Solved Google Re-direct Problem

Thanks for pointing out the system errors. I've Googled the event problem and think I may have fixed it but no clue how to proceed with the other error.

MBR log is here. Sorry, I had missed that in your post.

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: error reading MBR

 

2 logs files were produced, one immediately after the reboot and one, of course, when I did the quick scan. I've included both in case the first one is also relevant. I certainly appreciate your time and effort here to help me.

FIRST LOG CREATED AFTER RUN FIX AND REBOOT:
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{3041d03e-fd4b-44e0-b742-2d9b88305f98} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ctl3ddbgfx deleted successfully.
C:\Users\Janny\AppData\Local\ctl3ddbgfx\ctl3ddbgfx.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
F:\autorun.inf moved successfully.
C:\Users\Janny\Desktop\grrmzo81.exe moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File\Folder C:\Users\Janny\AppData\Local\ctl3ddbgfx\ctl3ddbgfx.dll not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Janny
->Temp folder emptied: 17055421 bytes
->Temporary Internet Files folder emptied: 2120043 bytes
->Java cache emptied: 36639132 bytes
->FireFox cache emptied: 73449798 bytes
->Google Chrome cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 144 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 30624 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50467 bytes
RecycleBin emptied: 392820515 bytes

Total Files Cleaned = 498.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.1.25.2 log created on 01172010_172141

Files\Folders moved on Reboot...
C:\Users\Janny\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\S1414A21B.tmp scheduled to be moved on reboot.

Registry entries deleted on Reboot...

SECOND LOG CREATED AFTER QUICK SCAN:
OTL logfile created on: 17/01/2010 5:24:57 PM - Run 4
OTL by OldTimer - Version 3.1.25.2 Folder = C:\Users\Janny\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

8.00 Gb Total Physical Memory | 7.00 Gb Available Physical Memory | 83.00% Memory free
16.00 Gb Paging File | 14.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 916.44 Gb Total Space | 544.16 Gb Free Space | 59.38% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 8.37 Gb Free Space | 55.83% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 465.76 Gb Total Space | 256.51 Gb Free Space | 55.07% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DESKTOP
Current User Name: Janny
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/01/16 22:51:16 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Users\Janny\Desktop\OTL.exe
PRC - [2010/01/08 16:15:10 | 02,002,160 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files (x86)\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2009/11/12 16:33:10 | 00,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe
PRC - [2009/10/11 04:17:36 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\jusched.exe
PRC - [2009/10/03 04:08:38 | 00,035,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
PRC - [2009/07/21 13:34:33 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/07/09 11:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/06/25 13:44:10 | 02,707,526 | ---- | M] (Zinio, LLC) -- C:\Program Files (x86)\Zinio\ZinioReader.exe
PRC - [2009/06/24 19:19:50 | 00,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/06/09 09:11:14 | 00,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2009/05/21 07:59:14 | 01,025,264 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\gs_agent\dsc.exe
PRC - [2009/05/21 07:59:08 | 00,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/05/13 15:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2009/03/02 12:08:47 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009/02/27 15:54:01 | 00,038,768 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
PRC - [2009/02/27 11:14:26 | 00,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe


========== Modules (SafeList) ==========

MOD - [2010/01/16 22:51:16 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Users\Janny\Desktop\OTL.exe
MOD - [2009/07/13 20:15:07 | 00,486,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
MOD - [2009/07/13 20:03:50 | 01,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/11/12 16:33:14 | 00,660,256 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV:64bit: - [2009/07/23 10:43:07 | 01,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2009/07/20 11:36:14 | 00,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2009/07/14 22:14:38 | 00,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 20:41:59 | 00,229,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wwansvc.dll -- (WwanSvc)
SRV:64bit: - [2009/07/13 20:41:56 | 00,202,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbiosrvc.dll -- (WbioSrvc)
SRV:64bit: - [2009/07/13 20:41:56 | 00,163,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpo.dll -- (Power)
SRV:64bit: - [2009/07/13 20:41:55 | 00,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2009/07/13 20:41:54 | 00,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sppuinotify.dll -- (sppuinotify)
SRV:64bit: - [2009/07/13 20:41:54 | 00,029,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sensrsvc.dll -- (SensrSvc)
SRV:64bit: - [2009/07/13 20:41:53 | 00,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\pnrpsvc.dll -- (PNRPsvc)
SRV:64bit: - [2009/07/13 20:41:53 | 00,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\pnrpsvc.dll -- (p2pimsvc)
SRV:64bit: - [2009/07/13 20:41:53 | 00,187,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\provsvc.dll -- (HomeGroupProvider)
SRV:64bit: - [2009/07/13 20:41:53 | 00,067,072 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\SysNative\RpcEpMap.dll -- (RpcEptMapper)
SRV:64bit: - [2009/07/13 20:41:53 | 00,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpauto.dll -- (PNRPAutoReg)
SRV:64bit: - [2009/07/13 20:41:27 | 01,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:41:18 | 00,231,936 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ListSvc.dll -- (HomeGroupListener)
SRV:64bit: - [2009/07/13 20:40:54 | 01,127,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FntCache.dll -- (FontCache)
SRV:64bit: - [2009/07/13 20:40:28 | 00,314,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2009/07/13 20:40:28 | 00,291,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\defragsvc.dll -- (defragsvc)
SRV:64bit: - [2009/07/13 20:40:13 | 00,083,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\bthserv.dll -- (bthserv)
SRV:64bit: - [2009/07/13 20:40:10 | 00,100,864 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\bdesvc.dll -- (BDESVC)
SRV:64bit: - [2009/07/13 20:40:05 | 00,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AxInstSv.dll -- (AxInstSV)
SRV:64bit: - [2009/07/13 20:40:01 | 00,032,256 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appidsvc.dll -- (AppIDSvc)
SRV:64bit: - [2009/07/13 20:39:51 | 01,503,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbengine.exe -- (wbengine)
SRV:64bit: - [2009/07/13 20:39:28 | 03,524,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\sppsvc.exe -- (sppsvc)
SRV:64bit: - [2009/07/13 20:39:11 | 00,689,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FXSSVC.exe -- (Fax)
SRV:64bit: - [2009/06/09 09:11:14 | 00,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2009/11/20 08:26:26 | 00,036,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2009/10/31 10:51:32 | 00,135,664 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate)
SRV - [2009/10/20 13:19:48 | 00,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2009/07/23 10:41:47 | 00,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/07/21 13:34:33 | 00,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/07/16 01:34:29 | 00,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2009/07/13 22:20:14 | 00,000,000 | ---D | M] [On_Demand | Stopped] -- C:\Windows\Vss -- (VSS)
SRV - [2009/07/13 22:20:14 | 00,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2009/07/13 20:16:12 | 00,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 20:15:11 | 00,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 15:30:11 | 00,061,056 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2009/07/09 11:22:18 | 00,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/06/10 15:39:58 | 00,089,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2009/05/21 07:59:08 | 00,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2009/05/13 15:48:22 | 00,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/06/18 18:23:14 | 00,074,384 | ---- | M] (MicroVision Development, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe -- (SureThing Labelflash service)
SRV - [2007/06/27 18:04:00 | 00,279,848 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/23
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:8080

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.netvibes.com/#General "
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.1
FF - prefs.js..extensions.enabledItems: artur.dubovoy@gmail.com:1.9.96
FF - prefs.js..extensions.enabledItems: foxyproxy@eric.h.jung:2.17
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.1
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.7
FF - prefs.js..extensions.enabledItems: stratareloaded@addons.mozilla.org:2.2.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/01/16 22:49:12 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/01/16 22:48:34 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2009/12/05 11:43:16 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2009/12/05 11:43:16 | 00,000,000 | ---D | M]

[2010/01/03 15:24:06 | 00,000,000 | ---D | M] -- C:\Users\Janny\AppData\Roaming\Mozilla\Extensions
[2009/08/16 07:48:12 | 00,000,000 | ---D | M] -- C:\Users\Janny\AppData\Roaming\Mozilla\Extensions\songbird@songbirdnest.com
[2010/01/16 21:44:31 | 00,000,000 | ---D | M] -- C:\Users\Janny\AppData\Roaming\Mozilla\Firefox\Profiles\mmgf31xe.default\extensions
[2010/01/10 11:59:09 | 00,000,000 | ---D | M] (No name found) -- C:\Users\Janny\AppData\Roaming\Mozilla\Firefox\Profiles\mmgf31xe.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2010/01/10 11:59:09 | 00,000,000 | ---D | M] (Stylish) -- C:\Users\Janny\AppData\Roaming\Mozilla\Firefox\Profiles\mmgf31xe.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
[2010/01/10 11:59:09 | 00,000,000 | ---D | M] -- C:\Users\Janny\AppData\Roaming\Mozilla\Firefox\Profiles\mmgf31xe.default\extensions\artur.dubovoy@gmail.com
[2010/01/16 17:20:48 | 00,000,000 | ---D | M] -- C:\Users\Janny\AppData\Roaming\Mozilla\Firefox\Profiles\mmgf31xe.default\extensions\foxyproxy@eric.h.jung
[2010/01/15 17:15:08 | 00,000,000 | ---D | M] -- C:\Users\Janny\AppData\Roaming\Mozilla\Firefox\Profiles\mmgf31xe.default\extensions\personas@christopher.beard
[2010/01/10 11:59:09 | 00,000,000 | ---D | M] -- C:\Users\Janny\AppData\Roaming\Mozilla\Firefox\Profiles\mmgf31xe.default\extensions\stratareloaded@addons.mozilla.org
[2010/01/03 16:10:07 | 00,000,000 | ---D | M] -- C:\Users\Janny\AppData\Roaming\Mozilla\Firefox\Profiles\mmgf31xe.default\extensions\stratareloaded@addons.mozilla.org\chrome\3.0x\mozapps\extensions
[2010/01/03 16:10:04 | 00,000,000 | ---D | M] -- C:\Users\Janny\AppData\Roaming\Mozilla\Firefox\Profiles\mmgf31xe.default\extensions\stratareloaded@addons.mozilla.org\chrome\3.5x\mozapps\extensions
[2010/01/03 16:10:05 | 00,000,000 | ---D | M] -- C:\Users\Janny\AppData\Roaming\Mozilla\Firefox\Profiles\mmgf31xe.default\extensions\stratareloaded@addons.mozilla.org\chrome\3.6x\mozapps\extensions
[2010/01/03 16:10:05 | 00,000,000 | ---D | M] -- C:\Users\Janny\AppData\Roaming\Mozilla\Firefox\Profiles\mmgf31xe.default\extensions\stratareloaded@addons.mozilla.org\chrome\3.7x\mozapps\extensions
[2010/01/16 21:44:31 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2006/09/28 04:45:46 | 00,053,355 | ---- | M] (Oracle Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugins\NPJinit13128.dll

O1 HOSTS File: ([2010/01/17 17:22:05 | 00,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\hssie\HssIE_64.dll File not found
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [EPSON Stylus Photo R2400] C:\Windows\SysNative\spool\DRIVERS\x64\3\E_FATI9SA.EXE (SEIKO EPSON CORPORATION)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe File not found
O4 - HKCU..\Run: [Google Update] C:\Users\Janny\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [Zinio DLM] C:\Program Files (x86)\Zinio\ZinioReader.exe (Zinio, LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files (x86)\Bonjour\ExplorerPlugin.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFECAFE-0013-0001-0028-ABCDEFABCDEF} http://esis.tldsb.on.ca/forms/jinitiator/jinit.exe (JInitiator 1.3.1.28)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.226.1.93 24.226.10.193 24.226.10.194
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - Reg Error: Key error. - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O24 - Desktop WallPaper: C:\Users\Janny\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Janny\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - comfile [open] -- "%1" %* File not found
64bit: O35 - exefile [open] -- "%1" %* File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2010/01/17 17:21:41 | 00,000,000 | ---D | C] -- C:\_OTL
[2010/01/16 22:51:15 | 00,547,328 | ---- | C] (OldTimer Tools) -- C:\Users\Janny\Desktop\OTL.exe
[2010/01/16 22:15:32 | 00,044,567 | ---- | C] (jpshortstuff) -- C:\Users\Janny\Desktop\Kenco.exe
[2010/01/16 21:43:30 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\OpenVPN
[2010/01/16 21:30:56 | 00,070,858 | ---- | C] (jpshortstuff) -- C:\Users\Janny\Desktop\GooredFix.exe
[2010/01/16 19:28:50 | 00,031,232 | ---- | C] (The OpenVPN Project) -- C:\Windows\SysNative\drivers\tap0901.sys
[2010/01/12 18:41:46 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\LimeWire
[2010/01/12 16:26:14 | 00,000,000 | ---D | C] -- C:\AV_LOGS
[2010/01/12 16:24:39 | 00,021,504 | ---- | C] (Avnex) -- C:\Windows\SysNative\drivers\vcsvad.sys
[2010/01/12 16:03:21 | 00,000,000 | ---D | C] -- C:\Users\Janny\AppData\Roaming\Marine Aquarium 3
[2010/01/12 16:03:19 | 06,545,408 | ---- | C] (SereneScreen) -- C:\Windows\SysNative\MarineAquarium3.scr
[2010/01/12 16:03:19 | 00,000,000 | ---D | C] -- C:\Program Files\SereneScreen
[2010/01/12 12:26:37 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Formosoft
[2010/01/07 10:08:04 | 00,000,000 | ---D | C] -- C:\Users\Janny\Desktop\Microsoft Windows 7 Ultimate Retail(Final) x86 (32 bit) and x64 (64 bit)
[2010/01/07 10:00:59 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/01/05 22:24:19 | 00,000,000 | ---D | C] -- C:\Users\Janny\Documents\Logic Grids
[2010/01/05 20:18:14 | 00,000,000 | R--D | C] -- C:\Users\Janny\Desktop\Bug's Pictures
[2010/01/05 20:17:52 | 00,000,000 | R--D | C] -- C:\Users\Janny\Desktop\Bug's Music
[2010/01/04 12:11:21 | 00,000,000 | ---D | C] -- C:\Users\Janny\Documents\Simply Super Software
[2010/01/04 12:11:00 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Trojan Remover
[2010/01/04 12:11:00 | 00,000,000 | ---D | C] -- C:\Users\Janny\AppData\Roaming\Simply Super Software
[2010/01/04 12:11:00 | 00,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2010/01/03 18:39:11 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2010/01/03 17:54:17 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2009/07/23 21:15:08 | 00,082,816 | ---- | C] (VSO Software) -- C:\Users\Janny\AppData\Roaming\pcouffin.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/01/17 17:23:23 | 00,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/01/17 17:23:22 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/01/17 17:23:18 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/01/17 17:23:00 | 21,405,45023 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/17 17:22:12 | 04,980,736 | -HS- | M] () -- C:\Users\Janny\ntuser.dat
[2010/01/17 17:22:10 | 02,726,507 | -H-- | M] () -- C:\Users\Janny\AppData\Local\IconCache.db
[2010/01/17 17:22:05 | 00,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2010/01/17 16:56:00 | 00,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2507639651-946257174-1517972956-1000UA.job
[2010/01/17 16:54:00 | 00,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/01/17 11:56:00 | 00,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2507639651-946257174-1517972956-1000Core.job
[2010/01/17 10:29:31 | 00,010,896 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/01/17 10:29:31 | 00,010,896 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/01/17 10:18:56 | 00,077,312 | ---- | M] () -- C:\Users\Janny\Desktop\mbr.exe
[2010/01/17 10:09:37 | 20,975,616 | ---- | M] () -- C:\Users\Janny\Desktop\cleared event log.evtx
[2010/01/16 22:55:39 | 00,001,176 | ---- | M] () -- C:\Users\Janny\AppData\Roaming\vso_ts_preview.xml
[2010/01/16 22:51:16 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Users\Janny\Desktop\OTL.exe
[2010/01/16 22:15:33 | 00,044,567 | ---- | M] (jpshortstuff) -- C:\Users\Janny\Desktop\Kenco.exe
[2010/01/16 22:07:24 | 00,100,908 | ---- | M] () -- C:\Users\Janny\Desktop\SystemLook.exe
[2010/01/16 21:43:33 | 00,001,127 | ---- | M] () -- C:\Users\Janny\Desktop\OpenVPN GUI.lnk
[2010/01/16 21:30:56 | 00,070,858 | ---- | M] (jpshortstuff) -- C:\Users\Janny\Desktop\GooredFix.exe
[2010/01/16 16:26:54 | 00,000,085 | -HS- | M] () -- C:\ProgramData\.zreglib
[2010/01/12 20:46:26 | 00,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010/01/12 16:28:26 | 00,046,872 | ---- | M] () -- C:\Users\Janny\Documents\rec_VcsCore_16-28-18.mp3
[2010/01/11 23:12:36 | 00,871,408 | ---- | M] (Duplex Secure Ltd.) -- C:\Windows\SysNative\drivers\sptd.sys
[2010/01/10 11:52:48 | 00,524,288 | -HS- | M] () -- C:\Users\Janny\ntuser.dat{b22e4b56-fe04-11de-bb62-0024e81fa7ba}.TMContainer00000000000000000002.regtrans-ms
[2010/01/10 11:52:48 | 00,524,288 | -HS- | M] () -- C:\Users\Janny\ntuser.dat{b22e4b56-fe04-11de-bb62-0024e81fa7ba}.TMContainer00000000000000000001.regtrans-ms
[2010/01/10 11:52:48 | 00,065,536 | -HS- | M] () -- C:\Users\Janny\ntuser.dat{b22e4b56-fe04-11de-bb62-0024e81fa7ba}.TM.blf
[2010/01/09 20:57:33 | 00,524,288 | -HS- | M] () -- C:\Users\Janny\ntuser.dat{2cbf3b37-fd37-11de-9ed5-0024e81fa7ba}.TMContainer00000000000000000002.regtrans-ms
[2010/01/09 20:57:33 | 00,524,288 | -HS- | M] () -- C:\Users\Janny\ntuser.dat{2cbf3b37-fd37-11de-9ed5-0024e81fa7ba}.TMContainer00000000000000000001.regtrans-ms
[2010/01/09 20:57:33 | 00,065,536 | -HS- | M] () -- C:\Users\Janny\ntuser.dat{2cbf3b37-fd37-11de-9ed5-0024e81fa7ba}.TM.blf
[2010/01/09 10:52:56 | 00,524,288 | -HS- | M] () -- C:\Users\Janny\ntuser.dat{42ee50c3-fcaf-11de-a9ce-0024e81fa7ba}.TMContainer00000000000000000002.regtrans-ms
[2010/01/09 10:52:56 | 00,524,288 | -HS- | M] () -- C:\Users\Janny\ntuser.dat{42ee50c3-fcaf-11de-a9ce-0024e81fa7ba}.TMContainer00000000000000000001.regtrans-ms
[2010/01/09 10:52:56 | 00,065,536 | -HS- | M] () -- C:\Users\Janny\ntuser.dat{42ee50c3-fcaf-11de-a9ce-0024e81fa7ba}.TM.blf
[2010/01/08 18:36:55 | 00,524,288 | -HS- | M] () -- C:\Users\Janny\ntuser.dat{686b9c14-fc99-11de-933a-0024e81fa7ba}.TMContainer00000000000000000002.regtrans-ms
[2010/01/08 18:36:55 | 00,524,288 | -HS- | M] () -- C:\Users\Janny\ntuser.dat{686b9c14-fc99-11de-933a-0024e81fa7ba}.TMContainer00000000000000000001.regtrans-ms
[2010/01/08 18:36:55 | 00,065,536 | -HS- | M] () -- C:\Users\Janny\ntuser.dat{686b9c14-fc99-11de-933a-0024e81fa7ba}.TM.blf
[2010/01/08 16:08:03 | 00,524,288 | -HS- | M] () -- C:\Users\Janny\ntuser.dat{4a3c9ed2-fc60-11de-adc6-0024e81fa7ba}.TMContainer00000000000000000002.regtrans-ms
[2010/01/08 16:08:03 | 00,524,288 | -HS- | M] () -- C:\Users\Janny\ntuser.dat{4a3c9ed2-fc60-11de-adc6-0024e81fa7ba}.TMContainer00000000000000000001.regtrans-ms
[2010/01/08 16:08:03 | 00,065,536 | -HS- | M] () -- C:\Users\Janny\ntuser.dat{4a3c9ed2-fc60-11de-adc6-0024e81fa7ba}.TM.blf
[2010/01/08 16:02:15 | 00,524,288 | -HS- | M] () -- C:\Users\Janny\ntuser.dat{8ae7e7ac-fc5f-11de-9f4e-0024e81fa7ba}.TMContainer00000000000000000002.regtrans-ms
[2010/01/08 16:02:15 | 00,524,288 | -HS- | M] () -- C:\Users\Janny\ntuser.dat{8ae7e7ac-fc5f-11de-9f4e-0024e81fa7ba}.TMContainer00000000000000000001.regtrans-ms
[2010/01/08 16:02:15 | 00,065,536 | -HS- | M] () -- C:\Users\Janny\ntuser.dat{8ae7e7ac-fc5f-11de-9f4e-0024e81fa7ba}.TM.blf
[2010/01/08 14:14:45 | 10,865,824 | ---- | M] () -- C:\Users\Janny\Documents\Note.pdf
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/17 10:18:56 | 00,077,312 | ---- | C] () -- C:\Users\Janny\Desktop\mbr.exe
[2010/01/17 10:09:36 | 20,975,616 | ---- | C] () -- C:\Users\Janny\Desktop\cleared event log.evtx
[2010/01/16 22:07:23 | 00,100,908 | ---- | C] () -- C:\Users\Janny\Desktop\SystemLook.exe
[2010/01/16 21:43:33 | 00,001,127 | ---- | C] () -- C:\Users\Janny\Desktop\OpenVPN GUI.lnk
[2010/01/12 16:28:23 | 00,046,872 | ---- | C] () -- C:\Users\Janny\Documents\rec_VcsCore_16-28-18.mp3
[2010/01/10 11:36:06 | 00,524,288 | -HS- | C] () -- C:\Users\Janny\ntuser.dat{b22e4b56-fe04-11de-bb62-0024e81fa7ba}.TMContainer00000000000000000002.regtrans-ms
[2010/01/10 11:36:06 | 00,524,288 | -HS- | C] () -- C:\Users\Janny\ntuser.dat{b22e4b56-fe04-11de-bb62-0024e81fa7ba}.TMContainer00000000000000000001.regtrans-ms
[2010/01/10 11:36:06 | 00,065,536 | -HS- | C] () -- C:\Users\Janny\ntuser.dat{b22e4b56-fe04-11de-bb62-0024e81fa7ba}.TM.blf
[2010/01/09 11:00:28 | 00,524,288 | -HS- | C] () -- C:\Users\Janny\ntuser.dat{2cbf3b37-fd37-11de-9ed5-0024e81fa7ba}.TMContainer00000000000000000002.regtrans-ms
[2010/01/09 11:00:28 | 00,524,288 | -HS- | C] () -- C:\Users\Janny\ntuser.dat{2cbf3b37-fd37-11de-9ed5-0024e81fa7ba}.TMContainer00000000000000000001.regtrans-ms
[2010/01/09 11:00:28 | 00,065,536 | -HS- | C] () -- C:\Users\Janny\ntuser.dat{2cbf3b37-fd37-11de-9ed5-0024e81fa7ba}.TM.blf
[2010/01/09 10:45:01 | 00,524,288 | -HS- | C] () -- C:\Users\Janny\ntuser.dat{42ee50c3-fcaf-11de-a9ce-0024e81fa7ba}.TMContainer00000000000000000002.regtrans-ms
[2010/01/09 10:45:01 | 00,524,288 | -HS- | C] () -- C:\Users\Janny\ntuser.dat{42ee50c3-fcaf-11de-a9ce-0024e81fa7ba}.TMContainer00000000000000000001.regtrans-ms
[2010/01/09 10:45:01 | 00,065,536 | -HS- | C] () -- C:\Users\Janny\ntuser.dat{42ee50c3-fcaf-11de-a9ce-0024e81fa7ba}.TM.blf
[2010/01/08 16:12:00 | 00,524,288 | -HS- | C] () -- C:\Users\Janny\ntuser.dat{686b9c14-fc99-11de-933a-0024e81fa7ba}.TMContainer00000000000000000002.regtrans-ms
[2010/01/08 16:12:00 | 00,524,288 | -HS- | C] () -- C:\Users\Janny\ntuser.dat{686b9c14-fc99-11de-933a-0024e81fa7ba}.TMContainer00000000000000000001.regtrans-ms
[2010/01/08 16:12:00 | 00,065,536 | -HS- | C] () -- C:\Users\Janny\ntuser.dat{686b9c14-fc99-11de-933a-0024e81fa7ba}.TM.blf
[2010/01/08 16:04:58 | 00,524,288 | -HS- | C] () -- C:\Users\Janny\ntuser.dat{4a3c9ed2-fc60-11de-adc6-0024e81fa7ba}.TMContainer00000000000000000002.regtrans-ms
[2010/01/08 16:04:58 | 00,524,288 | -HS- | C] () -- C:\Users\Janny\ntuser.dat{4a3c9ed2-fc60-11de-adc6-0024e81fa7ba}.TMContainer00000000000000000001.regtrans-ms
[2010/01/08 16:04:58 | 00,065,536 | -HS- | C] () -- C:\Users\Janny\ntuser.dat{4a3c9ed2-fc60-11de-adc6-0024e81fa7ba}.TM.blf
[2010/01/08 14:14:42 | 10,865,824 | ---- | C] () -- C:\Users\Janny\Documents\Note.pdf
[2010/01/08 09:16:09 | 00,524,288 | -HS- | C] () -- C:\Users\Janny\ntuser.dat{8ae7e7ac-fc5f-11de-9f4e-0024e81fa7ba}.TMContainer00000000000000000002.regtrans-ms
[2010/01/08 09:16:08 | 00,524,288 | -HS- | C] () -- C:\Users\Janny\ntuser.dat{8ae7e7ac-fc5f-11de-9f4e-0024e81fa7ba}.TMContainer00000000000000000001.regtrans-ms
[2010/01/08 09:16:08 | 00,065,536 | -HS- | C] () -- C:\Users\Janny\ntuser.dat{8ae7e7ac-fc5f-11de-9f4e-0024e81fa7ba}.TM.blf
[2009/12/18 16:59:58 | 00,004,608 | ---- | C] () -- C:\Users\Janny\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/09 12:47:23 | 00,196,624 | ---- | C] () -- C:\ProgramData\ITFW.log
[2009/11/22 19:21:03 | 00,036,962 | ---- | C] () -- C:\Windows\SysWow64\ActPanel.dll
[2009/11/16 19:37:59 | 00,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009/11/15 17:20:51 | 00,034,308 | ---- | C] () -- C:\Windows\SysWow64\Chip.dll
[2009/10/31 20:06:36 | 00,009,728 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll
[2009/10/29 22:50:33 | 00,001,762 | ---- | C] () -- C:\Users\Janny\AppData\Local\Win7_tmp1.htm
[2009/10/20 13:19:30 | 00,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2009/10/07 10:25:49 | 00,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2009/10/07 10:25:20 | 00,006,211 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2009/08/24 18:56:40 | 00,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2009/08/21 14:32:26 | 00,182,272 | ---- | C] () -- C:\Windows\patchw32.dll
[2009/08/04 12:17:48 | 00,000,216 | ---- | C] () -- C:\Windows\Ulead32.ini
[2009/07/29 09:41:19 | 00,002,528 | ---- | C] () -- C:\Windows\FCIC.INI
[2009/07/28 14:58:38 | 00,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009/07/26 21:41:05 | 00,000,026 | ---- | C] () -- C:\Windows\dvdSanta.INI
[2009/07/26 21:35:48 | 00,921,600 | ---- | C] () -- C:\Windows\SysWow64\vorbisenc.dll
[2009/07/26 21:35:48 | 00,188,416 | ---- | C] () -- C:\Windows\SysWow64\vorbis.dll
[2009/07/26 21:35:48 | 00,045,056 | ---- | C] () -- C:\Windows\SysWow64\ogg.dll
[2009/07/26 21:35:47 | 01,216,512 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009/07/26 21:35:47 | 00,237,568 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009/07/26 21:35:47 | 00,237,568 | ---- | C] () -- C:\Windows\SysWow64\OggDS.dll
[2009/07/23 21:15:50 | 00,001,176 | ---- | C] () -- C:\Users\Janny\AppData\Roaming\vso_ts_preview.xml
[2009/07/23 21:15:34 | 00,000,034 | ---- | C] () -- C:\Users\Janny\AppData\Roaming\pcouffin.log
[2009/07/23 21:15:08 | 00,099,384 | ---- | C] () -- C:\Users\Janny\AppData\Roaming\inst.exe
[2009/07/23 21:15:08 | 00,007,859 | ---- | C] () -- C:\Users\Janny\AppData\Roaming\pcouffin.cat
[2009/07/23 21:15:08 | 00,001,167 | ---- | C] () -- C:\Users\Janny\AppData\Roaming\pcouffin.inf
[2009/07/23 17:58:45 | 00,000,053 | ---- | C] () -- C:\Windows\SysWow64\UNWISE.INI
[2009/07/23 17:57:34 | 00,065,536 | ---- | C] () -- C:\Windows\SysWow64\dmcrypto.dll
[2009/07/23 17:57:08 | 00,000,135 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/07/23 17:57:07 | 00,217,149 | ---- | C] () -- C:\Windows\SysWow64\hcwChDB.dll
[2009/07/23 17:56:37 | 00,003,811 | ---- | C] () -- C:\Windows\HCWPNP.INI
[2009/07/15 21:10:46 | 00,146,432 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2009/07/15 21:10:46 | 00,072,704 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2009/07/13 18:42:10 | 00,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 00,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2005/02/28 14:33:00 | 00,343,040 | R--- | C] () -- C:\Windows\SysWow64\lffpx7.dll
[2005/02/28 14:33:00 | 00,116,736 | R--- | C] () -- C:\Windows\SysWow64\lfkodak.dll
[2005/02/28 14:08:30 | 00,006,688 | ---- | C] () -- C:\Windows\SysWow64\Digita.sys

========== LOP Check ==========

[2009/08/13 12:46:44 | 00,000,000 | ---D | M] -- C:\Users\Janny\AppData\Roaming\BNeReader
[2009/10/29 22:19:51 | 00,000,000 | ---D | M] -- C:\Users\Janny\AppData\Roaming\Canon
[2009/12/31 17:04:34 | 00,000,000 | ---D | M] -- C:\Users\Janny\AppData\Roaming\ContentGuard
[2009/11/29 15:39:06 | 00,000,000 | ---D | M] -- C:\Users\Janny\AppData\Roaming\DonationCoder
[2009/10/29 22:19:56 | 00,000,000 | ---D | M] -- C:\Users\Janny\AppData\Roaming\FirstClass
[2009/10/29 22:19:56 | 00,000,000 | ---D | M] -- C:\Users\Janny\AppData\Roaming\Foxit
[2009/10/29 22:19:56 | 00,000,000 | ---D | M] -- C:\Users\Janny\AppData\Roaming\funkitron
[2009/11/26 19:25:20 | 00,000,000 | ---D | M] -- C:\Users\Janny\AppData\Roaming\GrabPro
[2009/10/29 22:19:56 | 00,000,000 | ---D | M] -- C:\Users\Janny\AppData\Roaming\HTNetMeter
[2009/10/29 22:19:56 | 00,000,000 | ---D | M] -- C:\Users\Janny\AppData\Roaming\Imagomat
[2009/10/29 22:19:57 | 00,000,000 | ---D | M] -- C:\Users\Janny\AppData\Roaming\iWin
[2009/10/29 22:19:57 | 00,000,000 | ---D | M] -- C:\Users\Janny\AppData\Roaming\JAlbum
[2009/10/29 22:19:58 | 00,000,000 | ---D | M] -- C:\Users\Janny\AppData\Roaming\Leadertech
[2010/01/12 19:37:23 | 00,000,000 | ---D | M] -- C:\Users\Janny\AppData\Roaming\LimeWire
[2009/10/29 22:20:02 | 00,000,000 | ---D | M] -- C:\Users\Janny\AppData\Roaming\MAGIX
[2010/01/12 16:05:51 | 00,000,000 | ---D | M] -- C:\Users\Janny\AppData\Roaming\Marine Aquarium 3
[2009/11/27 11:13:26 | 00,000,000 | ---D | M] -- C:\Users\Janny\AppData\Roaming\Orbit
[2010/01/04 12:11:00 | 00,000,000 | ---D | M] -- C:\Users\Janny\AppData\Roaming\Simply Super Software
[2009/10/29 22:20:05 | 00,000,000 | ---D | M] -- C:\Users\Janny\AppData\Roaming\Songbird2
[2009/10/29 22:20:07 | 00,000,000 | ---D | M] -- C:\Users\Janny\AppData\Roaming\SystemRequirementsLab
[2009/10/29 22:20:07 | 00,000,000 | ---D | M] -- C:\Users\Janny\AppData\Roaming\The Professional Developer
[2009/10/29 22:20:07 | 00,000,000 | ---D | M] -- C:\Users\Janny\AppData\Roaming\Thunderbird
[2009/11/12 13:23:58 | 00,000,000 | ---D | M] -- C:\Users\Janny\AppData\Roaming\TweakNow PowerPack 2009
[2010/01/17 12:18:10 | 00,000,000 | ---D | M] -- C:\Users\Janny\AppData\Roaming\uTorrent
[2010/01/16 22:55:39 | 00,000,000 | ---D | M] -- C:\Users\Janny\AppData\Roaming\Vso
[2009/10/29 22:20:11 | 00,000,000 | ---D | M] -- C:\Users\Janny\AppData\Roaming\Zen of Sudoku
[2009/07/14 00:08:49 | 00,020,326 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU(29).TXT
[2009/07/14 00:08:49 | 00,023,610 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU(41).TXT
[2009/07/14 00:08:49 | 00,027,424 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 194 bytes -> C:\ProgramData\TEMP:C265C458
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:C8B8CEBD
< End of report >

 

WOW! I just tested it with about 20 different links and it seems to be fixed. Did not get redirected at all. THANK YOU!!! I really am grateful for your wisdom and prompt replies.

 

Looks like I have some problems still.....

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Sunday, January 17, 2010
Operating system: Microsoft (build 7600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Sunday, January 17, 2010 23:31:55
Records in database: 3325994
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\

Scan statistics:
Objects scanned: 254219
Threats found: 2
Infected objects found: 1
Suspicious objects found: 6
Scan duration: 02:26:51


File name / Threat / Threats count
C:\Users\Janny\Incomplete\T-4398564-postcards gord bamford.wma Infected: Trojan-Downloader.WMA.Wimad.y 1
C:\Windows\System32\fontext.dll Suspicious: Trojan.Win32.Patched.hs 1
C:\Windows\System32\msports.dll Suspicious: Trojan.Win32.Patched.hs 1
C:\Windows\SysWOW64\fontext.dll Suspicious: Trojan.Win32.Patched.hs 1
C:\Windows\SysWOW64\msports.dll Suspicious: Trojan.Win32.Patched.hs 1
C:\Windows\winsxs\wow64_microsoft-windows-fontext_31bf3856ad364e35_6.1.7600.16385_none_04cf347c41af13c0\fontext.dll Suspicious: Trojan.Win32.Patched.hs 1
C:\Windows\winsxs\x86_microsoft-windows-msports_31bf3856ad364e35_6.1.7600.16385_none_8cf3709c50984f07\msports.dll Suspicious: Trojan.Win32.Patched.hs 1

Selected area has been scanned.

 

Hey, your patience is amazing....you must get frustrated with us malware newbies!!! Thanks again for working on this for me.

 

You're right...I'm fascinated with it all but just cannot devote the time.

 

OTL logfile created on: 19/01/2010 7:37:42 AM - Run 5
OTL by OldTimer - Version 3.1.25.2 Folder = C:\Users\Janny\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

8.00 Gb Total Physical Memory | 7.00 Gb Available Physical Memory | 84.00% Memory free
16.00 Gb Paging File | 14.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 916.44 Gb Total Space | 527.05 Gb Free Space | 57.51% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 8.37 Gb Free Space | 55.83% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DESKTOP
Current User Name: Janny
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/01/16 22:51:16 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Users\Janny\Desktop\OTL.exe
PRC - [2009/11/12 16:33:10 | 00,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe
PRC - [2009/10/11 04:17:36 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\jusched.exe
PRC - [2009/10/03 04:08:38 | 00,035,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
PRC - [2009/07/21 13:34:33 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/07/09 11:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/06/25 13:44:10 | 02,707,526 | ---- | M] (Zinio, LLC) -- C:\Program Files (x86)\Zinio\ZinioReader.exe
PRC - [2009/06/24 19:19:50 | 00,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/06/09 09:11:14 | 00,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2009/05/21 07:59:14 | 01,025,264 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\gs_agent\dsc.exe
PRC - [2009/05/21 07:59:08 | 00,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/05/13 15:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2009/03/02 12:08:47 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009/02/27 15:54:01 | 00,038,768 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
PRC - [2009/02/27 11:14:26 | 00,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe


========== Modules (SafeList) ==========

MOD - [2010/01/16 22:51:16 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Users\Janny\Desktop\OTL.exe
MOD - [2009/07/13 20:15:07 | 00,486,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
MOD - [2009/07/13 20:03:50 | 01,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/11/12 16:33:14 | 00,660,256 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV:64bit: - [2009/07/23 10:43:07 | 01,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2009/07/20 11:36:14 | 00,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2009/07/14 22:14:38 | 00,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 20:41:59 | 00,229,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wwansvc.dll -- (WwanSvc)
SRV:64bit: - [2009/07/13 20:41:56 | 00,202,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbiosrvc.dll -- (WbioSrvc)
SRV:64bit: - [2009/07/13 20:41:56 | 00,163,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpo.dll -- (Power)
SRV:64bit: - [2009/07/13 20:41:55 | 00,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2009/07/13 20:41:54 | 00,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sppuinotify.dll -- (sppuinotify)
SRV:64bit: - [2009/07/13 20:41:54 | 00,029,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sensrsvc.dll -- (SensrSvc)
SRV:64bit: - [2009/07/13 20:41:53 | 00,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\pnrpsvc.dll -- (PNRPsvc)
SRV:64bit: - [2009/07/13 20:41:53 | 00,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\pnrpsvc.dll -- (p2pimsvc)
SRV:64bit: - [2009/07/13 20:41:53 | 00,187,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\provsvc.dll -- (HomeGroupProvider)
SRV:64bit: - [2009/07/13 20:41:53 | 00,067,072 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\SysNative\RpcEpMap.dll -- (RpcEptMapper)
SRV:64bit: - [2009/07/13 20:41:53 | 00,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpauto.dll -- (PNRPAutoReg)
SRV:64bit: - [2009/07/13 20:41:27 | 01,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:41:18 | 00,231,936 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ListSvc.dll -- (HomeGroupListener)
SRV:64bit: - [2009/07/13 20:40:54 | 01,127,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FntCache.dll -- (FontCache)
SRV:64bit: - [2009/07/13 20:40:28 | 00,314,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2009/07/13 20:40:28 | 00,291,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\defragsvc.dll -- (defragsvc)
SRV:64bit: - [2009/07/13 20:40:13 | 00,083,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\bthserv.dll -- (bthserv)
SRV:64bit: - [2009/07/13 20:40:10 | 00,100,864 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\bdesvc.dll -- (BDESVC)
SRV:64bit: - [2009/07/13 20:40:05 | 00,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AxInstSv.dll -- (AxInstSV)
SRV:64bit: - [2009/07/13 20:40:01 | 00,032,256 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appidsvc.dll -- (AppIDSvc)
SRV:64bit: - [2009/07/13 20:39:51 | 01,503,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbengine.exe -- (wbengine)
SRV:64bit: - [2009/07/13 20:39:28 | 03,524,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\sppsvc.exe -- (sppsvc)
SRV:64bit: - [2009/07/13 20:39:11 | 00,689,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FXSSVC.exe -- (Fax)
SRV:64bit: - [2009/06/09 09:11:14 | 00,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2009/11/20 08:26:26 | 00,036,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2009/10/31 10:51:32 | 00,135,664 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate)
SRV - [2009/10/20 13:19:48 | 00,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2009/07/23 10:41:47 | 00,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/07/21 13:34:33 | 00,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/07/16 01:34:29 | 00,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2009/07/13 22:20:14 | 00,000,000 | ---D | M] [On_Demand | Stopped] -- C:\Windows\Vss -- (VSS)
SRV - [2009/07/13 22:20:14 | 00,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2009/07/13 20:16:12 | 00,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 20:15:11 | 00,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 15:30:11 | 00,061,056 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2009/07/09 11:22:18 | 00,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/06/10 15:39:58 | 00,089,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2009/05/21 07:59:08 | 00,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2009/05/13 15:48:22 | 00,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/06/18 18:23:14 | 00,074,384 | ---- | M] (MicroVision Development, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe -- (SureThing Labelflash service)
SRV - [2007/06/27 18:04:00 | 00,279,848 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/23
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:8080

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.netvibes.com/#General "
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.1
FF - prefs.js..extensions.enabledItems: artur.dubovoy@gmail.com:1.9.96
FF - prefs.js..extensions.enabledItems: {FBF6D7FB-F305-4445-BB3D-FEF66579A033}:4.3
FF - prefs.js..extensions.enabledItems: {d84a846d-f7cb-4187-a408-b171020e8940}:1.1.1
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.1
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.7
FF - prefs.js..extensions.enabledItems: {2f17f610-5e97-4fed-828f-9940b7b577a4}:1.4.3
FF - prefs.js..extensions.enabledItems: stratareloaded@addons.mozilla.org:2.2.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/01/16 22:49:12 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/01/18 18:40:56 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2009/12/05 11:43:16 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2009/12/05 11:43:16 | 00,000,000 | ---D | M]

[2010/01/03 15:24:06 | 00,000,000 | ---D | M] -- C:\Users\Janny\AppData\Roaming\Mozilla\Extensions
[2009/08/16 07:48:12 | 00,000,000 | ---D | M] -- C:\Users\Janny\AppData\Roaming\Mozilla\Extensions\songbird@songbirdnest.com
[2010/01/18 19:01:14 | 00,000,000 | ---D | M] -- C:\Users\Janny\AppData\Roaming\Mozilla\Firefox\Profiles\mmgf31xe.default\extensions
[2010/01/10 11:59:09 | 00,000,000 | ---D | M] (No name found) -- C:\Users\Janny\AppData\Roaming\Mozilla\Firefox\Profiles\mmgf31xe.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2010/01/18 18:38:03 | 00,000,000 | ---D | M] (TV-Fox) -- C:\Users\Janny\AppData\Roaming\Mozilla\Firefox\Profiles\mmgf31xe.default\extensions\{2f17f610-5e97-4fed-828f-9940b7b577a4}
[2010/01/10 11:59:09 | 00,000,000 | ---D | M] (Stylish) -- C:\Users\Janny\AppData\Roaming\Mozilla\Firefox\Profiles\mmgf31xe.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
[2010/01/18 17:47:35 | 00,000,000 | ---D | M] (Navigational Sounds) -- C:\Users\Janny\AppData\Roaming\Mozilla\Firefox\Profiles\mmgf31xe.default\extensions\{d84a846d-f7cb-4187-a408-b171020e8940}
[2010/01/18 17:47:35 | 00,000,000 | ---D | M] (No name found) -- C:\Users\Janny\AppData\Roaming\Mozilla\Firefox\Profiles\mmgf31xe.default\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}
[2010/01/10 11:59:09 | 00,000,000 | ---D | M] -- C:\Users\Janny\AppData\Roaming\Mozilla\Firefox\Profiles\mmgf31xe.default\extensions\artur.dubovoy@gmail.com
[2010/01/15 17:15:08 | 00,000,000 | ---D | M] -- C:\Users\Janny\AppData\Roaming\Mozilla\Firefox\Profiles\mmgf31xe.default\extensions\personas@christopher.beard
[2010/01/10 11:59:09 | 00,000,000 | ---D | M] -- C:\Users\Janny\AppData\Roaming\Mozilla\Firefox\Profiles\mmgf31xe.default\extensions\stratareloaded@addons.mozilla.org
[2010/01/03 16:10:07 | 00,000,000 | ---D | M] -- C:\Users\Janny\AppData\Roaming\Mozilla\Firefox\Profiles\mmgf31xe.default\extensions\stratareloaded@addons.mozilla.org\chrome\3.0x\mozapps\extensions
[2010/01/03 16:10:04 | 00,000,000 | ---D | M] -- C:\Users\Janny\AppData\Roaming\Mozilla\Firefox\Profiles\mmgf31xe.default\extensions\stratareloaded@addons.mozilla.org\chrome\3.5x\mozapps\extensions
[2010/01/03 16:10:05 | 00,000,000 | ---D | M] -- C:\Users\Janny\AppData\Roaming\Mozilla\Firefox\Profiles\mmgf31xe.default\extensions\stratareloaded@addons.mozilla.org\chrome\3.6x\mozapps\extensions
[2010/01/03 16:10:05 | 00,000,000 | ---D | M] -- C:\Users\Janny\AppData\Roaming\Mozilla\Firefox\Profiles\mmgf31xe.default\extensions\stratareloaded@addons.mozilla.org\chrome\3.7x\mozapps\extensions
[2010/01/18 19:00:47 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2006/09/28 04:45:46 | 00,053,355 | ---- | M] (Oracle Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugins\NPJinit13128.dll

O1 HOSTS File: ([2010/01/19 07:34:59 | 00,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\hssie\HssIE_64.dll File not found
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [EPSON Stylus Photo R2400] C:\Windows\SysNative\spool\DRIVERS\x64\3\E_FATI9SA.EXE (SEIKO EPSON CORPORATION)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe File not found
O4 - HKCU..\Run: [Google Update] C:\Users\Janny\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [Zinio DLM] C:\Program Files (x86)\Zinio\ZinioReader.exe (Zinio, LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files (x86)\Bonjour\ExplorerPlugin.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFECAFE-0013-0001-0028-ABCDEFABCDEF} http://esis.tldsb.on.ca/forms/jinitiator/jinit.exe (JInitiator 1.3.1.28)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.226.1.93 24.226.10.193 24.226.10.194
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - Reg Error: Key error. - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O24 - Desktop WallPaper: C:\Users\Janny\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Janny\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - comfile [open] -- "%1" %* File not found
64bit: O35 - exefile [open] -- "%1" %* File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2010/01/18 17:07:57 | 00,000,000 | ---D | C] -- C:\Users\Janny\AppData\Local\{64A3A4F2-B792-11D6-A78A-00B0D0160040}
[2010/01/18 17:00:26 | 00,000,000 | ---D | C] -- C:\Users\Janny\AppData\Local\{6448F0A6-6813-11D6-A77B-00B0D0160040}
[2010/01/18 16:59:17 | 00,000,000 | ---D | C] -- C:\Users\Janny\.SunDownloadManager
[2010/01/17 17:58:50 | 00,439,808 | ---- | C] (OldTimer Tools) -- C:\Users\Janny\Desktop\TFC.exe
[2010/01/17 17:21:41 | 00,000,000 | ---D | C] -- C:\_OTL
[2010/01/16 22:51:15 | 00,547,328 | ---- | C] (OldTimer Tools) -- C:\Users\Janny\Desktop\OTL.exe
[2010/01/16 22:15:32 | 00,044,567 | ---- | C] (jpshortstuff) -- C:\Users\Janny\Desktop\Kenco.exe
[2010/01/16 21:43:30 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\OpenVPN
[2010/01/16 21:30:56 | 00,070,858 | ---- | C] (jpshortstuff) -- C:\Users\Janny\Desktop\GooredFix.exe
[2010/01/16 19:28:50 | 00,031,232 | ---- | C] (The OpenVPN Project) -- C:\Windows\SysNative\drivers\tap0901.sys
[2010/01/12 18:41:46 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\LimeWire
[2010/01/12 16:26:14 | 00,000,000 | ---D | C] -- C:\AV_LOGS
[2010/01/12 16:24:39 | 00,021,504 | ---- | C] (Avnex) -- C:\Windows\SysNative\drivers\vcsvad.sys
[2010/01/12 16:03:21 | 00,000,000 | ---D | C] -- C:\Users\Janny\AppData\Roaming\Marine Aquarium 3
[2010/01/12 16:03:19 | 06,545,408 | ---- | C] (SereneScreen) -- C:\Windows\SysNative\MarineAquarium3.scr
[2010/01/12 16:03:19 | 00,000,000 | ---D | C] -- C:\Program Files\SereneScreen
[2010/01/12 12:26:37 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Formosoft
[2010/01/07 10:08:04 | 00,000,000 | ---D | C] -- C:\Users\Janny\Desktop\Microsoft Windows 7 Ultimate Retail(Final) x86 (32 bit) and x64 (64 bit)
[2010/01/07 10:00:59 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/01/05 22:24:19 | 00,000,000 | ---D | C] -- C:\Users\Janny\Documents\Logic Grids
[2010/01/05 20:18:14 | 00,000,000 | R--D | C] -- C:\Users\Janny\Desktop\Bug's Pictures
[2010/01/05 20:17:52 | 00,000,000 | R--D | C] -- C:\Users\Janny\Desktop\Bug's Music
[2009/07/23 21:15:08 | 00,082,816 | ---- | C] (VSO Software) -- C:\Users\Janny\AppData\Roaming\pcouffin.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/01/19 07:36:24 | 00,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/01/19 07:36:21 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/01/19 07:36:15 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/01/19 07:35:59 | 21,405,45023 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/19 07:35:10 | 04,980,736 | -HS- | M] () -- C:\Users\Janny\ntuser.dat
[2010/01/19 07:35:04 | 02,729,775 | -H-- | M] () -- C:\Users\Janny\AppData\Local\IconCache.db
[2010/01/19 07:34:59 | 00,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2010/01/19 06:56:00 | 00,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2507639651-946257174-1517972956-1000UA.job
[2010/01/19 06:54:00 | 00,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/01/18 23:13:09 | 00,010,896 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/01/18 23:13:09 | 00,010,896 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/01/18 20:11:02 | 36,700,7226 | ---- | M] () -- C:\Users\Janny\Desktop\Brothers.and.Sisters.S04E13.Run.Baby.Run.HDTV.XviD-FQM.avi
[2010/01/18 18:49:29 | 00,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010/01/18 12:08:22 | 00,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2507639651-946257174-1517972956-1000Core.job
[2010/01/17 17:58:52 | 00,439,808 | ---- | M] (OldTimer Tools) -- C:\Users\Janny\Desktop\TFC.exe
[2010/01/17 10:18:56 | 00,077,312 | ---- | M] () -- C:\Users\Janny\Desktop\mbr.exe
[2010/01/16 22:55:39 | 00,001,176 | ---- | M] () -- C:\Users\Janny\AppData\Roaming\vso_ts_preview.xml
[2010/01/16 22:51:16 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Users\Janny\Desktop\OTL.exe
[2010/01/16 22:15:33 | 00,044,567 | ---- | M] (jpshortstuff) -- C:\Users\Janny\Desktop\Kenco.exe
[2010/01/16 22:07:24 | 00,100,908 | ---- | M] () -- C:\Users\Janny\Desktop\SystemLook.exe
[2010/01/16 21:43:33 | 00,001,127 | ---- | M] () -- C:\Users\Janny\Desktop\OpenVPN GUI.lnk
[2010/01/16 21:30:56 | 00,070,858 | ---- | M] (jpshortstuff) -- C:\Users\Janny\Desktop\GooredFix.exe
[2010/01/16 16:26:54 | 00,000,085 | -HS- | M] () -- C:\ProgramData\.zreglib
[2010/01/12 16:28:26 | 00,046,872 | ---- | M] () -- C:\Users\Janny\Documents\rec_VcsCore_16-28-18.mp3
[2010/01/11 23:12:36 | 00,871,408 | ---- | M] (Duplex Secure Ltd.) -- C:\Windows\SysNative\drivers\sptd.sys
[2010/01/10 11:52:48 | 00,524,288 | -HS- | M] () -- C:\Users\Janny\ntuser.dat{b22e4b56-fe04-11de-bb62-0024e81fa7ba}.TMContainer00000000000000000002.regtrans-ms
[2010/01/10 11:52:48 | 00,524,288 | -HS- | M] () -- C:\Users\Janny\ntuser.dat{b22e4b56-fe04-11de-bb62-0024e81fa7ba}.TMContainer00000000000000000001.regtrans-ms
[2010/01/10 11:52:48 | 00,065,536 | -HS- | M] () -- C:\Users\Janny\ntuser.dat{b22e4b56-fe04-11de-bb62-0024e81fa7ba}.TM.blf
[2010/01/09 20:57:33 | 00,524,288 | -HS- | M] () -- C:\Users\Janny\ntuser.dat{2cbf3b37-fd37-11de-9ed5-0024e81fa7ba}.TMContainer00000000000000000002.regtrans-ms
[2010/01/09 20:57:33 | 00,524,288 | -HS- | M] () -- C:\Users\Janny\ntuser.dat{2cbf3b37-fd37-11de-9ed5-0024e81fa7ba}.TMContainer00000000000000000001.regtrans-ms
[2010/01/09 20:57:33 | 00,065,536 | -HS- | M] () -- C:\Users\Janny\ntuser.dat{2cbf3b37-fd37-11de-9ed5-0024e81fa7ba}.TM.blf
[2010/01/09 10:52:56 | 00,524,288 | -HS- | M] () -- C:\Users\Janny\ntuser.dat{42ee50c3-fcaf-11de-a9ce-0024e81fa7ba}.TMContainer00000000000000000002.regtrans-ms
[2010/01/09 10:52:56 | 00,524,288 | -HS- | M] () -- C:\Users\Janny\ntuser.dat{42ee50c3-fcaf-11de-a9ce-0024e81fa7ba}.TMContainer00000000000000000001.regtrans-ms
[2010/01/09 10:52:56 | 00,065,536 | -HS- | M] () -- C:\Users\Janny\ntuser.dat{42ee50c3-fcaf-11de-a9ce-0024e81fa7ba}.TM.blf
[2010/01/08 18:36:55 | 00,524,288 | -HS- | M] () -- C:\Users\Janny\ntuser.dat{686b9c14-fc99-11de-933a-0024e81fa7ba}.TMContainer00000000000000000002.regtrans-ms
[2010/01/08 18:36:55 | 00,524,288 | -HS- | M] () -- C:\Users\Janny\ntuser.dat{686b9c14-fc99-11de-933a-0024e81fa7ba}.TMContainer00000000000000000001.regtrans-ms
[2010/01/08 18:36:55 | 00,065,536 | -HS- | M] () -- C:\Users\Janny\ntuser.dat{686b9c14-fc99-11de-933a-0024e81fa7ba}.TM.blf
[2010/01/08 16:08:03 | 00,524,288 | -HS- | M] () -- C:\Users\Janny\ntuser.dat{4a3c9ed2-fc60-11de-adc6-0024e81fa7ba}.TMContainer00000000000000000002.regtrans-ms
[2010/01/08 16:08:03 | 00,524,288 | -HS- | M] () -- C:\Users\Janny\ntuser.dat{4a3c9ed2-fc60-11de-adc6-0024e81fa7ba}.TMContainer00000000000000000001.regtrans-ms
[2010/01/08 16:08:03 | 00,065,536 | -HS- | M] () -- C:\Users\Janny\ntuser.dat{4a3c9ed2-fc60-11de-adc6-0024e81fa7ba}.TM.blf
[2010/01/08 16:02:15 | 00,524,288 | -HS- | M] () -- C:\Users\Janny\ntuser.dat{8ae7e7ac-fc5f-11de-9f4e-0024e81fa7ba}.TMContainer00000000000000000002.regtrans-ms
[2010/01/08 16:02:15 | 00,524,288 | -HS- | M] () -- C:\Users\Janny\ntuser.dat{8ae7e7ac-fc5f-11de-9f4e-0024e81fa7ba}.TMContainer00000000000000000001.regtrans-ms
[2010/01/08 16:02:15 | 00,065,536 | -HS- | M] () -- C:\Users\Janny\ntuser.dat{8ae7e7ac-fc5f-11de-9f4e-0024e81fa7ba}.TM.blf
[2010/01/08 14:14:45 | 10,865,824 | ---- | M] () -- C:\Users\Janny\Documents\Note.pdf
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/18 17:33:05 | 36,700,7226 | ---- | C] () -- C:\Users\Janny\Desktop\Brothers.and.Sisters.S04E13.Run.Baby.Run.HDTV.XviD-FQM.avi
[2010/01/17 10:18:56 | 00,077,312 | ---- | C] () -- C:\Users\Janny\Desktop\mbr.exe
[2010/01/16 22:07:23 | 00,100,908 | ---- | C] () -- C:\Users\Janny\Desktop\SystemLook.exe
[2010/01/16 21:43:33 | 00,001,127 | ---- | C] () -- C:\Users\Janny\Desktop\OpenVPN GUI.lnk
[2010/01/12 16:28:23 | 00,046,872 | ---- | C] () -- C:\Users\Janny\Documents\rec_VcsCore_16-28-18.mp3
[2010/01/10 11:36:06 | 00,524,288 | -HS- | C] () -- C:\Users\Janny\ntuser.dat{b22e4b56-fe04-11de-bb62-0024e81fa7ba}.TMContainer00000000000000000002.regtrans-ms
[2010/01/10 11:36:06 | 00,524,288 | -HS- | C] () -- C:\Users\Janny\ntuser.dat{b22e4b56-fe04-11de-bb62-0024e81fa7ba}.TMContainer00000000000000000001.regtrans-ms
[2010/01/10 11:36:06 | 00,065,536 | -HS- | C] () -- C:\Users\Janny\ntuser.dat{b22e4b56-fe04-11de-bb62-0024e81fa7ba}.TM.blf
[2010/01/09 11:00:28 | 00,524,288 | -HS- | C] () -- C:\Users\Janny\ntuser.dat{2cbf3b37-fd37-11de-9ed5-0024e81fa7ba}.TMContainer00000000000000000002.regtrans-ms
[2010/01/09 11:00:28 | 00,524,288 | -HS- | C] () -- C:\Users\Janny\ntuser.dat{2cbf3b37-fd37-11de-9ed5-0024e81fa7ba}.TMContainer00000000000000000001.regtrans-ms
[2010/01/09 11:00:28 | 00,065,536 | -HS- | C] () -- C:\Users\Janny\ntuser.dat{2cbf3b37-fd37-11de-9ed5-0024e81fa7ba}.TM.blf
[2010/01/09 10:45:01 | 00,524,288 | -HS- | C] () -- C:\Users\Janny\ntuser.dat{42ee50c3-fcaf-11de-a9ce-0024e81fa7ba}.TMContainer00000000000000000002.regtrans-ms
[2010/01/09 10:45:01 | 00,524,288 | -HS- | C] () -- C:\Users\Janny\ntuser.dat{42ee50c3-fcaf-11de-a9ce-0024e81fa7ba}.TMContainer00000000000000000001.regtrans-ms
[2010/01/09 10:45:01 | 00,065,536 | -HS- | C] () -- C:\Users\Janny\ntuser.dat{42ee50c3-fcaf-11de-a9ce-0024e81fa7ba}.TM.blf
[2010/01/08 16:12:00 | 00,524,288 | -HS- | C] () -- C:\Users\Janny\ntuser.dat{686b9c14-fc99-11de-933a-0024e81fa7ba}.TMContainer00000000000000000002.regtrans-ms
[2010/01/08 16:12:00 | 00,524,288 | -HS- | C] () -- C:\Users\Janny\ntuser.dat{686b9c14-fc99-11de-933a-0024e81fa7ba}.TMContainer00000000000000000001.regtrans-ms
[2010/01/08 16:12:00 | 00,065,536 | -HS- | C] () -- C:\Users\Janny\ntuser.dat{686b9c14-fc99-11de-933a-0024e81fa7ba}.TM.blf
[2010/01/08 16:04:58 | 00,524,288 | -HS- | C] () -- C:\Users\Janny\ntuser.dat{4a3c9ed2-fc60-11de-adc6-0024e81fa7ba}.TMContainer00000000000000000002.regtrans-ms
[2010/01/08 16:04:58 | 00,524,288 | -HS- | C] () -- C:\Users\Janny\ntuser.dat{4a3c9ed2-fc60-11de-adc6-0024e81fa7ba}.TMContainer00000000000000000001.regtrans-ms
[2010/01/08 16:04:58 | 00,065,536 | -HS- | C] () -- C:\Users\Janny\ntuser.dat{4a3c9ed2-fc60-11de-adc6-0024e81fa7ba}.TM.blf
[2010/01/08 14:14:42 | 10,865,824 | ---- | C] () -- C:\Users\Janny\Documents\Note.pdf
[2010/01/08 09:16:09 | 00,524,288 | -HS- | C] () -- C:\Users\Janny\ntuser.dat{8ae7e7ac-fc5f-11de-9f4e-0024e81fa7ba}.TMContainer00000000000000000002.regtrans-ms
[2010/01/08 09:16:08 | 00,524,288 | -HS- | C] () -- C:\Users\Janny\ntuser.dat{8ae7e7ac-fc5f-11de-9f4e-0024e81fa7ba}.TMContainer00000000000000000001.regtrans-ms
[2010/01/08 09:16:08 | 00,065,536 | -HS- | C] () -- C:\Users\Janny\ntuser.dat{8ae7e7ac-fc5f-11de-9f4e-0024e81fa7ba}.TM.blf
[2009/12/18 16:59:58 | 00,004,608 | ---- | C] () -- C:\Users\Janny\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/09 12:47:23 | 00,196,624 | ---- | C] () -- C:\ProgramData\ITFW.log
[2009/11/22 19:21:03 | 00,036,962 | ---- | C] () -- C:\Windows\SysWow64\ActPanel.dll
[2009/11/16 19:37:59 | 00,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009/11/15 17:20:51 | 00,034,308 | ---- | C] () -- C:\Windows\SysWow64\Chip.dll
[2009/10/31 20:06:36 | 00,009,728 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll
[2009/10/29 22:50:33 | 00,001,762 | ---- | C] () -- C:\Users\Janny\AppData\Local\Win7_tmp1.htm
[2009/10/20 13:19:30 | 00,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2009/10/07 10:25:49 | 00,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2009/10/07 10:25:20 | 00,006,211 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2009/08/24 18:56:40 | 00,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2009/08/21 14:32:26 | 00,182,272 | ---- | C] () -- C:\Windows\patchw32.dll
[2009/08/04 12:17:48 | 00,000,216 | ---- | C] () -- C:\Windows\Ulead32.ini
[2009/07/29 09:41:19 | 00,002,528 | ---- | C] () -- C:\Windows\FCIC.INI
[2009/07/28 14:58:38 | 00,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009/07/26 21:41:05 | 00,000,026 | ---- | C] () -- C:\Windows\dvdSanta.INI
[2009/07/26 21:35:48 | 00,921,600 | ---- | C] () -- C:\Windows\SysWow64\vorbisenc.dll
[2009/07/26 21:35:48 | 00,188,416 | ---- | C] () -- C:\Windows\SysWow64\vorbis.dll
[2009/07/26 21:35:48 | 00,045,056 | ---- | C] () -- C:\Windows\SysWow64\ogg.dll
[2009/07/26 21:35:47 | 01,216,512 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009/07/26 21:35:47 | 00,237,568 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009/07/26 21:35:47 | 00,237,568 | ---- | C] () -- C:\Windows\SysWow64\OggDS.dll
[2009/07/23 21:15:50 | 00,001,176 | ---- | C] () -- C:\Users\Janny\AppData\Roaming\vso_ts_preview.xml
[2009/07/23 21:15:34 | 00,000,034 | ---- | C] () -- C:\Users\Janny\AppData\Roaming\pcouffin.log
[2009/07/23 21:15:08 | 00,099,384 | ---- | C] () -- C:\Users\Janny\AppData\Roaming\inst.exe
[2009/07/23 21:15:08 | 00,007,859 | ---- | C] () -- C:\Users\Janny\AppData\Roaming\pcouffin.cat
[2009/07/23 21:15:08 | 00,001,167 | ---- | C] () -- C:\Users\Janny\AppData\Roaming\pcouffin.inf
[2009/07/23 17:58:45 | 00,000,053 | ---- | C] () -- C:\Windows\SysWow64\UNWISE.INI
[2009/07/23 17:57:34 | 00,065,536 | ---- | C] () -- C:\Windows\SysWow64\dmcrypto.dll
[2009/07/23 17:57:08 | 00,000,135 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/07/23 17:57:07 | 00,217,149 | ---- | C] () -- C:\Windows\SysWow64\hcwChDB.dll
[2009/07/23 17:56:37 | 00,003,811 | ---- | C] () -- C:\Windows\HCWPNP.INI
[2009/07/15 21:10:46 | 00,146,432 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2009/07/15 21:10:46 | 00,072,704 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2009/07/13 18:42:10 | 00,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 00,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2005/02/28 14:33:00 | 00,343,040 | R--- | C] () -- C:\Windows\SysWow64\lffpx7.dll
[2005/02/28 14:33:00 | 00,116,736 | R--- | C] () -- C:\Windows\SysWow64\lfkodak.dll
[2005/02/28 14:08:30 | 00,006,688 | ---- | C] () -- C:\Windows\SysWow64\Digita.sys

========== LOP Check ==========

[2009/08/13 12:46:44 | 00,000,000 | ---D | M] -- C:\Users\Janny\AppData\Roaming\BNeReader
[2009/10/29 22:19:51 | 00,000,000 | ---D | M] -- C:\Users\Janny\AppData\Roaming\Canon
[2009/12/31 17:04:34 | 00,000,000 | ---D | M] -- C:\Users\Janny\AppData\Roaming\ContentGuard
[2009/11/29 15:39:06 | 00,000,000 | ---D | M] -- C:\Users\Janny\AppData\Roaming\DonationCoder
[2009/10/29 22:19:56 | 00,000,000 | ---D | M] -- C:\Users\Janny\AppData\Roaming\FirstClass
[2009/10/29 22:19:56 | 00,000,000 | ---D | M] -- C:\Users\Janny\AppData\Roaming\Foxit
[2009/10/29 22:19:56 | 00,000,000 | ---D | M] -- C:\Users\Janny\AppData\Roaming\funkitron
[2009/11/26 19:25:20 | 00,000,000 | ---D | M] -- C:\Users\Janny\AppData\Roaming\GrabPro
[2009/10/29 22:19:56 | 00,000,000 | ---D | M] -- C:\Users\Janny\AppData\Roaming\HTNetMeter
[2009/10/29 22:19:56 | 00,000,000 | ---D | M] -- C:\Users\Janny\AppData\Roaming\Imagomat
[2009/10/29 22:19:57 | 00,000,000 | ---D | M] -- C:\Users\Janny\AppData\Roaming\iWin
[2009/10/29 22:19:57 | 00,000,000 | ---D | M] -- C:\Users\Janny\AppData\Roaming\JAlbum
[2009/10/29 22:19:58 | 00,000,000 | ---D | M] -- C:\Users\Janny\AppData\Roaming\Leadertech
[2010/01/12 19:37:23 | 00,000,000 | ---D | M] -- C:\Users\Janny\AppData\Roaming\LimeWire
[2009/10/29 22:20:02 | 00,000,000 | ---D | M] -- C:\Users\Janny\AppData\Roaming\MAGIX
[2010/01/12 16:05:51 | 00,000,000 | ---D | M] -- C:\Users\Janny\AppData\Roaming\Marine Aquarium 3
[2009/11/27 11:13:26 | 00,000,000 | ---D | M] -- C:\Users\Janny\AppData\Roaming\Orbit
[2010/01/04 12:11:00 | 00,000,000 | ---D | M] -- C:\Users\Janny\AppData\Roaming\Simply Super Software
[2009/10/29 22:20:05 | 00,000,000 | ---D | M] -- C:\Users\Janny\AppData\Roaming\Songbird2
[2009/10/29 22:20:07 | 00,000,000 | ---D | M] -- C:\Users\Janny\AppData\Roaming\SystemRequirementsLab
[2009/10/29 22:20:07 | 00,000,000 | ---D | M] -- C:\Users\Janny\AppData\Roaming\The Professional Developer
[2009/10/29 22:20:07 | 00,000,000 | ---D | M] -- C:\Users\Janny\AppData\Roaming\Thunderbird
[2009/11/12 13:23:58 | 00,000,000 | ---D | M] -- C:\Users\Janny\AppData\Roaming\TweakNow PowerPack 2009
[2010/01/19 07:33:15 | 00,000,000 | ---D | M] -- C:\Users\Janny\AppData\Roaming\uTorrent
[2010/01/16 22:55:39 | 00,000,000 | ---D | M] -- C:\Users\Janny\AppData\Roaming\Vso
[2009/10/29 22:20:11 | 00,000,000 | ---D | M] -- C:\Users\Janny\AppData\Roaming\Zen of Sudoku
[2009/07/14 00:08:49 | 00,020,326 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU(29).TXT
[2009/07/14 00:08:49 | 00,023,610 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU(41).TXT
[2009/07/14 00:08:49 | 00,027,928 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 194 bytes -> C:\ProgramData\TEMP:C265C458
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:C8B8CEBD
< End of report >

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:36:44 PM, on 19/01/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Zinio\ZinioReader.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Program Files (x86)\Trend Micro\HijackThis\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/23
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ÿþ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe "
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe "
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe "
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe "
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Zinio DLM] C:\Program Files (x86)\Zinio\ZinioReader.exe /autostart
O4 - HKCU\..\Run: [Google Update] "C:\Users\Janny\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Global Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files (x86)\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {CAFECAFE-0013-0001-0028-ABCDEFABCDEF} (JInitiator 1.3.1.28) - http://esis.tldsb.on.ca/forms/jinitiator/jinit.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SureThing Labelflash service - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11819 bytes

 

THANKS SO MUCH AGAIN!! Everything seems to be ship shape with my computer now. You're super.

 

You're very welcome - I don't normally trust "my baby" to just anyone...