WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93084 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

searchqu infection

Started by eaglesoar , Jun 17 2011 07:26 PM

This topic is locked

4 replies to this topic

#1 eaglesoar

New Member

New Member
2 posts

Posted 17 June 2011 - 07:26 PM

Here are the results of my scans as requested, hope I got them all:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:07:01 PM, on 6/17/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files (x86)\Lexmark 8300 Series\lxcjmon.exe
C:\Program Files (x86)\Lexmark 8300 Series\ezprint.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\acrotray.exe
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.189\SSScheduler.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe
C:\Users\Office Depot\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Users\Office Depot\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Office Depot\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Office Depot\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Office Depot\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Office Depot\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Office Depot\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Office Depot\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Office Depot\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Office Depot\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Office Depot\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Coupons.com Toolbar - {37153479-1976-43c3-a1ee-557513977b64} - C:\Program Files (x86)\Coupons.com\prxtbCoup.dll
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Coupons.com - {37153479-1976-43c3-a1ee-557513977b64} - C:\Program Files (x86)\Coupons.com\prxtbCoup.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll
O2 - BHO: StartNowToolbarHelper - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
O2 - BHO: ZoneAlarm Toolbar Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (file missing)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll
O2 - BHO: Search Toolbar - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll (file missing)
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: UrlHelper Class - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\PROGRA~2\WI3C8A~1\Datamngr\IEBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: WeCareReminder - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
O2 - BHO: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.4\youtubedownloaderToolbarIE.dll
O3 - Toolbar: ZoneAlarm Toolbar - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (file missing)
O3 - Toolbar: Search Toolbar - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll (file missing)
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.4\youtubedownloaderToolbarIE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll
O3 - Toolbar: StartNow Toolbar - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
O3 - Toolbar: Coupons.com Toolbar - {37153479-1976-43c3-a1ee-557513977b64} - C:\Program Files (x86)\Coupons.com\prxtbCoup.dll
O4 - HKLM\..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~2\WI3C8A~1\Datamngr\DATAMN~1.EXE
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [MRC] "C:\Program Files (x86)\PC Tune-Up\PCTuneUp.exe" /MBRSTART
O4 - HKCU\..\Run: [Google Update] "C:\Users\Office Depot\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [D900EDB2B1D65F6FEE3D79238ABBDF70CEA032FF._service_run] "C:\Users\Office Depot\AppData\Local\Google\Chrome\Application\chrome.exe" --type=service
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [InstallIQUpdater] "C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe" /silent /autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Dropbox.lnk = Office Depot\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: fliptoast.lnk = C:\Program Files (x86)\fliptoast\fliptoast.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files (x86)\McAfee Security Scan\2.0.189\SSScheduler.exe
O4 - Global Startup: Snapfish PictureMover.lnk = C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {A3E21079-7F41-4125-9EBB-FD44CFCC0AC1} (WLCTSCControl Class) - https://www.mesh.com...14.51/TSWeb.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.ad...Plus/1.6/gp.cab
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} (SysInfo Class) - http://content.syste...yri_4.3.1.0.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~2\WI3C8A~1\Datamngr\datamngr.dll C:\PROGRA~2\WI3C8A~1\Datamngr\IEBHO.dll C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: AMD Reservation Manager - Advanced Micro Devices - C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: CinemaNow Service - CinemaNow, Inc. - C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: hpqwmiex - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxcj_device - - C:\Windows\system32\lxcjcoms.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\2.0.189\McCHSvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RelevantKnowledge - Unknown owner - C:\Program Files (x86)\RelevantKnowledge\rlservice.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Toolbar Updater Service - Unknown owner - C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 21828 bytes
OTL: OTL logfile created on: 6/17/2011 4:09:50 PM - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\Office Depot\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.75 Gb Total Physical Memory | 1.71 Gb Available Physical Memory | 29.79% Memory free
11.50 Gb Paging File | 6.99 Gb Available in Paging File | 60.79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 919.43 Gb Total Space | 749.93 Gb Free Space | 81.57% Space Free | Partition Type: NTFS
Drive D: | 11.99 Gb Total Space | 1.46 Gb Free Space | 12.22% Space Free | Partition Type: NTFS
Drive L: | 149.05 Gb Total Space | 28.02 Gb Free Space | 18.80% Space Free | Partition Type: NTFS

Computer Name: SANDY-HP2011 | User Name: Office Depot | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Office Depot\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Users\Office Depot\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe (W3i, LLC)
PRC - C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
PRC - C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
PRC - C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe ()
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\McAfee Security Scan\2.0.189\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe (CinemaNow, Inc.)
PRC - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
PRC - C:\Program Files (x86)\PDF Complete\pdfsvc.exe (PDF Complete Inc)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
PRC - C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files (x86)\Lexmark 8300 Series\ezprint.exe (Lexmark International Inc.)
PRC - C:\Program Files (x86)\Lexmark 8300 Series\lxcjmon.exe (Lexmark International, Inc.)

========== Modules (SafeList) ==========

MOD - C:\Users\Office Depot\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\WIDCOMM\Bluetooth Software\syswow64\BtMmHook.dll (Broadcom Corporation.)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (ZuneWlanCfgSvc) -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe (Microsoft Corporation)
SRV:64bit: - (WMZuneComm) -- C:\Program Files\Zune\WMZuneComm.exe (Microsoft Corporation)
SRV:64bit: - (ZuneNetworkSvc) -- C:\Program Files\Zune\ZuneNss.exe (Microsoft Corporation)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (AMD Reservation Manager) -- C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe (Advanced Micro Devices)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (lxcj_device) -- C:\Windows\SysNative\lxcjcoms.exe ( )
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (Application Updater) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
SRV - (Toolbar Updater Service) -- C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe ()
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (nosGetPlusHelper) getPlus® -- C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.)
SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\2.0.189\McCHSvc.exe (McAfee, Inc.)
SRV - (CinemaNow Service) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe (CinemaNow, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (pdfcDispatcher) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe (PDF Complete Inc)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (lxcj_device) -- C:\Windows\SysWow64\lxcjcoms.exe ( )

========== Driver Services (SafeList) ==========

DRV:64bit: - (BTWAMPFL) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab)
DRV:64bit: - (pwdrvio) -- C:\Windows\SysNative\pwdrvio.sys ()
DRV:64bit: - (pwdspio) -- C:\Windows\SysNative\pwdspio.sys ()
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (pcouffin) -- C:\Windows\SysNative\drivers\pcouffin.sys (VSO Software)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (kl2) -- C:\Windows\SysNative\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV:64bit: - (KL1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\androidusb.sys (Google Inc)
DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV:64bit: - (btusbflt) -- C:\Windows\SysNative\drivers\btusbflt.sys (Broadcom Corporation.)
DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie64.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (ivusb) -- C:\Windows\SysNative\drivers\ivusb.sys (Initio Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (netr7364) -- C:\Windows\SysNative\drivers\netr7364.sys (Ralink Technology, Corp.)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.)
DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (VBoxDrv) -- C:\Program Files (x86)\YouWave_Android\vb\VBoxDrv.sys (Oracle Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKLM\..\URLSearchHook: {37153479-1976-43c3-a1ee-557513977b64} - C:\Program Files (x86)\Coupons.com\prxtbCoup.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...?referrer=ign_n
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://my.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {37153479-1976-43c3-a1ee-557513977b64} - C:\Program Files (x86)\Coupons.com\prxtbCoup.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF - HKLM\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru [2011/05/31 08:29:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru [2011/05/31 08:29:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru [2011/05/31 08:29:17 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\IEBHO.dll (Bandoo Media, inc)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Coupons.com Toolbar) - {37153479-1976-43c3-a1ee-557513977b64} - C:\Program Files (x86)\Coupons.com\prxtbCoup.dll (Conduit Ltd.)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (StartNow Toolbar Helper) - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll (Zugo)
O2 - BHO: (ZoneAlarm Toolbar Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - File not found
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - File not found
O2 - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (WeCareReminder Class) - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.4\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (Coupons.com Toolbar) - {37153479-1976-43c3-a1ee-557513977b64} - C:\Program Files (x86)\Coupons.com\prxtbCoup.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (StartNow Toolbar) - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll (Zugo)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - File not found
O3 - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - File not found
O3 - HKLM\..\Toolbar: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.4\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - File not found
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - File not found
O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark 8300 Series\ezprint.exe (Lexmark International Inc.)
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [LXCJCATS] C:\Windows\SysNative\spool\DRIVERS\x64\3\LXCJtime.DLL (Lexmark International Inc.)
O4:64bit: - HKLM..\Run: [lxcjmon.exe] C:\Program Files (x86)\Lexmark 8300 Series\lxcjmon.exe (Lexmark International, Inc.)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [InstallIQUpdater] C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe (W3i, LLC)
O4 - HKCU..\Run: [MRC] C:\Program Files (x86)\PC Tune-Up\PCTuneUp.exe (Large Software)
O4 - HKCU..\Run: [Weather] File not found
O4 - Startup: C:\Users\Office Depot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Office Depot\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Office Depot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fliptoast.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O8:64bit: - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm ()
O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.)
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {A3E21079-7F41-4125-9EBB-FD44CFCC0AC1} https://www.mesh.com...14.51/TSWeb.cab (WLCTSCControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.syste...yri_4.3.1.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - Reg Error: Key error. File not found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI3C8A~1\Datamngr\x64\datamngr.dll C:\PROGRA~2\WI3C8A~1\Datamngr\x64\IEBHO.dll C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll) - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\datamngr.dll (Bandoo Media, inc)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\sbhook64.dll (Kaspersky Lab ZAO)
O20 - AppInit_DLLs: (C:\PROGRA~2\WI3C8A~1\Datamngr\datamngr.dll) - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~2\WI3C8A~1\Datamngr\IEBHO.dll) - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\sbhook.dll (Kaspersky Lab ZAO)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\klogon: DllName - Reg Error: Key error. - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/04/04 18:11:28 | 000,000,184 | RH-- | M] () - L:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{5941ff81-e32b-11df-a6e2-d485640df200}\Shell - "" = AutoRun
O33 - MountPoints2\{5941ff81-e32b-11df-a6e2-d485640df200}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O33 - MountPoints2\{5a482c74-d77c-11df-a89a-d485640df200}\Shell - "" = AutoRun
O33 - MountPoints2\{5a482c74-d77c-11df-a89a-d485640df200}\Shell\AutoRun\command - "" = "J:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{e3cff693-c7a0-11df-8553-d485640df200}\Shell - "" = AutoRun
O33 - MountPoints2\{e3cff693-c7a0-11df-8553-d485640df200}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O33 - MountPoints2\{e3cff800-c7a0-11df-8553-d485640df200}\Shell - "" = AutoRun
O33 - MountPoints2\{e3cff800-c7a0-11df-8553-d485640df200}\Shell\AutoRun\command - "" = J:\StartClickFreeBackup.exe
O33 - MountPoints2\{f7da9be6-db80-11df-b38a-d485640df200}\Shell - "" = AutoRun
O33 - MountPoints2\{f7da9be6-db80-11df-b38a-d485640df200}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/06/17 16:05:59 | 000,607,310 | ---- | C] (Swearware) -- C:\Users\Office Depot\Desktop\dds.scr
[2011/06/16 15:53:58 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/06/16 03:05:02 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/06/16 03:05:01 | 002,303,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011/06/16 03:05:01 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/06/16 03:05:01 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/06/16 03:05:01 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/06/16 03:05:00 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9.dll
[2011/06/16 03:05:00 | 000,818,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/06/16 03:05:00 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/06/15 23:07:09 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2011/06/11 13:41:37 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2011/06/11 10:39:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2011/06/11 10:38:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Coupons.com
[2011/06/11 10:38:56 | 000,000,000 | ---D | C] -- C:\Users\Office Depot\AppData\Local\Conduit
[2011/06/10 16:59:51 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/06/08 20:56:35 | 000,000,000 | ---D | C] -- C:\Users\Office Depot\Desktop\New folder
[2011/06/08 17:16:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ARAX Disk Doctor Data Recovery
[2011/06/08 17:16:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ARAX Disk Doctor
[2011/06/08 17:01:49 | 000,000,000 | ---D | C] -- C:\Users\Office Depot\AppData\Roaming\com.w3i.FlipToast
[2011/06/08 16:44:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InstaCodecs
[2011/06/08 16:43:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\InstaCodecs
[2011/06/08 16:43:47 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\AI_RecycleBin
[2011/06/08 16:43:46 | 000,000,000 | ---D | C] -- C:\ProgramData\W3i
[2011/06/08 16:43:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\W3i
[2011/06/08 16:43:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InstallIQ Updater
[2011/06/08 15:26:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011/06/08 03:01:13 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2011/06/08 03:01:13 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2011/06/07 16:53:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniTool Power Data Recovery 6.5
[2011/06/07 16:53:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PowerDataRecovery
[2011/06/06 17:30:20 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\ImageConverter Plus
[2011/06/06 17:30:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImageConverter Plus
[2011/06/06 17:30:18 | 000,182,680 | ---- | C] (fCoder Group International) -- C:\Windows\SysWow64\cnvshell.dll
[2011/06/06 17:30:18 | 000,000,000 | ---D | C] -- C:\Users\Office Depot\Documents\Image Converter Plus
[2011/06/06 17:30:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ImageConverter Plus
[2011/06/06 16:05:07 | 000,000,000 | ---D | C] -- C:\Users\Office Depot\Documents\Bluetooth Exchange Folder
[2011/06/04 12:37:00 | 000,000,000 | ---D | C] -- C:\Users\Office Depot\Desktop\HD2_Toolkit_KSubedi_3.9
[2011/06/03 15:17:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RingtoneJunkiez Desktop
[2011/06/03 15:17:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RingtoneJunkiez
[2011/06/03 15:17:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\RingtoneJunkiez
[2011/06/03 15:17:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\StartNow Toolbar
[2011/06/01 17:11:06 | 000,000,000 | ---D | C] -- C:\Users\Office Depot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
[2011/06/01 17:07:33 | 000,000,000 | ---D | C] -- C:\Users\Office Depot\AppData\Local\Broadcom
[2011/06/01 17:05:05 | 000,022,056 | ---- | C] (Broadcom Corporation.) -- C:\Windows\SysNative\btwcoins.dll
[2011/06/01 17:05:03 | 000,349,736 | ---- | C] (Broadcom Corporation.) -- C:\Windows\SysNative\drivers\btwampfl.sys
[2011/06/01 17:05:03 | 000,138,280 | ---- | C] (Broadcom Corporation.) -- C:\Windows\SysNative\drivers\btwavdt.sys
[2011/06/01 17:05:03 | 000,107,560 | ---- | C] (Broadcom Corporation.) -- C:\Windows\SysNative\drivers\btwaudio.sys
[2011/06/01 17:05:03 | 000,039,464 | ---- | C] (Broadcom Corporation.) -- C:\Windows\SysNative\drivers\btwl2cap.sys
[2011/06/01 17:05:03 | 000,021,416 | ---- | C] (Broadcom Corporation.) -- C:\Windows\SysNative\drivers\btwrchid.sys
[2011/06/01 17:01:59 | 000,000,000 | ---D | C] -- C:\Program Files\WIDCOMM
[2011/05/30 13:38:26 | 000,000,000 | ---D | C] -- C:\Users\Office Depot\Documents\New folder
[2011/05/30 13:36:12 | 000,000,000 | ---D | C] -- C:\Users\Office Depot\AppData\Roaming\vlc
[2011/05/30 13:35:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2011/05/30 13:35:21 | 000,000,000 | ---D | C] -- C:\Users\Office Depot\AppData\Local\WeatherBug
[2011/05/30 13:35:19 | 000,000,000 | ---D | C] -- C:\Users\Office Depot\AppData\Roaming\WeatherBug
[2011/05/30 13:34:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Fighters
[2011/05/30 13:34:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Offers from Freeze.com
[2011/05/30 13:33:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2011/05/30 13:33:37 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Scan
[2011/05/30 13:33:37 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NSSx64
[2011/05/30 13:33:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Security Scan
[2011/05/30 13:33:37 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NSSx64\0301010.006
[2011/05/30 13:33:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2011/05/30 13:33:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Chrome
[2011/05/30 12:30:12 | 000,000,000 | ---D | C] -- C:\Mom's HD
[2011/05/27 16:09:18 | 000,000,000 | ---D | C] -- C:\Users\Office Depot\AppData\Local\{B51181FB-C057-4EA8-991C-5990A9E53036}
[2011/05/26 16:25:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LightScribe Template Labeler
[2011/05/26 16:24:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LightScribe Diagnostic Utility
[2011/05/25 10:36:09 | 000,000,000 | ---D | C] -- C:\Saved16GCard052511
[2011/05/24 21:46:28 | 000,027,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2011/05/23 16:05:43 | 000,000,000 | ---D | C] -- C:\Users\Office Depot\AppData\Local\Ilivid Player
[2011/05/23 16:05:15 | 000,000,000 | -H-D | C] -- C:\ProgramData\{5BBA7CF7-C86B-4326-8FF3-C0E40CF3D1C7}
[2011/05/23 16:05:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid
[2011/05/23 16:05:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iLivid
[2011/05/23 16:04:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows iLivid Toolbar
[2011/05/23 16:04:33 | 000,000,000 | ---D | C] -- C:\Users\Office Depot\AppData\Local\PackageAware
[2011/05/23 15:58:54 | 000,000,000 | ---D | C] -- C:\Users\Office Depot\AppData\Roaming\Amazon
[2011/05/23 15:48:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon
[2011/05/23 15:48:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Amazon
[2011/05/23 15:14:34 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/05/23 15:12:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/05/23 15:12:08 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/05/23 15:12:08 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/05/23 15:12:08 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/05/23 15:10:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/05/23 15:09:57 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2011/05/23 15:09:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2011/05/21 19:37:42 | 000,000,000 | ---D | C] -- C:\Users\Office Depot\AppData\Roaming\Catalina Marketing Corp
[2011/05/21 19:37:30 | 000,000,000 | ---D | C] -- C:\Users\Office Depot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalina Marketing Corp
[2011/05/19 16:58:46 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2011/05/19 16:58:46 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1.dll
[2011/05/19 16:56:14 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe
[2011/05/19 16:56:14 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe
[2011/03/29 15:09:55 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Office Depot\AppData\Roaming\pcouffin.sys
[2011/02/17 00:11:25 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcjserv.dll
[2011/02/17 00:11:25 | 000,991,232 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcjusb1.dll
[2011/02/17 00:11:25 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcjhbn3.dll
[2011/02/17 00:11:25 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcjcomc.dll
[2011/02/17 00:11:25 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcjpmui.dll
[2011/02/17 00:11:25 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcjlmpm.dll
[2011/02/17 00:11:25 | 000,537,520 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcjcoms.exe
[2011/02/17 00:11:25 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcjcomm.dll
[2011/02/17 00:11:25 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcjinpa.dll
[2011/02/17 00:11:25 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcjiesc.dll
[2011/02/17 00:11:25 | 000,385,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcjih.exe
[2011/02/17 00:11:25 | 000,381,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcjcfg.exe
[2011/02/17 00:11:25 | 000,181,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcjppls.exe
[2011/02/17 00:11:25 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcjprox.dll
[2011/02/17 00:11:25 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcjpplc.dll
[2 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/17 16:08:00 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-673014245-733406198-351129615-1000UA.job
[2011/06/17 16:05:45 | 000,607,310 | ---- | M] (Swearware) -- C:\Users\Office Depot\Desktop\dds.scr
[2011/06/17 15:59:36 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/17 15:59:36 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/17 15:54:22 | 000,000,416 | ---- | M] () -- C:\Windows\tasks\Free File Viewer Update Checker.job
[2011/06/17 15:51:17 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/17 15:49:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/17 15:48:48 | 334,979,071 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/17 07:19:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/17 06:35:36 | 000,296,278 | ---- | M] () -- C:\Users\Office Depot\Desktop\Aetna Direct deposit change auth.pdf
[2011/06/17 06:02:23 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-673014245-733406198-351129615-1000Core.job
[2011/06/16 16:08:26 | 000,002,453 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2011/06/16 15:54:13 | 000,001,981 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/06/16 03:28:26 | 000,427,144 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/06/15 17:26:52 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/06/13 16:44:19 | 000,772,438 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/06/13 16:44:19 | 000,656,038 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/06/13 16:44:19 | 000,119,164 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/06/10 16:18:42 | 000,007,600 | ---- | M] () -- C:\Users\Office Depot\AppData\Local\resmon.resmoncfg
[2011/06/09 22:23:44 | 000,000,462 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Office Depot.job
[2011/06/09 17:17:27 | 000,000,010 | -H-- | M] () -- C:\xrjmns.tce
[2011/06/08 17:02:41 | 000,000,947 | ---- | M] () -- C:\Users\Office Depot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fliptoast.lnk
[2011/06/08 15:26:13 | 000,001,024 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011/06/08 15:19:41 | 021,022,914 | ---- | M] () -- C:\Users\Office Depot\Documents\vlc-1.1.10-win32.exe
[2011/06/07 16:53:50 | 000,000,991 | ---- | M] () -- C:\Users\Public\Desktop\MiniTool Power Data Recovery 6.5.lnk
[2011/06/06 17:30:20 | 000,000,961 | ---- | M] () -- C:\Users\Office Depot\Application Data\Microsoft\Internet Explorer\Quick Launch\ImageConverter Plus.lnk
[2011/06/04 08:18:02 | 000,001,091 | ---- | M] () -- C:\Users\Office Depot\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/06/03 15:27:02 | 000,002,609 | ---- | M] () -- C:\Users\Public\Desktop\RingtoneJunkiez.lnk
[2011/06/01 17:05:27 | 000,001,107 | ---- | M] () -- C:\Users\Public\Desktop\Bluetooth Problem Report.lnk
[2011/06/01 17:05:27 | 000,000,834 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
[2011/06/01 17:01:12 | 000,349,736 | ---- | M] (Broadcom Corporation.) -- C:\Windows\SysNative\drivers\btwampfl.sys
[2011/06/01 17:01:12 | 000,138,280 | ---- | M] (Broadcom Corporation.) -- C:\Windows\SysNative\drivers\btwavdt.sys
[2011/06/01 17:01:12 | 000,107,560 | ---- | M] (Broadcom Corporation.) -- C:\Windows\SysNative\drivers\btwaudio.sys
[2011/06/01 17:01:12 | 000,039,464 | ---- | M] (Broadcom Corporation.) -- C:\Windows\SysNative\drivers\btwl2cap.sys
[2011/06/01 17:01:12 | 000,022,056 | ---- | M] (Broadcom Corporation.) -- C:\Windows\SysNative\btwcoins.dll
[2011/06/01 17:01:12 | 000,021,416 | ---- | M] (Broadcom Corporation.) -- C:\Windows\SysNative\drivers\btwrchid.sys
[2011/05/31 08:21:54 | 000,000,689 | ---- | M] () -- C:\Users\Office Depot\Desktop\Mom's HD - Shortcut.lnk
[2011/05/30 19:19:44 | 000,000,358 | ---- | M] () -- C:\Windows\asfbinwin.INI
[2011/05/30 15:55:40 | 000,001,028 | ---- | M] () -- C:\Users\Office Depot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2011/05/30 15:52:46 | 000,000,360 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForOffice Depot.job
[2011/05/30 15:49:25 | 000,765,818 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,025,912 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/05/23 08:40:24 | 000,152,233 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat
[2011/05/22 13:15:15 | 000,191,836 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat
[2 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/17 06:35:36 | 000,296,278 | ---- | C] () -- C:\Users\Office Depot\Desktop\Aetna Direct deposit change auth.pdf
[2011/06/16 15:54:13 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/06/16 15:54:13 | 000,001,981 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/06/08 17:01:50 | 000,000,947 | ---- | C] () -- C:\Users\Office Depot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fliptoast.lnk
[2011/06/08 16:44:00 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/06/08 15:26:13 | 000,001,024 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011/06/08 15:19:16 | 021,022,914 | ---- | C] () -- C:\Users\Office Depot\Documents\vlc-1.1.10-win32.exe
[2011/06/07 16:53:50 | 000,000,991 | ---- | C] () -- C:\Users\Public\Desktop\MiniTool Power Data Recovery 6.5.lnk
[2011/06/06 17:30:20 | 000,000,961 | ---- | C] () -- C:\Users\Office Depot\Application Data\Microsoft\Internet Explorer\Quick Launch\ImageConverter Plus.lnk
[2011/06/03 15:17:31 | 000,002,609 | ---- | C] () -- C:\Users\Public\Desktop\RingtoneJunkiez.lnk
[2011/06/01 17:05:27 | 000,001,119 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bluetooth Problem Report.lnk
[2011/06/01 17:05:27 | 000,001,107 | ---- | C] () -- C:\Users\Public\Desktop\Bluetooth Problem Report.lnk
[2011/06/01 17:02:27 | 000,000,834 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
[2011/05/31 08:21:54 | 000,000,689 | ---- | C] () -- C:\Users\Office Depot\Desktop\Mom's HD - Shortcut.lnk
[2011/05/30 19:19:44 | 000,000,358 | ---- | C] () -- C:\Windows\asfbinwin.INI
[2011/05/30 16:11:34 | 000,000,010 | -H-- | C] () -- C:\xrjmns.tce
[2011/05/30 13:33:43 | 000,000,462 | -H-- | C] () -- C:\Windows\tasks\Norton Security Scan for Office Depot.job
[2011/05/30 13:33:37 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NSSx64\0301010.006\isolate.ini
[2011/05/29 18:08:14 | 000,000,360 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForOffice Depot.job
[2011/05/22 13:15:15 | 000,191,836 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/04/10 14:07:58 | 000,069,632 | ---- | C] () -- C:\Windows\realbap1.dll
[2011/04/10 14:07:57 | 000,045,568 | ---- | C] () -- C:\Windows\realbsf1.dll
[2011/04/10 14:06:05 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\realbap1.dll
[2011/04/10 14:06:05 | 000,045,568 | ---- | C] () -- C:\Windows\SysWow64\realbsf1.dll
[2011/03/29 15:09:55 | 000,099,384 | ---- | C] () -- C:\Users\Office Depot\AppData\Roaming\inst.exe
[2011/03/29 15:09:55 | 000,007,859 | ---- | C] () -- C:\Users\Office Depot\AppData\Roaming\pcouffin.cat
[2011/03/29 15:09:55 | 000,001,167 | ---- | C] () -- C:\Users\Office Depot\AppData\Roaming\pcouffin.inf
[2011/03/17 17:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/02/18 20:29:36 | 000,007,600 | ---- | C] () -- C:\Users\Office Depot\AppData\Local\resmon.resmoncfg
[2011/02/17 00:11:25 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxcjcomx.dll
[2011/02/17 00:11:25 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\lxcjinst.dll
[2011/02/16 19:23:08 | 000,000,144 | ---- | C] () -- C:\Windows\SysWow64\lkfl.dat
[2010/11/16 02:38:50 | 000,765,818 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/07/30 16:58:19 | 000,013,931 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2010/07/30 16:48:34 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/02/09 18:58:12 | 000,012,800 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/07/13 22:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 19:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 19:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 17:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/05/23 15:58:54 | 000,000,000 | ---D | M] -- C:\Users\Office Depot\AppData\Roaming\Amazon
[2011/05/21 19:37:43 | 000,000,000 | ---D | M] -- C:\Users\Office Depot\AppData\Roaming\Catalina Marketing Corp
[2011/02/16 19:43:59 | 000,000,000 | ---D | M] -- C:\Users\Office Depot\AppData\Roaming\CheckPoint
[2011/03/23 14:54:39 | 000,000,000 | ---D | M] -- C:\Users\Office Depot\AppData\Roaming\com.hyfn.taylorswift
[2011/06/08 17:01:49 | 000,000,000 | ---D | M] -- C:\Users\Office Depot\AppData\Roaming\com.w3i.FlipToast
[2011/06/17 15:52:14 | 000,000,000 | ---D | M] -- C:\Users\Office Depot\AppData\Roaming\Dropbox
[2011/06/06 15:59:29 | 000,000,000 | ---D | M] -- C:\Users\Office Depot\AppData\Roaming\FreeFileViewer
[2011/03/26 10:41:33 | 000,000,000 | ---D | M] -- C:\Users\Office Depot\AppData\Roaming\fretsonfire
[2010/09/23 22:55:09 | 000,000,000 | ---D | M] -- C:\Users\Office Depot\AppData\Roaming\PictureMover
[2011/05/26 13:55:43 | 000,000,000 | ---D | M] -- C:\Users\Office Depot\AppData\Roaming\SoftGrid Client
[2010/11/16 02:39:35 | 000,000,000 | ---D | M] -- C:\Users\Office Depot\AppData\Roaming\TP
[2011/06/10 16:19:16 | 000,000,000 | ---D | M] -- C:\Users\Office Depot\AppData\Roaming\uTorrent
[2011/04/05 15:06:07 | 000,000,000 | ---D | M] -- C:\Users\Office Depot\AppData\Roaming\Vso
[2011/05/30 13:35:19 | 000,000,000 | ---D | M] -- C:\Users\Office Depot\AppData\Roaming\WeatherBug
[2011/02/17 11:09:15 | 000,000,000 | ---D | M] -- C:\Users\Office Depot\AppData\Roaming\WinBatch
[2011/04/09 17:11:29 | 000,000,000 | ---D | M] -- C:\Users\Office Depot\AppData\Roaming\Windows Live Writer
[2011/06/17 15:54:22 | 000,000,416 | ---- | M] () -- C:\Windows\Tasks\Free File Viewer Update Checker.job
[2009/07/13 22:08:49 | 000,028,392 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2011/03/07 22:53:26 | 009,945,872 | ---- | M] () -- C:\Andy McKee - Guitar - Drifting - www.candyrat.com.mp4
[2009/07/24 12:22:29 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2011/03/22 05:57:06 | 003,860,829 | ---- | M] () -- C:\daughtry-No Surprise.mp3
[2011/06/17 15:48:48 | 334,979,071 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/28 13:47:10 | 017,952,179 | ---- | M] () -- C:\Lady Antebellum - I Run To You.mp3
[2011/02/28 13:45:38 | 004,435,891 | ---- | M] () -- C:\Lady Antebellum - Need You Now (HQ) [Lyrics].mp3
[2011/04/06 19:13:02 | 005,849,248 | ---- | M] () -- C:\Lady Antebellum-I Run To You.mp3
[2011/03/22 05:44:44 | 007,111,807 | ---- | M] () -- C:\Lady Antebellum-Need You Now.mp3
[2011/05/30 19:45:26 | 000,000,071 | ---- | M] () -- C:\lxcj.log
[2011/04/06 19:12:58 | 008,214,072 | ---- | M] () -- C:\Macy Gray-Beauty In The World-1.mp3
[2011/04/06 19:12:59 | 003,520,896 | ---- | M] () -- C:\Macy Gray-Beauty In The World.mp3
[2011/04/06 19:13:03 | 004,936,823 | ---- | M] () -- C:\Macy Gray-I Try.mp3
[2010/07/30 18:36:58 | 000,000,000 | RHS- | M] () -- C:\OS
[2011/02/28 13:39:24 | 016,619,289 | ---- | M] () -- C:\Owl City - 'The Saltwater Room' (New Version!) Live! HD.mp3
[2011/02/28 13:44:14 | 015,696,753 | ---- | M] () -- C:\Owl City - Fireflies.mp3
[2011/02/28 13:40:48 | 014,511,309 | ---- | M] () -- C:\Owl City - Vanilla Twilight.mp3
[2011/06/17 15:48:57 | 1878,298,623 | -HS- | M] () -- C:\pagefile.sys
[2011/06/11 14:10:36 | 000,000,000 | ---- | M] () -- C:\PocketCloudLog.txt
[2011/02/28 13:49:26 | 020,477,501 | ---- | M] () -- C:\Rihanna - ROCKSTAR 101 ft. Slash.mp3
[2011/02/28 13:42:50 | 014,803,303 | ---- | M] () -- C:\Sara Bareilles - King Of Anything.mp3
[2011/02/19 08:54:42 | 000,005,168 | ---- | M] () -- C:\scramble.log
[2011/02/28 13:47:48 | 017,110,776 | ---- | M] () -- C:\Taylor Swift - I'm Only Me When I'm With You.mp3
[2011/02/28 13:48:38 | 016,654,363 | ---- | M] () -- C:\Taylor Swift - Teardrops On My Guitar.mp3
[2011/02/28 13:47:38 | 017,712,980 | ---- | M] () -- C:\Taylor Swift - You Belong With Me.mp3
[2011/02/28 13:36:18 | 012,742,906 | ---- | M] () -- C:\THE PRETENDERS - BRASS IN POCKET.mp3
[2011/02/28 13:50:34 | 015,287,705 | ---- | M] () -- C:\Train - Hey, Soul Sister (ACOUSTIC LIVE!).mp3
[2011/06/09 17:17:27 | 000,000,010 | -H-- | M] () -- C:\xrjmns.tce

< %systemroot%\Fonts\*.com >
[2009/07/13 22:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/13 22:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/13 22:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/13 22:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 13:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/11/10 02:28:46 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[2011/02/17 11:04:40 | 000,001,702 | -HS- | M] () -- C:\Users\Office Depot\AppData\Roaming\Microsoft\LastFlashConfig.wfc

< %PROGRAMFILES%\*.* >
[2009/07/13 21:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/05/08 20:41:43 | 000,000,304 | -HS- | M] () -- C:\Users\Office Depot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >
[2006/12/08 06:31:10 | 000,000,656 | ---- | M] () -- C:\Windows\AppPatch\Custom\{917443c8-4fab-4c87-8ef3-ac150db4d42c}.sdb

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >
.
DDS (Ver_2011-06-12.02) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Office Depot at 18:14:22 on 2011-06-17
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5887.2615 [GMT -7:00]
.
AV: Kaspersky Internet Security *Enabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Kaspersky Internet Security *Enabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
FW: Kaspersky Internet Security *Enabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\lxcjcoms.exe
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files (x86)\Lexmark 8300 Series\lxcjmon.exe
C:\Program Files (x86)\Lexmark 8300 Series\ezprint.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\acrotray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.189\SSScheduler.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe
C:\Users\Office Depot\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Users\Office Depot\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Office Depot\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Office Depot\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Office Depot\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Office Depot\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Office Depot\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Office Depot\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Office Depot\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Office Depot\Downloads\OTL.exe
C:\Users\Office Depot\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\notepad.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig?referrer=ign_n
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - C:\Program Files (x86)\Coupons.com\prxtbCoup.dll
mURLSearchHooks: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - C:\Program Files (x86)\Coupons.com\prxtbCoup.dll
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - C:\Program Files (x86)\Coupons.com\prxtbCoup.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll
BHO: StartNow Toolbar Helper: {6e13d095-45c3-4271-9475-f3b48227dd9f} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
BHO: ZoneAlarm Toolbar Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll
BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: UrlHelper Class: {a40dc6c5-79d0-4ca8-a185-8ff989af1115} - C:\PROGRA~2\WI3C8A~1\Datamngr\IEBHO.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: WeCareReminder Class: {d824f0de-3d60-4f57-9eb1-66033ecd8abb} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
BHO: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.4\youtubedownloaderToolbarIE.dll
TB: ZoneAlarm Toolbar: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
TB: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.4\youtubedownloaderToolbarIE.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll
TB: StartNow Toolbar: {5911488e-9d1e-40ec-8cbb-06b231cc153f} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
TB: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - C:\Program Files (x86)\Coupons.com\prxtbCoup.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [MRC] "C:\Program Files (x86)\PC Tune-Up\PCTuneUp.exe" /MBRSTART
uRun: [Google Update] "C:\Users\Office Depot\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [D900EDB2B1D65F6FEE3D79238ABBDF70CEA032FF._service_run] "C:\Users\Office Depot\AppData\Local\Google\Chrome\Application\chrome.exe" --type=service
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1
uRun: [InstallIQUpdater] "C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe" /silent /autorun
mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe"
mRun: [Acrobat Assistant 7.0] "C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [DATAMNGR] C:\PROGRA~2\WI3C8A~1\Datamngr\DATAMN~1.EXE
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\Users\OFFICE~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Office Depot\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\OFFICE~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\FLIPTO~1.LNK - C:\Program Files (x86)\fliptoast\fliptoast.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEA~1.LNK - C:\Windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.189\SSScheduler.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAPFI~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: SoftwareSASGeneration = 1 (0x1)
IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {A3E21079-7F41-4125-9EBB-FD44CFCC0AC1} - hxxps://www.mesh.com/0.9.4014.51/TSWeb.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.3.1.0.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{43E6DD3F-DD1A-4C9F-A2ED-8C64FF7EA3AC} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{57A59533-54F3-49BD-BCD9-BD4296123231} : DhcpNameServer = 198.6.1.1 204.117.214.10
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\PROGRA~2\WI3C8A~1\Datamngr\datamngr.dll C:\PROGRA~2\WI3C8A~1\Datamngr\IEBHO.dll C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - C:\Program Files (x86)\Coupons.com\prxtbCoup.dll
BHO-X64: Coupons.com - No File
BHO-X64: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll
BHO-X64: IEVkbdBHO - No File
BHO-X64: StartNow Toolbar Helper: {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
BHO-X64: StartNowToolbarHelper - No File
BHO-X64: ZoneAlarm Toolbar Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
BHO-X64: ZoneAlarm Toolbar Registrar - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll
BHO-X64: Searchqu Toolbar - No File
BHO-X64: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: UrlHelper Class: {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\PROGRA~2\WI3C8A~1\Datamngr\IEBHO.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: WeCareReminder Class: {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll
BHO-X64: WeCareReminder - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
BHO-X64: link filter bho - No File
BHO-X64: YouTube Downloader Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.4\youtubedownloaderToolbarIE.dll
TB-X64: ZoneAlarm Toolbar: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
TB-X64: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
TB-X64: YouTube Downloader Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.4\youtubedownloaderToolbarIE.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll
TB-X64: StartNow Toolbar: {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
TB-X64: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - C:\Program Files (x86)\Coupons.com\prxtbCoup.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB-X64: {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No File
EB-X64: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - No File
mRun-x64: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun-x64: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe"
mRun-x64: [Acrobat Assistant 7.0] "C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
mRun-x64: [(Default)]
mRun-x64: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [DATAMNGR] C:\PROGRA~2\WI3C8A~1\Datamngr\DATAMN~1.EXE
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
AppInit_DLLs-X64: C:\PROGRA~2\WI3C8A~1\Datamngr\datamngr.dll C:\PROGRA~2\WI3C8A~1\Datamngr\IEBHO.dll C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll
.
============= SERVICES / DRIVERS ===============
.
R1 kl2;kl2;C:\Windows\system32\DRIVERS\kl2.sys --> C:\Windows\system32\DRIVERS\kl2.sys [?]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys --> C:\Windows\system32\DRIVERS\klim6.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-1-26 354304]
R2 AMD Reservation Manager;AMD Reservation Manager;C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-6-17 194496]
R2 Application Updater;Application Updater;C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe [2011-5-6 393112]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe [2010-11-2 365336]
R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-6-12 400368]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-3-16 366640]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2010-7-30 635416]
R2 Toolbar Updater Service;Toolbar Updater Service;C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe [2011-3-24 199904]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\system32\DRIVERS\klmouflt.sys --> C:\Windows\system32\DRIVERS\klmouflt.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-2-28 136176]
S2 RelevantKnowledge;RelevantKnowledge;C:\Program Files (x86)\RelevantKnowledge\rlservice.exe /service --> C:\Program Files (x86)\RelevantKnowledge\rlservice.exe [?]
S3 androidusb;ADB Interface Driver;C:\Windows\system32\Drivers\androidusb.sys --> C:\Windows\system32\Drivers\androidusb.sys [?]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
S3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]
S3 BTWAMPFL;BTWAMPFL;C:\Windows\system32\DRIVERS\btwampfl.sys --> C:\Windows\system32\DRIVERS\btwampfl.sys [?]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-2-28 136176]
S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\system32\DRIVERS\ivusb.sys --> C:\Windows\system32\DRIVERS\ivusb.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.189\McCHSvc.exe [2010-9-2 227232]
S3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;C:\Windows\system32\DRIVERS\netr7364.sys --> C:\Windows\system32\DRIVERS\netr7364.sys [?]
S3 nosGetPlusHelper;getPlus® Helper 3004;C:\Windows\System32\svchost.exe -k nosGetPlusHelper [2009-7-13 20992]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 pwdrvio;pwdrvio;\??\C:\Windows\system32\pwdrvio.sys --> C:\Windows\system32\pwdrvio.sys [?]
S3 pwdspio;pwdspio;\??\C:\Windows\system32\pwdspio.sys --> C:\Windows\system32\pwdspio.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2010-11-11 306416]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2011-06-17 22:55:29 8718160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{319089DE-DFDB-4A31-9B13-AE70BD352F5A}\mpengine.dll
2011-06-15 00:01:27 2027212 ----a-w- C:\ProgramData\SPL5E65.tmp
2011-06-11 20:41:37 -------- d-----w- C:\ProgramData\boost_interprocess
2011-06-11 17:39:02 -------- d-----w- C:\Program Files (x86)\Conduit
2011-06-11 17:38:56 -------- d-----w- C:\Users\Office Depot\AppData\Local\Conduit
2011-06-11 17:38:56 -------- d-----w- C:\Program Files (x86)\Coupons.com
2011-06-09 00:16:49 -------- d-----w- C:\Program Files (x86)\ARAX Disk Doctor Data Recovery
2011-06-09 00:01:49 -------- d-----w- C:\Users\Office Depot\AppData\Roaming\com.w3i.FlipToast
2011-06-08 23:44:00 85504 ----a-w- C:\Windows\SysWow64\ff_vfw.dll
2011-06-08 23:43:59 -------- d-----w- C:\Program Files (x86)\InstaCodecs
2011-06-08 23:43:47 -------- d-sh--w- C:\Windows\SysWow64\AI_RecycleBin
2011-06-08 23:43:46 -------- d-----w- C:\ProgramData\W3i
2011-06-08 23:43:46 -------- d-----w- C:\Program Files (x86)\W3i
2011-06-08 10:01:13 -------- d-----w- C:\Windows\SysWow64\Wat
2011-06-08 10:01:13 -------- d-----w- C:\Windows\System32\Wat
2011-06-07 23:53:49 -------- d-----w- C:\Program Files (x86)\PowerDataRecovery
2011-06-07 00:30:18 182680 ----a-w- C:\Windows\SysWow64\cnvshell.dll
2011-06-07 00:30:16 -------- d-----w- C:\Program Files (x86)\ImageConverter Plus
2011-06-06 19:55:30 183696 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2011-06-03 22:17:30 -------- d-----w- C:\Program Files (x86)\RingtoneJunkiez Desktop
2011-06-03 22:17:30 -------- d-----w- C:\Program Files (x86)\Common Files\RingtoneJunkiez
2011-06-03 22:17:24 -------- d-----w- C:\Program Files (x86)\StartNow Toolbar
2011-06-02 00:07:33 -------- d-----w- C:\Users\Office Depot\AppData\Local\Broadcom
2011-06-02 00:05:05 22056 ----a-w- C:\Windows\System32\btwcoins.dll
2011-06-02 00:05:03 39464 ----a-w- C:\Windows\System32\drivers\btwl2cap.sys
2011-06-02 00:05:03 349736 ----a-w- C:\Windows\System32\drivers\btwampfl.sys
2011-06-02 00:05:03 21416 ----a-w- C:\Windows\System32\drivers\btwrchid.sys
2011-06-02 00:05:03 138280 ----a-w- C:\Windows\System32\drivers\btwavdt.sys
2011-06-02 00:05:03 107560 ----a-w- C:\Windows\System32\drivers\btwaudio.sys
2011-06-02 00:01:59 -------- d-----w- C:\Program Files\WIDCOMM
2011-05-30 20:35:33 -------- d-----w- C:\Program Files (x86)\VideoLAN
2011-05-30 20:35:21 -------- d-----w- C:\Users\Office Depot\AppData\Local\WeatherBug
2011-05-30 20:35:19 -------- d-----w- C:\Users\Office Depot\AppData\Roaming\WeatherBug
2011-05-30 20:35:15 18944 ----a-r- C:\Users\Office Depot\AppData\Roaming\Microsoft\Installer\{8F018A9E-56DE-4A79-A5EF-25F413F1D538}\IconBB6A16301.exe
2011-05-30 20:34:33 -------- d-----w- C:\ProgramData\Fighters
2011-05-30 20:34:25 -------- d-----w- C:\Program Files (x86)\Free Offers from Freeze.com
2011-05-30 20:33:43 -------- d-----w- C:\ProgramData\Symantec
2011-05-30 20:33:37 -------- d-----w- C:\Windows\System32\drivers\NSSx64\0301010.006
2011-05-30 20:33:37 -------- d-----w- C:\Windows\System32\drivers\NSSx64
2011-05-30 20:33:37 -------- d-----w- C:\Program Files (x86)\Norton Security Scan
2011-05-30 20:33:35 -------- d-----w- C:\Program Files (x86)\NortonInstaller
2011-05-30 20:33:29 -------- d-----w- C:\Program Files (x86)\Chrome
2011-05-30 19:30:12 -------- d-----w- C:\Mom's HD
2011-05-27 23:09:18 -------- d-----w- C:\Users\Office Depot\AppData\Local\{B51181FB-C057-4EA8-991C-5990A9E53036}
2011-05-26 23:25:56 -------- d-----w- C:\Program Files (x86)\LightScribe Template Labeler
2011-05-26 23:24:59 -------- d-----w- C:\Program Files (x86)\LightScribe Diagnostic Utility
2011-05-25 17:36:09 -------- d-----w- C:\Saved16GCard052511
2011-05-25 04:46:28 27520 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2011-05-23 23:05:43 -------- d-----w- C:\Users\Office Depot\AppData\Local\Ilivid Player
2011-05-23 23:05:15 -------- dc-h--w- C:\ProgramData\{5BBA7CF7-C86B-4326-8FF3-C0E40CF3D1C7}
2011-05-23 23:05:03 -------- d-----w- C:\Program Files (x86)\iLivid
2011-05-23 23:04:44 -------- d-----w- C:\Program Files (x86)\Windows iLivid Toolbar
2011-05-23 23:04:33 -------- d-----w- C:\Users\Office Depot\AppData\Local\PackageAware
2011-05-23 22:48:27 -------- d-----w- C:\Program Files (x86)\Amazon
2011-05-23 22:09:57 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-05-22 02:37:42 -------- d-----w- C:\Users\Office Depot\AppData\Roaming\Catalina Marketing Corp
2011-05-22 02:37:30 525856 ----a-w- C:\Users\Office Depot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalina Marketing Corp\UninstallCouponActivator.exe
2011-05-19 23:58:46 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2011-05-19 23:58:46 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2011-05-19 23:56:14 142336 ----a-w- C:\Windows\System32\poqexec.exe
2011-05-19 23:56:14 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
.
==================== Find3M ====================
.
2011-06-16 00:26:52 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-05-29 16:11:30 39984 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-05-29 16:11:20 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-05-28 03:06:58 3135488 ----a-w- C:\Windows\System32\win32k.sys
2011-05-13 23:37:42 0 ----a-w- C:\Windows\SysWow64\sho37E.tmp
2011-05-08 19:58:47 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-05-08 19:58:47 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-05-06 21:30:20 19936 ------w- C:\Windows\System32\pwdrvio.sys
2011-05-06 21:30:18 13280 ------w- C:\Windows\System32\pwdspio.sys
2011-05-06 21:30:16 821832 ----a-w- C:\Windows\System32\pwNative.exe
2011-05-03 05:29:29 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-05-03 04:30:02 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-04-29 03:06:10 467456 ----a-w- C:\Windows\System32\drivers\srv.sys
2011-04-29 03:05:49 410112 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-04-29 03:05:37 168448 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2011-04-27 02:40:40 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2011-04-27 02:39:40 289280 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-04-27 02:39:37 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2011-04-25 22:15:53 69632 ----a-w- C:\Windows\SysWow64\realbap1.dll
2011-04-25 22:15:53 45568 ----a-w- C:\Windows\SysWow64\realbsf1.dll
2011-04-25 05:33:51 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-04-25 02:34:03 499200 ----a-w- C:\Windows\System32\drivers\afd.sys
2011-04-23 01:29:25 2303488 ----a-w- C:\Windows\System32\jscript9.dll
2011-04-23 01:19:19 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-04-22 23:35:56 1797632 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-04-22 23:25:54 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-04-20 09:44:50 9319936 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2011-04-20 09:30:18 22900736 ----a-w- C:\Windows\System32\atio6axx.dll
2011-04-20 09:09:20 151552 ----a-w- C:\Windows\System32\atiapfxx.exe
2011-04-20 09:09:06 676864 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2011-04-20 09:07:48 795648 ----a-w- C:\Windows\System32\aticfx64.dll
2011-04-20 09:07:04 17693184 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2011-04-20 09:05:08 462848 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2011-04-20 09:04:56 480256 ----a-w- C:\Windows\System32\atieclxx.exe
2011-04-20 09:04:20 203776 ----a-w- C:\Windows\System32\atiesrxx.exe
2011-04-20 09:03:06 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2011-04-20 09:02:50 423424 ----a-w- C:\Windows\System32\atipdl64.dll
2011-04-20 09:02:44 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll
2011-04-20 09:02:32 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll
2011-04-20 09:02:26 16384 ----a-w- C:\Windows\System32\atimuixx.dll
2011-04-20 09:02:22 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2011-04-20 09:02:18 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2011-04-20 08:59:22 4161536 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2011-04-20 08:49:32 4951552 ----a-w- C:\Windows\System32\atidxx64.dll
2011-04-20 08:46:18 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2011-04-20 08:46:16 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2011-04-20 08:46:06 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2011-04-20 08:46:04 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2011-04-20 08:45:54 7768064 ----a-w- C:\Windows\System32\aticaldd64.dll
2011-04-20 08:42:06 6389760 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2011-04-20 08:40:50 1222656 ----a-w- C:\Windows\System32\atiumd6v.dll
2011-04-20 08:40:16 1923584 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
2011-04-20 08:40:04 3868672 ----a-w- C:\Windows\System32\atiumd6a.dll
2011-04-20 08:38:06 4286464 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2011-04-20 08:31:14 5440000 ----a-w- C:\Windows\System32\atiumd64.dll
2011-04-20 08:30:38 4056576 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2011-04-20 08:27:00 58880 ----a-w- C:\Windows\System32\coinst.dll
2011-04-20 08:23:14 366080 ----a-w- C:\Windows\System32\atiadlxx.dll
2011-04-20 08:23:08 262144 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2011-04-20 08:22:56 14848 ----a-w- C:\Windows\System32\atig6pxx.dll
2011-04-20 08:22:54 12800 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2011-04-20 08:22:54 12800 ----a-w- C:\Windows\System32\atiglpxx.dll
2011-04-20 08:22:50 39936 ----a-w- C:\Windows\System32\atig6txx.dll
2011-04-20 08:22:42 32768 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2011-04-20 08:22:34 306176 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2011-04-20 08:21:46 40960 ----a-w- C:\Windows\System32\atiuxp64.dll
2011-04-20 08:21:40 31232 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2011-04-20 08:21:34 38912 ----a-w- C:\Windows\System32\atiu9p64.dll
2011-04-20 08:21:26 29184 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2011-04-20 08:20:52 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2011-04-20 08:13:38 53760 ----a-w- C:\Windows\System32\atimpc64.dll
2011-04-20 08:13:38 53760 ----a-w- C:\Windows\System32\amdpcom64.dll
2011-04-20 08:13:30 52736 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2011-04-20 08:13:30 52736 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2011-04-10 22:17:25 69632 ----a-w- C:\Windows\realbap1.dll
2011-04-10 22:17:25 45568 ----a-w- C:\Windows\realbsf1.dll
2011-04-09 07:02:55 5562240 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-04-09 06:02:25 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-04-09 06:02:25 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-03-29 22:09:55 99384 ----a-w- C:\Users\Office Depot\AppData\Roaming\inst.exe
2011-03-29 22:09:55 82816 ----a-w- C:\Windows\System32\drivers\pcouffin.sys
2011-03-29 22:09:55 82816 ----a-w- C:\Users\Office Depot\AppData\Roaming\pcouffin.sys
2011-03-25 03:29:26 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2011-03-25 03:29:14 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2011-03-25 03:29:14 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2011-03-25 03:29:04 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2011-03-25 03:29:04 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2011-03-25 03:28:59 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys
.
============= FINISH: 18:16:01.37 ===============

OTL Extras logfile created on: 6/17/2011 4:09:50 PM - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\Office Depot\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.75 Gb Total Physical Memory | 1.71 Gb Available Physical Memory | 29.79% Memory free
11.50 Gb Paging File | 6.99 Gb Available in Paging File | 60.79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 919.43 Gb Total Space | 749.93 Gb Free Space | 81.57% Space Free | Partition Type: NTFS
Drive D: | 11.99 Gb Total Space | 1.46 Gb Free Space | 12.22% Space Free | Partition Type: NTFS
Drive L: | 149.05 Gb Total Space | 28.02 Gb Free Space | 18.80% Space Free | Partition Type: NTFS

Computer Name: SANDY-HP2011 | User Name: Office Depot | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{22441735-5983-AD2A-5CC5-FA2CCD7EF732}" = ATI Stream SDK v2 Developer
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5B08AF35-B699-4A44-BB89-3E51E70611E8}" = HP MediaSmart SmartMenu
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5E2BDF97-E0C7-75AE-29E1-5EA9DA262F2F}" = WMV9/VC-1 Video Playback
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile Device Center
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{6A9B5F9E-CAF3-2264-9DA0-E374F9A34279}" = AMD Drag and Drop Transcoding
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{7006ED29-58F2-40C3-AE87-039287AD20B6}" = Zune
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8F473675-D702-45F9-8EBC-342B40C17BF5}" = Apple Mobile Device Support
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{917443c8-4fab-4c87-8ef3-ac150db4d42c}.sdb" = PC Tune-Up
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9545E9DB-6F4C-4404-BF25-E221BE8B44C5}" = iTunes
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{AE57C044-8912-A181-A0E4-BC2DAB3A092A}" = ATI Catalyst Install Manager
"{B2C5B378-546F-75A7-7757-C1EAAFAF9E33}" = ccc-utility64
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BBA7005D-8C56-FFD3-81AE-D0481829BC70}" = AMD Fuel
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{D79A02E9-6713-4335-9668-AAC7474C0C0E}" = HP Vision Hardware Diagnostics
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Lexmark 8300 Series" = Lexmark 8300 Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"WinRAR archiver" = WinRAR 4.00 (64-bit)
"Zune" = Zune

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05F8CCEB-1EDD-4996-A0E0-FF6EDB1E75EA}" = LightScribe Diagnostic Utility
"{067B277E-F94B-4F04-B380-BA967C00377C}_is1" = MiniTool Partition Wizard Home Edition 6.0
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08DB3902-2CE0-474D-BCE3-0177766CE9F1}" = HP Support Assistant
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{10427BCB-0742-43BE-81E2-3920972946F5}" = LightScribe System Software
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = Roxio CinemaNow 2.0
"{12FEC00C-027C-4A34-9AAB-562EDA43DC18}_is1" = MiniTool Partition Wizard Home Edition 5.2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{264FE20A-757B-492a-B0C3-4009E2997D8A}" = PictureMover
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java™ 6 Update 25
"{2765F726-849C-47B2-A82C-B257DFC0E01C}" = LightScribe Template Labeler
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2CE4119A-FF7F-3EE6-42A4-EB53C6057FFE}" = Zinio Reader 4
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3BA9D546-B0E3-4549-BB2E-3F4FF65A1B81}" = YouTube Downloader Toolbar v4.4
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{556A649F-72D2-4E41-A40C-794E0277AADB}" = System Requirements Lab CYRI
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5FD89EA1-99C2-40EE-BBF5-20F8991ED756}" = Catalyst Control Center - Branding
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{664D6E1D-2A6C-D54D-31A5-B6BC30CEB0C6}" = CCC Help English
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6C122441-1861-4CD7-B1C5-A163A6984E12}" = CinemaNow Media Manager
"{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari
"{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72D90DB3-A16A-4545-B555-868471101833}" = HP Setup
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7B9F5775-8C8C-2A4E-0CAB-74EA7AF5CB09}" = ccc-core-static
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}" = iLivid
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT2860 Wireless LAN Card
"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MediaSmart CinemaNow 2.0
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{912CED74-88D3-4C5B-ACB0-13231864975D}" = PressReader
"{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9F4ECB4A-AFD9-4E9F-8DF2-1E339AF8F2CF}" = ASPCA Tri Reminder by We-Care.com
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9FE59F0-5BFA-4FDF-84C6-F45457715379}" = InstallIQ Updater
"{AA945C94-285E-DE48-A30F-70105C6580DE}" = Catalyst Control Center Graphics Previews Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-1033-0000-7760-000000000002}" = Adobe Acrobat 7.0 Professional
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}" = HP Support Information
"{BDDA1E1E-204E-4368-B0C2-737F16B76307}" = HP MediaSmart/TouchSmart Netflix
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CC29B835-95A5-3CD9-087B-F94D7B9ECC9B}" = Catalyst Control Center InstallProxy
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF0EDB56-BBF6-3C9F-9C50-2E3B3D444641}" = Google Talk Plugin
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DD1E51DF-C3C0-400C-A0D7-C67DB49C9D9C}" = RingtoneJunkiez Desktop
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE77FE3F-A33D-499A-87AD-5FC406617B40}" = HP Update
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"7-Zip" = 7-Zip 4.65
"Adobe Acrobat 7.0 Professional" = Adobe Acrobat 7.1.0 Professional
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.12
"ARAX Disk Doctor Data Recovery" = ARAX Disk Doctor Data Recovery
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"Coupons.com Toolbar" = Coupons.com Toolbar
"FreeFileViewer_is1" = Free File Viewer 2011
"Frets on Fire" = Frets On Fire
"iLivid" = iLivid
"ImageConverter Plus_is1" = ImageConverter Plus 8.0
"InstaCodecs_is1" = InstaCodecs
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
"InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011
"Kobo" = Kobo
"Magic DVD Copier_is1" = Magic DVD Copier Version 4.9
"Mahjongg - Legends of the Tiles" = Mahjongg - Legends of the Tiles
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"McAfee Security Scan" = McAfee Security Scan Plus
"MiniTool Power Data Recovery_is1" = MiniTool Power Data Recovery
"NSS" = Norton Security Scan
"Office14.SingleImage" = Microsoft Office Professional 2010
"PC Tune-Up" = PC Tune-Up
"PDF Complete" = PDF Complete Special Edition
"Picasa 3" = Picasa 3
"Search Toolbar" = Search Toolbar
"Searchqu 406 MediaBar" = Windows iLivid Toolbar
"StartNow Toolbar" = StartNow Toolbar 2.0
"Trusted Software Assistant_is1" = File Type Assistant
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.10
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WT087328" = Blackhawk Striker 2
"WT087335" = Build-a-lot 2
"WT087342" = Dora's Carnival Adventure
"WT087360" = Escape Rosecliff Island
"WT087361" = FATE
"WT087362" = Final Drive Nitro
"WT087372" = Heroes of Hellas 2 - Olympia
"WT087373" = Jewel Quest 3
"WT087379" = Jewel Quest Solitaire 2
"WT087394" = Penguins!
"WT087395" = Poker Superstars III
"WT087396" = Polar Bowler
"WT087397" = Polar Golfer
"WT087414" = Virtual Families
"WT087415" = Wheel of Fortune 2
"WT087428" = Bejeweled 2 Deluxe
"WT087453" = Chuzzle Deluxe
"WT087501" = Plants vs. Zombies
"WT087513" = Virtual Villagers - The Secret City
"WT087533" = Zuma Deluxe
"WT087536" = Diner Dash 2 Restaurant Rescue
"ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1" = Zinio Reader 4

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"HuluDesktop" = Hulu Desktop
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/16/2011 10:37:30 PM | Computer Name = Sandy-HP2011 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 6/16/2011 10:37:30 PM | Computer Name = Sandy-HP2011 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5788

Error - 6/16/2011 10:37:30 PM | Computer Name = Sandy-HP2011 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5788

Error - 6/16/2011 10:37:31 PM | Computer Name = Sandy-HP2011 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 6/16/2011 10:37:31 PM | Computer Name = Sandy-HP2011 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6802

Error - 6/16/2011 10:37:31 PM | Computer Name = Sandy-HP2011 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6802

Error - 6/16/2011 10:37:32 PM | Computer Name = Sandy-HP2011 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 6/16/2011 10:37:32 PM | Computer Name = Sandy-HP2011 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7800

Error - 6/16/2011 10:37:32 PM | Computer Name = Sandy-HP2011 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7800

Error - 6/17/2011 10:35:11 AM | Computer Name = Sandy-HP2011 | Source = Adobe LM Service | ID = 0
Description =

[ Hewlett-Packard Events ]
Error - 2/17/2011 8:16:27 PM | Computer Name = OfficeDepot-HP | Source = Hewlett-Packard | ID = 0
Description = en-US Exception of type 'System.Exception' was thrown. Configurator
at Configurator.ConfiguratorClass.loadXML() at Configurator.ConfiguratorClass..ctor(Boolean
loadxml) at HPSFConfigReader.ConfigHelper..ctor() at HPAssistant.csSettings.loadApplicationResources(Boolean
isOnAppLoad)

[ Media Center Events ]
Error - 2/17/2011 1:59:10 PM | Computer Name = OfficeDepot-HP | Source = MCUpdate | ID = 0
Description = 9:59:10 AM - Error connecting to the internet. 9:59:10 AM - Unable
to contact server..

Error - 2/17/2011 2:00:29 PM | Computer Name = OfficeDepot-HP | Source = MCUpdate | ID = 0
Description = 9:59:19 AM - Error connecting to the internet. 9:59:19 AM - Unable
to contact server..

Error - 2/23/2011 4:30:44 AM | Computer Name = OfficeDepot-HP | Source = MCUpdate | ID = 0
Description = 12:30:38 AM - Error connecting to the internet. 12:30:38 AM - Unable
to contact server..

Error - 4/13/2011 4:35:51 AM | Computer Name = OfficeDepot-HP | Source = MCUpdate | ID = 0
Description = 1:35:50 AM - Error connecting to the internet. 1:35:50 AM - Unable
to contact server..

Error - 4/13/2011 5:36:35 AM | Computer Name = OfficeDepot-HP | Source = MCUpdate | ID = 0
Description = 2:36:33 AM - Error connecting to the internet. 2:36:33 AM - Unable
to contact server..

Error - 6/2/2011 4:27:30 AM | Computer Name = OfficeDepot-HP | Source = MCUpdate | ID = 0
Description = 1:27:23 AM - Error connecting to the internet. 1:27:23 AM - Unable
to contact server..

[ System Events ]
Error - 6/11/2011 5:20:28 PM | Computer Name = Sandy-HP2011 | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1070

Error - 6/12/2011 8:21:23 PM | Computer Name = Sandy-HP2011 | Source = DCOM | ID = 10010
Description =

Error - 6/14/2011 10:31:05 AM | Computer Name = Sandy-HP2011 | Source = DCOM | ID = 10010
Description =

Error - 6/14/2011 10:31:26 AM | Computer Name = Sandy-HP2011 | Source = Service Control Manager | ID = 7031
Description = The Windows Media Player Network Sharing Service service terminated
unexpectedly. It has done this 1 time(s). The following corrective action will
be taken in 30000 milliseconds: Restart the service.

Error - 6/14/2011 10:31:56 AM | Computer Name = Sandy-HP2011 | Source = Service Control Manager | ID = 7038
Description = The WMPNetworkSvc service was unable to log on as NT AUTHORITY\NetworkService
with the currently configured password due to the following error: %%50 To ensure
that the service is configured properly, use the Services snap-in in Microsoft
Management Console (MMC).

Error - 6/14/2011 10:31:56 AM | Computer Name = Sandy-HP2011 | Source = Service Control Manager | ID = 7000
Description = The Windows Media Player Network Sharing Service service failed to
start due to the following error: %%1069

Error - 6/14/2011 10:32:26 AM | Computer Name = Sandy-HP2011 | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the AVP service.

Error - 6/15/2011 10:50:35 AM | Computer Name = Sandy-HP2011 | Source = DCOM | ID = 10010
Description =

Error - 6/16/2011 6:25:56 AM | Computer Name = Sandy-HP2011 | Source = DCOM | ID = 10010
Description =

Error - 6/17/2011 6:49:09 PM | Computer Name = Sandy-HP2011 | Source = EventLog | ID = 6008
Description = The previous system shutdown at 7:35:22 AM on ?6/?17/?2011 was unexpected.

< End of report >
I hope I got everything, I didn't know what to do with the screensaver....do I need that too?

Thank you, and let me know if I missed anything

Advertisements

Register to Remove

#2 Tomk

Beguilement Monitor

Global Moderator
20,451 posts

Posted 20 June 2011 - 04:11 PM

Hi eaglesoar,

:welcome:

My name is Tomk. I would be glad to take a look at your log and help you with solving any malware problems. Logs can take a while to research, so please be patient and I'd be grateful if you would note the following:

I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
The fixes are specific to your problem and should only be used for the issues on this machine.
Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
It's often worth reading through these instructions and printing them for ease of reference.
If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
Please reply to this thread. Do not start a new topic.

As we work through your logs. Please remember to run any tools by Right-clicking on the icon and selecting Run As Administrator....

Double click on OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following
Do Not copy the word CODE
please note the fix starts with the :

:Processes

:OTL
PRC - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
PRC - C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
PRC - C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
SRV - (Application Updater) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
IE - HKLM\..\URLSearchHook: {37153479-1976-43c3-a1ee-557513977b64} - C:\Program Files (x86)\Coupons.com\prxtbCoup.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {37153479-1976-43c3-a1ee-557513977b64} - C:\Program Files (x86)\Coupons.com\prxtbCoup.dll (Conduit Ltd.)
O2:64bit: - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\IEBHO.dll (Bandoo Media, inc)
O2 - BHO: (Coupons.com Toolbar) - {37153479-1976-43c3-a1ee-557513977b64} - C:\Program Files (x86)\Coupons.com\prxtbCoup.dll (Conduit Ltd.)
O2 - BHO: (StartNow Toolbar Helper) - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll (Zugo)
O2 - BHO: (ZoneAlarm Toolbar Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - File not found
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - File not found
O2 - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
O2 - BHO: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.4\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (Coupons.com Toolbar) - {37153479-1976-43c3-a1ee-557513977b64} - C:\Program Files (x86)\Coupons.com\prxtbCoup.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (StartNow Toolbar) - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll (Zugo)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - File not found
O3 - HKLM\..\Toolbar: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.4\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKCU..\Run: [Weather] File not found
O20 - AppInit_DLLs: (C:\PROGRA~2\WI3C8A~1\Datamngr\datamngr.dll) - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~2\WI3C8A~1\Datamngr\IEBHO.dll) - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
O33 - MountPoints2\{5941ff81-e32b-11df-a6e2-d485640df200}\Shell - "" = AutoRun
O33 - MountPoints2\{5941ff81-e32b-11df-a6e2-d485640df200}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O33 - MountPoints2\{5a482c74-d77c-11df-a89a-d485640df200}\Shell - "" = AutoRun
O33 - MountPoints2\{5a482c74-d77c-11df-a89a-d485640df200}\Shell\AutoRun\command - "" = "J:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{e3cff693-c7a0-11df-8553-d485640df200}\Shell - "" = AutoRun
O33 - MountPoints2\{e3cff693-c7a0-11df-8553-d485640df200}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O33 - MountPoints2\{e3cff800-c7a0-11df-8553-d485640df200}\Shell - "" = AutoRun
O33 - MountPoints2\{f7da9be6-db80-11df-b38a-d485640df200}\Shell - "" = AutoRun
O33 - MountPoints2\{f7da9be6-db80-11df-b38a-d485640df200}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
[2011/05/23 16:05:43 | 000,000,000 | ---D | C] -- C:\Users\Office Depot\AppData\Local\Ilivid Player
[2011/05/23 16:05:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid
[2011/05/23 16:05:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iLivid
[2011/05/23 16:04:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows iLivid Toolbar

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top

Let the program run unhindered
Please save the resulting log to be posted in your next reply.
Reboot your computer

Please post the OTL log.

Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014

#3 eaglesoar

New Member

New Member
2 posts

Posted 21 June 2011 - 07:26 PM

Hopefully I did this right. I ran the program you asked me to run with the parameters you provided pasted in. Afterwords it needed to reboot so i agreed. This is the report it presented after beboot: All processes killed ========== PROCESSES ========== ========== OTL ========== No active process named Program Files was found! No active process named Program Files was found! No active process named Program Files was found! Service Application Updater stopped successfully! Service Application Updater deleted successfully! C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe moved successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{37153479-1976-43c3-a1ee-557513977b64} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37153479-1976-43c3-a1ee-557513977b64}\ deleted successfully. C:\Program Files (x86)\Coupons.com\prxtbCoup.dll moved successfully. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{37153479-1976-43c3-a1ee-557513977b64} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37153479-1976-43c3-a1ee-557513977b64}\ not found. File C:\Program Files (x86)\Coupons.com\prxtbCoup.dll not found. 64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\ deleted successfully. C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\IEBHO.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{37153479-1976-43c3-a1ee-557513977b64}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37153479-1976-43c3-a1ee-557513977b64}\ not found. File C:\Program Files (x86)\Coupons.com\prxtbCoup.dll not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13D095-45C3-4271-9475-F3B48227DD9F}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6E13D095-45C3-4271-9475-F3B48227DD9F}\ deleted successfully. C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully. C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D425283-D487-4337-BAB6-AB8354A81457}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\ deleted successfully. C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\IEBHO.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3FEE66E-E034-436a-86E4-9690573BEE8A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3FEE66E-E034-436a-86E4-9690573BEE8A}\ deleted successfully. C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.4\youtubedownloaderToolbarIE.dll moved successfully. 64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{37153479-1976-43c3-a1ee-557513977b64} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37153479-1976-43c3-a1ee-557513977b64}\ not found. File C:\Program Files (x86)\Coupons.com\prxtbCoup.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{5911488E-9D1E-40ec-8CBB-06B231CC153F} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\ deleted successfully. File C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found. File C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{9D425283-D487-4337-BAB6-AB8354A81457} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{F3FEE66E-E034-436a-86E4-9690573BEE8A} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3FEE66E-E034-436a-86E4-9690573BEE8A}\ not found. File C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.4\youtubedownloaderToolbarIE.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DATAMNGR deleted successfully. C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings deleted successfully. C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe moved successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Weather deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\WI3C8A~1\Datamngr\datamngr.dll deleted successfully. C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngr.dll moved successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\WI3C8A~1\Datamngr\IEBHO.dll deleted successfully. File C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\IEBHO.dll not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5941ff81-e32b-11df-a6e2-d485640df200}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5941ff81-e32b-11df-a6e2-d485640df200}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5941ff81-e32b-11df-a6e2-d485640df200}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5941ff81-e32b-11df-a6e2-d485640df200}\ not found. File J:\LaunchU3.exe -a not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5a482c74-d77c-11df-a89a-d485640df200}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5a482c74-d77c-11df-a89a-d485640df200}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5a482c74-d77c-11df-a89a-d485640df200}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5a482c74-d77c-11df-a89a-d485640df200}\ not found. File "J:\WD SmartWare.exe" autoplay=true not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e3cff693-c7a0-11df-8553-d485640df200}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e3cff693-c7a0-11df-8553-d485640df200}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e3cff693-c7a0-11df-8553-d485640df200}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e3cff693-c7a0-11df-8553-d485640df200}\ not found. File J:\LaunchU3.exe -a not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e3cff800-c7a0-11df-8553-d485640df200}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e3cff800-c7a0-11df-8553-d485640df200}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f7da9be6-db80-11df-b38a-d485640df200}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f7da9be6-db80-11df-b38a-d485640df200}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f7da9be6-db80-11df-b38a-d485640df200}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f7da9be6-db80-11df-b38a-d485640df200}\ not found. File J:\LaunchU3.exe -a not found. C:\Users\Office Depot\AppData\Local\Ilivid Player folder moved successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid folder moved successfully. C:\Program Files (x86)\iLivid\VLC\skins\fonts folder moved successfully. C:\Program Files (x86)\iLivid\VLC\skins folder moved successfully. C:\Program Files (x86)\iLivid\VLC\sdk\lib\pkgconfig folder moved successfully. C:\Program Files (x86)\iLivid\VLC\sdk\lib folder moved successfully. C:\Program Files (x86)\iLivid\VLC\sdk\include\vlc\plugins folder moved successfully. C:\Program Files (x86)\iLivid\VLC\sdk\include\vlc folder moved successfully. C:\Program Files (x86)\iLivid\VLC\sdk\include folder moved successfully. C:\Program Files (x86)\iLivid\VLC\sdk folder moved successfully. C:\Program Files (x86)\iLivid\VLC\plugins folder moved successfully. C:\Program Files (x86)\iLivid\VLC\osdmenu\default\volume folder moved successfully. C:\Program Files (x86)\iLivid\VLC\osdmenu\default\selection folder moved successfully. C:\Program Files (x86)\iLivid\VLC\osdmenu\default\selected folder moved successfully. C:\Program Files (x86)\iLivid\VLC\osdmenu\default folder moved successfully. C:\Program Files (x86)\iLivid\VLC\osdmenu folder moved successfully. C:\Program Files (x86)\iLivid\VLC\NSIS folder moved successfully. C:\Program Files (x86)\iLivid\VLC\mozilla folder moved successfully. C:\Program Files (x86)\iLivid\VLC\lua\sd folder moved successfully. C:\Program Files (x86)\iLivid\VLC\lua\playlist folder moved successfully. C:\Program Files (x86)\iLivid\VLC\lua\modules folder moved successfully. C:\Program Files (x86)\iLivid\VLC\lua\meta\reader folder moved successfully. C:\Program Files (x86)\iLivid\VLC\lua\meta\fetcher folder moved successfully. C:\Program Files (x86)\iLivid\VLC\lua\meta\art folder moved successfully. C:\Program Files (x86)\iLivid\VLC\lua\meta folder moved successfully. C:\Program Files (x86)\iLivid\VLC\lua\intf\modules folder moved successfully. C:\Program Files (x86)\iLivid\VLC\lua\intf folder moved successfully. C:\Program Files (x86)\iLivid\VLC\lua\http\requests folder moved successfully. C:\Program Files (x86)\iLivid\VLC\lua\http\js folder moved successfully. C:\Program Files (x86)\iLivid\VLC\lua\http\images folder moved successfully. C:\Program Files (x86)\iLivid\VLC\lua\http\dialogs folder moved successfully. C:\Program Files (x86)\iLivid\VLC\lua\http folder moved successfully. C:\Program Files (x86)\iLivid\VLC\lua\extensions folder moved successfully. C:\Program Files (x86)\iLivid\VLC\lua folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\zh_TW\LC_MESSAGES folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\zh_TW folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\zh_CN\LC_MESSAGES folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\zh_CN folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\wa\LC_MESSAGES folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\wa folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\vi\LC_MESSAGES folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\vi folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\uk\LC_MESSAGES folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\uk folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\tr\LC_MESSAGES folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\tr folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\tl\LC_MESSAGES folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\tl folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\th\LC_MESSAGES folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\th folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\tet\LC_MESSAGES folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\tet folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\ta\LC_MESSAGES folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\ta folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\sv\LC_MESSAGES folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\sv folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\sr\LC_MESSAGES folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\sr folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\sq\LC_MESSAGES folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\sq folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\sl\LC_MESSAGES folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\sl folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\sk\LC_MESSAGES folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\sk folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\si\LC_MESSAGES folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\si folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\ru\LC_MESSAGES folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\ru folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\ro\LC_MESSAGES folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\ro folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\qt4 folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\pt_PT\LC_MESSAGES folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\pt_PT folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\pt_BR\LC_MESSAGES folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\pt_BR folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\ps\LC_MESSAGES folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\ps folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\pl\LC_MESSAGES folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\pl folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\pa\LC_MESSAGES folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\pa folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\oc\LC_MESSAGES folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\oc folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\nn\LC_MESSAGES folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\nn folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\nl\LC_MESSAGES folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\nl folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\ne\LC_MESSAGES folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\ne folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\nb\LC_MESSAGES folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\nb folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\my\LC_MESSAGES folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\my folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\ms\LC_MESSAGES folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\ms folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\mn\LC_MESSAGES folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\mn folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\ml\LC_MESSAGES folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\ml folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\mk\LC_MESSAGES folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\mk folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\lv\LC_MESSAGES folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\lv folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\lt\LC_MESSAGES folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\lt folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\ko\LC_MESSAGES folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\ko folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\km\LC_MESSAGES folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\km folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\kk\LC_MESSAGES folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\kk folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\ka\LC_MESSAGES folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\ka folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\ja\LC_MESSAGES folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\ja folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\it\LC_MESSAGES folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\it folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\id\LC_MESSAGES folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\id folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\hu\LC_MESSAGES folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\hu folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\hr\LC_MESSAGES folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\hr folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\hi\LC_MESSAGES folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\hi folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\he\LC_MESSAGES folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\he folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\gl\LC_MESSAGES folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\gl folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\fur\LC_MESSAGES folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\fur folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\fr\LC_MESSAGES folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\fr folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\fi\LC_MESSAGES folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\fi folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\fa\LC_MESSAGES folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\fa folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\eu\LC_MESSAGES folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\eu folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\et\LC_MESSAGES folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\et folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\es\LC_MESSAGES folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\es folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\en_GB\LC_MESSAGES folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\en_GB folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\el\LC_MESSAGES folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\el folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\de\LC_MESSAGES folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\de folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\da\LC_MESSAGES folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\da folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\cs\LC_MESSAGES folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\cs folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\co\LC_MESSAGES folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\co folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\ckb\LC_MESSAGES folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\ckb folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\ca\LC_MESSAGES folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\ca folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\bn\LC_MESSAGES folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\bn folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\bg\LC_MESSAGES folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\bg folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\be\LC_MESSAGES folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\be folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\ar\LC_MESSAGES folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\ar folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\af\LC_MESSAGES folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale\af folder moved successfully. C:\Program Files (x86)\iLivid\VLC\locale folder moved successfully. C:\Program Files (x86)\iLivid\VLC\languages folder moved successfully. C:\Program Files (x86)\iLivid\VLC\http\requests folder moved successfully. C:\Program Files (x86)\iLivid\VLC\http\js folder moved successfully. C:\Program Files (x86)\iLivid\VLC\http\images folder moved successfully. C:\Program Files (x86)\iLivid\VLC\http\dialogs folder moved successfully. C:\Program Files (x86)\iLivid\VLC\http folder moved successfully. C:\Program Files (x86)\iLivid\VLC\activex folder moved successfully. C:\Program Files (x86)\iLivid\VLC folder moved successfully. C:\Program Files (x86)\iLivid\imageformats folder moved successfully. C:\Program Files (x86)\iLivid folder moved successfully. C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\components folder moved successfully. C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\skin\searchbar folder moved successfully. C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\skin\options folder moved successfully. C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images folder moved successfully. C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels folder moved successfully. C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\skin\lib\weatherbutton\icons folder moved successfully. C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\skin\lib\weatherbutton folder moved successfully. C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\skin\lib\uwa folder moved successfully. C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\skin\lib\radio\images folder moved successfully. C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\skin\lib\radio\css folder moved successfully. C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\skin\lib\radio folder moved successfully. C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\skin\lib\panels\images folder moved successfully. C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\skin\lib\panels\default\scripts folder moved successfully. C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\skin\lib\panels\default\images folder moved successfully. C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\skin\lib\panels\default\css folder moved successfully. C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\skin\lib\panels\default folder moved successfully. C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\skin\lib\panels\css folder moved successfully. C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\skin\lib\panels folder moved successfully. C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\skin\lib folder moved successfully. C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\skin folder moved successfully. C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\scripts folder moved successfully. C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images folder moved successfully. C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\css folder moved successfully. C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\skin folder moved successfully. C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\js folder moved successfully. C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\images folder moved successfully. C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\css folder moved successfully. C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2 folder moved successfully. C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\skin\scripts folder moved successfully. C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\skin\images folder moved successfully. C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\skin\css folder moved successfully. C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\skin folder moved successfully. C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\js folder moved successfully. C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images folder moved successfully. C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\css folder moved successfully. C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter folder moved successfully. C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully folder moved successfully. C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\scripts folder moved successfully. C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images folder moved successfully. C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\css folder moved successfully. C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin folder moved successfully. C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\js folder moved successfully. C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images folder moved successfully. C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\css folder moved successfully. C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook folder moved successfully. C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\scripts folder moved successfully. C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images folder moved successfully. C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\css folder moved successfully. C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin folder moved successfully. C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\js folder moved successfully. C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images folder moved successfully. C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\css folder moved successfully. C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2 folder moved successfully. C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\content\widgets folder moved successfully. C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\content\modules folder moved successfully. C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\content\lib folder moved successfully. C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\content\data\search folder moved successfully. C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\content\data folder moved successfully. C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\content folder moved successfully. C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome folder moved successfully. C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar folder moved successfully. C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64 folder moved successfully. C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\components folder moved successfully. C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\searchbar folder moved successfully. C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\options folder moved successfully. C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images folder moved successfully. C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels folder moved successfully. C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons folder moved successfully. C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton folder moved successfully. C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa folder moved successfully. C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images folder moved successfully. C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\css folder moved successfully. C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio folder moved successfully. C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images folder moved successfully. C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\scripts folder moved successfully. C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images folder moved successfully. C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\css folder moved successfully. C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default folder moved successfully. C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css folder moved successfully. C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels folder moved successfully. C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib folder moved successfully. C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin folder moved successfully. C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully folder moved successfully. C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\scripts folder moved successfully. C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images folder moved successfully. C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\css folder moved successfully. C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin folder moved successfully. C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\js folder moved successfully. C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images folder moved successfully. C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\css folder moved successfully. C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook folder moved successfully. C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\scripts folder moved successfully. C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images folder moved successfully. C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\css folder moved successfully. C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin folder moved successfully. C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\js folder moved successfully. C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images folder moved successfully. C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\css folder moved successfully. C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2 folder moved successfully. C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\com.djboxservice.dj.DJBox\thumbs folder moved successfully. C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\com.djboxservice.dj.DJBox folder moved successfully. C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets folder moved successfully. C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\modules folder moved successfully. C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\lib folder moved successfully. C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\data\search folder moved successfully. C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\data folder moved successfully. C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content folder moved successfully. C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\chrome folder moved successfully. C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar folder moved successfully. C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr folder moved successfully. C:\Program Files (x86)\Windows iLivid Toolbar folder moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Alex and Liz ->Temp folder emptied: 2139623 bytes ->Temporary Internet Files folder emptied: 16405538 bytes ->Flash cache emptied: 42464 bytes User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 37143 bytes ->Flash cache emptied: 56466 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Eric ->Temp folder emptied: 5345020 bytes ->Temporary Internet Files folder emptied: 27061645 bytes ->Flash cache emptied: 44638 bytes User: Office Depot ->Temp folder emptied: 1374285384 bytes ->Temporary Internet Files folder emptied: 323095273 bytes ->Java cache emptied: 1143519 bytes ->Google Chrome cache emptied: 393227375 bytes ->Apple Safari cache emptied: 13670400 bytes ->Flash cache emptied: 1200930 bytes User: Public User: Sandy's HP %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 240882060 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67697 bytes RecycleBin emptied: 450768399 bytes Total Files Cleaned = 2,717.00 mb OTL by OldTimer - Version 3.2.24.1 log created on 06212011_180859 Files\Folders moved on Reboot... C:\Users\Office Depot\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. File\Folder C:\Windows\temp\kls5119.tmp not found! Registry entries deleted on Reboot... Hope this means progress! Your help is soooo appreciated; you have no idea! Thank you

#4 Tomk

Beguilement Monitor

Global Moderator
20,451 posts

Posted 21 June 2011 - 10:18 PM

eaglesoar,

That looks good. Now let's run another tool.

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link --> http://forums.whatth...ams_t96260.html
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Notes:

1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
4. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
5. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014

#5 Tomk

Beguilement Monitor

Global Moderator
20,451 posts

Posted 27 June 2011 - 10:31 AM

Due to inactivity this topic will be closed.
If you need help please start a new thread.

New members follow the instructions here http://forums.whatth...ed_t106388.html and start a new topic

Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014

Body Background

skin color theme