 000,716,024 | ---- | M] (Tunngle.net GmbH) [Auto | Running] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2010/04/03 16:59:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/10 02:10:38 | 000,086,016 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe -- (mi-raysat_3dsmax2011_32)
SRV - [2010/02/24 10:43:00 | 003,461,116 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2009/10/02 15:26:12 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/05 18:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/08/20 12:58:39 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/30 21:00:09 | 000,744,568 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011/03/30 21:00:09 | 000,040,568 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2011/03/29 17:26:04 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/03/21 18:39:49 | 000,382,584 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symnets.sys -- (SymNetS)
DRV:64bit: - [2011/03/14 20:31:23 | 000,912,504 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\SymEFA64.sys -- (SymEFA)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/27 00:47:10 | 000,450,680 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\SymDS64.sys -- (SymDS)
DRV:64bit: - [2011/01/26 23:07:06 | 000,171,128 | R--- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\Ironx64.sys -- (SymIRON)
DRV:64bit: - [2011/01/15 19:17:39 | 000,030,840 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Gun64.sys -- (Gun)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/13 10:44:15 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/08/20 21:59:12 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/10/02 06:58:58 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/09/17 06:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/09/16 09:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t) TAP-Win32 Adapter V9 (Tunngle)
DRV:64bit: - [2009/08/21 01:52:10 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/08/20 18:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 09:10:10 | 001,478,144 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2007/05/11 18:29:18 | 000,030,496 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2007/05/11 18:28:56 | 002,034,208 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV:64bit: - [2007/05/11 18:27:24 | 001,548,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVCKap64.sys -- (LVcKap64)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005/01/02 15:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/4
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCON/4
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/4
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCON/4

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/4
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "DAEMON Search"

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Pierre\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Pierre\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\MyWebSearch\bar\3.bin
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPlgn\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\coFFPlgn\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/08/09 17:39:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/08/09 17:39:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\components [2011/08/19 21:40:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\plugins

[2010/10/11 21:27:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pierre\AppData\Roaming\Mozilla\Extensions
[2010/10/11 21:27:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pierre\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/08/20 15:04:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pierre\AppData\Roaming\Mozilla\Firefox\Profiles\gsi1pw7i.default\extensions
[2011/07/28 18:42:28 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Pierre\AppData\Roaming\Mozilla\Firefox\Profiles\gsi1pw7i.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010/11/13 10:50:29 | 000,002,059 | ---- | M] () -- C:\Users\Pierre\AppData\Roaming\Mozilla\Firefox\Profiles\gsi1pw7i.default\searchplugins\daemon-search.xml
[2011/06/30 09:49:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/03/11 22:41:57 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/08/19 10:54:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/25 16:46:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/22 13:03:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/04/18 19:05:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/06/30 09:49:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\USERS\PIERRE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GSI1PW7I.DEFAULT\EXTENSIONS\[email protected]
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/08/20 15:00:06 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - File not found
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - File not found
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - File not found
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - File not found
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - File not found
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - File not found
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - File not found
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - File not found
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - File not found
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [PC-Doctor for Windows localizer] C:\Program Files\PC-Doctor for Windows\localizer.exe (PC-Doctor, Inc.)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files (x86)\Common Files\LogiShrd\LComMgr\Communications_Helper.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files (x86)\Logitech\QuickCam10\QuickCam10.exe ()
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Norton Download Manager{N360S_prod_1.6.18_5.1.0.29}] C:\Users\Public\Downloads\Norton\{N360S_prod_1.6.18_5.1.0.29}\N360Downloader(1).exe (Symantec Corporation)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] File not found
O4 - HKCU..\Run: [RGSC] File not found
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Pierre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Pierre\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: Free YouTube to iPod Converter - C:\Users\Pierre\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Pierre\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to iPod Converter - C:\Users\Pierre\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Pierre\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.syma...bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/06/30 16:52:20 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2009/02/04 16:29:13 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/20 15:00:01 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/08/20 14:55:23 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2011/08/20 14:53:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2011/08/20 12:58:00 | 000,912,504 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\SymEFA64.sys
[2011/08/20 12:58:00 | 000,744,568 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtsp64.sys
[2011/08/20 12:58:00 | 000,450,680 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\SymDS64.sys
[2011/08/20 12:58:00 | 000,382,584 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symnets.sys
[2011/08/20 12:58:00 | 000,171,128 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\Ironx64.sys
[2011/08/20 12:58:00 | 000,040,568 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtspx64.sys
[2011/08/20 12:57:41 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64
[2011/08/20 12:57:41 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D
[2011/08/20 12:57:38 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
[2011/08/20 12:57:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton 360
[2011/08/20 10:54:12 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\{FDF7A70D-6565-486F-989C-8001E4DAC17D}
[2011/08/20 10:54:07 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\{6D168666-01C3-4F07-85BE-3BD9F588F078}
[2011/08/19 16:15:26 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\{10189C69-FC77-445A-9D8A-ADFC05E8D472}
[2011/08/19 16:15:14 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\{6F38AA20-7398-44A9-8A5E-C2426B879B27}
[2011/08/14 12:57:02 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\{29D9FBB2-478D-4943-83EA-9C619B9455E9}
[2011/08/14 12:56:25 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\{03670C97-7EC8-442B-9DB3-A24E84D8610C}
[2011/08/13 12:13:39 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\{3CF875DF-F728-4E30-87BE-7873570F1EFD}
[2011/08/13 12:12:08 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\{6FF14D6A-0F00-4B9B-A6EE-5667C2AFD6BB}
[2011/08/13 00:11:29 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\{C4753B2A-FDF2-4E86-A8A8-18D293272295}
[2011/08/13 00:11:25 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\{CD288DB1-2DF7-446F-8F26-58D16360DB33}
[2011/08/12 12:11:10 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\{1008ECB3-DFC0-40ED-A236-15CD8AD5A049}
[2011/08/12 12:11:06 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\{E1296967-278C-4882-A2D1-A41D14164B95}
[2011/08/12 00:10:17 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\{159086FF-AAF2-47DE-8152-C61E75C83E07}
[2011/08/12 00:09:47 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\{8036ACC0-43F9-47B4-91A9-63C4ABBAB0B7}
[2011/08/11 12:09:02 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\{4B44FFD7-8584-4F97-A1CA-24DA009111D6}
[2011/08/11 12:08:52 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\{6A811815-902C-4FFB-BB58-E1CAA0DB39FD}
[2011/08/11 00:08:28 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\{79C6C639-F78D-4BB2-8CB3-FF20CCD5895A}
[2011/08/10 12:07:40 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\{1B55B135-9ED6-4BCA-9F7D-6BA6E5EBA842}
[2011/08/10 12:07:18 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\{D92FBD98-BF35-4468-B737-D276F12FFE54}
[2011/08/10 09:32:33 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2011/08/10 09:31:59 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2011/08/10 00:06:59 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\{659A1646-7C15-4304-A866-F5E4680B3966}
[2011/08/10 00:06:07 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\{B59C40A5-0297-4A02-946B-85C4376DDC80}
[2011/08/09 19:16:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Nexon
[2011/08/09 17:39:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/08/09 17:39:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2011/08/09 17:37:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/08/09 17:36:39 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/08/09 17:36:39 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/08/09 17:35:01 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/08/09 17:35:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011/08/09 12:05:00 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\{2BA247FD-2A55-41CB-801D-DE559534B8DE}
[2011/08/09 12:04:05 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\{75B5FF76-4EDA-4286-9235-21DBF6C1BCE2}
[2011/08/09 00:03:42 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\{1ECCC113-3066-4646-AE64-DC126CC0E1B3}
[2011/08/09 00:03:14 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\{49F0C8BC-8615-45BE-BFD0-DA4D7C2F262D}
[2011/08/08 21:04:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity
[2011/08/08 20:45:10 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Software
[2011/08/08 12:03:11 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\{0EAC1CBF-B657-4432-B405-7C5EC00F92EC}
[2011/08/08 12:03:07 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\{2C7F5F25-92CA-4BE0-92A8-269E9768398A}
[2011/08/08 00:02:20 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\{F4D956D7-6AAF-4123-B78A-FC69FC9790D6}
[2011/08/08 00:02:18 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\{9AB2A64E-A82F-42B7-9CFE-89E3F326B5EC}
[2011/08/07 12:02:02 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\{724BB75D-F71A-4161-AED8-F33FACC50EF2}
[2011/08/07 12:01:29 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\{4DBB7D2E-A498-4EBE-8767-ED766E0F00F3}
[2011/08/06 23:54:45 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\{C52B44E9-A0D7-49DD-919A-9D8ED09E7ADA}
[2011/08/06 11:53:27 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\{67BE78E8-C109-4B8F-9367-26E922F9580D}
[2011/08/06 11:53:20 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\{3C2398BA-8D2A-41F0-8CDE-BFB4E554C469}
[2011/08/06 11:49:03 | 000,000,000 | ---D | C] -- C:\Windows\en
[2011/08/06 11:37:42 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\{F38E935F-CF59-445C-BD4F-1BAE3F1241FC}
[2011/08/06 11:37:29 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\{415DA0E0-937C-4C4A-A069-34F68187CE93}
[2011/08/06 01:15:10 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\{954688F7-924F-4CBD-AFCA-F6ED0E72A0ED}
[2011/08/06 01:15:09 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\{F535BCDD-D408-4F75-B6CD-06156A5A3CDE}
[2011/08/05 10:54:28 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\{7E65E455-2CA7-47C9-8D4F-CE1C2DC76845}
[2011/08/05 10:54:11 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\{1707AC7B-6C0A-4CC5-AEC4-D5837508214B}
[2011/08/04 11:02:27 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\{92686D2A-3827-481F-A17B-58BB974FBC84}
[2011/08/03 12:29:28 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Roaming\fretsonfire
[2011/08/03 10:29:21 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\{BF7C498E-B6F9-4A3F-9359-43DBCE004307}
[2011/08/02 08:33:39 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\{8A880CAB-BD88-409D-86A9-303396080FD2}
[2011/08/01 11:58:31 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\{2115132D-BE74-49E1-ACB1-B8F5D5773A1D}
[2011/07/31 23:58:17 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\{5AA96C0B-FF83-4E48-8CA5-F11C475C18B9}
[2011/07/31 11:57:52 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\{686FDF3B-0931-4F6B-8D9B-0DF5C11D5DE8}
[2011/07/30 23:53:42 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\{BD650BBF-7F10-4FA3-93F6-E205F848FEFE}
[2011/07/30 11:53:40 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\{9DD06EF3-7B2E-452D-BC30-1414E7A0CA99}
[2011/07/29 23:53:30 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\{8F2B146E-3653-49AF-90F7-0F2F89DB9015}
[2011/07/29 11:53:16 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\{C6984FF8-B7BE-4463-8B66-327D75C0D778}
[2011/07/28 23:53:12 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\{78A319D0-7A6F-4951-9636-E1B038B58254}
[2011/07/28 18:42:32 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Roaming\DVDVideoSoft
[2011/07/28 15:59:09 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2011/07/28 11:53:07 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\{97A09BA4-8E8A-4D5B-9695-16E57D418371}
[2011/07/27 23:52:51 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\{A97B04F8-6413-409A-8EE5-594A6FEE4ED1}
[2011/07/27 11:52:04 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\{68B440B6-7233-4F83-A948-D4EE80C909DD}
[2011/07/27 00:25:24 | 000,000,000 | ---D | C] -- C:\Users\Pierre\Documents\Paint.NET User Files
[2011/07/26 23:51:47 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\{8BA3C49F-00F8-4AFE-B9FA-D9A0AEBFCE27}
[2011/07/26 23:39:35 | 2567,770,660 | ---- | C] (Nexon) -- C:\Users\Pierre\Desktop\MSSetupv99.exe
[2011/07/26 11:51:08 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\{743028B3-BAA7-4359-8E8E-93D40FD148D1}
[2011/07/25 23:49:52 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\{25A18863-F783-42EE-AAA4-2BDA6A4BC934}
[2011/07/25 11:49:05 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\{1EEEAC59-8666-4661-9D15-38BA27AB9D68}
[2011/07/24 23:16:05 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\{3AEB7A91-49CF-443B-B8B9-599CC57ACCBE}
[2011/07/24 11:16:01 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\{1F2D6254-EE50-4D01-9E7D-B52890963917}
[2011/07/23 15:32:29 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\{96A3ADCB-8AAC-4585-B8FE-F38678ED51E6}
[2011/07/23 03:32:15 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\{FCF4EEC0-CF1B-42CC-9E8B-4E3BF2601B8C}
[2011/07/22 15:31:46 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\{993CAED7-5160-4123-AFC4-5F81241CB069}
[2011/07/21 22:13:53 | 000,000,000 | ---D | C] -- C:\Users\Pierre\AppData\Local\{F9836F25-745A-4DD3-944A-9B129DC4169E}

========== Files - Modified Within 30 Days ==========

[2011/08/20 15:03:37 | 000,001,272 | ---- | M] () -- C:\Users\Pierre\Desktop\Norton Installation Files.lnk
[2011/08/20 15:03:37 | 000,001,130 | ---- | M] () -- C:\Users\Pierre\Desktop\Norton Download Manager.lnk
[2011/08/20 15:03:03 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/20 15:02:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/20 15:02:33 | 2115,301,375 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/20 15:01:30 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\Access.dat
[2011/08/20 15:01:24 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/20 15:01:24 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/20 15:00:06 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2011/08/20 14:59:55 | 000,847,984 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/08/20 14:59:55 | 000,715,746 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/08/20 14:59:55 | 000,141,698 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/08/20 14:56:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3665037924-328010524-3248264639-1000UA.job
[2011/08/20 14:54:07 | 000,000,734 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hîsts
[2011/08/20 14:53:58 | 000,001,946 | ---- | M] () -- C:\Users\Public\Desktop\Norton Installation Files.lnk
[2011/08/20 14:48:17 | 001,766,412 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\Cat.DB
[2011/08/20 13:52:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/20 12:58:39 | 000,174,200 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2011/08/20 12:58:39 | 000,007,488 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2011/08/20 12:58:39 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2011/08/20 12:56:19 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForPierre.job
[2011/08/19 18:56:03 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3665037924-328010524-3248264639-1000Core.job
[2011/08/19 18:00:00 | 000,000,470 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2011/08/13 03:15:01 | 000,000,404 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Pierre.job
[2011/08/13 03:06:46 | 000,013,570 | ---- | M] () -- C:\Users\Pierre\Desktop\History - Shortcut.lnk
[2011/08/12 17:39:58 | 000,007,680 | ---- | M] () -- C:\Users\Pierre\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/12 03:18:00 | 000,000,402 | ---- | M] () -- C:\Windows\tasks\PC Health Advisor Defrag.job
[2011/08/11 22:11:10 | 000,001,152 | ---- | M] () -- C:\Windows\SysWow64\msexcr.ini
[2011/08/11 11:32:14 | 004,990,432 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/08/10 03:18:00 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\PC Health Advisor.job
[2011/08/09 17:39:22 | 000,001,807 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/08/09 17:37:01 | 000,001,745 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/08/09 17:00:59 | 000,002,366 | ---- | M] () -- C:\Users\Pierre\Desktop\Google Chrome.lnk
[2011/08/08 21:04:41 | 000,000,905 | ---- | M] () -- C:\Users\Pierre\Desktop\Audacity.lnk
[2011/08/07 21:18:44 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/08/07 21:18:18 | 000,280,736 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2011/08/07 21:18:18 | 000,280,736 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/08/07 21:11:51 | 002,434,856 | ---- | M] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2011/08/06 16:09:42 | 000,004,193 | ---- | M] () -- C:\Users\Pierre\Desktop\Automatically Add to iTunes - Shortcut.lnk
[2011/08/04 00:41:04 | 000,002,296 | ---- | M] () -- C:\{DB7517D6-C077-4C8C-88E5-C2DA567E2600}
[2011/07/28 15:59:13 | 000,000,984 | ---- | M] () -- C:\Users\Pierre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2011/07/27 00:32:50 | 000,000,204 | ---- | M] () -- C:\Users\Public\Desktop\MapleStory.url
[2011/07/27 00:31:10 | 2567,770,660 | ---- | M] (Nexon) -- C:\Users\Pierre\Desktop\MSSetupv99.exe

========== Files Created - No Company Name ==========

[2011/08/20 15:03:37 | 000,001,272 | ---- | C] () -- C:\Users\Pierre\Desktop\Norton Installation Files.lnk
[2011/08/20 15:03:37 | 000,001,130 | ---- | C] () -- C:\Users\Pierre\Desktop\Norton Download Manager.lnk
[2011/08/20 14:47:34 | 001,766,412 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\Cat.DB
[2011/08/20 12:58:00 | 000,000,000 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\SymDS64.cat
[2011/08/20 12:57:52 | 000,003,373 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\SymEFA.inf
[2011/08/20 12:57:52 | 000,002,792 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\SymDS.inf
[2011/08/20 12:57:52 | 000,001,446 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\SymNet.inf
[2011/08/20 12:57:52 | 000,001,438 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtsp64.inf
[2011/08/20 12:57:52 | 000,001,422 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtspx64.inf
[2011/08/20 12:57:52 | 000,000,772 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\Iron.inf
[2011/08/20 12:57:42 | 000,007,492 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\iron.cat
[2011/08/20 12:57:42 | 000,007,462 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtspx64.cat
[2011/08/20 12:57:42 | 000,007,460 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\SymEFA64.cat
[2011/08/20 12:57:42 | 000,007,458 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symnet64.cat
[2011/08/20 12:57:42 | 000,007,458 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtsp64.cat
[2011/08/20 12:57:41 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\isolate.ini
[2011/08/20 12:57:15 | 000,001,946 | ---- | C] () -- C:\Users\Public\Desktop\Norton Installation Files.lnk
[2011/08/20 11:32:49 | 000,000,336 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForPierre.job
[2011/08/13 03:06:46 | 000,013,570 | ---- | C] () -- C:\Users\Pierre\Desktop\History - Shortcut.lnk
[2011/08/11 22:06:00 | 000,001,152 | ---- | C] () -- C:\Windows\SysWow64\msexcr.ini
[2011/08/09 17:39:22 | 000,001,807 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/08/09 17:37:01 | 000,001,745 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/08/08 21:04:41 | 000,000,917 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
[2011/08/08 21:04:41 | 000,000,905 | ---- | C] () -- C:\Users\Pierre\Desktop\Audacity.lnk
[2011/08/07 21:11:52 | 000,280,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/08/07 21:11:51 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/08/06 16:09:42 | 000,004,193 | ---- | C] () -- C:\Users\Pierre\Desktop\Automatically Add to iTunes - Shortcut.lnk
[2011/08/04 00:41:03 | 000,002,296 | ---- | C] () -- C:\{DB7517D6-C077-4C8C-88E5-C2DA567E2600}
[2011/07/28 15:59:13 | 000,000,984 | ---- | C] () -- C:\Users\Pierre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2011/07/26 22:42:53 | 000,000,204 | ---- | C] () -- C:\Users\Public\Desktop\MapleStory.url
[2011/06/05 00:31:38 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2011/06/05 00:31:38 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2011/06/05 00:31:38 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2011/05/18 16:42:28 | 000,001,940 | ---- | C] () -- C:\Users\Pierre\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/04/29 18:33:09 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/03/31 16:38:19 | 000,000,174 | ---- | C] () -- C:\Windows\game.ini
[2011/03/11 22:42:57 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/01/28 12:59:17 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2010/12/13 17:47:41 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/12/12 20:04:38 | 001,970,176 | ---- | C] () -- C:\Windows\SysWow64\d3dx9.dll
[2010/12/04 12:17:40 | 006,814,952 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe
[2010/09/30 16:35:00 | 000,044,076 | ---- | C] () -- C:\Users\Pierre\AppData\Local\tmpCAPTAIN PIERRE OF THE SHEDIAC BAY CRUISES..3
[2010/09/30 16:34:59 | 000,043,705 | ---- | C] () -- C:\Users\Pierre\AppData\Local\tmpCAPTAIN PIERRE OF THE SHEDIAC BAY CRUISES..2
[2010/09/30 16:34:58 | 000,042,322 | ---- | C] () -- C:\Users\Pierre\AppData\Local\tmpCAPTAIN PIERRE OF THE SHEDIAC BAY CRUISES..1
[2010/09/30 16:34:56 | 000,054,311 | ---- | C] () -- C:\Users\Pierre\AppData\Local\tmpCAPTAIN PIERRE OF THE SHEDIAC BAY CRUISES..JPG
[2010/09/30 16:34:56 | 000,054,311 | ---- | C] () -- C:\Users\Pierre\AppData\Local\tmpCAPTAIN PIERRE OF THE SHEDIAC BAY CRUISES..0
[2010/09/28 16:43:59 | 000,508,698 | ---- | C] () -- C:\Users\Pierre\AppData\Local\tmpXBOXWALLPAPER_1280X1024__0008_.COM 11.JPG
[2010/09/03 20:28:19 | 000,000,582 | ---- | C] () -- C:\Windows\eReg.dat
[2010/07/06 11:31:51 | 000,007,680 | ---- | C] () -- C:\Users\Pierre\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/20 13:46:59 | 000,742,001 | ---- | C] () -- C:\Users\Pierre\AppData\Local\tmpDSCI0146.3
[2010/06/20 13:46:58 | 000,736,294 | ---- | C] () -- C:\Users\Pierre\AppData\Local\tmpDSCI0146.2
[2010/06/20 13:46:57 | 000,740,008 | ---- | C] () -- C:\Users\Pierre\AppData\Local\tmpDSCI0146.1
[2010/06/20 13:46:55 | 004,021,066 | ---- | C] () -- C:\Users\Pierre\AppData\Local\tmpDSCI0146.JPG
[2010/06/20 13:46:55 | 004,021,066 | ---- | C] () -- C:\Users\Pierre\AppData\Local\tmpDSCI0146.0
[2010/06/20 13:44:57 | 003,778,441 | ---- | C] () -- C:\Users\Pierre\AppData\Local\tmpDSCI0114.JPG
[2010/06/19 22:18:05 | 000,792,300 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/06/12 20:54:39 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2009/09/29 17:25:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/07/13 23:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 20:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 20:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 18:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[1997/11/17 17:13:16 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll

========== LOP Check ==========

[2011/01/16 12:19:48 | 000,000,000 | ---D | M] -- C:\Users\Pierre\AppData\Roaming\.minecraft
[2010/07/25 13:06:54 | 000,000,000 | ---D | M] -- C:\Users\Pierre\AppData\Roaming\Audacity
[2011/06/30 18:22:57 | 000,000,000 | ---D | M] -- C:\Users\Pierre\AppData\Roaming\Autodesk
[2011/03/29 14:55:48 | 000,000,000 | ---D | M] -- C:\Users\Pierre\AppData\Roaming\Bioshock
[2010/12/05 12:27:06 | 000,000,000 | ---D | M] -- C:\Users\Pierre\AppData\Roaming\DAEMON Tools Lite
[2010/12/17 20:34:55 | 000,000,000 | ---D | M] -- C:\Users\Pierre\AppData\Roaming\DriverCure
[2011/08/20 15:03:45 | 000,000,000 | ---D | M] -- C:\Users\Pierre\AppData\Roaming\Dropbox
[2011/07/28 18:56:04 | 000,000,000 | ---D | M] -- C:\Users\Pierre\AppData\Roaming\DVDVideoSoft
[2011/07/28 18:56:00 | 000,000,000 | ---D | M] -- C:\Users\Pierre\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/08/03 12:30:23 | 000,000,000 | ---D | M] -- C:\Users\Pierre\AppData\Roaming\fretsonfire
[2010/09/05 19:22:51 | 000,000,000 | ---D | M] -- C:\Users\Pierre\AppData\Roaming\GetRightToGo
[2011/03/20 14:39:56 | 000,000,000 | ---D | M] -- C:\Users\Pierre\AppData\Roaming\MAXON
[2011/03/15 17:09:05 | 000,000,000 | ---D | M] -- C:\Users\Pierre\AppData\Roaming\MP3SkypeRecorder
[2010/12/17 20:34:55 | 000,000,000 | ---D | M] -- C:\Users\Pierre\AppData\Roaming\ParetoLogic
[2010/08/19 14:38:01 | 000,000,000 | ---D | M] -- C:\Users\Pierre\AppData\Roaming\SoftGrid Client
[2010/07/07 14:07:48 | 000,000,000 | ---D | M] -- C:\Users\Pierre\AppData\Roaming\Subversion
[2010/12/19 14:00:05 | 000,000,000 | ---D | M] -- C:\Users\Pierre\AppData\Roaming\TeamViewer
[2010/06/19 22:18:37 | 000,000,000 | ---D | M] -- C:\Users\Pierre\AppData\Roaming\TP
[2011/01/29 00:31:01 | 000,000,000 | ---D | M] -- C:\Users\Pierre\AppData\Roaming\Tunngle
[2010/09/05 19:37:02 | 000,000,000 | ---D | M] -- C:\Users\Pierre\AppData\Roaming\Ubisoft
[2011/08/14 01:45:38 | 000,000,000 | ---D | M] -- C:\Users\Pierre\AppData\Roaming\uTorrent
[2010/11/05 16:30:44 | 000,000,000 | ---D | M] -- C:\Users\Pierre\AppData\Roaming\WhiteSmoke
[2011/07/12 22:54:48 | 000,000,000 | ---D | M] -- C:\Users\Pierre\AppData\Roaming\WildTangent
[2010/08/19 13:40:15 | 000,000,000 | ---D | M] -- C:\Users\Pierre\AppData\Roaming\WinBatch
[2011/07/20 01:29:20 | 000,000,000 | ---D | M] -- C:\Users\Pierre\AppData\Roaming\Xilisoft
[2011/08/19 18:00:00 | 000,000,470 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration3.job
[2010/12/18 08:23:06 | 000,000,444 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Update Version3.job
[2011/08/12 03:18:00 | 000,000,402 | ---- | M] () -- C:\Windows\Tasks\PC Health Advisor Defrag.job
[2011/08/10 03:18:00 | 000,000,384 | ---- | M] () -- C:\Windows\Tasks\PC Health Advisor.job
[2011/06/30 10:45:29 | 000,000,544 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job
[2011/06/23 06:21:31 | 000,032,652 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

I am now proceeding with the next step in the process of downloading and running the anti-malware program.
  • 0

#4
Big-Red
Posted 20 August 2011 - 03:33 PM

Big-Red

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Here is the log after I ran the Anti-Malware program:

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7521

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

20/08/2011 3:30:04 PM
mbam-log-2011-08-20 (15-30-04).txt

Scan type: Quick scan
Objects scanned: 189812
Time elapsed: 1 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 126
Registry Values Infected: 4
Registry Data Items Infected: 3
Folders Infected: 3
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearchToolBar.SettingsPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearchToolBar.SettingsPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1093995A-BA37-41D2-836E-091067C4AD17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.IECookiesManager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.IECookiesManager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.DataControl.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.DataControl (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3E720452-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3E720451-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.HTMLPanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.HTMLPanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E720452-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearchToolBar.ToolbarPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearchToolBar.ToolbarPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterSettingsControl.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterSettingsControl (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{7473D290-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473D294-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterBarButton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterBarButton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ScreenSaverControl.ScreenSaverInstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ScreenSaverControl.ScreenSaverInstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{A9571378-68A1-443d-B082-284F960C6D17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.OutlookAddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{B813095C-81C0-4E40-AA14-67520372B987} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.KillerObjManager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.KillerObjManager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HistoryKillerScheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HistoryKillerScheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HistorySwatterControlBar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HistorySwatterControlBar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{E79DFBC0-5697-4fbd-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.ChatSessionPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.ChatSessionPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E79DFBCA-5697-4FBD-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{F42228FB-E84E-479E-B922-FBBD096E792C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{97E74A14-E5F1-40CC-9B0F-0D11946E5469} (PUP.MightyMagoo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEAD004E-7E2D-49F8-831C-A01647E85B53} (PUP.MightyMagoo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.MultipleButton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.MultipleButton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.ThirdPartyInstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.ThirdPartyInstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.UrlAlertButton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.UrlAlertButton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\sysdriver32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\systeminfog (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\SERVICES32.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\wxpdrivers (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WXPDRIVERS (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Value: f3PopularScreensavers -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Value: FunWebProducts -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Services32.exe\close (Trojan.Agent) -> Value: close -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wxpDrivers\ImagePath (Trojan.Agent) -> Value: ImagePath -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
c:\program files (x86)\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\funwebproducts\screensaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\funwebproducts\screensaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Files Infected:
c:\Windows\System32\f3PSSavr.scr (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\Windows\SysWOW64\f3PSSavr.scr (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\Users\Pierre\downloads\flash-player.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Users\Pierre\downloads\fretssetup.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\Users\Pierre\downloads\mp4convertersetup.exe (Adware.Agent) -> Quarantined and deleted successfully.
  • 0

#5
Essexboy
Posted 20 August 2011 - 03:47 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
MBAM took out the rest of Mywebsearch :)

Could you see if you can now access safe mode please

Also what problems remain ?
  • 0

#6
Big-Red
Posted 20 August 2011 - 04:23 PM

Big-Red

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
sorry At this moment I am running that other malware tool from AVAST that you told me to run. It is taking a long time. It has so far found 1 infected file C:\windows\system32\consrv.dll **Infected** win32:Malware-gen
After the scan is finally done, should i click the "fixMBR" button?
The scan just finished running as I was typing, here is the copy of the log:

aswMBR version 0.9.8.978 Copyright© 2011 AVAST Software
Run date: 2011-08-20 15:33:18
-----------------------------
15:33:18.491 OS Version: Windows x64 6.1.7601 Service Pack 1
15:33:18.491 Number of processors: 8 586 0x1E05
15:33:18.491 ComputerName: PIERRE-PC UserName: Pierre
15:33:24.778 Initialize success
15:43:16.207 AVAST engine defs: 11082001
15:46:24.933 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:46:24.933 Disk 0 Vendor: ST310005 HP34 Size: 953869MB BusType: 8
15:46:24.933 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
15:46:24.933 Disk 1 Vendor: SAMSUNG_ 1AA0 Size: 953869MB BusType: 8
15:46:24.949 Disk 0 MBR read error 0
15:46:24.949 Disk 0 MBR scan
15:46:24.964 Disk 0 unknown MBR code
15:46:24.964 MBR BIOS signature not found 0
15:46:24.964 Service scanning
15:46:25.307 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
15:46:25.853 Modules scanning
15:46:25.853 Disk 0 trace - called modules:
15:46:25.869 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys spyi.sys hal.dll
15:46:25.885 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007c0c790]
15:46:25.900 3 CLASSPNP.SYS[fffff88001c0143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80078c8050]
15:46:26.977 AVAST engine scan C:\Windows
15:46:42.311 AVAST engine scan C:\Windows\system32
15:47:04.994 File: C:\Windows\system32\consrv.dll **INFECTED** Win32:Malware-gen
15:50:28.387 AVAST engine scan C:\Windows\system32\drivers
15:51:08.354 AVAST engine scan C:\Users\Pierre
16:16:06.052 AVAST engine scan C:\ProgramData
16:19:05.015 Scan finished successfully
16:20:41.579 Disk 0 MBR has been saved successfully to "C:\Users\Pierre\Desktop\MBR.dat"
16:20:41.595 The log file has been saved successfully to "C:\Users\Pierre\Desktop\aswMBR.txt"
  • 0

#7
Big-Red
Posted 20 August 2011 - 08:04 PM

Big-Red

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
I guess you must be away from your computer, I know, we all have a real life.... LOL Anyways, I clicked on the "FixMBR" button and it gave me the message "Disk 0 MBR fix error". Now I'm not sure if I should attempt to restart my computer until you look at the above log, so I will just leave it run until you reply. I don't want to start spreading it all over again if it has not been fully removed.
Thanks
  • 0

#8
Essexboy
Posted 21 August 2011 - 03:27 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK the file that it found Conserv.dll is a difficult one to remove manually as there are several registry items that need to be changed in the right order , so I will need to use a specific tool for that

Download and Install CombofixDownload ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon.
They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#9
Big-Red
Posted 21 August 2011 - 11:12 AM

Big-Red

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
OK The program ran without any problems. The computer did an auto re-boot and so far so good. Below is the log. Please let me know the next step, if any, and if i can now try to reload my Norton 360.

ComboFix 11-08-21.01 - Pierre 21/08/2011 10:51:24.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.8151.4884 [GMT -6:00]
Running from: c:\users\Pierre\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Steam\Steam.exe
c:\users\Pierre\AppData\Local\Temp\_av4_\aswCmnB.dll
c:\users\Pierre\AppData\Local\Temp\_av4_\aswCmnOS.dll
c:\users\Pierre\AppData\Local\Temp\_av4_\aswCmnS.dll
c:\users\Pierre\AppData\Local\Temp\_av4_\aswEngin.dll
c:\users\Pierre\AppData\Local\Temp\_av4_\aswScan.dll
c:\windows\btc_client_iplist.txt
c:\windows\front_ip_list.txt
c:\windows\iecheck_iplist.txt
c:\windows\iplist.txt
c:\windows\proc_list1.log
c:\windows\system32\consrv.dll
c:\windows\system32\drivers\etc\HSTS~1
c:\windows\winlog-dirs.txt
c:\windows\winlog-ids.txt
c:\windows\winsetupapi.log
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_srviecheck
.
.
((((((((((((((((((((((((( Files Created from 2011-07-21 to 2011-08-21 )))))))))))))))))))))))))))))))
.
.
2011-08-21 16:58 . 2011-08-21 16:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-20 21:24 . 2011-08-20 21:24 -------- d-----w- c:\users\Pierre\AppData\Roaming\Malwarebytes
2011-08-20 21:24 . 2011-08-20 21:24 -------- d-----w- c:\programdata\Malwarebytes
2011-08-20 21:24 . 2011-07-07 01:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-08-20 21:24 . 2011-08-20 21:24 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-08-20 21:24 . 2011-07-07 01:52 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-20 21:00 . 2011-08-20 21:00 -------- d-----w- C:\_OTL
2011-08-20 20:53 . 2011-08-21 17:00 -------- d-----w- c:\programdata\Norton
2011-08-20 19:40 . 2011-08-16 14:48 8862544 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A50DC38B-E6F5-4A83-A19A-C2430DACC505}\mpengine.dll
2011-08-20 18:57 . 2011-08-20 18:57 -------- d-----w- c:\windows\system32\drivers\N360x64
2011-08-20 18:57 . 2011-08-20 20:51 -------- d-----w- c:\program files (x86)\Norton 360
2011-08-11 06:11 . 2011-08-11 09:12 -------- d-----w- c:\users\DefaultAppPool
2011-08-10 15:32 . 2011-08-10 15:32 -------- d-----w- c:\windows\system32\SPReview
2011-08-10 15:31 . 2011-08-10 15:32 -------- d-----w- c:\windows\system32\EventProviders
2011-08-10 01:16 . 2011-08-10 01:16 -------- d-----w- c:\programdata\Nexon
2011-08-09 23:36 . 2011-08-09 23:36 -------- d-----w- c:\program files\iTunes
2011-08-09 23:36 . 2011-08-09 23:36 -------- d-----w- c:\program files\iPod
2011-08-09 23:35 . 2011-08-09 23:35 -------- d-----w- c:\program files\Bonjour
2011-08-09 23:35 . 2011-08-09 23:35 -------- d-----w- c:\program files (x86)\Bonjour
2011-08-09 03:04 . 2011-08-09 03:16 -------- d-----w- c:\program files (x86)\Audacity
2011-08-09 02:45 . 2011-08-09 02:45 -------- d-----w- c:\programdata\NCH Software
2011-08-08 03:11 . 2011-08-08 03:18 280736 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-08-08 03:11 . 2011-08-08 03:18 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-08-06 17:49 . 2011-08-06 17:49 -------- d-----w- c:\windows\en
2011-08-06 17:45 . 2011-08-06 17:45 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-08-03 18:29 . 2011-08-03 18:30 -------- d-----w- c:\users\Pierre\AppData\Roaming\fretsonfire
2011-07-29 00:42 . 2011-07-29 00:56 -------- d-----w- c:\users\Pierre\AppData\Roaming\DVDVideoSoft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-20 18:58 . 2010-06-10 01:04 174200 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2011-08-10 15:40 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-08-10 15:40 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-08-08 03:18 . 2010-06-13 02:55 280736 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-08-08 03:11 . 2010-06-13 02:54 2434856 ----a-w- c:\windows\SysWow64\pbsvc_bc2.exe
2011-07-16 04:26 . 2011-08-09 19:37 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-07-12 17:34 . 2011-07-12 17:34 96104 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 17:34 . 2011-07-12 17:34 85864 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 17:34 . 2011-07-12 17:34 61288 ----a-w- c:\windows\system32\jdns_sd.dll
2011-07-12 17:34 . 2011-07-12 17:34 212840 ----a-w- c:\windows\system32\dnssdX.dll
2011-07-12 17:20 . 2011-07-12 17:20 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe
2011-07-12 17:20 . 2011-07-12 17:20 73064 ----a-w- c:\windows\SysWow64\dnssd.dll
2011-07-12 17:20 . 2011-07-12 17:20 50536 ----a-w- c:\windows\SysWow64\jdns_sd.dll
2011-07-12 17:20 . 2011-07-12 17:20 178536 ----a-w- c:\windows\SysWow64\dnssdX.dll
2011-07-06 00:37 . 2011-07-06 00:37 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2011-07-06 00:37 . 2011-07-06 00:37 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2011-06-30 04:00 . 2010-08-01 14:55 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2011-06-11 15:38 . 2011-06-11 15:38 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-11 07:58 . 2011-06-11 07:58 81744 ----a-w- c:\windows\SysWow64\mfcm100u.dll
2011-06-11 07:58 . 2011-06-11 07:58 81744 ----a-w- c:\windows\SysWow64\mfcm100.dll
2011-06-11 07:58 . 2011-06-11 07:58 773968 ----a-w- c:\windows\SysWow64\msvcr100.dll
2011-06-11 07:58 . 2011-06-11 07:58 64336 ----a-w- c:\windows\SysWow64\mfc100fra.dll
2011-06-11 07:58 . 2011-06-11 07:58 64336 ----a-w- c:\windows\SysWow64\mfc100deu.dll
2011-06-11 07:58 . 2011-06-11 07:58 63824 ----a-w- c:\windows\SysWow64\mfc100esn.dll
2011-06-11 07:58 . 2011-06-11 07:58 62288 ----a-w- c:\windows\SysWow64\mfc100ita.dll
2011-06-11 07:58 . 2011-06-11 07:58 60752 ----a-w- c:\windows\SysWow64\mfc100rus.dll
2011-06-11 07:58 . 2011-06-11 07:58 55120 ----a-w- c:\windows\SysWow64\mfc100enu.dll
2011-06-11 07:58 . 2011-06-11 07:58 51024 ----a-w- c:\windows\SysWow64\vcomp100.dll
2011-06-11 07:58 . 2011-06-11 07:58 4422992 ----a-w- c:\windows\SysWow64\mfc100u.dll
2011-06-11 07:58 . 2011-06-11 07:58 4397384 ----a-w- c:\windows\SysWow64\mfc100.dll
2011-06-11 07:58 . 2011-06-11 07:58 43856 ----a-w- c:\windows\SysWow64\mfc100jpn.dll
2011-06-11 07:58 . 2011-06-11 07:58 43344 ----a-w- c:\windows\SysWow64\mfc100kor.dll
2011-06-11 07:58 . 2011-06-11 07:58 421200 ----a-w- c:\windows\SysWow64\msvcp100.dll
2011-06-11 07:58 . 2011-06-11 07:58 36176 ----a-w- c:\windows\SysWow64\mfc100cht.dll
2011-06-11 07:58 . 2011-06-11 07:58 36176 ----a-w- c:\windows\SysWow64\mfc100chs.dll
2011-06-11 07:58 . 2011-06-11 07:58 138056 ----a-w- c:\windows\SysWow64\atl100.dll
2011-06-11 07:15 . 2011-06-11 07:15 93008 ----a-w- c:\windows\system32\mfcm100u.dll
2011-06-11 07:15 . 2011-06-11 07:15 93008 ----a-w- c:\windows\system32\mfcm100.dll
2011-06-11 07:15 . 2011-06-11 07:15 829264 ----a-w- c:\windows\system32\msvcr100.dll
2011-06-11 07:15 . 2011-06-11 07:15 64336 ----a-w- c:\windows\system32\mfc100fra.dll
2011-06-11 07:15 . 2011-06-11 07:15 64336 ----a-w- c:\windows\system32\mfc100deu.dll
2011-06-11 07:15 . 2011-06-11 07:15 63824 ----a-w- c:\windows\system32\mfc100esn.dll
2011-06-11 07:15 . 2011-06-11 07:15 62288 ----a-w- c:\windows\system32\mfc100ita.dll
2011-06-11 07:15 . 2011-06-11 07:15 608080 ----a-w- c:\windows\system32\msvcp100.dll
2011-06-11 07:15 . 2011-06-11 07:15 60752 ----a-w- c:\windows\system32\mfc100rus.dll
2011-06-11 07:15 . 2011-06-11 07:15 57168 ----a-w- c:\windows\system32\vcomp100.dll
2011-06-11 07:15 . 2011-06-11 07:15 5601616 ----a-w- c:\windows\system32\mfc100u.dll
2011-06-11 07:15 . 2011-06-11 07:15 5574984 ----a-w- c:\windows\system32\mfc100.dll
2011-06-11 07:15 . 2011-06-11 07:15 55120 ----a-w- c:\windows\system32\mfc100enu.dll
2011-06-11 07:15 . 2011-06-11 07:15 43856 ----a-w- c:\windows\system32\mfc100jpn.dll
2011-06-11 07:15 . 2011-06-11 07:15 43344 ----a-w- c:\windows\system32\mfc100kor.dll
2011-06-11 07:15 . 2011-06-11 07:15 36176 ----a-w- c:\windows\system32\mfc100cht.dll
2011-06-11 07:15 . 2011-06-11 07:15 36176 ----a-w- c:\windows\system32\mfc100chs.dll
2011-06-11 07:15 . 2011-06-11 07:15 158536 ----a-w- c:\windows\system32\atl100.dll
2011-06-11 03:07 . 2011-07-13 17:24 3137536 ----a-w- c:\windows\system32\win32k.sys
2011-06-05 06:40 . 2011-06-05 06:31 21840 ----atw- c:\windows\SysWow64\SIntfNT.dll
2011-06-05 06:40 . 2011-06-05 06:31 17212 ----atw- c:\windows\SysWow64\SIntf32.dll
2011-06-05 06:40 . 2011-06-05 06:31 12067 ----atw- c:\windows\SysWow64\SIntf16.dll
2011-06-01 03:47 . 2011-06-01 03:47 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2011-06-01 03:47 . 2011-06-01 03:47 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2011-05-30 01:10 . 2010-06-13 02:54 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2011-05-25 01:14 . 2010-06-10 00:45 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-05-24 11:42 . 2011-06-28 23:02 404480 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-05-24 10:40 . 2011-06-28 23:02 64512 ----a-w- c:\windows\SysWow64\devobj.dll
2011-05-24 10:40 . 2011-06-28 23:02 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
2011-05-24 10:39 . 2011-06-28 23:02 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
2011-05-24 10:37 . 2011-06-28 23:02 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 19:51 3911776 ----a-w- c:\program files (x86)\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 15:55 87304 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 15:55 87304 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 15:55 87304 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 15:55 87304 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 15:55 87304 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 15:55 87304 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 15:55 87304 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 15:55 87304 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 15:55 87304 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Pierre\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Pierre\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Pierre\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-09-29 1685048]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2011-05-13 4283256]
"Norton Download Manager{N360S_prod_1.6.18_5.1.0.29}"="c:\users\Public\Downloads\Norton\{N360S_prod_1.6.18_5.1.0.29}\N360Downloader(1).exe" [2011-08-20 397880]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"HP Remote Solution"="c:\program files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-08-25 656896]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-10-02 284696]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-06-29 600936]
"LogitechCommunicationsManager"="c:\program files (x86)\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-05-12 505368]
"LogitechQuickCamRibbon"="c:\program files (x86)\Logitech\QuickCam10\QuickCam10.exe" [2007-05-12 780312]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"WindowsLiveDeviceIntegrator"="c:\program files (x86)\Windows Live\Device Integrator\wldi.exe" [2010-09-24 245544]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-07-20 421736]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-06 421888]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"N360"="c:\program files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\562C4DD5\5.1.0.29\InstStub.exe" [2011-08-21 1263192]
.
c:\users\Pierre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Pierre\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Taskman"=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
R1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20110415.001\BHDrvx64.sys [x]
R1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20110330.001\IDSVia64.sys [x]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-28 136176]
R2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2007-05-12 172320]
R2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe [x]
R3 dump_wmimmc;dump_wmimmc;c:\ntreev\grand chase\GameGuard\dump_wmimmc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena\safedrv.sys [x]
R3 Gun;Gun;c:\windows\system32\Gun64.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-28 136176]
R3 LVcKap64;Logitech AEC Driver;c:\windows\system32\DRIVERS\LVcKap64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\N360x64\0501000.01D\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-15 92216]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-10-02 13336]
S2 mi-raysat_3dsmax2011_32;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 32-bit 32-bit;c:\program files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe [2010-03-10 86016]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-04-03 240232]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2010-11-30 2222376]
S2 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe [2010-09-14 716024]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-09 19:26]
.
2011-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-09 19:26]
.
2011-08-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3665037924-328010524-3248264639-1000Core.job
- c:\users\Pierre\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-11 20:21]
.
2011-08-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3665037924-328010524-3248264639-1000UA.job
- c:\users\Pierre\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-11 20:21]
.
2011-08-20 c:\windows\Tasks\HPCeeScheduleForPierre.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 12:22]
.
2011-08-21 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
2010-12-18 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2009-10-12 05:01]
.
2011-06-30 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18 07:11]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-04-24 00:50 76040 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-04-24 00:50 76040 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-04-24 00:50 76040 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-04-24 00:50 76040 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-04-24 00:50 76040 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-04-24 00:50 76040 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-04-24 00:50 76040 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-04-24 00:50 76040 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-04-24 00:50 76040 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Pierre\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Pierre\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Pierre\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Pierre\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF19806.cfxxe" [X]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-09-15 610360]
"PC-Doctor for Windows localizer"="c:\program files\PC-Doctor for Windows\localizer.exe" [2009-09-17 95728]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-11-12 2345848]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-02-23 500208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office10\EXCEL.EXE/3000
IE: Free YouTube to iPod Converter - c:\users\Pierre\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm
IE: Free YouTube to MP3 Converter - c:\users\Pierre\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Pierre\AppData\Roaming\Mozilla\Firefox\Profiles\gsi1pw7i.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll
Wow6432Node-HKCU-Run-RGSC - c:\program files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
Wow6432Node-HKCU-Run-Steam - c:\program files (x86)\Steam\steam.exe
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{9565115D-C7D6-46D3-BD63-B67B481A4368} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Free YouTube to iPod Converter_is1 - c:\program files (x86)\Common Files\DVDVideoSoft\Uninstall.exe
AddRemove-Free YouTube to MP3 Converter_is1 - c:\program files (x86)\Common Files\DVDVideoSoft\Uninstall.exe
AddRemove-Frets on Fire - c:\program files (x86)\Frets on Fire\Uninstall.exe
AddRemove-NSS - c:\progra~2\NORTON~3\Engine\301~1.8\InstWrap.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_bc2.exe
AddRemove-Steam App 10190 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 240 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 24960 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 320 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 340 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 360 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 380 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 4000 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 420 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 440 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 550 - c:\program files (x86)\Steam\steam.exe
AddRemove-{08DB3902-2CE0-474D-BCE3-0177766CE9F1} - c:\program files (x86)\InstallShield Installation Information\{08DB3902-2CE0-474D-BCE3-0177766CE9F1}\setup.exe
AddRemove-{3CBF3EBB-235D-4c29-A68B-2BB1F428586E} - c:\program files (x86)\ParetoLogic\PCHA\uninstall.exe
AddRemove-RSCAftermath Client - c:\windows\system32\javaws.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\5.1.0.29\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3665037924-328010524-3248264639-1000\Software\SecuROM\License information*]
"datasecu"=hex:78,d0,88,00,7d,8e,54,39,40,cf,43,4e,fb,87,f9,d1,3e,fd,06,0f,1e,
41,ec,1d,68,87,a6,e1,bc,58,15,1b,bb,27,23,c9,55,60,3c,79,39,09,2b,4c,49,cd,\
"rkeysecu"=hex:63,b0,4f,8e,67,4c,be,b7,ca,ca,91,9b,4c,f8,2b,9d
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\common files\logishrd\lvmvfm\LVPrS64H.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Windows Live\Device Integrator\DI_HIDServer.exe
c:\program files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files (x86)\Windows Live\Contacts\wlcomm.exe
c:\users\Public\Downloads\Norton\{N360S_prod_1.6.18_5.1.0.29}\N360-UPGRADE-ESD-NoDefs-18-6-0-29-EN.exe
.
**************************************************************************
.
Completion time: 2011-08-21 11:05:12 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-21 17:05
.
Pre-Run: 302,089,523,200 bytes free
Post-Run: 301,512,433,664 bytes free
.
- - End Of File - - B7AD3B05D40D61FC7B740DC926EB72A2
  • 0

#10
Essexboy
Posted 21 August 2011 - 03:07 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
You should now be able to a repair or reinstall of Norton as the last run looked good

What are your current problems ?
  • 0

#11
Big-Red
Posted 21 August 2011 - 03:21 PM

Big-Red

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
I re-installed my Norton 360 and it installed fully the first time. I also went to my son's Facebook page and it went there. Last time we tried it was tying to send us to a different location. Everything seems to be working well now.

I see that steam was removed by the last fix, I'm assuming that we can also re-install it?


I want to thank you very much for your time and patience in this matter.
  • 0

#12
Essexboy
Posted 21 August 2011 - 03:42 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yes that can be reinstalled now as well, I assume that Combofix was unhappy about that for some reason

Subject to no further problems :yes:

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :)

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Remove ComboFix

  • Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
  • In the Run box, type in ComboFix /Uninstall (Notice the space between the "x" and "/") then click OK
    Posted Image
  • Follow the prompts on the screen
  • A message should appear confirming that ComboFix was uninstalled

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

SPRING CLEAN

To manually create a new Restore Point
  • Go to Control Panel and select System
  • Select System
  • On the left select System Protection and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name i.e. Clean
  • Select Create

Now we can purge the infected ones
  • GoStart > All programs > Accessories > system tools
  • Right click Disc cleanup and select run as administrator
  • Select Your main drive and accept the warning if you get one
  • For a few moments the system will make some calculations
  • Select the More Options tab
  • In the System Restore and Shadow Backups select Clean up
  • Select Delete on the pop up
  • Select OK
  • Select Delete

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
Posted Image
Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?

Keep safe :unsure:
  • 0

#13
Big-Red
Posted 21 August 2011 - 04:46 PM

Big-Red

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
I did all of the above. Everything seems to be working well. I will leave my son at it for a couple of days and report back to you.
Thanks again for all of your help.
  • 0

#14
Essexboy
Posted 23 August 2011 - 09:18 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP