I have the Google Redirect Virus. Whenever I attempt a search and click on any links, I get redirected to some sites called goingoneath.com or thewebtmes.com (although much less frequent). Your assistance to getting rid of this virus and keeping it off my system would be most helpful.
OTL logfile created on: 7/2/2011 1:58:33 AM - Run 5
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\James Boothe\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
8.99 Gb Total Physical Memory | 6.51 Gb Available Physical Memory | 72.41% Memory free
17.98 Gb Paging File | 14.99 Gb Available in Paging File | 83.36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 372.61 Gb Total Space | 7.75 Gb Free Space | 2.08% Space Free | Partition Type: NTFS
Drive D: | 548.90 Gb Total Space | 6.88 Gb Free Space | 1.25% Space Free | Partition Type: NTFS
Drive E: | 2.56 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: JAMESBOOTHE-PC | User Name: James Boothe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/06/26 01:46:17 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\James Boothe\Desktop\OTL.exe
PRC - [2011/06/24 10:51:38 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/06/24 04:02:50 | 000,126,715 | ---- | M] () -- C:\Program Files (x86)\Snowflake Pro 1.1.1\SnowflakePro1.1.1.exe
PRC - [2011/05/29 09:11:28 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/05/04 04:52:33 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\javaw.exe
PRC - [2011/03/21 14:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/02/25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/12/29 10:39:34 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010/12/10 19:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2010/12/08 17:15:44 | 000,063,360 | ---- | M] (DivX, LLC) -- C:\Program Files (x86)\DivX\DivX Plus Web Player\DDMService.exe
PRC - [2010/11/20 08:17:00 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cmd.exe
PRC - [2010/11/02 22:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
PRC - [2010/10/16 12:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/02/06 10:49:23 | 000,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\DNA\btdna.exe
PRC - [2009/12/10 11:13:56 | 004,562,944 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe
PRC - [2009/11/27 12:04:44 | 000,278,528 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe
PRC - [2009/09/03 14:41:12 | 003,678,208 | ---- | M] (Datel Design & Development) -- C:\Program Files (x86)\Datel\Action Replay DSi Code Manager\ActionReplayCodeManager.exe
PRC - [2009/08/20 00:55:40 | 000,196,608 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Windows\SysWOW64\AsHookDevice.exe
PRC - [2009/08/20 00:37:26 | 000,225,280 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe
PRC - [2009/08/19 17:18:40 | 001,170,432 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\CPU Level Up\CpuLevelUp.exe
PRC - [2009/06/26 19:08:38 | 006,036,992 | ---- | M] () -- C:\Program Files\ASUS\Six Engine\SixEngine.exe
PRC - [2009/05/18 16:29:16 | 003,866,624 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe
PRC - [2009/04/02 00:27:27 | 000,090,112 | ---- | M] () -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
PRC - [2009/03/16 21:17:04 | 002,835,816 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\NaturallySpeaking10\Program\natspeak.exe
PRC - [2008/12/09 21:54:22 | 001,212,416 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\AI Direct Link\AsShare.exe
PRC - [2008/06/17 14:09:02 | 000,376,832 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Direct Link\AsCmd.exe
PRC - [2008/06/05 18:50:58 | 000,778,240 | ---- | M] () -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
PRC - [2008/06/05 18:50:56 | 000,231,424 | ---- | M] () -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe
PRC - [2008/06/04 19:26:58 | 000,143,467 | ---- | M] () -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsMobileCS.exe
========== Modules (SafeList) ==========
MOD - [2011/06/26 01:46:17 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\James Boothe\Desktop\OTL.exe
MOD - [2010/11/20 07:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2011/05/05 16:36:05 | 000,022,528 | ---- | M] () [Auto | Running] -- C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe -- (DAZContentManagementService)
SRV:64bit: - [2010/11/15 12:08:10 | 005,716,848 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe -- (TabletServiceWacom)
SRV:64bit: - [2010/11/11 14:36:38 | 000,282,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2010/11/11 14:36:38 | 000,012,784 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/06/05 05:42:04 | 000,111,616 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\AEADISRV.EXE -- (AEADIFilters)
SRV - [2011/06/29 13:38:13 | 003,435,096 | ---- | M] () [Auto | Running] -- c:\Program Files (x86)\Common Files\Akamai\netsession_win_e477fed.dll -- (Akamai)
SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/04/02 12:51:33 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- c:\Program Files (x86)\Steam\steamapps\common\dragon age ultimate edition\bin_ship\DAUpdaterSvc.Service.exe -- (DAUpdaterSvc)
SRV - [2011/02/28 19:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/12/29 10:39:34 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/12/10 19:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$BWDATOOLSET) SQL Server (BWDATOOLSET)
SRV - [2010/11/02 22:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe -- (AVP)
SRV - [2010/10/16 12:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/10 15:56:59 | 000,321,320 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/01/06 12:58:00 | 003,482,384 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2009/11/27 12:04:44 | 000,278,528 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe -- (WSWNA1100)
SRV - [2009/11/05 16:10:22 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\NETGEAR\WNA1100\jswpsapi.exe -- (jswpsapi)
SRV - [2009/08/20 00:55:40 | 000,196,608 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysWOW64\AsHookDevice.exe -- (Device Handle Service)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/04/02 00:27:27 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2008/06/05 18:50:58 | 000,778,240 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe -- (BlueSoleilCS)
SRV - [2008/06/04 19:31:44 | 000,141,824 | ---- | M] () [On_Demand | Running] -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe -- (BsHelpCS)
SRV - [2008/06/04 19:26:58 | 000,143,467 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsMobileCS.exe -- (BsMobileCS)
SRV - [2005/03/09 21:50:18 | 000,018,944 | ---- | M] (http://libusb-win32.sourceforge.net) [Auto | Stopped] -- C:\Windows\SysWOW64\libusbd-nt.exe -- (libusbd)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2011/06/24 23:20:21 | 000,556,120 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2011/05/29 09:11:20 | 000,025,912 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/03/21 13:22:06 | 000,452,200 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/02 17:07:54 | 000,013,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV:64bit: - [2010/10/25 11:59:28 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid)
DRV:64bit: - [2010/10/24 21:25:38 | 000,072,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/06/09 16:44:00 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)
DRV:64bit: - [2010/06/09 16:43:56 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:64bit: - [2010/04/27 17:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2010/04/27 17:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2010/04/27 15:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2010/04/27 15:02:42 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)
DRV:64bit: - [2010/04/22 18:07:36 | 000,027,736 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2010/04/14 02:01:44 | 000,054,824 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2010/01/07 17:04:07 | 000,310,728 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2010/01/04 09:23:56 | 000,043,168 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2009/12/30 11:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
DRV:64bit: - [2009/11/10 03:04:00 | 001,827,328 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athurx.sys -- (athur)
DRV:64bit: - [2009/11/02 19:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009/10/22 13:54:24 | 000,040,464 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\11087122.sys -- (11087122)
DRV:64bit: - [2009/10/09 23:30:56 | 000,352,784 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\1108712.sys -- (setup_9.0.0.722_30.06.2011_07-07drv)
DRV:64bit: - [2009/09/25 17:59:46 | 000,157,712 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\11087121.sys -- (11087121)
DRV:64bit: - [2009/08/30 22:09:33 | 000,112,240 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2009/08/13 23:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/15 23:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 16:35:35 | 000,620,544 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 05:42:04 | 000,475,136 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV:64bit: - [2008/05/15 02:28:00 | 000,026,624 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\jswpslwfx.sys -- (JSWPSLWF)
DRV:64bit: - [2008/01/21 20:28:14 | 000,016,904 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btnetdrv.sys -- (BT)
DRV:64bit: - [2008/01/21 20:28:10 | 000,031,752 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IvtBtBus.sys -- (IvtBtBUs)
DRV:64bit: - [2008/01/21 20:28:06 | 000,025,480 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\BtHidBus.sys -- (BtHidBus)
DRV:64bit: - [2008/01/21 20:27:58 | 000,038,664 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VCommMgr.sys -- (VcommMgr)
DRV:64bit: - [2008/01/21 20:27:52 | 000,017,032 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VComm.sys -- (VComm)
DRV:64bit: - [2007/02/16 11:12:36 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV:64bit: - [2007/02/08 09:48:04 | 000,051,600 | ---- | M] (Thesycon GmbH, Germany) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dsiarhwprog_x64.sys -- (usbio)
DRV:64bit: - [2007/01/19 18:24:24 | 000,025,312 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SCMNdisP.sys -- (SCMNdisP)
DRV - [2010/03/27 13:51:51 | 000,004,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\nocashio.sys -- (nocashio)
DRV - [2005/03/09 21:50:16 | 000,033,792 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\libusb0.sys -- (libusb0)
DRV - [2005/01/01 23:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpr...C-1192658E30E7}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoo...earchTerms}&f=4
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL LLC.)
IE - HKLM\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\prxtbXfi2.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {c2db4fe6-8409-45ce-8010-189a7b5cce86} - C:\Program Files (x86)\NCH\prxtbNC2.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {d22f6f66-2f47-4184-8625-fbfa4cbdb7ce} - C:\Program Files (x86)\OnRPG\prxtbOnR0.dll (Conduit Ltd.)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.startnow....ion=6.1-x64-SP1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://asus.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultthis.engineName: "XfireXO Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.startnow....on=6.1-x64-SP1"
FF - prefs.js..extensions.enabledItems: {d22f6f66-2f47-4184-8625-fbfa4cbdb7ce}:2.7.2.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.1.3.0244
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {c2db4fe6-8409-45ce-8010-189a7b5cce86}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {5e5ab302-7f65-44cd-8211-c1d4caaccea3}:3.2.5.2
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: [email protected]:1.2.1
FF - prefs.js..extensions.enabledItems: [email protected]:3.2.5.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.20.0.66
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {c0326c12-9f06-4344-aa25-60267226bb7d}:1.0.0.0
FF - prefs.js..keyword.URL: "http://www.sitfy.com...ls=BzTtqdo8&q="
FF - user.js..browser.search.selectedEngine: "Search"
FF - user.js..keyword.URL: "http://www.sitfy.com...ls=BzTtqdo8&q="
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2010/12/12 12:25:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2010/12/12 12:25:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\[email protected] [2011/06/24 23:31:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\[email protected] [2011/06/24 23:31:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\[email protected] [2011/06/24 23:31:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{74c841e3-b59f-479e-8d7a-e26a942a87c8}: C:\Program Files (x86)\WinZip Courier\FFExt [2011/06/30 17:36:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/06/24 10:51:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/06/14 10:22:45 | 000,000,000 | ---D | M]
[2010/09/07 19:02:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\James Boothe\AppData\Roaming\Mozilla\Extensions
[2010/09/07 19:02:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\James Boothe\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/07/01 05:53:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\James Boothe\AppData\Roaming\Mozilla\Firefox\Profiles\bgfqex79.default\extensions
[2011/06/25 13:28:28 | 000,000,000 | ---D | M] (XfireXO Community Toolbar) -- C:\Users\James Boothe\AppData\Roaming\Mozilla\Firefox\Profiles\bgfqex79.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
[2011/04/25 23:50:29 | 000,000,000 | ---D | M] (GPotato Toolbar) -- C:\Users\James Boothe\AppData\Roaming\Mozilla\Firefox\Profiles\bgfqex79.default\extensions\{c0326c12-9f06-4344-aa25-60267226bb7d}
[2011/06/25 13:28:31 | 000,000,000 | ---D | M] (NCH Community Toolbar) -- C:\Users\James Boothe\AppData\Roaming\Mozilla\Firefox\Profiles\bgfqex79.default\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86}
[2011/06/25 13:28:34 | 000,000,000 | ---D | M] (OnRPG Community Toolbar) -- C:\Users\James Boothe\AppData\Roaming\Mozilla\Firefox\Profiles\bgfqex79.default\extensions\{d22f6f66-2f47-4184-8625-fbfa4cbdb7ce}
[2011/05/07 04:06:05 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\James Boothe\AppData\Roaming\Mozilla\Firefox\Profiles\bgfqex79.default\extensions\[email protected]
[2011/05/10 07:59:00 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Users\James Boothe\AppData\Roaming\Mozilla\Firefox\Profiles\bgfqex79.default\extensions\[email protected]
[2011/05/21 15:23:35 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\James Boothe\AppData\Roaming\Mozilla\Firefox\Profiles\bgfqex79.default\extensions\[email protected]
[2010/12/15 06:57:57 | 000,000,000 | ---D | M] (Facemoods) -- C:\Users\James Boothe\AppData\Roaming\Mozilla\Firefox\Profiles\bgfqex79.default\extensions\[email protected]
[2011/07/01 05:53:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\James Boothe\AppData\Roaming\Mozilla\Firefox\Profiles\bgfqex79.default\extensions\staged
[2010/06/12 21:29:59 | 000,002,331 | ---- | M] () -- C:\Users\James Boothe\AppData\Roaming\Mozilla\Firefox\Profiles\bgfqex79.default\searchplugins\bigseekpro.xml
[2011/04/25 23:50:32 | 000,002,269 | ---- | M] () -- C:\Users\James Boothe\AppData\Roaming\Mozilla\Firefox\Profiles\bgfqex79.default\searchplugins\bing-zugo.xml
[2010/10/20 23:35:36 | 000,000,917 | ---- | M] () -- C:\Users\James Boothe\AppData\Roaming\Mozilla\Firefox\Profiles\bgfqex79.default\searchplugins\conduit.xml
[2010/04/10 12:44:24 | 000,002,059 | ---- | M] () -- C:\Users\James Boothe\AppData\Roaming\Mozilla\Firefox\Profiles\bgfqex79.default\searchplugins\daemon-search.xml
[2011/03/04 15:00:03 | 000,002,197 | ---- | M] () -- C:\Users\James Boothe\AppData\Roaming\Mozilla\Firefox\Profiles\bgfqex79.default\searchplugins\google-search.xml
[2011/06/08 07:27:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/05/28 23:16:15 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/06/20 22:03:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/03/26 12:59:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/05/30 23:24:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2011/06/08 07:27:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
[2011/06/24 10:51:38 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/05/07 04:05:48 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml
[2010/12/13 08:36:54 | 000,002,035 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\fcmdSrchddr.xml
[2011/03/04 15:00:03 | 000,002,197 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\google-search.xml
O1 HOSTS File: ([2010/04/30 15:56:09 | 000,001,798 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 adobe.activate.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 125.252.224.90
O1 - Hosts: 127.0.0.1 125.252.224.91
O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\prxtbXfi2.dll (Conduit Ltd.)
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.3\bh\facemoods.dll (facemoods.com BHO)
O2 - BHO: (WinZip Courier BHO) - {A8FB70FA-0FDF-4601-9DC4-BFA1B357204F} - C:\Program Files (x86)\WinZip Courier\wzwmcie.dll (WinZip Computing, S.L.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL LLC.)
O2 - BHO: (GPotato Toolbar) - {c0326c12-9f06-4344-aa25-60267226bb7d} - C:\Program Files (x86)\gpotatotoolbar\vmntemplateX.dll ()
O2 - BHO: (NCH Toolbar) - {c2db4fe6-8409-45ce-8010-189a7b5cce86} - C:\Program Files (x86)\NCH\prxtbNC2.dll (Conduit Ltd.)
O2 - BHO: (OnRPG Toolbar) - {d22f6f66-2f47-4184-8625-fbfa4cbdb7ce} - C:\Program Files (x86)\OnRPG\prxtbOnR0.dll (Conduit Ltd.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\prxtbXfi2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (GPotato Toolbar) - {c0326c12-9f06-4344-aa25-60267226bb7d} - C:\Program Files (x86)\gpotatotoolbar\vmntemplateX.dll ()
O3 - HKLM\..\Toolbar: (NCH Toolbar) - {c2db4fe6-8409-45ce-8010-189a7b5cce86} - C:\Program Files (x86)\NCH\prxtbNC2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (OnRPG Toolbar) - {d22f6f66-2f47-4184-8625-fbfa4cbdb7ce} - C:\Program Files (x86)\OnRPG\prxtbOnR0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.3\facemoodsTlbr.dll (facemoods.com)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (XfireXO Toolbar) - {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - C:\Program Files (x86)\XfireXO\prxtbXfi2.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (NCH Toolbar) - {C2DB4FE6-8409-45CE-8010-189A7B5CCE86} - C:\Program Files (x86)\NCH\prxtbNC2.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (OnRPG Toolbar) - {D22F6F66-2F47-4184-8625-FBFA4CBDB7CE} - C:\Program Files (x86)\OnRPG\prxtbOnR0.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [SoundMAX] C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe (Analog Devices, Inc.)
O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [BtTray] C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe ()
O4 - HKLM..\Run: [CPU Level Up] C:\Program Files\ASUS\CPU Level Up\CpuLevelUp.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [DNS7reminder] C:\Program Files (x86)\Nuance\NaturallySpeaking10\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [facemoods] C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.3\facemoodssrv.exe (facemoods.com)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [LTCM Client] C:\Program Files (x86)\LTCM Client\ltcmClient.exe (Leader Technologies Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RunAIShell] C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Verbose] C:\Program Files (x86)\NCH Swift Sound\Verbose\verbose.exe (NCH Software)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [Aim] C:\Program Files (x86)\AIM\aim.exe (AOL Inc.)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Program Files (x86)\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [Comrade.exe] C:\Program Files (x86)\GameSpy\Comrade\Comrade.exe (IGN Entertainment Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [EPSON NX110 Series] File not found
O4 - HKCU..\Run: [Steam] c:\program files (x86)\steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\James Boothe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dragon NaturallySpeaking.lnk = C:\Program Files (x86)\Nuance\NaturallySpeaking10\Program\natspeak.exe (Nuance Communications, Inc.)
O4 - Startup: C:\Users\James Boothe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Users\James Boothe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup_9.0.0.722_30.06.2011_07-07.lnk = C:\Users\James Boothe\Desktop\Virus Removal Tool\setup_9.0.0.722_30.06.2011_07-07\startup.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm ()
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm ()
O9:64bit: - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWOW64\skype4com.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\kloehk.dll (Kaspersky Lab ZAO)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\sbhook64.dll (Kaspersky Lab ZAO)
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\sbhook.dll (Kaspersky Lab ZAO)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\klogon: DllName - Reg Error: Key error. - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/10/05 18:36:26 | 000,465,408 | R--- | M] (BioWare Corp.) - E:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2005/10/07 13:24:42 | 000,000,547 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{568b4825-44fc-11df-8603-90e6ba889ccb}\Shell - "" = AutoRun
O33 - MountPoints2\{568b4825-44fc-11df-8603-90e6ba889ccb}\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\{a945daf9-f940-11de-8002-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{a945daf9-f940-11de-8002-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe -- [2005/10/05 18:36:26 | 000,465,408 | R--- | M] (BioWare Corp.)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/07/01 17:52:56 | 000,000,000 | ---D | C] -- C:\Users\James Boothe\AppData\Local\{9A0F30A9-8D5E-45B6-AF20-246846E7D029}
[2011/07/01 05:51:12 | 000,000,000 | ---D | C] -- C:\Users\James Boothe\AppData\Local\{38D7AFC6-5F48-4361-A303-B1D5E9A2E24B}
[2011/07/01 05:40:04 | 000,000,000 | ---D | C] -- C:\Users\James Boothe\AppData\Local\{4AD9C8A0-9E24-4CF7-B663-1D6DC8EEAB73}
[2011/06/30 19:16:20 | 000,000,000 | ---D | C] -- C:\Users\James Boothe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/06/30 19:16:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/06/30 18:44:39 | 000,000,000 | ---D | C] -- C:\Users\James Boothe\AppData\Local\WinZip Courier
[2011/06/30 18:44:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\(Default)
[2011/06/30 17:36:04 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZipEC
[2011/06/30 17:36:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Courier
[2011/06/30 17:36:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinZip Courier
[2011/06/30 12:59:15 | 000,000,000 | ---D | C] -- C:\Users\James Boothe\AppData\Local\{A529F8DC-CCBA-43AB-9F36-5D685BFB7DF6}
[2011/06/30 01:27:51 | 000,352,784 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\1108712.sys
[2011/06/30 01:27:51 | 000,157,712 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\11087121.sys
[2011/06/30 01:27:51 | 000,040,464 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\11087122.sys
[2011/06/30 01:27:51 | 000,000,000 | ---D | C] -- C:\Users\James Boothe\Desktop\Virus Removal Tool
[2011/06/30 00:25:51 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/06/30 00:25:51 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/06/30 00:25:51 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/06/30 00:25:32 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/06/30 00:25:05 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2011/06/30 00:23:12 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/06/30 00:19:17 | 004,129,550 | R--- | C] (Swearware) -- C:\Users\James Boothe\Desktop\ComboFix.exe
[2011/06/30 00:16:11 | 001,904,128 | ---- | C] (AVAST Software) -- C:\Users\James Boothe\Desktop\aswMBR.exe
[2011/06/29 20:41:48 | 000,000,000 | ---D | C] -- C:\Users\James Boothe\AppData\Local\{5EBA118E-2C77-47B9-B035-864D6AF245E9}
[2011/06/29 18:40:48 | 000,000,000 | ---D | C] -- C:\Users\James Boothe\AppData\Roaming\Queue Manager
[2011/06/29 18:40:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Queue Manager
[2011/06/29 18:28:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAZ Productions
[2011/06/29 18:25:42 | 000,090,112 | ---- | C] (MindVision Software) -- C:\Windows\unvise32.exe
[2011/06/29 08:40:57 | 000,000,000 | ---D | C] -- C:\Users\James Boothe\AppData\Local\{6B8C8FC1-C06A-4BFB-BBF7-4A68B3ADB6DF}
[2011/06/29 01:59:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAZ
[2011/06/28 23:22:55 | 000,000,000 | ---D | C] -- C:\Users\James Boothe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DAZ 3D
[2011/06/28 23:22:48 | 000,000,000 | ---D | C] -- C:\ProgramData\DAZ 3D
[2011/06/28 23:22:47 | 000,000,000 | ---D | C] -- C:\Program Files\DAZ 3D
[2011/06/28 23:22:22 | 000,000,000 | ---D | C] -- C:\Users\James Boothe\Documents\DAZ 3D
[2011/06/28 23:21:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAZ 3D
[2011/06/28 23:20:25 | 000,000,000 | ---D | C] -- C:\Users\James Boothe\AppData\Roaming\DAZ 3D
[2011/06/28 18:50:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2011/06/28 18:50:37 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/06/28 18:45:47 | 000,000,000 | ---D | C] -- C:\Users\James Boothe\AppData\Local\{D01D0EF8-5A33-491A-B0E7-409CB679DFAA}
[2011/06/28 02:43:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAZ 3D
[2011/06/28 02:43:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DAZ
[2011/06/28 02:43:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Curious Labs
[2011/06/28 02:13:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smith Micro
[2011/06/28 02:11:50 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2011/06/28 02:11:32 | 000,000,000 | ---D | C] -- C:\Program Files\Smith Micro
[2011/06/28 02:11:32 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Poser Pro 2010 Content
[2011/06/26 17:37:25 | 000,000,000 | ---D | C] -- C:\Users\James Boothe\AppData\Local\{720A09C5-2B14-45D3-A7AF-0471BC001AAD}
[2011/06/26 15:41:19 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/26 02:43:25 | 000,000,000 | ---D | C] -- C:\Users\James Boothe\AppData\Local\dxhr
[2011/06/26 02:43:08 | 000,000,000 | ---D | C] -- C:\Users\James Boothe\AppData\Local\ALI213
[2011/06/26 02:42:37 | 000,000,000 | ---D | C] -- C:\Users\James Boothe\AppData\Local\28070
[2011/06/26 01:46:17 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Users\James Boothe\Desktop\OTL.exe
[2011/06/26 01:39:54 | 001,441,584 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\James Boothe\Desktop\TDSSKiller.exe
[2011/06/26 01:37:28 | 000,000,000 | ---D | C] -- C:\Users\James Boothe\Desktop\GooredFix Backups
[2011/06/26 01:17:15 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/06/26 01:16:46 | 000,522,752 | ---- | C] (OldTimer Tools) -- C:\Users\James Boothe\Desktop\OTM.exe
[2011/06/26 01:16:32 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/06/26 01:16:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/06/26 01:16:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2011/06/25 19:39:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Combined Community Codec Pack
[2011/06/25 19:39:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Combined Community Codec Pack
[2011/06/25 13:28:25 | 000,000,000 | ---D | C] -- C:\Users\James Boothe\AppData\Local\{8ADB5E79-F228-4384-B640-24CF90035423}
[2011/06/24 23:21:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2011
[2011/06/24 23:20:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2011/06/24 23:20:21 | 000,556,120 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2011/06/24 23:19:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2011/06/24 22:45:43 | 000,000,000 | ---D | C] -- C:\Users\James Boothe\AppData\Local\{9AFCA6C4-6623-4E0F-8ADF-D372CA308E56}
[2011/06/24 22:24:14 | 000,000,000 | ---D | C] -- C:\Users\James Boothe\AppData\Local\Scansoft
[2011/06/24 11:28:48 | 000,000,000 | ---D | C] -- C:\Users\James Boothe\AppData\Roaming\IngermansonCommunications
[2011/06/24 10:45:01 | 000,000,000 | ---D | C] -- C:\Users\James Boothe\AppData\Local\{CE89449A-B2DC-46E1-AFC8-B135DB32C5C8}
[2011/06/24 04:03:05 | 000,000,000 | ---D | C] -- C:\Users\James Boothe\Documents\Snowflake Pro User Data
[2011/06/24 04:02:51 | 000,000,000 | -H-D | C] -- C:\ProgramData\JExpress
[2011/06/24 04:02:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Snowflake Pro 1.1.1
[2011/06/24 04:02:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Snowflake Pro 1.1.1
[2011/06/24 02:20:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Liquid Story Binder XE
[2011/06/24 02:20:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Liquid Story Binder XE
[2011/06/24 02:19:45 | 000,163,840 | ---- | C] (Bmegpaqab Mfcusoydrec) -- C:\Windows\SysWow64\d3dcsx_429.dll
[2011/06/23 12:51:14 | 000,000,000 | ---D | C] -- C:\Users\James Boothe\AppData\Local\{5AD597EA-84A8-4D0F-9F33-4B0476C2D291}
[2011/06/23 12:39:27 | 000,000,000 | ---D | C] -- C:\Users\James Boothe\AppData\Local\{A52A6272-36FD-4463-970D-CD976EE9879C}
[2011/06/22 22:19:51 | 000,000,000 | ---D | C] -- C:\Users\James Boothe\AppData\Local\{6FBAA5FB-1EE4-430F-82AD-766D25610BCB}
[2011/06/22 10:19:26 | 000,000,000 | ---D | C] -- C:\Users\James Boothe\AppData\Local\{22AC1121-97CA-46A0-9C89-7E0D7C389BD8}
[2011/06/21 23:19:56 | 000,000,000 | ---D | C] -- C:\Users\James Boothe\AppData\Roaming\VBA-M
[2011/06/21 22:18:47 | 000,000,000 | ---D | C] -- C:\Users\James Boothe\AppData\Local\{1A8EC42B-2A66-4653-A40A-D000E078852B}
[2011/06/20 22:44:50 | 000,000,000 | ---D | C] -- C:\Users\James Boothe\AppData\Local\{EB52511E-3E29-4A41-82B8-B60AC0E11E76}
[2011/06/20 10:44:12 | 000,000,000 | ---D | C] -- C:\Users\James Boothe\AppData\Local\{1F1B5D0F-5F0B-4D88-B921-34793D9B32C1}
[2011/06/19 22:48:23 | 001,974,352 | ---- | C] (None) -- C:\Users\James Boothe\Desktop\VisualBoyAdvance.exe
[2011/06/19 22:44:12 | 000,000,000 | ---D | C] -- C:\Users\James Boothe\AppData\Local\{922276A7-9BA3-4491-B71E-342B9910058C}
[2011/06/19 20:11:33 | 000,000,000 | ---D | C] -- C:\Users\James Boothe\AppData\Roaming\Nuance
[2011/06/19 20:11:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dragon NaturallySpeaking 10.0
[2011/06/19 20:10:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ScanSoft Shared
[2011/06/19 20:10:42 | 000,000,000 | ---D | C] -- C:\ProgramData\ScanSoft
[2011/06/19 20:10:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nuance
[2011/06/19 20:10:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Nuance
[2011/06/19 20:10:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nuance
[2011/06/19 10:43:31 | 000,000,000 | ---D | C] -- C:\Users\James Boothe\AppData\Local\{5FA3E973-9B0C-4138-ADBA-48001173B93A}
[2011/06/18 22:43:06 | 000,000,000 | ---D | C] -- C:\Users\James Boothe\AppData\Local\{E5B6C573-AF37-44DE-83FE-2EB30706DD08}
[2011/06/18 10:42:41 | 000,000,000 | ---D | C] -- C:\Users\James Boothe\AppData\Local\{4F3986A1-FD49-4FB9-9F51-68B0CCDB7132}
[2011/06/17 22:42:17 | 000,000,000 | ---D | C] -- C:\Users\James Boothe\AppData\Local\{26805192-555F-489E-9C88-C8B1F7C0D903}
[2011/06/17 10:41:38 | 000,000,000 | ---D | C] -- C:\Users\James Boothe\AppData\Local\{3306714C-1B89-4CC7-8C28-9875F027A282}
[2011/06/16 16:43:21 | 000,000,000 | ---D | C] -- C:\Users\James Boothe\AppData\Local\{EA68AA5B-5213-49AB-BBAC-9DDE8AE67323}
[2011/06/14 20:07:33 | 000,000,000 | ---D | C] -- C:\Users\James Boothe\AppData\Local\{FAFBEA32-4A5F-4ADE-BD0F-90A8F22D1C6E}
[2011/06/14 08:06:55 | 000,000,000 | ---D | C] -- C:\Users\James Boothe\AppData\Local\{635F0C50-5F22-42CC-9454-EC26A1644F5A}
[2011/06/14 00:13:13 | 000,000,000 | ---D | C] -- C:\Users\James Boothe\Desktop\Anathema
[2011/06/14 00:13:00 | 000,000,000 | ---D | C] -- C:\Users\James Boothe\Desktop\DQIX
[2011/06/13 21:08:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SDFormatter
[2011/06/13 21:08:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SDA
[2011/06/13 20:06:30 | 000,000,000 | ---D | C] -- C:\Users\James Boothe\AppData\Local\{3B7004F6-B8EA-4B8A-8222-B4679274FA1B}
[2011/06/10 20:03:26 | 000,000,000 | ---D | C] -- C:\Users\James Boothe\AppData\Local\{4E57331D-E6E3-4405-8884-FDF18B0658BC}
[2011/06/09 19:41:32 | 000,000,000 | ---D | C] -- C:\Users\James Boothe\AppData\Local\{59C0EC91-438F-4BA4-806E-81B017850F4C}
[2011/06/08 20:09:12 | 000,000,000 | ---D | C] -- C:\Users\James Boothe\AppData\Local\{E55F90F5-677C-4D76-AA8C-DFBA301A26BB}
[2011/06/08 08:08:33 | 000,000,000 | ---D | C] -- C:\Users\James Boothe\AppData\Local\{22C7C2D7-D737-4DE1-9268-2BEA72C38704}
[2011/06/08 07:29:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/06/07 20:07:56 | 000,000,000 | ---D | C] -- C:\Users\James Boothe\AppData\Local\{93A01F0E-D0D1-4371-8E54-DA6073C0D8E2}
[2011/06/06 00:23:51 | 000,000,000 | ---D | C] -- C:\Users\James Boothe\AppData\Local\{72A41C22-D67B-4CDE-B6E5-CF68491805FB}
[2011/06/05 12:23:12 | 000,000,000 | ---D | C] -- C:\Users\James Boothe\AppData\Local\{946BED28-E929-477A-AF25-64F835844800}
[2011/06/05 08:45:14 | 000,000,000 | ---D | C] -- C:\Windows\XSxS
[2011/06/05 08:45:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xenocode
[2011/06/05 00:22:35 | 000,000,000 | ---D | C] -- C:\Users\James Boothe\AppData\Local\{6A2F19CE-D6AB-4BAA-9591-807F74312F63}
[2011/06/04 12:21:59 | 000,000,000 | ---D | C] -- C:\Users\James Boothe\AppData\Local\{0B2247A3-FB3D-43E4-8EE2-25128922105C}
[2011/06/04 00:21:23 | 000,000,000 | ---D | C] -- C:\Users\James Boothe\AppData\Local\{42C7A62F-2B5A-49DB-B401-C800DC4BF482}
[2011/06/03 12:20:46 | 000,000,000 | ---D | C] -- C:\Users\James Boothe\AppData\Local\{2E7CDF7B-AF66-4EB3-9408-C97A9E9DD29A}
[2011/06/02 12:19:45 | 000,000,000 | ---D | C] -- C:\Users\James Boothe\AppData\Local\{B28CE4B6-1F13-49C3-BBC3-494C9BFDD111}
[5 C:\Users\James Boothe\Documents\*.tmp files -> C:\Users\James Boothe\Documents\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/07/02 01:34:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/01 20:34:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/01 17:49:56 | 000,014,185 | ---- | M] () -- C:\Users\James Boothe\Documents\When the Wheel of Fate is in God's Hand.snowXML
[2011/07/01 09:38:15 | 000,003,531 | ---- | M] () -- C:\Users\James Boothe\Documents\Pokemon.dsf
[2011/07/01 07:43:38 | 000,002,554 | ---- | M] () -- C:\Users\James Boothe\Desktop\vba.ini
[2011/07/01 05:58:04 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/01 05:58:04 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/01 05:48:44 | 000,000,849 | ---- | M] () -- C:\Windows\SysWow64\bscs.ini
[2011/07/01 05:48:42 | 000,000,326 | -HS- | M] () -- C:\Windows\tasks\Vwmnze.job
[2011/07/01 05:48:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/07/01 05:48:27 | 2945,802,239 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/01 05:43:24 | 000,862,344 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/07/01 05:43:24 | 000,718,122 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/07/01 05:43:24 | 000,144,202 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/06/30 22:28:39 | 000,236,749 | ---- | M] () -- C:\Users\James Boothe\Documents\Reina.png
[2011/06/30 18:44:36 | 000,002,115 | ---- | M] () -- C:\Users\Public\Desktop\Poser Pro 2010 (x86).lnk
[2011/06/30 18:44:36 | 000,001,940 | ---- | M] () -- C:\Users\Public\Desktop\Queue Manager 2010.lnk
[2011/06/30 18:44:36 | 000,001,912 | ---- | M] () -- C:\Users\Public\Desktop\Poser Pro 2010.lnk
[2011/06/30 13:48:41 | 000,002,521 | ---- | M] () -- C:\Users\Public\Desktop\Update Michael 4 Base.lnk
[2011/06/30 01:28:42 | 000,002,302 | ---- | M] () -- C:\Users\James Boothe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup_9.0.0.722_30.06.2011_07-07.lnk
[2011/06/30 00:51:27 | 004,991,704 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/06/30 00:24:33 | 004,129,550 | R--- | M] (Swearware) -- C:\Users\James Boothe\Desktop\ComboFix.exe
[2011/06/30 00:19:56 | 000,000,512 | ---- | M] () -- C:\Users\James Boothe\Desktop\MBR.dat
[2011/06/30 00:16:19 | 001,904,128 | ---- | M] (AVAST Software) -- C:\Users\James Boothe\Desktop\aswMBR.exe
[2011/06/29 19:35:08 | 000,002,340 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/06/29 08:47:17 | 000,105,390 | ---- | M] () -- C:\Users\James Boothe\Documents\Nimevere.jpg
[2011/06/29 08:47:07 | 000,769,678 | ---- | M] () -- C:\Users\James Boothe\Documents\Nimevere.psd
[2011/06/29 08:42:19 | 000,177,024 | ---- | M] () -- C:\Users\James Boothe\Documents\Nimevere.png
[2011/06/29 02:34:41 | 000,002,521 | ---- | M] () -- C:\Users\Public\Desktop\Update Victoria 4.2 Base.lnk
[2011/06/28 23:45:17 | 000,002,500 | ---- | M] () -- C:\Users\Public\Desktop\Update Victoria 4 Base.lnk
[2011/06/28 23:44:29 | 000,000,718 | ---- | M] () -- C:\Users\James Boothe\Documents\James Boothe - Shortcut.lnk
[2011/06/28 23:25:41 | 001,030,399 | ---- | M] () -- C:\Users\James Boothe\Documents\Reina.psd
[2011/06/28 23:22:56 | 000,002,051 | ---- | M] () -- C:\Users\James Boothe\Desktop\DAZ Studio 4.lnk
[2011/06/28 22:51:31 | 000,262,038 | ---- | M] () -- C:\Users\James Boothe\Documents\Untitled.png
[2011/06/28 18:50:57 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/06/28 18:50:49 | 000,876,002 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/06/28 01:48:25 | 003,913,298 | ---- | M] () -- C:\Users\James Boothe\Reina2.psd
[2011/06/28 00:08:59 | 003,813,291 | ---- | M] () -- C:\Users\James Boothe\Documents\Reina2.psd
[2011/06/27 17:54:41 | 000,172,066 | ---- | M] () -- C:\Users\James Boothe\Documents\Reina.jpg
[2011/06/26 23:38:27 | 016,974,214 | ---- | M] () -- C:\Users\James Boothe\Documents\Serph.psd
[2011/06/26 21:35:29 | 006,757,992 | ---- | M] () -- C:\Users\James Boothe\Documents\Specs.nfo
[2011/06/26 17:41:51 | 000,164,067 | ---- | M] () -- C:\Users\James Boothe\Documents\Serph Morris.jpg
[2011/06/26 15:39:48 | 000,000,713 | ---- | M] () -- C:\Users\James Boothe\Desktop\Dolphin - Shortcut.lnk
[2011/06/26 02:45:56 | 000,256,000 | ---- | M] () -- C:\Windows\PEV.exe
[2011/06/26 01:46:17 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\James Boothe\Desktop\OTL.exe
[2011/06/26 01:16:46 | 000,522,752 | ---- | M] (OldTimer Tools) -- C:\Users\James Boothe\Desktop\OTM.exe
[2011/06/26 01:16:25 | 000,001,104 | ---- | M] () -- C:\Users\James Boothe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/06/26 01:16:24 | 000,000,924 | ---- | M] () -- C:\Users\James Boothe\Desktop\NTREGOPT.lnk
[2011/06/26 01:16:24 | 000,000,905 | ---- | M] () -- C:\Users\James Boothe\Desktop\ERUNT.lnk
[2011/06/26 01:13:22 | 001,273,053 | ---- | M] () -- C:\Users\James Boothe\Documents\Outfit.psd
[2011/06/25 03:13:39 | 000,001,133 | ---- | M] () -- C:\Users\James Boothe\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/06/25 03:13:39 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/24 23:31:20 | 000,152,233 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat
[2011/06/24 23:31:20 | 000,107,075 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat
[2011/06/24 23:26:56 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/06/24 23:20:21 | 000,556,120 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2011/06/24 10:51:56 | 000,002,048 | ---- | M] () -- C:\Users\James Boothe\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/06/24 04:45:41 | 000,010,884 | ---- | M] () -- C:\Users\James Boothe\Documents\Proposal.rtf
[2011/06/24 04:02:50 | 000,001,969 | ---- | M] () -- C:\Users\Public\Desktop\Snowflake Pro 1.1.1.lnk
[2011/06/24 02:20:38 | 000,001,175 | ---- | M] () -- C:\Users\Public\Desktop\Liquid Story Binder XE.lnk
[2011/06/24 02:19:45 | 000,163,840 | ---- | M] (Bmegpaqab Mfcusoydrec) -- C:\Windows\SysWow64\d3dcsx_429.dll
[2011/06/22 01:18:27 | 000,001,535 | ---- | M] () -- C:\Users\James Boothe\Desktop\VisualBoyAdvance-M - Shortcut.lnk
[2011/06/21 02:09:02 | 002,215,635 | ---- | M] () -- C:\Users\James Boothe\Documents\Serph Morris.psd
[2011/06/19 20:28:34 | 000,000,215 | ---- | M] () -- C:\Users\James Boothe\Documents\Pokemon Fire Red.cht
[2011/06/19 20:11:13 | 000,001,265 | ---- | M] () -- C:\Users\James Boothe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dragon NaturallySpeaking.lnk
[2011/06/19 20:11:01 | 000,002,799 | ---- | M] () -- C:\Users\Public\Desktop\Dragon NaturallySpeaking 10.0.lnk
[2011/06/16 15:28:52 | 001,441,584 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\James Boothe\Desktop\TDSSKiller.exe
[2011/06/15 20:43:48 | 000,000,612 | ---- | M] () -- C:\Users\James Boothe\Desktop\DeSmuME_x64 - Shortcut.lnk
[2011/06/14 10:22:46 | 000,002,018 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/06/13 21:08:47 | 000,002,090 | ---- | M] () -- C:\Users\Public\Desktop\SDFormatter.lnk
[2011/06/13 12:24:32 | 000,001,466 | ---- | M] () -- C:\Users\James Boothe\Documents\Norse.dsf
[2011/06/11 09:45:18 | 000,000,236 | ---- | M] () -- C:\Users\James Boothe\Documents\pan.pkm
[2011/06/10 23:11:37 | 000,000,236 | ---- | M] () -- C:\Users\James Boothe\Documents\Snivy.pkm
[2011/06/10 23:08:39 | 000,000,236 | ---- | M] () -- C:\Users\James Boothe\Documents\Tepig.pkm
[2011/06/09 10:50:19 | 000,008,192 | ---- | M] () -- C:\digital devil story (j) [t-eng].srm
[2011/06/09 10:48:12 | 000,000,531 | ---- | M] () -- C:\Users\James Boothe\Desktop\zsnesw - Shortcut.lnk
[2011/06/09 10:47:25 | 000,008,192 | ---- | M] () -- C:\Shin Megami Tensei.srm
[2011/06/09 10:46:55 | 000,008,192 | ---- | M] () -- C:\Shin Megami Tensei II (J) [T+Eng1.00_AGTP].srm
[2011/06/08 11:12:02 | 000,015,222 | ---- | M] () -- C:\Users\James Boothe\Documents\Succubus.dsf
[2011/06/06 16:47:02 | 003,539,936 | ---- | M] () -- C:\Users\James Boothe\Documents\Archer and Nimevere.psd
[2011/06/06 08:40:15 | 000,104,142 | ---- | M] () -- C:\Users\James Boothe\Documents\Archer and Nimevere.jpg
[2011/06/05 17:04:20 | 000,211,619 | ---- | M] () -- C:\Users\James Boothe\Documents\Archer and Nimevere.png
[2011/06/05 17:04:20 | 000,000,132 | ---- | M] () -- C:\Users\James Boothe\AppData\Roaming\Adobe PNG Format CS5 Prefs
[5 C:\Users\James Boothe\Documents\*.tmp files -> C:\Users\James Boothe\Documents\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/06/30 13:13:57 | 000,002,521 | ---- | C] () -- C:\Users\Public\Desktop\Update Michael 4 Base.lnk
[2011/06/30 01:28:42 | 000,002,302 | ---- | C] () -- C:\Users\James Boothe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup_9.0.0.722_30.06.2011_07-07.lnk
[2011/06/30 00:25:51 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/06/30 00:25:51 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/06/30 00:25:51 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/06/30 00:25:51 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/06/30 00:25:51 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/06/30 00:19:56 | 000,000,512 | ---- | C] () -- C:\Users\James Boothe\Desktop\MBR.dat
[2011/06/29 02:34:41 | 000,002,521 | ---- | C] () -- C:\Users\Public\Desktop\Update Victoria 4.2 Base.lnk
[2011/06/28 23:44:29 | 000,000,718 | ---- | C] () -- C:\Users\James Boothe\Documents\James Boothe - Shortcut.lnk
[2011/06/28 23:22:56 | 000,002,051 | ---- | C] () -- C:\Users\James Boothe\Desktop\DAZ Studio 4.lnk
[2011/06/28 19:12:02 | 000,262,038 | ---- | C] () -- C:\Users\James Boothe\Documents\Untitled.png
[2011/06/28 18:50:57 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/06/28 18:50:41 | 000,001,901 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/06/28 03:52:19 | 000,236,749 | ---- | C] () -- C:\Users\James Boothe\Documents\Reina.png
[2011/06/28 02:44:08 | 000,002,500 | ---- | C] () -- C:\Users\Public\Desktop\Update Victoria 4 Base.lnk
[2011/06/28 02:13:24 | 000,002,115 | ---- | C] () -- C:\Users\Public\Desktop\Poser Pro 2010 (x86).lnk
[2011/06/28 02:13:24 | 000,001,940 | ---- | C] () -- C:\Users\Public\Desktop\Queue Manager 2010.lnk
[2011/06/28 02:13:24 | 000,001,912 | ---- | C] () -- C:\Users\Public\Desktop\Poser Pro 2010.lnk
[2011/06/28 01:08:27 | 003,913,298 | ---- | C] () -- C:\Users\James Boothe\Reina2.psd
[2011/06/27 17:43:06 | 000,172,066 | ---- | C] () -- C:\Users\James Boothe\Documents\Reina.jpg
[2011/06/27 11:03:06 | 003,813,291 | ---- | C] () -- C:\Users\James Boothe\Documents\Reina2.psd
[2011/06/27 00:14:03 | 001,030,399 | ---- | C] () -- C:\Users\James Boothe\Documents\Reina.psd
[2011/06/26 21:35:14 | 006,757,992 | ---- | C] () -- C:\Users\James Boothe\Documents\Specs.nfo
[2011/06/26 17:41:46 | 000,164,067 | ---- | C] () -- C:\Users\James Boothe\Documents\Serph Morris.jpg
[2011/06/26 01:16:25 | 000,001,104 | ---- | C] () -- C:\Users\James Boothe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/06/26 01:16:24 | 000,000,924 | ---- | C] () -- C:\Users\James Boothe\Desktop\NTREGOPT.lnk
[2011/06/26 01:16:24 | 000,000,905 | ---- | C] () -- C:\Users\James Boothe\Desktop\ERUNT.lnk
[2011/06/26 01:13:21 | 001,273,053 | ---- | C] () -- C:\Users\James Boothe\Documents\Outfit.psd
[2011/06/26 01:05:22 | 016,974,214 | ---- | C] () -- C:\Users\James Boothe\Documents\Serph.psd
[2011/06/25 03:13:39 | 000,001,133 | ---- | C] () -- C:\Users\James Boothe\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/06/24 23:21:42 | 000,152,233 | ---- | C] () -- C:\Windows\SysNative\drivers\klin.dat
[2011/06/24 23:21:41 | 000,107,075 | ---- | C] () -- C:\Windows\SysNative\drivers\klick.dat
[2011/06/24 04:45:41 | 000,010,884 | ---- | C] () -- C:\Users\James Boothe\Documents\Proposal.rtf
[2011/06/24 04:03:58 | 000,014,185 | ---- | C] () -- C:\Users\James Boothe\Documents\When the Wheel of Fate is in God's Hand.snowXML
[2011/06/24 04:02:50 | 000,001,969 | ---- | C] () -- C:\Users\Public\Desktop\Snowflake Pro 1.1.1.lnk
[2011/06/24 02:20:38 | 000,001,175 | ---- | C] () -- C:\Users\Public\Desktop\Liquid Story Binder XE.lnk
[2011/06/24 02:19:45 | 000,000,326 | -HS- | C] () -- C:\Windows\tasks\Vwmnze.job
[2011/06/22 01:18:27 | 000,001,535 | ---- | C] () -- C:\Users\James Boothe\Desktop\VisualBoyAdvance-M - Shortcut.lnk
[2011/06/21 22:35:33 | 000,000,713 | ---- | C] () -- C:\Users\James Boothe\Desktop\Dolphin - Shortcut.lnk
[2011/06/19 22:48:33 | 000,002,554 | ---- | C] () -- C:\Users\James Boothe\Desktop\vba.ini
[2011/06/19 20:28:34 | 000,000,215 | ---- | C] () -- C:\Users\James Boothe\Documents\Pokemon Fire Red.cht
[2011/06/19 20:11:13 | 000,001,265 | ---- | C] () -- C:\Users\James Boothe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dragon NaturallySpeaking.lnk
[2011/06/19 20:11:01 | 000,002,799 | ---- | C] () -- C:\Users\Public\Desktop\Dragon NaturallySpeaking 10.0.lnk
[2011/06/17 00:55:09 | 002,215,635 | ---- | C] () -- C:\Users\James Boothe\Documents\Serph Morris.psd
[2011/06/15 20:43:50 | 000,000,612 | ---- | C] () -- C:\Users\James Boothe\Desktop\DeSmuME_x64 - Shortcut.lnk
[2011/06/13 21:08:47 | 000,002,090 | ---- | C] () -- C:\Users\Public\Desktop\SDFormatter.lnk
[2011/06/13 12:24:32 | 000,001,466 | ---- | C] () -- C:\Users\James Boothe\Documents\Norse.dsf
[2011/06/11 09:45:18 | 000,000,236 | ---- | C] () -- C:\Users\James Boothe\Documents\pan.pkm
[2011/06/10 23:11:36 | 000,000,236 | ---- | C] () -- C:\Users\James Boothe\Documents\Snivy.pkm
[2011/06/10 23:08:39 | 000,000,236 | ---- | C] () -- C:\Users\James Boothe\Documents\Tepig.pkm
[2011/06/09 10:50:07 | 000,008,192 | ---- | C] () -- C:\digital devil story (j) [t-eng].srm
[2011/06/09 10:48:14 | 000,000,531 | ---- | C] () -- C:\Users\James Boothe\Desktop\zsnesw - Shortcut.lnk
[2011/06/09 10:47:50 | 002,097,664 | ---- | C] () -- C:\digital devil story (j) [t-eng].smc
[2011/06/09 10:47:23 | 000,008,192 | ---- | C] () -- C:\Shin Megami Tensei.srm
[2011/06/05 20:32:57 | 000,105,390 | ---- | C] () -- C:\Users\James Boothe\Documents\Nimevere.jpg
[2011/06/05 20:32:32 | 000,104,142 | ---- | C] () -- C:\Users\James Boothe\Documents\Archer and Nimevere.jpg
[2011/06/05 17:04:18 | 000,211,619 | ---- | C] () -- C:\Users\James Boothe\Documents\Archer and Nimevere.png
[2011/06/05 17:03:58 | 000,000,132 | ---- | C] () -- C:\Users\James Boothe\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/06/05 17:03:56 | 000,177,024 | ---- | C] () -- C:\Users\James Boothe\Documents\Nimevere.png
[2011/06/05 16:50:46 | 000,769,678 | ---- | C] () -- C:\Users\James Boothe\Documents\Nimevere.psd
[2011/06/05 16:17:06 | 003,539,936 | ---- | C] () -- C:\Users\James Boothe\Documents\Archer and Nimevere.psd
[2011/05/30 23:48:04 | 000,003,463 | ---- | C] () -- C:\Users\James Boothe\AppData\Local\gcs.pref
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/03/07 14:05:26 | 000,000,017 | ---- | C] () -- C:\Users\James Boothe\AppData\Local\resmon.resmoncfg
[2011/01/01 22:45:13 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2010/12/29 10:39:35 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010/12/29 10:39:34 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/12/29 10:39:33 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2010/12/19 04:57:07 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\BSPRINT.INI
[2010/11/25 02:59:28 | 000,033,792 | ---- | C] () -- C:\Windows\SysWow64\drivers\libusb0.sys
[2010/10/19 17:48:04 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2010/09/16 01:56:51 | 001,530,368 | ---- | C] () -- C:\Windows\SysWow64\online.exe
[2010/09/16 01:56:37 | 001,530,368 | ---- | C] () -- C:\Windows\SysWow64\_online.exe
[2010/06/12 01:39:14 | 000,000,100 | ---- | C] () -- C:\Users\James Boothe\AppData\Local\fusioncache.dat
[2010/06/05 23:47:38 | 000,000,033 | ---- | C] () -- C:\Windows\SysWow64\grecorder.dll
[2010/06/05 14:51:52 | 000,003,584 | ---- | C] () -- C:\Users\James Boothe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/28 23:17:27 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/03/27 13:51:51 | 000,004,096 | ---- | C] () -- C:\Windows\SysWow64\drivers\nocashio.sys
[2010/02/12 16:29:19 | 000,000,056 | RHS- | C] () -- C:\Windows\SysWow64\26951A4CB9.sys
[2010/02/12 16:29:18 | 000,001,734 | -HS- | C] () -- C:\Windows\SysWow64\KGyGaAvL.sys
[2010/02/11 19:43:47 | 000,230,752 | ---- | C] () -- C:\Windows\patchw32.dll
[2010/02/11 19:43:46 | 000,118,176 | ---- | C] () -- C:\Windows\patchw.dll
[2010/02/06 13:00:00 | 000,000,155 | ---- | C] () -- C:\Windows\GKLauncherInfo.ini
[2010/01/17 15:54:53 | 000,000,306 | ---- | C] () -- C:\Windows\PowerReg.dat
[2010/01/16 22:48:04 | 000,000,000 | ---- | C] () -- C:\Users\James Boothe\AppData\Roaming\wklnhst.dat
[2010/01/13 22:55:09 | 000,876,002 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/01/12 00:10:33 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2010/01/11 18:21:37 | 000,004,288 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010/01/11 18:21:37 | 000,000,168 | RHS- | C] () -- C:\ProgramData\B94C1A9526.sys
[2010/01/09 15:05:22 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2010/01/09 15:05:22 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2010/01/09 15:05:22 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2010/01/09 15:05:22 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2010/01/09 15:05:22 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2010/01/09 15:05:22 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2010/01/09 15:05:22 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2010/01/09 15:05:22 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2010/01/09 15:05:22 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2010/01/09 15:05:22 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2010/01/09 15:05:22 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2010/01/09 15:05:22 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2010/01/09 15:05:22 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2010/01/09 15:05:22 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2010/01/09 15:05:22 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2010/01/09 15:05:22 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2010/01/04 09:27:16 | 000,000,071 | ---- | C] () -- C:\Windows\EPNX110.ini
[2009/10/10 01:08:49 | 000,221,184 | ---- | C] () -- C:\Windows\SysWow64\drivers\ServiceHelp.dll
[2009/10/10 01:08:21 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2009/10/10 01:08:21 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2009/10/10 01:07:58 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2009/10/10 01:07:58 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2009/10/10 00:58:31 | 000,007,443 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2009/10/10 00:58:27 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2009/10/10 00:58:26 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2009/10/10 00:58:26 | 000,004,811 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:59:36 | 000,982,196 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009/07/13 17:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/07/13 17:59:36 | 000,097,448 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009/07/13 17:59:35 | 000,417,344 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/07/08 21:03:02 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008/06/05 18:51:08 | 000,000,849 | ---- | C] () -- C:\Windows\SysWow64\bscs.ini
[2008/06/04 19:30:44 | 000,405,589 | ---- | C] () -- C:\Windows\SysWow64\BsUI.dll
[2008/06/04 19:30:22 | 000,278,647 | ---- | C] () -- C:\Windows\SysWow64\outlookAddin.dll
[2008/06/04 19:30:04 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\HtmPrintHelper.dll
[2008/06/04 19:29:48 | 000,622,693 | ---- | C] () -- C:\Windows\SysWow64\BsShell.dll
[2008/06/04 19:29:38 | 000,106,597 | ---- | C] () -- C:\Windows\SysWow64\BsAddin.dll
[2008/06/04 19:27:44 | 000,098,403 | ---- | C] () -- C:\Windows\SysWow64\Bs2Res.dll
[2008/06/04 19:27:10 | 000,118,880 | ---- | C] () -- C:\Windows\SysWow64\BsMobileSDK.dll
[2008/06/04 19:27:02 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\BsMobileCSps.dll
[2008/03/07 14:54:22 | 017,907,824 | ---- | C] () -- C:\Windows\SysWow64\BsLangInDepRes.dll
[2007/03/19 11:59:18 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\BsVistaCommon.dll
[2005/08/30 01:00:00 | 000,781,312 | ---- | C] () -- C:\Windows\SysWow64\RGSS102J.dll
[2005/08/30 01:00:00 | 000,778,752 | ---- | C] () -- C:\Windows\SysWow64\RGSS102E.dll
[2005/08/30 01:00:00 | 000,771,584 | ---- | C] () -- C:\Windows\SysWow64\RGSS100J.dll
========== LOP Check ==========
[2010/01/10 21:48:48 | 000,000,000 | ---D | M] -- C:\Users\James Boothe\AppData\Roaming\acccore
[2010/12/21 15:30:40 | 000,000,000 | ---D | M] -- C:\Users\James Boothe\AppData\Roaming\Audacity
[2011/01/09 00:53:18 | 000,000,000 | ---D | M] -- C:\Users\James Boothe\AppData\Roaming\Bioshock
[2010/04/10 20:21:16 | 000,000,000 | ---D | M] -- C:\Users\James Boothe\AppData\Roaming\DAEMON Tools Lite
[2011/06/28 23:22:14 | 000,000,000 | ---D | M] -- C:\Users\James Boothe\AppData\Roaming\DAZ 3D
[2011/07/02 02:01:06 | 000,000,000 | ---D | M] -- C:\Users\James Boothe\AppData\Roaming\DNA
[2010/11/30 22:30:34 | 000,000,000 | ---D | M] -- C:\Users\James Boothe\AppData\Roaming\Dragon Age Toolset
[2011/02/18 15:25:30 | 000,000,000 | ---D | M] -- C:\Users\James Boothe\AppData\Roaming\Epson
[2011/01/13 05:46:18 | 000,000,000 | ---D | M] -- C:\Users\James Boothe\AppData\Roaming\FaceGen
[2010/10/23 20:20:58 | 000,000,000 | ---D | M] -- C:\Users\James Boothe\AppData\Roaming\FALCOM
[2011/05/08 06:01:15 | 000,000,000 | ---D | M] -- C:\Users\James Boothe\AppData\Roaming\GetRightToGo
[2011/06/24 11:28:48 | 000,000,000 | ---D | M] -- C:\Users\James Boothe\AppData\Roaming\IngermansonCommunications
[2011/02/18 15:47:23 | 000,000,000 | ---D | M] -- C:\Users\James Boothe\AppData\Roaming\Leader Technologies
[2010/01/09 15:08:31 | 000,000,000 | ---D | M] -- C:\Users\James Boothe\AppData\Roaming\Leadertech
[2010/12/12 12:25:30 | 000,000,000 | ---D | M] -- C:\Users\James Boothe\AppData\Roaming\Local
[2011/02/23 12:50:58 | 000,000,000 | ---D | M] -- C:\Users\James Boothe\AppData\Roaming\LSMGUIAIR.64AAB1E9DCCE40D96A4E881F8BD26884D826DB32.1
[2010/11/25 02:56:11 | 000,000,000 | ---D | M] -- C:\Users\James Boothe\AppData\Roaming\MotioninJoy
[2010/11/18 02:09:09 | 000,000,000 | ---D | M] -- C:\Users\James Boothe\AppData\Roaming\NCH Swift Sound
[2010/11/22 01:11:24 | 000,000,000 | ---D | M] -- C:\Users\James Boothe\AppData\Roaming\NeopleLauncherDFO
[2011/05/21 15:20:57 | 000,000,000 | ---D | M] -- C:\Users\James Boothe\AppData\Roaming\Nitroplus
[2011/06/19 20:11:33 | 000,000,000 | ---D | M] -- C:\Users\James Boothe\AppData\Roaming\Nuance
[2011/02/23 05:27:07 | 000,000,000 | ---D | M] -- C:\Users\James Boothe\AppData\Roaming\Poser
[2011/06/28 02:31:15 | 000,000,000 | ---D | M] -- C:\Users\James Boothe\AppData\Roaming\Poser Pro
[2010/11/12 03:05:37 | 000,000,000 | ---D | M] -- C:\Users\James Boothe\AppData\Roaming\Publish Providers
[2011/06/29 18:40:48 | 000,000,000 | ---D | M] -- C:\Users\James Boothe\AppData\Roaming\Queue Manager
[2010/10/27 15:48:33 | 000,000,000 | ---D | M] -- C:\Users\James Boothe\AppData\Roaming\Razer
[2011/06/02 03:42:49 | 000,000,000 | ---D | M] -- C:\Users\James Boothe\AppData\Roaming\RIFT
[2011/02/22 08:48:28 | 000,000,000 | ---D | M] -- C:\Users\James Boothe\AppData\Roaming\Smith Micro
[2011/01/10 07:14:29 | 000,000,000 | ---D | M] -- C:\Users\James Boothe\AppData\Roaming\Sony
[2010/01/16 22:37:53 | 000,000,000 | ---D | M] -- C:\Users\James Boothe\AppData\Roaming\Spacejock Software
[2011/01/10 18:09:37 | 000,000,000 | ---D | M] -- C:\Users\James Boothe\AppData\Roaming\SystemRequirementsLab
[2010/04/03 13:53:10 | 000,000,000 | ---D | M] -- C:\Users\James Boothe\AppData\Roaming\thriXXX
[2010/06/12 01:39:21 | 000,000,000 | ---D | M] -- C:\Users\James Boothe\AppData\Roaming\Turbine
[2010/12/17 13:43:37 | 000,000,000 | ---D | M] -- C:\Users\James Boothe\AppData\Roaming\Ubisoft
[2011/07/01 05:32:45 | 000,000,000 | ---D | M] -- C:\Users\James Boothe\AppData\Roaming\uTorrent
[2011/06/22 01:20:53 | 000,000,000 | ---D | M] -- C:\Users\James Boothe\AppData\Roaming\VBA-M
[2010/02/17 00:29:21 | 000,000,000 | ---D | M] -- C:\Users\James Boothe\AppData\Roaming\Writer's Cafe 2
[2010/12/28 16:12:49 | 000,032,612 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/07/01 05:48:42 | 000,000,326 | -HS- | M] () -- C:\Windows\Tasks\Vwmnze.job
========== Purity Check ==========
========== Files - Unicode (All) ==========
[2010/10/13 22:10:08 | 000,000,000 | ---D | M](C:\Users\James Boothe\Documents\?? ???) -- C:\Users\James Boothe\Documents\넥슨 플러그
[2010/10/13 22:10:08 | 000,000,000 | ---D | C](C:\Users\James Boothe\Documents\?? ???) -- C:\Users\James Boothe\Documents\넥슨 플러그
========== Alternate Data Streams ==========
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:05EE1EEF
@Alternate Data Stream - 1219 bytes -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\View Baldur's Gate: Tales of The Sword Coast Readme.lnk
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:D06A4C76
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:F35A93AD
< End of report >
Edited by Sorlin, 02 July 2011 - 12:05 AM.