Solved Google redirect malware

[Resolved] Google redirect malware

I've been trying to fix this virus for days with no luck. I'm using mozilla firefox browser, running vista business, whenever perform search on google, result link would be redirected to some random page.

I have looked through some of the forum and try to use couple different sw to remove it, including symantec anti virus, malwarebytes, pc tools anti virus, pc tools registry mechanics, hitman pro 3.5, spybot. Only pc tool anti virus and hitman pro found virus, and registry mechanics found some registry errors. After cleaning it I test google search again, but problem seems to persist. Every time after using google search, registry would found error, but not pc tools anti virus nor hitman pro.

After installing all the av sw (only removed malwarebytes), it takes forever to start up my PC. Either the virus is slowing my PC down or the massive scan at start up is taking a toll on pc start up time.

I spent a week trying to figure it out, I saw comment on forum about using combofix but don't do it without supervision, I don't want to stall my PC at start up. Please help!!

Here is the dds and attach file:


DDS (Ver_10-03-17.01) - NTFSx86
Run by Nadine at 22:17:17.21 on Thu 04/08/2010
Internet Explorer: 8.0.6001.18904 BrowserJavaVersion: 1.6.0_19
Microsoft® Windows Vistaâ„¢ Business 6.0.6002.2.1252.1.1033.18.3317.1635 [GMT -5:00]

AV: Symantec AntiVirus *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Symantec AntiVirus *enabled* (Updated) {6C85A515-B91D-4D2B-AF18-40984A4A8493}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Softex\OmniPass\OmniServ.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Softex\OmniPass\opvapp.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Fujitsu\PSUtility\PSUService.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe
C:\Program Files\Fujitsu\PSUtility\TrayManager.exe
C:\Program Files\Fingerprint Sensor\ATSwpNav.exe
C:\Program Files\Softex\OmniPass\scureapp.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RDrvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Registry Mechanic\RMTray.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Nadine\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = about:blank
mDefault_Page_URL = hxxp://www.pc-ap.fujitsu.com/
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [RegistryMechanic] c:\program files\registry mechanic\RMTray.exe /S
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [LoadFUJ02E3] c:\program files\fujitsu\fuj02e3\FUJ02E3.exe
mRun: [IndicatorUtility] c:\program files\fujitsu\fujitsu hotkey utility\IndicatorUty.exe
mRun: [LoadFujitsuQuickTouch] c:\program files\fujitsu\application panel\QuickTouch.exe
mRun: [LoadBtnHnd] c:\program files\fujitsu\btnhnd\BtnHnd.exe
mRun: [TvOutSwitch] c:\program files\fujitsu\dispswitch\DispSwitchLauncher.exe
mRun: [SSUtility] c:\program files\fujitsu\ssutility\FJSSDMN.exe
mRun: [PSUtility] c:\program files\fujitsu\psutility\TrayManager.exe
mRun: [ATSwpNav] "c:\program files\fingerprint sensor\ATSwpNav" -run
mRun: [OmniPass] c:\program files\softex\omnipass\scureapp.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [IaNvSrv] c:\program files\intel\intel matrix storage manager\orom\ianvsrv\IaNvSrv.exe
mRun: [FjRDrvMon] c:\windows\RDrvMon.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe "
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [Skytel] Skytel.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe "
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe "
mRun: [SSDMonitor] c:\program files\common files\pc tools\smonitor\SSDMonitor.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: intuit.com\ttlc
DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\users\nadine\appdata\roaming\mozilla\firefox\profiles\auq79100.default\
FF - prefs.js: browser.startup.homepage -
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101757&gct=&gc=1&q=
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\vistacodecpack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\vistacodecpack\rm\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\nadine\appdata\roaming\facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\users\nadine\appdata\roaming\facebook\npfbplugin_1_0_3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows

presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.use_native_popup_windows ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.enable_click_image_resizing ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "accessibility.browsewithcaret_shortcut.enabled ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.high_water_mark ", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.gc_frequency ", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.trackpoint_hack.enabled ", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.debug ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.agedWeight ", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.bucketSize ", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.maxTimeGroupings ", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.timeGroupingSize ", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.boundaryWeight ", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.prefixWeight ", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref( "html5.enable ", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl3.rsa_seed_sha ", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.download.backgroundInterval ", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.url.manual ", "http://www.firefox.com ");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "browser.search.param.yahoo-fr-ja ", "mozff ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ",

"chrome://browser/locale/browser.properties ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ",

"chrome://browser/locale/browser.properties ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add ", "addons.mozilla.org ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add.36 ", "getpersonas.com ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "lightweightThemes.update.enabled ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.allTabs.previews ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.hide_infobar_for_outdated_plugin ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "toolbar.customization.usesheet ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.enable ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.max ", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.cachetime ", 20);

============= SERVICES / DRIVERS ===============

R0 FJGSDisk;G-Sensor Application Filter Driver;c:\windows\system32\drivers\FJGSDisk.sys [2008-6-25 12712]
R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2008-3-2 36640]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2008-3-2 35456]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-4-6 207280]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-4-6 112592]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2010-4-7 632792]
R2 PowerSavingUtilityService;PowerSavingUtilityService;c:\program files\fujitsu\psutility\PSUService.exe [2006-10-30 63016]
R2 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2006-11-28 122008]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2008-3-29 810320]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-4-6 365280]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-4-6 1141712]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2006-11-28 1962136]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-8-28 102448]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\drivers\fuj02e3.sys [2007-4-25 5632]
R3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\drivers\smscirda.sys [2007-4-25 31232]
S2 LvIBTSvr;Logitech IBT Service;c:\program files\common files\logishrd\lvibtsvr\LvIBTSvr.exe [2007-4-3 76576]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-24 21504]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-11-5 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S4 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\system32\drivers\iaNvStor.sys [2008-3-2 209408]

=============== Created Last 30 ================

2010-04-08 05:50:17 12872 ----a-w- c:\windows\system32\bootdelete.exe
2010-04-08 05:39:56 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-04-08 05:24:35 0 d-----w- c:\programdata\Hitman Pro
2010-04-08 05:24:33 0 d-----w- c:\program files\Hitman Pro 3.5
2010-04-08 04:55:34 524288 --sha-w- c:\users\nadine\NTUSER.DAT{0f1252ef-42c7-11df-986b-00037ab3930e}.TMContainer00000000000000000002.regtrans-ms
2010-04-08 04:55:33 65536 --sha-w- c:\users\nadine\NTUSER.DAT{0f1252ef-42c7-11df-986b-00037ab3930e}.TM.blf
2010-04-08 04:55:33 524288 --sha-w- c:\users\nadine\NTUSER.DAT{0f1252ef-42c7-11df-986b-00037ab3930e}.TMContainer00000000000000000001.regtrans-ms
2010-04-08 04:53:21 262144 ---ha-w- c:\users\nadine\S-1-5-21-1224792601-3371567533-4042545913-1000.rrr.LOG1
2010-04-08 04:53:21 0 ---ha-w- c:\users\nadine\S-1-5-21-1224792601-3371567533-4042545913-1000.rrr.LOG2
2010-04-08 03:48:34 0 d-----w- c:\programdata\Office Genuine Advantage
2010-04-08 03:48:24 0 d-----w- c:\users\nadine\Office Genuine Advantage
2010-04-08 02:27:48 0 d-----w- c:\users\nadine\appdata\roaming\Registry Mechanic
2010-04-08 02:13:31 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx
2010-04-08 02:13:31 1101824 ----a-w- c:\windows\system32\UniBox210.ocx
2010-04-08 02:13:30 880640 ----a-w- c:\windows\system32\UniBox10.ocx
2010-04-08 02:13:30 506368 ----a-w- c:\windows\system32\msxml.dll
2010-04-07 04:02:41 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-07 04:00:41 882 ----a-w- c:\windows\RegSDImport.xml
2010-04-07 04:00:41 880 ----a-w- c:\windows\RegISSImport.xml
2010-04-07 04:00:41 767952 ----a-w- c:\windows\BDTSupport.dll
2010-04-07 04:00:41 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-04-07 04:00:41 131 ----a-w- c:\windows\IDB.zip
2010-04-07 04:00:40 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-04-07 04:00:40 1640400 ----a-w- c:\windows\PCTBDCore.dll
2010-04-07 04:00:40 1152444 ----a-w- c:\windows\UDB.zip
2010-04-07 03:57:13 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2010-04-07 03:57:13 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-04-07 03:57:13 100136 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2010-04-07 03:57:08 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-04-07 03:57:08 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2010-04-07 03:57:08 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2010-04-07 03:57:08 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-04-07 03:57:00 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat
2010-04-07 03:57:00 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-04-07 03:56:51 0 d-----w- c:\users\nadine\appdata\roaming\PC Tools
2010-04-07 03:56:51 0 d-----w- c:\programdata\PC Tools
2010-04-07 03:56:51 0 d-----w- c:\program files\Spyware Doctor
2010-04-07 03:56:51 0 d-----w- c:\program files\common files\PC Tools
2010-04-04 04:49:03 0 d-----w- c:\programdata\Sun
2010-03-16 22:11:14 0 d-----w- c:\program files\iPod
2010-03-16 22:11:12 0 d-----w- c:\program files\iTunes
2010-03-10 09:01:06 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-03-10 09:01:04 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-03-10 09:01:03 30720 ----a-w- c:\windows\system32\httpapi.dll

==================== Find3M ====================

2010-03-09 09:28:20 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-24 15:16:06 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-23 06:39:13 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33:45 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 06:33:45 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 04:55:36 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-01-25 12:00:35 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:00:35 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:00:35 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:00:22 471552 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 11:58:52 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:21:20 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:21:20 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:21:18 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:21:18 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-23 09:26:13 2048 ----a-w- c:\windows\system32\tzres.dll
2010-01-04 22:43:08 86016 ----a-w- c:\windows\inf\infstor.dat
2010-01-04 22:43:08 51200 ----a-w- c:\windows\inf\infpub.dat
2010-01-04 22:43:08 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-11-17 09:21:32 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-06-25 03:46:18 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:07 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:07 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:07 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:07 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-12-20 09:18:18 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\cookies\index.dat
2009-12-20 09:18:18 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\history\history.ie5\index.dat
2009-12-20 09:18:18 32768 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\temporary internet files\content.ie5\index.dat
2009-10-14 14:54:05 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-12-20 08:15:44 68096 --sha-r- c:\windows\system32\diskcopyv.dll

============= FINISH: 22:20:40.48 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft® Windows Vistaâ„¢ Business
Boot Device: \Device\HarddiskVolume2
Install Date: 3/2/2008 3:07:53 AM
System Uptime: 4/8/2010 5:51:31 PM (5 hours ago)

Motherboard: FUJITSU | | FJNB1D3
Processor: Intel(R) Core(TM)2 Duo CPU T7500 @ 2.20GHz | Onboard | 800/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 74 GiB total, 46.339 GiB free.
D: is FIXED (NTFS) - 74 GiB total, 73.665 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0001
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #3
PNP Device ID: ROOT\*ISATAP\0001
Service: tunnel

Class GUID: {4d36e97b-e325-11ce-bfc1-08002be10318}
Description: Intel(R) Turbo Memory Controller
Device ID: PCI\VEN_8086&DEV_444E&SUBSYS_444E8086&REV_01\4&28FE0F98&1&00E3
Manufacturer: Intel
Name: Intel(R) Turbo Memory Controller
PNP Device ID: PCI\VEN_8086&DEV_444E&SUBSYS_444E8086&REV_01\4&28FE0F98&1&00E3
Service: iaNvStor

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.4
Agere Systems HDA Modem
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AuthenTec Fingerprint Sensor Minimum Install
AutoUpdate
Bluetooth Stack for Windows by Toshiba
Bonjour
Browser Defender 2.0.6.11
Chinese Traditional Fonts Support For Adobe Reader 8
DivX Codec
DivX Converter
DivX Player
DivX Version Checker
Facebook Plug-In
Fujitsu Display Manager
Fujitsu Hotkey Utility
Fujitsu MobilityCenter Extension Utility
Fujitsu System Extension Utility
Fujitsu WebCam
Google SketchUp 6
Hitman Pro 3.5
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Inst5657
Intel(R) Graphics Media Accelerator Driver
Intel® Turbo Memory and Intel® Matrix Storage Manager
iTunes
Java Auto Updater
Java(TM) 6 Update 19
Java(TM) 6 Update 5
Java(TM) SE Runtime Environment 6
Juniper Networks Host Checker
Juniper Networks Network Connect 6.0.0
Juniper Networks Setup Client
Junk Mail filter update
LifeBook Application Panel
LiveUpdate 3.2 (Symantec Corporation)
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.3
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Project 2007 Service Pack 2 (SP2)
Microsoft Office Project MUI (English) 2007
Microsoft Office Project Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Visio 2007 Service Pack 2 (SP2)
Microsoft Office Visio MUI (English) 2007
Microsoft Office Visio Professional 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
MobileMe Control Panel
Mozilla Firefox (3.6.3)
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
OGA Notifier 2.0.0048.0
OmniPass 5.00.62
Power Saving Utility
QuickTime
Realtek High Definition Audio Driver
Registry Mechanic 9.0
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB978380)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB978382)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Shock Sensor Utility
Skype web features
Skypeâ„¢ 4.1
Spelling Dictionaries Support For Adobe Reader 8
Spybot - Search & Destroy
Spyware Doctor 7.0
Symantec AntiVirus
Synaptics Pointing Device Driver
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB977724)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Project 2007 Help (KB963668)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Visio 2007 Help (KB963666)
Update for Microsoft Office Word 2007 (KB974561)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb979895)
VC80CRTRedist - 8.0.50727.762
Vista Codec Package
Winamp
Winamp Remote
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
WinRAR archiver

==== Event Viewer Messages From Past Week ========

4/8/2010 5:57:21 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a

corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this

action failed with the following error: An instance of the service is already running.
4/8/2010 5:56:53 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while

waiting for the Windows Search service to connect.
4/8/2010 5:56:53 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the

following error: The service did not respond to the start or control request in a timely fashion.
4/8/2010 5:56:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start

the service WSearch with arguments " " in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
4/8/2010 5:56:51 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly.

It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the

service.
4/8/2010 5:56:38 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-

specific error 2147749155 (0x80040D23).
4/8/2010 12:36:31 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s)

failed to load: AFD CSC DfsC eeCtrl NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb SPBBCDrv spldr SRTSP SRTSPX

SYMTDI tdx Tosrfcom Wanarpv6
4/8/2010 12:36:31 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store

Interface Service service which failed to start because of the following error: The dependency service or group

failed to start.
4/8/2010 12:36:31 AM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends

on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device

attached to the system is not functioning.
4/8/2010 12:36:31 AM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client

Redirector Driver service which failed to start because of the following error: The dependency service or group

failed to start.
4/8/2010 12:36:31 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the

Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device

attached to the system is not functioning.
4/8/2010 12:36:31 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service

depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A

device attached to the system is not functioning.
4/8/2010 12:36:31 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the

SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency

service or group failed to start.
4/8/2010 12:36:31 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the

SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency

service or group failed to start.
4/8/2010 12:36:31 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends

on the NSI proxy service service which failed to start because of the following error: A device attached to the

system is not functioning.
4/8/2010 12:36:31 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on

the Network Store Interface Service service which failed to start because of the following error: The dependency

service or group failed to start.
4/8/2010 12:36:31 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the

Network Location Awareness service which failed to start because of the following error: The dependency service or

group failed to start.
4/8/2010 12:36:31 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store

Interface Service service which failed to start because of the following error: The dependency service or group

failed to start.
4/8/2010 12:36:31 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy

TDI Support Driver service which failed to start because of the following error: A device attached to the system

is not functioning.
4/8/2010 12:36:31 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary

Function Driver for Winsock service which failed to start because of the following error: A device attached to the

system is not functioning.
4/8/2010 12:36:31 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server

service which failed to start because of the following error: The dependency service or group failed to start.
4/8/2010 12:36:00 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start

the service WSearch with arguments " " in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
4/8/2010 12:35:31 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start

the service MDM with arguments " " in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
4/8/2010 12:35:26 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start

the service netprofm with arguments " " in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
4/8/2010 12:35:26 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start

the service netman with arguments " " in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
4/8/2010 12:35:25 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start

the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/8/2010 12:35:18 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start

the service ShellHWDetection with arguments " " in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
4/8/2010 12:35:11 AM, Error: EventLog [6008] - The previous system shutdown at 12:25:31 AM on 4/8/2010 was

unexpected.
4/8/2010 12:00:59 AM, Error: Service Control Manager [7022] - The KtmRm for Distributed Transaction Coordinator

service hung on starting.
4/6/2010 10:44:26 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission

settings do not grant Local Activation permission for the COM Server application with CLSID {0C0A3666-30C9-11D0-

8F20-00805F2CD064} to the user Nadine-PC\Nadine SID (S-1-5-21-1224792601-3371567533-4042545913-1000) from address

LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
4/4/2010 1:55:41 AM, Error: yukonwlh [101] - Driver has encountered an internal error

==== End Of File ===========================

 

Hi and welcome to windowbbs forums .

Next time you save a log in notepad, please go to the format tab and un-check WordWrap.

==

Please download [color= "#FF0000"]GooredFix[/color] from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2

• Ensure all Firefox windows are closed.
• To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
• When prompted to run the scan, click Yes.
• GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

==

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:


netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\System32\config\*.sav
CREATERESTOREPOINT


* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

thanks for your help!!

here is the gooredfix.txt:

GooredFix by jpshortstuff (08.01.10.1)
Log created at 17:46 on 09/04/2010 (Nadine)
Firefox version 3.6.3 (en-US)

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [05:54 21/12/2009]
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [19:06 06/04/2008]
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [04:52 20/01/2009]
{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} [20:06 01/08/2009]
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [14:40 25/12/2009]
{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} [04:47 04/04/2010]

C:\Users\Nadine\Application Data\Mozilla\Firefox\Profiles\auq79100.default\extensions\
{20a82645-c095-46ed-80e3-08825760534b} [23:29 21/12/2009]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b} "= "C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [15:57 06/06/2009]

---------- Old Logs ----------
GooredFix[22.46.14_09-04-2010].txt

-=E.O.F=-


here is the otl.txt:

OTL logfile created on: 4/9/2010 5:47:54 PM - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Users\Nadine\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 50.00% Memory free
7.00 Gb Paging File | 5.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.23 Gb Total Space | 46.34 Gb Free Space | 62.42% Space Free | Partition Type: NTFS
Drive D: | 73.84 Gb Total Space | 73.67 Gb Free Space | 99.77% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 1863.01 Gb Total Space | 1699.32 Gb Free Space | 91.21% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NADINE-PC
Current User Name: Nadine
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/04/09 17:43:40 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Users\Nadine\Desktop\OTL.exe
PRC - [2010/04/07 21:15:28 | 000,632,792 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2010/01/18 14:14:26 | 001,286,608 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe
PRC - [2010/01/18 14:14:24 | 001,141,712 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe
PRC - [2009/12/09 15:23:34 | 000,365,280 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
PRC - [2009/11/25 15:42:20 | 000,292,824 | ---- | M] (PC Tools ) -- C:\Program Files\Registry Mechanic\RMTray.exe
PRC - [2009/11/25 15:42:18 | 000,104,408 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
PRC - [2009/11/10 10:28:08 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2009/05/19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/05 17:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/30 14:50:54 | 000,423,280 | ---- | M] (Juniper Networks) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
PRC - [2008/01/28 11:43:32 | 000,810,320 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2007/12/14 16:45:34 | 000,193,832 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe
PRC - [2007/07/24 20:02:44 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/07/24 20:02:42 | 000,174,616 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/07/12 17:28:50 | 002,560,000 | ---- | M] () -- C:\Program Files\Softex\OmniPass\scureapp.exe
PRC - [2007/07/12 16:44:00 | 000,069,632 | ---- | M] () -- C:\Program Files\Softex\OmniPass\opvapp.exe
PRC - [2007/07/12 16:42:58 | 000,040,960 | ---- | M] (Softex Inc.) -- C:\Program Files\Softex\OmniPass\OmniServ.exe
PRC - [2007/07/10 17:59:32 | 000,077,824 | ---- | M] () -- C:\Windows\RDrvMon.exe
PRC - [2007/06/20 03:56:16 | 004,493,312 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/05/24 11:33:32 | 001,150,976 | ---- | M] (AuthenTec, Inc.) -- C:\Program Files\Fingerprint Sensor\ATSwpNav.exe
PRC - [2007/05/22 17:57:26 | 002,756,608 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2007/05/18 17:14:14 | 002,170,880 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
PRC - [2007/04/26 15:53:38 | 000,274,432 | ---- | M] (TOSHIBA CORPORATION.) -- c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
PRC - [2007/02/27 21:21:10 | 000,278,528 | ---- | M] (TOSHIBA CORPORATION.) -- c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2007/02/27 20:57:56 | 000,278,528 | ---- | M] (TOSHIBA CORPORATION.) -- c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
PRC - [2007/02/25 22:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) -- c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2007/01/30 18:47:48 | 000,307,200 | ---- | M] (TOSHIBA CORPORATION.) -- c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe
PRC - [2006/11/28 06:34:38 | 000,134,808 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2006/11/28 06:34:26 | 000,122,008 | ---- | M] (symantec) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe
PRC - [2006/11/28 06:34:18 | 001,962,136 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2006/11/28 06:34:00 | 000,030,872 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2006/11/25 18:09:32 | 000,260,912 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
PRC - [2006/11/22 17:12:36 | 000,107,112 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2006/11/22 17:12:16 | 000,107,624 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2006/11/17 16:38:40 | 000,080,688 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
PRC - [2006/11/12 17:13:58 | 000,068,400 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
PRC - [2006/11/07 15:45:38 | 000,097,072 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
PRC - [2006/10/30 03:37:36 | 000,063,016 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\PSUtility\PSUService.exe
PRC - [2006/10/30 03:37:32 | 000,136,744 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\PSUtility\TrayManager.exe
PRC - [2006/10/05 09:10:00 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006/01/24 00:14:10 | 000,069,632 | ---- | M] (TOSHIBA CORPORATION.) -- c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe


========== Modules (SafeList) ==========

MOD - [2010/04/09 17:43:40 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Users\Nadine\Desktop\OTL.exe
MOD - [2009/10/30 11:18:16 | 000,147,024 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\PCTGMhk.dll
MOD - [2009/04/11 01:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/04/07 21:15:28 | 000,632,792 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2010/01/18 14:14:24 | 001,141,712 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009/12/09 15:23:34 | 000,365,280 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/11/10 10:28:08 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2009/09/24 20:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/08/05 23:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/05/19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/04/30 14:50:54 | 000,423,280 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2008/01/28 11:43:32 | 000,810,320 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/07/24 20:02:44 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007/07/12 16:42:58 | 000,040,960 | ---- | M] (Softex Inc.) [Auto | Running] -- C:\Program Files\Softex\OmniPass\OmniServ.exe -- (omniserv)
SRV - [2007/04/03 00:32:26 | 000,105,248 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2007/04/03 00:29:46 | 000,076,576 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- c:\Program Files\Common Files\LogiShrd\LvIBTSvr\LvIBTSvr.exe -- (LvIBTSvr)
SRV - [2007/02/25 22:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2006/11/28 06:34:26 | 000,122,008 | ---- | M] (symantec) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2006/11/28 06:34:18 | 001,962,136 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2006/11/28 06:34:00 | 000,030,872 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2006/11/22 17:12:16 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2006/11/22 17:12:16 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2006/10/31 10:32:09 | 002,541,248 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2006/10/30 03:37:36 | 000,063,016 | ---- | M] (FUJITSU LIMITED) [Auto | Running] -- C:\Program Files\Fujitsu\PSUtility\PSUService.exe -- (PowerSavingUtilityService)
SRV - [2006/10/05 09:10:00 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.pc-ap.fujitsu.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: " "
FF - prefs.js..keyword.URL: "http://toolbar.ask.com/toolbarv/askRedirect?o=101757&gct=&gc=1&q= "

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/02 15:21:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/02 15:21:13 | 000,000,000 | ---D | M]

[2009/12/21 00:56:05 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\Mozilla\Extensions
[2010/04/08 23:24:14 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\auq79100.default\extensions
[2009/12/21 18:29:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\auq79100.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/07 21:55:40 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/09/03 19:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll

O1 HOSTS File: ([2009/12/21 22:35:00 | 000,367,244 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 12638 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ATSwpNav] C:\Program Files\Fingerprint Sensor\ATSwpNav.exe (AuthenTec, Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [FjRDrvMon] C:\Windows\RDrvMon.exe ()
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IaNvSrv] C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe (Intel Corporation)
O4 - HKLM..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe ()
O4 - HKLM..\Run: [PSUtility] C:\Program Files\Fujitsu\PSUtility\TrayManager.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
O4 - HKLM..\Run: [SSUtility] C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [TvOutSwitch] C:\Program Files\Fujitsu\DispSwitch\DispSwitchLauncher.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RMTray.exe (PC Tools )
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebook.com/controls/FacebookPhotoUploader3.cab (Facebook Photo Uploader 4 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.94.156.1 68.94.157.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Nadine\Pictures\IMG_2476.JPG
O24 - Desktop BackupWallPaper: C:\Users\Nadine\Pictures\IMG_2476.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{3b8a7819-77db-11dd-8051-00037ab3930e}\Shell - " " = AutoRun
O33 - MountPoints2\{3b8a7819-77db-11dd-8051-00037ab3930e}\Shell\AutoRun\command - " " = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\{3b8a7820-77db-11dd-8051-00037ab3930e}\Shell - " " = AutoRun
O33 - MountPoints2\{3b8a7820-77db-11dd-8051-00037ab3930e}\Shell\AutoRun\command - " " = J:\LaunchU3.exe -- File not found
O33 - MountPoints2\{45260f72-dd21-11dd-bcba-00037ab3930e}\Shell - " " = AutoRun
O33 - MountPoints2\{45260f72-dd21-11dd-bcba-00037ab3930e}\Shell\AutoRun\command - " " = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{6593f001-a23f-11dd-8ef1-00037ab3930e}\Shell - " " = AutoRun
O33 - MountPoints2\{6593f001-a23f-11dd-8ef1-00037ab3930e}\Shell\AutoRun\command - " " = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{8c16bd50-e0b7-11dd-b56a-00037ab3930e}\Shell - " " = AutoRun
O33 - MountPoints2\{8c16bd50-e0b7-11dd-b56a-00037ab3930e}\Shell\AutoRun\command - " " = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{a466b403-4dc6-11dd-a27f-00037ab3930e}\Shell\AutoRun\command - " " = Autorun.exe /run
O33 - MountPoints2\{a466b403-4dc6-11dd-a27f-00037ab3930e}\Shell\Shell00\Command - " " = Autorun.exe /run
O33 - MountPoints2\{a466b403-4dc6-11dd-a27f-00037ab3930e}\Shell\Shell01\Command - " " = Autorun.exe /action
O33 - MountPoints2\{a466b403-4dc6-11dd-a27f-00037ab3930e}\Shell\Shell02\Command - " " = Autorun.exe /uninstall
O33 - MountPoints2\F\Shell - " " = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - " " = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/06/24 22:32:39 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
OTL cannot create restorepoints on Vista OSs!

========== Files/Folders - Created Within 14 Days ==========

[2010/04/09 17:46:06 | 000,000,000 | ---D | C] -- C:\Users\Nadine\Desktop\GooredFix Backups
[2010/04/09 17:43:38 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Users\Nadine\Desktop\OTL.exe
[2010/04/09 17:43:02 | 000,070,858 | ---- | C] (jpshortstuff) -- C:\Users\Nadine\Desktop\GooredFix.exe
[2010/04/08 00:50:17 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2010/04/08 00:24:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2010/04/08 00:24:33 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/04/07 22:48:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2010/04/07 22:48:24 | 000,000,000 | ---D | C] -- C:\Users\Nadine\Office Genuine Advantage
[2010/04/07 21:27:48 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Roaming\Registry Mechanic
[2010/04/07 21:13:31 | 001,101,824 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\System32\UniBox210.ocx
[2010/04/07 21:13:31 | 000,212,992 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\System32\UniBoxVB12.ocx
[2010/04/07 21:13:30 | 000,880,640 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\System32\UniBox10.ocx
[2010/04/07 21:13:16 | 000,000,000 | ---D | C] -- C:\Program Files\Registry Mechanic
[2010/04/06 23:02:41 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/06 23:00:41 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2010/04/06 23:00:40 | 001,640,400 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2010/04/06 23:00:40 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2010/04/06 22:57:13 | 000,233,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2010/04/06 22:57:13 | 000,100,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
[2010/04/06 22:57:08 | 000,207,280 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2010/04/06 22:57:08 | 000,087,784 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2010/04/06 22:57:00 | 000,070,408 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2010/04/06 22:56:51 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/04/06 22:56:51 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Roaming\PC Tools
[2010/04/06 22:56:51 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010/04/06 22:56:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/04/03 23:49:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun

========== Files - Modified Within 14 Days ==========

[2010/04/09 17:52:53 | 005,767,168 | ---- | M] () -- C:\Users\Nadine\NTUSER.DAT
[2010/04/09 17:50:56 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{7D79F7E0-2B2B-4809-BBB2-E620A7198416}.job
[2010/04/09 17:43:40 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Users\Nadine\Desktop\OTL.exe
[2010/04/09 17:43:03 | 000,070,858 | ---- | M] (jpshortstuff) -- C:\Users\Nadine\Desktop\GooredFix.exe
[2010/04/09 15:55:19 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/04/09 15:55:19 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/04/09 02:20:45 | 000,035,840 | ---- | M] () -- C:\Users\Nadine\Desktop\Book1.xls
[2010/04/08 23:05:37 | 000,195,584 | ---- | M] () -- C:\Users\Nadine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/08 22:45:09 | 000,695,758 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/04/08 22:45:09 | 000,582,484 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/04/08 22:45:09 | 000,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/04/08 17:57:03 | 000,015,944 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2010/04/08 17:55:32 | 000,000,310 | -HS- | M] () -- C:\Windows\tasks\Btykf.job
[2010/04/08 17:55:31 | 000,000,308 | ---- | M] () -- C:\Windows\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2010/04/08 17:55:31 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/04/08 01:38:21 | 000,524,288 | -HS- | M] () -- C:\Users\Nadine\NTUSER.DAT{0f1252ef-42c7-11df-986b-00037ab3930e}.TMContainer00000000000000000001.regtrans-ms
[2010/04/08 01:38:21 | 000,065,536 | -HS- | M] () -- C:\Users\Nadine\NTUSER.DAT{0f1252ef-42c7-11df-986b-00037ab3930e}.TM.blf
[2010/04/08 01:38:03 | 001,863,380 | -H-- | M] () -- C:\Users\Nadine\AppData\Local\IconCache.db
[2010/04/08 00:50:17 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2010/04/08 00:25:12 | 000,524,288 | -HS- | M] () -- C:\Users\Nadine\NTUSER.DAT{0f1252ef-42c7-11df-986b-00037ab3930e}.TMContainer00000000000000000002.regtrans-ms
[2010/04/07 23:53:33 | 005,767,168 | -HS- | M] () -- C:\Users\Nadine\ntuser.dat.rmbak
[2010/04/07 23:53:33 | 000,524,288 | -HS- | M] () -- C:\Users\Nadine\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TMContainer00000000000000000002.regtrans-ms
[2010/04/07 23:53:33 | 000,065,536 | -HS- | M] () -- C:\Users\Nadine\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TM.blf
[2010/04/07 23:08:17 | 000,009,597 | ---- | M] () -- C:\Users\Nadine\Desktop\mileages.xlsx

========== Files Created - No Company Name ==========

[2010/04/09 02:19:29 | 000,035,840 | ---- | C] () -- C:\Users\Nadine\Desktop\Book1.xls
[2010/04/08 00:57:28 | 000,000,308 | ---- | C] () -- C:\Windows\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2010/04/08 00:39:56 | 000,015,944 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2010/04/07 23:55:34 | 000,524,288 | -HS- | C] () -- C:\Users\Nadine\NTUSER.DAT{0f1252ef-42c7-11df-986b-00037ab3930e}.TMContainer00000000000000000002.regtrans-ms
[2010/04/07 23:55:33 | 000,524,288 | -HS- | C] () -- C:\Users\Nadine\NTUSER.DAT{0f1252ef-42c7-11df-986b-00037ab3930e}.TMContainer00000000000000000001.regtrans-ms
[2010/04/07 23:55:33 | 000,065,536 | -HS- | C] () -- C:\Users\Nadine\NTUSER.DAT{0f1252ef-42c7-11df-986b-00037ab3930e}.TM.blf
[2010/04/07 23:53:21 | 000,262,144 | -H-- | C] () -- C:\Users\Nadine\S-1-5-21-1224792601-3371567533-4042545913-1000.rrr.LOG1
[2010/04/07 23:53:21 | 000,000,000 | -H-- | C] () -- C:\Users\Nadine\S-1-5-21-1224792601-3371567533-4042545913-1000.rrr.LOG2
[2010/04/06 23:00:41 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2010/04/06 23:00:41 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml
[2010/04/06 23:00:41 | 000,000,880 | ---- | C] () -- C:\Windows\RegISSImport.xml
[2010/04/06 23:00:41 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip
[2010/04/06 23:00:40 | 001,152,444 | ---- | C] () -- C:\Windows\UDB.zip
[2010/04/06 22:57:13 | 000,007,387 | ---- | C] () -- C:\Windows\System32\drivers\pctgntdi.cat
[2010/04/06 22:57:08 | 000,007,412 | ---- | C] () -- C:\Windows\System32\drivers\PCTAppEvent.cat
[2010/04/06 22:57:08 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctcore.cat
[2010/04/06 22:57:00 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctplsg.cat
[2009/12/20 03:15:44 | 000,068,096 | RHS- | C] () -- C:\Windows\System32\diskcopyv.dll
[2009/09/15 19:09:55 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2008/08/20 00:16:57 | 000,000,372 | ---- | C] () -- C:\Users\Nadine\Documents - Shortcut.lnk
[2008/06/12 14:36:38 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008/05/07 19:09:42 | 000,004,096 | -H-- | C] () -- C:\Users\Nadine\AppData\Local\keyfile3.drm
[2008/04/12 07:41:20 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008/04/12 07:30:20 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008/03/10 06:08:47 | 000,023,580 | ---- | C] () -- C:\Users\Nadine\AppData\Roaming\UserTile.png
[2008/03/10 05:48:02 | 000,000,680 | ---- | C] () -- C:\Users\Nadine\AppData\Local\d3d9caps.dat
[2008/03/05 17:23:09 | 000,195,584 | ---- | C] () -- C:\Users\Nadine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/03/05 17:20:20 | 000,000,418 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/03/02 05:11:46 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/03/02 04:37:13 | 000,639,224 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2008/03/02 03:59:22 | 000,000,000 | ---- | C] () -- C:\Windows\tosOBEX.INI
[2008/03/02 03:53:02 | 000,000,020 | -HS- | C] () -- C:\Users\Nadine\ntuser.ini
[2008/03/02 03:53:01 | 000,524,288 | -HS- | C] () -- C:\Users\Nadine\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TMContainer00000000000000000002.regtrans-ms
[2008/03/02 03:53:01 | 000,524,288 | -HS- | C] () -- C:\Users\Nadine\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TMContainer00000000000000000001.regtrans-ms
[2008/03/02 03:53:01 | 000,262,144 | ---- | C] () -- C:\Users\Nadine\ntuser.dat.LOG1
[2008/03/02 03:53:01 | 000,065,536 | -HS- | C] () -- C:\Users\Nadine\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TM.blf
[2008/03/02 03:53:01 | 000,000,000 | ---- | C] () -- C:\Users\Nadine\ntuser.dat.LOG2
[2008/03/02 03:53:00 | 005,767,168 | -HS- | C] () -- C:\Users\Nadine\ntuser.dat.rmbak
[2008/03/02 03:53:00 | 005,767,168 | ---- | C] () -- C:\Users\Nadine\NTUSER.DAT
[2008/03/02 03:50:35 | 000,001,803 | ---- | C] () -- C:\Windows\fjtmf.ini
[2008/03/02 03:45:30 | 000,167,936 | ---- | C] () -- C:\Windows\System32\nvccoin.dll
[2008/03/02 03:29:39 | 000,910,464 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2008/03/02 03:29:39 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1283.dll
[2008/03/02 03:29:38 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2008/03/02 03:26:40 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007/06/27 08:00:00 | 011,194,368 | ---- | C] () -- C:\Windows\System32\ZHHP_RES.DLL
[2007/06/27 08:00:00 | 000,749,568 | ---- | C] () -- C:\Windows\System32\AGISSI.DLL
[2007/04/17 16:50:02 | 000,003,164 | ---- | C] () -- C:\Windows\System32\FJSaver.ini
[2007/02/07 04:20:50 | 000,050,127 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2007/02/05 20:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006/12/05 14:05:06 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005/07/22 22:30:20 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll

========== LOP Check ==========

[2008/03/02 11:18:04 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\Autodesk
[2008/09/17 12:29:00 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\Cogniview
[2010/03/29 22:06:07 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\Facebook
[2008/03/10 05:59:51 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\Fujitsu
[2008/09/12 21:05:39 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\Juniper Networks
[2008/03/10 06:08:47 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\PeerNetworking
[2010/04/07 23:53:27 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\Registry Mechanic
[2008/05/02 12:24:49 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\Toshiba
[2010/04/08 17:55:32 | 000,000,310 | -HS- | M] () -- C:\Windows\Tasks\Btykf.job
[2010/04/08 01:38:36 | 000,032,626 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/04/09 17:50:56 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{7D79F7E0-2B2B-4809-BBB2-E620A7198416}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/01/19 02:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/19 02:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/19 02:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/19 02:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2007/04/17 16:00:57 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_8ed06b47\AGP440.sys
[2007/04/17 16:00:57 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.16400_none_b82caac9c18a4e3b\AGP440.sys
[2007/04/17 16:00:57 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=BF34B4A0E0B64440C5389AA6B902F4AD -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20496_none_b85af81edaeb8461\AGP440.sys
[2006/11/02 04:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006/11/02 04:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/19 02:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/19 02:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 04:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/03/06 10:01:37 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008/03/06 10:01:37 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008/03/06 10:01:37 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTOR.SYS >
[2007/04/25 14:17:36 | 000,277,784 | ---- | M] (Intel Corporation) MD5=5DF93509037399B53D3ECAA8A67B6C58 -- C:\Program Files\Fujitsu\clickme\exe\TurboMemory\Driver\Winall\Driver\iaStor.sys
[2007/04/25 14:17:36 | 000,277,784 | ---- | M] (Intel Corporation) MD5=5DF93509037399B53D3ECAA8A67B6C58 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\iaStor.sys
[2007/04/25 14:17:36 | 000,277,784 | ---- | M] (Intel Corporation) MD5=5DF93509037399B53D3ECAA8A67B6C58 -- C:\Windows\System32\drivers\iaStor.sys
[2007/04/25 14:17:36 | 000,277,784 | ---- | M] (Intel Corporation) MD5=5DF93509037399B53D3ECAA8A67B6C58 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_b92fa6ec\iaStor.sys
[2007/04/25 14:18:12 | 000,537,368 | ---- | M] (Intel Corporation) MD5=6E9BEDAEFA5A3F86CECF40F4963F3021 -- C:\Program Files\Fujitsu\clickme\exe\TurboMemory\Driver\Winall\Driver64\IaStor.sys
[2007/04/25 14:18:12 | 000,537,368 | ---- | M] (Intel Corporation) MD5=6E9BEDAEFA5A3F86CECF40F4963F3021 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2007/05/24 00:02:16 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_1cb29a96\iaStor.sys
[2007/05/24 00:02:16 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_8f0cb06b\iaStor.sys

< MD5 for: IASTORV.SYS >
[2008/01/19 02:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/19 02:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2006/11/02 04:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009/04/11 01:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 01:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/19 02:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/19 02:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/19 02:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/19 02:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006/11/02 04:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009/04/11 01:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/11 01:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/12/20 03:15:44 | 000,068,096 | RHS- | M] () Unable to obtain MD5 -- C:\Windows\System32\diskcopyv.dll
[2009/03/08 06:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009/03/08 06:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2008/01/19 02:35:15 | 001,386,496 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\msvbvm60.dll
[2009/04/11 01:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/11 01:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\System32\config\*.sav >
[2006/11/02 05:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 05:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 05:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 05:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 05:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

========== Alternate Data Streams ==========

@Alternate Data Stream - 208 bytes -> C:\ProgramData\TEMPFC5A2B2
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP1B5B4F1
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8
< End of report >

 

here is the extras.txt:

OTL Extras logfile created on: 4/9/2010 5:47:54 PM - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Users\Nadine\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 50.00% Memory free
7.00 Gb Paging File | 5.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.23 Gb Total Space | 46.34 Gb Free Space | 62.42% Space Free | Partition Type: NTFS
Drive D: | 73.84 Gb Total Space | 73.67 Gb Free Space | 99.77% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 1863.01 Gb Total Space | 1699.32 Gb Free Space | 91.21% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NADINE-PC
Current User Name: Nadine
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1 ",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03C7AC7B-529A-4DBB-9167-502E2515CB35}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{059E8BB5-893E-4FCB-A7C8-3087FCBCE093}" = lport=2869 | protocol=6 | dir=in | app=system |
"{0972DED2-0CD6-45E9-A009-8C95E469BC0E}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe |
"{0EBA6A39-116F-42C6-87E3-611ADE2B17F8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{18C2FDC2-6B01-479B-A360-82DBC19069CC}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
"{29F9E230-B80B-42CC-816E-1594D5A0C435}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{300AFC79-9757-4141-B094-73BF15E6BAD1}" = lport=1723 | protocol=6 | dir=in | app=system |
"{3339A3B2-E9D5-460D-BA94-ED4526FD106A}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
"{4084D8C8-6362-4DB3-86B5-311F2BE3C8CF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{40FAA777-E518-4224-A4E1-B37B89142763}" = lport=2869 | protocol=6 | dir=in | app=system |
"{42DAC8C3-8DFC-4BC5-900D-C7F70C7DFA2B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{616027DA-DFB1-4354-BA87-B1893A9D9075}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{68869812-F3A9-4AC6-B1E6-1A82A1B7BDA7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6DB30332-B182-4B9B-9B56-A8A1E6E8D9D9}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{70712FF2-BCB5-4E33-92E3-8A779EFC12ED}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{73031426-D132-4B85-A168-DB9443863CE8}" = lport=1701 | protocol=17 | dir=in | app=system |
"{77C5A5CB-D337-41F5-8DA9-672FD699BDD7}" = rport=10243 | protocol=6 | dir=out | app=system |
"{7CA2D29E-F4C0-4D7F-BB31-E85A5B260E93}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8BFFEC6C-53CC-4F3F-8988-861BA178E6D4}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{8C56AAFE-1627-48EF-8B13-D3979EA7DB78}" = rport=5358 | protocol=6 | dir=out | app=system |
"{8FC66D79-DDBF-4F89-AFD1-C1E4DF8E5B79}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe |
"{9591AC90-0DA0-49FF-912A-21ADAB242B4B}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
"{A177E7FD-C075-47D8-8353-38F9407DAE56}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{A3FD290D-9E73-45AD-BE21-23C87C25D3FE}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe |
"{A610C4CB-6B4C-4C99-9778-E3A421260781}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{A8B9C7F7-6D76-4456-9CC0-26AF8E3AAB65}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
"{A8E6B50D-0872-4234-A7D5-C466A05FA8BC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AE77F1CF-69EE-4590-8A0A-0B9E958B4A8C}" = rport=1701 | protocol=17 | dir=out | app=system |
"{B380A7CB-8349-4FEE-83ED-0A938DE57BE7}" = rport=1723 | protocol=6 | dir=out | app=system |
"{B6B806F8-75CE-49EC-9968-207D73C04A57}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
"{BE590170-74BB-46DE-8152-93A7A9DA20F4}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{C334559D-7C8E-48C1-9478-D8E064E797A2}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{C7C6C926-DC4E-4879-81CA-D0CA48D57520}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
"{CCC3AE13-5D6C-42A1-B4CF-F6DC3BADD20B}" = lport=5357 | protocol=6 | dir=in | app=system |
"{D1802A18-6D6D-48F5-88C4-E40161925BE7}" = lport=5358 | protocol=6 | dir=in | app=system |
"{D25FEC07-888C-4306-9867-DA3451651027}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
"{D93C5E4E-CE82-4A8C-A68C-B3E9BC6DCFDB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D9A996A9-AE56-4DCD-A4BC-5860252EFC6C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EFEFE9C6-23DE-4591-ACF7-53B3F43BA4D5}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
"{F3105C29-5246-4FA0-ACC5-C7F33EA519B0}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F3B32E25-FED0-4081-A967-60BAD3B98724}" = lport=10243 | protocol=6 | dir=in | app=system |
"{F3D63F21-9892-4D3C-90A8-53C58B8EBF23}" = rport=5357 | protocol=6 | dir=out | app=system |
"{F7DBA0DC-9378-4E19-B16A-A46655258777}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe |
"{F8B49C28-3F16-4804-A682-730D8789E7A3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{F928E621-A542-423B-A21A-C3D710DA98D6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{FFF39DB0-28A4-4D2A-968C-50C7379C6770}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{014B1B66-5476-4FAB-A99B-76AAD65F4C5B}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{0386FC8C-1909-4EF8-B6D3-F76D475D853B}" = protocol=6 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
"{13F4124C-1B31-45CA-A638-9874E938C864}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{152D38A8-BBAE-4C9C-A612-BF48D4153C9B}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{167BD743-DF2D-4E9A-B3D6-6CA08B440E97}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |
"{1D091B7E-61AB-4423-8289-07E1058B41CF}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |
"{2089B47C-2168-482F-BD6E-2673A95F45B6}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{21242ECE-9E07-4369-B0C6-51EBAB052987}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{245E9DD7-79F7-40A9-857C-A092641527F2}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{2B185BF0-5EDC-4A01-8401-B336FB88A445}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |
"{32607378-ACD3-41E1-A24B-EF35506D39F6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3CEAC9D9-7EE5-4AF0-BB22-9FEE83B34D16}" = protocol=6 | dir=in | app=%systemroot%\system32\netproj.exe |
"{3DE0888D-96E1-4FBC-8114-D5D90CBB1200}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"{42EF782A-415C-4950-88A7-88F28084B857}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{4426955D-FC1C-4358-8A11-2C62BA404C14}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{456509F8-3773-463A-A5DC-08581BFEF06F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{49E44B06-8551-4C5D-BD29-ADCF7ED54183}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"{4AC5778C-F387-4039-B255-B96A3F966D2B}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{50FFC158-2181-4C16-AC25-79C937C6A081}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{54562C0E-E386-41E4-95EA-BE72BCAF6124}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"{5B5A100E-F5F4-469A-9D9D-24CD66526048}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |
"{5B92377C-958D-4EB9-BBEF-C6FCA954C0D8}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{60DACEE0-0D19-4172-BD35-D2BC25BDF86A}" = protocol=6 | dir=out | app=%systemroot%\system32\netproj.exe |
"{621D9486-DC96-4F37-AAA3-8351F10B8BEB}" = protocol=6 | dir=out | app=system |
"{631D87D6-DE2B-4448-B0B0-8D788A06DA64}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{6A1B81B0-0DC8-4C1F-BA38-FA5009524DEB}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"{73E1A6C8-1E30-4AC7-91DB-C096041AE914}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{775502BF-1837-4B1B-B6AF-0F598558B2E4}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7980F618-6BAC-44D4-A015-66D4F34BB712}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{7CEDC069-5E20-4054-AF43-09558809B8C5}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{8546E39D-16E2-43DD-B6FF-9D635FD3184C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{896CE7BB-8C3D-4BCB-9C60-B379E36ED24C}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{8C9D88AD-FFD4-41B2-B14D-A5B23D45BFD3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{97F9AE57-533C-452B-B80E-70AFC5E735EA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9CC6FDAB-6490-4531-A804-991871627C5E}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{A1CCCE2A-69C8-4597-B782-F972C8BC86EE}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"{B800005A-0E29-4AF7-8B72-1B6DB30778B5}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{BB95437F-AF9F-4DBE-AD49-E05EB2B22A3A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C220E181-37F9-4F92-A33D-8F6088F13C53}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{C464D46B-4903-4F20-AF42-4210579599A7}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{C5B45718-8B3E-49C7-901E-4BB6817710F9}" = protocol=6 | dir=in | app=c:\program files\symantec antivirus\rtvscan.exe |
"{C704EB6C-02CD-4C82-8B4C-73ECA8A06459}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C8C3A713-34BC-4741-B6CA-DC9D86D911A8}" = protocol=17 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
"{CA9E0240-1220-49F7-B2B5-839AF06206E8}" = protocol=17 | dir=in | app=c:\program files\symantec antivirus\rtvscan.exe |
"{CB1551F9-0F66-41DE-8ABE-C8B8A8EB3F3A}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{E3294748-DA3F-428D-8381-39F51CDE5F0B}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{E5A2620F-76D5-4633-BE2B-8AFB43F3FB79}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EDC500CB-06BA-48F8-BF04-B09CD586321C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F4B33856-416F-4A73-9CA7-C96B25F1F2DC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FACEE681-9D80-4C28-8247-3AA9C3E44E25}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"TCP Query User{1314E59A-2218-4DB9-8B6F-D3F7C65E5730}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{1F0227F1-2E48-475E-8184-1BEB4E6C7302}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{742DC74E-06A5-4B82-A056-535378F79E18}C:\program files\atnotes\atnotes.exe" = protocol=6 | dir=in | app=c:\program files\atnotes\atnotes.exe |
"TCP Query User{80479C64-D823-4761-B617-72EC8A73466F}C:\users\nadine\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\nadine\program files\dna\btdna.exe |
"TCP Query User{86785BD5-42E5-471B-854B-9020C2A8E827}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{8C501185-0F81-4A16-8EC8-822CDF6A796B}C:\program files\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files\ares\ares.exe |
"TCP Query User{9C7FC80D-53D9-4761-A952-F344F6B70046}C:\program files\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files\ares\ares.exe |
"TCP Query User{9E0BD40F-64B7-4984-B647-9328AE3775F6}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=6 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |
"TCP Query User{AC5359C6-0422-404A-AE94-EA63134A47DD}F:\atnotes\atnotes.exe" = protocol=6 | dir=in | app=f:\atnotes\atnotes.exe |
"TCP Query User{B4F7BDDC-44A5-4037-84E2-949CD74CCA8C}C:\program files\njstar communicator\minismtp.exe" = protocol=6 | dir=in | app=c:\program files\njstar communicator\minismtp.exe |
"TCP Query User{B917F5F0-894F-4098-B7B8-0F0E1F21D703}C:\users\nadine\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\nadine\program files\dna\btdna.exe |
"TCP Query User{CFA902BF-4B19-450F-8E18-C194C7F5F16A}C:\program files\atnotes\atnotes.exe" = protocol=6 | dir=in | app=c:\program files\atnotes\atnotes.exe |
"TCP Query User{D635BD83-5DEA-4995-9D59-1E93B62835AA}C:\users\nadine\appdata\roaming\microsoft\windows\start menu\programs\startup\atnotes.exe" = protocol=6 | dir=in | app=c:\users\nadine\appdata\roaming\microsoft\windows\start menu\programs\startup\atnotes.exe |
"TCP Query User{FECB7BB8-18B0-4E90-A83C-66D760345284}C:\program files\ares vista\ares.exe" = protocol=6 | dir=in | app=c:\program files\ares vista\ares.exe |
"UDP Query User{15B80708-EFA1-466B-AFC8-29770FAA17F7}F:\atnotes\atnotes.exe" = protocol=17 | dir=in | app=f:\atnotes\atnotes.exe |
"UDP Query User{22ED0E81-6FD5-4A09-A78F-F10610E4CDAA}C:\users\nadine\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\nadine\program files\dna\btdna.exe |
"UDP Query User{26C5A225-C535-4DC0-A57D-94ABB30A5EAF}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{332C39AD-9095-48EA-AEE3-64D25A6AE2D9}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=17 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |
"UDP Query User{559C78F2-483F-4A61-B912-364D161B5C2C}C:\program files\atnotes\atnotes.exe" = protocol=17 | dir=in | app=c:\program files\atnotes\atnotes.exe |
"UDP Query User{5A9B1AE9-C6DA-4DF5-9D25-8F5BB04EEAD4}C:\program files\ares\ares.exe" = protocol=17 | dir=in | app=c:\program files\ares\ares.exe |
"UDP Query User{608D931D-8C33-4466-88B9-74862C7461B7}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{8002504C-83B1-4A0A-8E29-F71EA8D220B1}C:\program files\njstar communicator\minismtp.exe" = protocol=17 | dir=in | app=c:\program files\njstar communicator\minismtp.exe |
"UDP Query User{85DFC838-2EC0-42D9-9ECC-6FF96F6F7B16}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{99965541-6F17-4BF4-A8C7-2939DC4E061A}C:\users\nadine\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\nadine\program files\dna\btdna.exe |
"UDP Query User{B20A1C20-A4B8-45D7-8396-4842AE1C12F7}C:\program files\ares vista\ares.exe" = protocol=17 | dir=in | app=c:\program files\ares vista\ares.exe |
"UDP Query User{E08E31D5-17BA-4D55-9ABB-E63D735CE703}C:\users\nadine\appdata\roaming\microsoft\windows\start menu\programs\startup\atnotes.exe" = protocol=17 | dir=in | app=c:\users\nadine\appdata\roaming\microsoft\windows\start menu\programs\startup\atnotes.exe |
"UDP Query User{FA1A4FEA-5030-44D4-8367-6B2B5C5A1C29}C:\program files\ares\ares.exe" = protocol=17 | dir=in | app=c:\program files\ares\ares.exe |
"UDP Query User{FAE499D3-7779-4BC7-A17D-9F1E4CD4C194}C:\program files\atnotes\atnotes.exe" = protocol=17 | dir=in | app=c:\program files\atnotes\atnotes.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{191C41F6-4BA8-4D3D-BBC5-AAC8F3077E3F}" = Fujitsu MobilityCenter Extension Utility
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 19
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{36795A4D-7DC7-448A-BBF3-7F587E0331A8}" = Fujitsu WebCam
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{46B0B653-2249-42A0-B834-B58126A20D5E}" = Power Saving Utility
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{6226477E-444F-4DFE-BA19-9F4F7D4565BC}" = LifeBook Application Panel
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C9E6E52-EB11-44DB-A761-82D5D873A8D9}" = Symantec AntiVirus
"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{827517C3-9B89-458E-A8F2-96DD24BDFE29}" = Shock Sensor Utility
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PRJPRO_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_VISPRO_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PRJPRO_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_VISPRO_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PRJPRO_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_VISPRO_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2007
"{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{9E73617F-2F38-4864-BD61-BB2DDFE43323}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{0FD405D3-CAF8-4CA6-8BFD-911D2F8A6585}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
"{90120000-0054-0409-0000-0000000FF1CE}_VISPRO_{519D9F45-CBF4-4E57-B419-11F196CCA8AE}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PRJPRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_VISPRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2007
"{90120000-00B4-0409-0000-0000000FF1CE}_PRJPRO_{27A9D316-D332-433B-8EB1-1D93EE49F26D}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PRJPRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_VISPRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Turbo Memory and Intel® Matrix Storage Manager
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{98736A65-3C79-49EC-B7E9-A3C77774B0E6}" = Google SketchUp 6
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.4
"{AC76BA86-7AD7-2448-0000-800000000003}" = Chinese Traditional Fonts Support For Adobe Reader 8
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B10D407C-75F9-4B5C-999F-E6B75AB31CAB}" = AuthenTec Fingerprint Sensor Minimum Install
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}" = Google SketchUp 6
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BA0CC975-682B-4678-A35C-05E607F36387}" = Fujitsu Hotkey Utility
"{BB0000C9-D201-42A9-B35F-3B4128C25FB4}" = Fujitsu Display Manager
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}" = Fujitsu System Extension Utility
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4E57F49-84B4-4CF2-B0A1-8CA1752BDF7E}" = OmniPass 5.00.62
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FEDE400D-3381-4087-ACCB-689DD8A56123}" = Inst5657
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Browser Defender_is1" = Browser Defender 2.0.6.11
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HitmanPro35" = Hitman Pro 3.5
"InstallShield_{191C41F6-4BA8-4D3D-BBC5-AAC8F3077E3F}" = Fujitsu MobilityCenter Extension Utility
"InstallShield_{46B0B653-2249-42A0-B834-B58126A20D5E}" = Power Saving Utility
"InstallShield_{6226477E-444F-4DFE-BA19-9F4F7D4565BC}" = LifeBook Application Panel
"InstallShield_{827517C3-9B89-458E-A8F2-96DD24BDFE29}" = Shock Sensor Utility
"InstallShield_{BA0CC975-682B-4678-A35C-05E607F36387}" = Fujitsu Hotkey Utility
"InstallShield_{BB0000C9-D201-42A9-B35F-3B4128C25FB4}" = Fujitsu Display Manager
"InstallShield_{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}" = Fujitsu System Extension Utility
"Juniper Network Connect 6.0.0" = Juniper Networks Network Connect 6.0.0
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Orb" = Winamp Remote
"PRJPRO" = Microsoft Office Project Professional 2007
"PROPLUS" = Microsoft Office Professional Plus 2007
"Registry Mechanic_is1" = Registry Mechanic 9.0
"Spyware Doctor" = Spyware Doctor 7.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VISPRO" = Microsoft Office Visio Professional 2007
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"JuniperSetupClient" = Juniper Networks Setup Client
"Neoteris_Host_Checker" = Juniper Networks Host Checker

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/6/2009 11:54:26 AM | Computer Name = Nadine-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 6/6/2009 11:54:27 AM | Computer Name = Nadine-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 6/6/2009 11:54:32 AM | Computer Name = Nadine-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 6/6/2009 11:54:32 AM | Computer Name = Nadine-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 6/6/2009 11:59:32 AM | Computer Name = Nadine-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 6/6/2009 11:59:33 AM | Computer Name = Nadine-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 6/6/2009 12:01:00 PM | Computer Name = Nadine-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 6/6/2009 12:01:00 PM | Computer Name = Nadine-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 6/6/2009 12:01:01 PM | Computer Name = Nadine-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 6/6/2009 12:01:01 PM | Computer Name = Nadine-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

[ OSession Events ]
Error - 5/16/2008 12:30:52 PM | Computer Name = Nadine-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 833
seconds with 780 seconds of active time. This session ended with a crash.

Error - 9/17/2008 11:50:16 AM | Computer Name = Nadine-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 12
seconds with 0 seconds of active time. This session ended with a crash.

Error - 9/17/2008 1:25:44 PM | Computer Name = Nadine-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6323.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 31
seconds with 0 seconds of active time. This session ended with a crash.

Error - 9/17/2008 2:45:11 PM | Computer Name = Nadine-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6323.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1241
seconds with 1200 seconds of active time. This session ended with a crash.

Error - 2/11/2009 4:13:00 PM | Computer Name = Nadine-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 454
seconds with 420 seconds of active time. This session ended with a crash.

Error - 4/6/2009 5:21:21 PM | Computer Name = Nadine-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session
lasted 1325 seconds with 900 seconds of active time. This session ended with a
crash.

Error - 7/26/2009 11:43:26 PM | Computer Name = Nadine-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.

Error - 8/5/2009 12:52:13 AM | Computer Name = Nadine-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6
seconds with 0 seconds of active time. This session ended with a crash.

Error - 10/28/2009 3:30:13 PM | Computer Name = Nadine-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6504.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 961
seconds with 780 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 4/8/2010 1:36:31 AM | Computer Name = Nadine-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 4/8/2010 1:36:31 AM | Computer Name = Nadine-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 4/8/2010 1:41:41 AM | Computer Name = Nadine-PC | Source = Service Control Manager | ID = 7024
Description =

Error - 4/8/2010 1:41:41 AM | Computer Name = Nadine-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 4/8/2010 6:56:38 PM | Computer Name = Nadine-PC | Source = Service Control Manager | ID = 7024
Description =

Error - 4/8/2010 6:56:51 PM | Computer Name = Nadine-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 4/8/2010 6:56:52 PM | Computer Name = Nadine-PC | Source = DCOM | ID = 10005
Description =

Error - 4/8/2010 6:56:53 PM | Computer Name = Nadine-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 4/8/2010 6:56:53 PM | Computer Name = Nadine-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 4/8/2010 6:57:21 PM | Computer Name = Nadine-PC | Source = Service Control Manager | ID = 7032
Description =


< End of report >

 

Any better after running Gooredfix? Did you install Askbar toolbar?

 

no I didn't install Askbar toolbar, should i? The redirecting comes back after 1st search in google, 2nd search and on it keeps on redirecting to somewhere else.

 

Go into programs and features in control panel and uninstall AskBar, reboot and see if the re-directs persist.
If they do, please run OTL again as above.

 

I do not have AskBar in program and features, I didn't install AskBar......I did reboot but still the same.

 

Run OTL

• Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
  
  
  Code:

  :OTL
  FF - prefs.js..keyword.URL:  "http://toolbar.ask.com/toolbarv/askRedirect?o=101757&gct=&gc=1&q= "
  :Commands
  [emptytemp]
  [resethosts]
  [Reboot]

• Then click the [color= "#FF0000"]Run Fix[/color] button at the top.
• Let the program run unhindered, reboot the PC when it is done.
• Post log from this run.
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

 

here is the log after RunFix

All processes killed
========== OTL ==========
Prefs.js: "http://toolbar.ask.com/toolbarv/askRedirect?o=101757&gct=&gc=1&q=" removed from keyword.URL
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Nadine
->Temp folder emptied: 5773638 bytes
->Temporary Internet Files folder emptied: 243954109 bytes
->Java cache emptied: 59318205 bytes
->FireFox cache emptied: 36003720 bytes
->Google Chrome cache emptied: 32521304 bytes
->Apple Safari cache emptied: 1155133 bytes
->Flash cache emptied: 2287928 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1493644 bytes
RecycleBin emptied: 2691 bytes

Total Files Cleaned = 365.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.1.1 log created on 04112010_000301

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

 

here is the log after quick scan:

OTL logfile created on: 4/11/2010 12:18:14 AM - Run 2
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Users\Nadine\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 52.00% Memory free
7.00 Gb Paging File | 5.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.23 Gb Total Space | 46.51 Gb Free Space | 62.65% Space Free | Partition Type: NTFS
Drive D: | 73.84 Gb Total Space | 73.67 Gb Free Space | 99.77% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NADINE-PC
Current User Name: Nadine
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/04/09 17:43:40 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Users\Nadine\Desktop\OTL.exe
PRC - [2010/04/07 21:15:28 | 000,632,792 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2010/04/02 15:21:11 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/01/21 18:21:02 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2010/01/18 14:14:26 | 001,286,608 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe
PRC - [2010/01/18 14:14:24 | 001,141,712 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe
PRC - [2009/12/09 15:23:34 | 000,365,280 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
PRC - [2009/11/25 15:42:20 | 000,292,824 | ---- | M] (PC Tools ) -- C:\Program Files\Registry Mechanic\RMTray.exe
PRC - [2009/11/25 15:42:18 | 000,104,408 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
PRC - [2009/05/19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/04/11 01:28:15 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/05 17:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/30 14:50:54 | 000,423,280 | ---- | M] (Juniper Networks) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
PRC - [2008/01/28 11:43:32 | 000,810,320 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2007/12/14 16:45:34 | 000,193,832 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe
PRC - [2007/07/24 20:02:44 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/07/24 20:02:42 | 000,174,616 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/07/12 17:28:50 | 002,560,000 | ---- | M] () -- C:\Program Files\Softex\OmniPass\scureapp.exe
PRC - [2007/07/12 16:44:00 | 000,069,632 | ---- | M] () -- C:\Program Files\Softex\OmniPass\opvapp.exe
PRC - [2007/07/12 16:42:58 | 000,040,960 | ---- | M] (Softex Inc.) -- C:\Program Files\Softex\OmniPass\OmniServ.exe
PRC - [2007/07/10 17:59:32 | 000,077,824 | ---- | M] () -- C:\Windows\RDrvMon.exe
PRC - [2007/06/20 03:56:16 | 004,493,312 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/05/24 11:33:32 | 001,150,976 | ---- | M] (AuthenTec, Inc.) -- C:\Program Files\Fingerprint Sensor\ATSwpNav.exe
PRC - [2007/05/22 17:57:26 | 002,756,608 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2007/05/18 17:14:14 | 002,170,880 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
PRC - [2007/04/26 15:53:38 | 000,274,432 | ---- | M] (TOSHIBA CORPORATION.) -- c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
PRC - [2007/02/27 21:21:10 | 000,278,528 | ---- | M] (TOSHIBA CORPORATION.) -- c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2007/02/27 20:57:56 | 000,278,528 | ---- | M] (TOSHIBA CORPORATION.) -- c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
PRC - [2007/02/25 22:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) -- c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2007/01/30 18:47:48 | 000,307,200 | ---- | M] (TOSHIBA CORPORATION.) -- c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe
PRC - [2006/11/28 06:34:38 | 000,134,808 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2006/11/28 06:34:28 | 000,075,416 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\SavUI.exe
PRC - [2006/11/28 06:34:26 | 000,122,008 | ---- | M] (symantec) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe
PRC - [2006/11/28 06:34:18 | 001,962,136 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2006/11/28 06:34:02 | 000,024,728 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DoScan.exe
PRC - [2006/11/28 06:34:00 | 000,030,872 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2006/11/25 18:09:32 | 000,260,912 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
PRC - [2006/11/22 17:12:36 | 000,107,112 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2006/11/22 17:12:16 | 000,107,624 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2006/11/17 16:38:40 | 000,080,688 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
PRC - [2006/11/12 17:13:58 | 000,068,400 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
PRC - [2006/11/07 15:45:38 | 000,097,072 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
PRC - [2006/10/30 03:37:36 | 000,063,016 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\PSUtility\PSUService.exe
PRC - [2006/10/30 03:37:32 | 000,136,744 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\PSUtility\TrayManager.exe
PRC - [2006/10/05 09:10:00 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006/01/24 00:14:10 | 000,069,632 | ---- | M] (TOSHIBA CORPORATION.) -- c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe


========== Modules (SafeList) ==========

MOD - [2010/04/09 17:43:40 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Users\Nadine\Desktop\OTL.exe
MOD - [2009/10/30 11:18:16 | 000,147,024 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\PCTGMhk.dll
MOD - [2009/04/11 01:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/04/07 21:15:28 | 000,632,792 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2010/01/21 18:21:02 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2010/01/18 14:14:24 | 001,141,712 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009/12/09 15:23:34 | 000,365,280 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/09/24 20:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/08/05 23:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/05/19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/04/30 14:50:54 | 000,423,280 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2008/01/28 11:43:32 | 000,810,320 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/07/24 20:02:44 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007/07/12 16:42:58 | 000,040,960 | ---- | M] (Softex Inc.) [Auto | Running] -- C:\Program Files\Softex\OmniPass\OmniServ.exe -- (omniserv)
SRV - [2007/04/03 00:32:26 | 000,105,248 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2007/04/03 00:29:46 | 000,076,576 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- c:\Program Files\Common Files\LogiShrd\LvIBTSvr\LvIBTSvr.exe -- (LvIBTSvr)
SRV - [2007/02/25 22:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2006/11/28 06:34:26 | 000,122,008 | ---- | M] (symantec) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2006/11/28 06:34:18 | 001,962,136 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2006/11/28 06:34:00 | 000,030,872 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2006/11/22 17:12:16 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2006/11/22 17:12:16 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2006/10/31 10:32:09 | 002,541,248 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2006/10/30 03:37:36 | 000,063,016 | ---- | M] (FUJITSU LIMITED) [Auto | Running] -- C:\Program Files\Fujitsu\PSUtility\PSUService.exe -- (PowerSavingUtilityService)
SRV - [2006/10/05 09:10:00 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.pc-ap.fujitsu.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: " "

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/02 15:21:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/02 15:21:13 | 000,000,000 | ---D | M]

[2009/12/21 00:56:05 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\Mozilla\Extensions
[2010/04/08 23:24:14 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\auq79100.default\extensions
[2009/12/21 18:29:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\auq79100.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/07 21:55:40 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/09/03 19:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll

O1 HOSTS File: ([2010/04/11 00:08:10 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ATSwpNav] C:\Program Files\Fingerprint Sensor\ATSwpNav.exe (AuthenTec, Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [FjRDrvMon] C:\Windows\RDrvMon.exe ()
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IaNvSrv] C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe (Intel Corporation)
O4 - HKLM..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe ()
O4 - HKLM..\Run: [PSUtility] C:\Program Files\Fujitsu\PSUtility\TrayManager.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
O4 - HKLM..\Run: [SSUtility] C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [TvOutSwitch] C:\Program Files\Fujitsu\DispSwitch\DispSwitchLauncher.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\rmtray.exe (PC Tools )
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebook.com/controls/FacebookPhotoUploader3.cab (Facebook Photo Uploader 4 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.94.156.1 68.94.157.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Nadine\Pictures\IMG_2476.JPG
O24 - Desktop BackupWallPaper: C:\Users\Nadine\Pictures\IMG_2476.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{3b8a7819-77db-11dd-8051-00037ab3930e}\Shell - " " = AutoRun
O33 - MountPoints2\{3b8a7819-77db-11dd-8051-00037ab3930e}\Shell\AutoRun\command - " " = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\{3b8a7820-77db-11dd-8051-00037ab3930e}\Shell - " " = AutoRun
O33 - MountPoints2\{3b8a7820-77db-11dd-8051-00037ab3930e}\Shell\AutoRun\command - " " = J:\LaunchU3.exe -- File not found
O33 - MountPoints2\{45260f72-dd21-11dd-bcba-00037ab3930e}\Shell - " " = AutoRun
O33 - MountPoints2\{45260f72-dd21-11dd-bcba-00037ab3930e}\Shell\AutoRun\command - " " = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{6593f001-a23f-11dd-8ef1-00037ab3930e}\Shell - " " = AutoRun
O33 - MountPoints2\{6593f001-a23f-11dd-8ef1-00037ab3930e}\Shell\AutoRun\command - " " = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{8c16bd50-e0b7-11dd-b56a-00037ab3930e}\Shell - " " = AutoRun
O33 - MountPoints2\{8c16bd50-e0b7-11dd-b56a-00037ab3930e}\Shell\AutoRun\command - " " = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{a466b403-4dc6-11dd-a27f-00037ab3930e}\Shell\AutoRun\command - " " = Autorun.exe /run
O33 - MountPoints2\{a466b403-4dc6-11dd-a27f-00037ab3930e}\Shell\Shell00\Command - " " = Autorun.exe /run
O33 - MountPoints2\{a466b403-4dc6-11dd-a27f-00037ab3930e}\Shell\Shell01\Command - " " = Autorun.exe /action
O33 - MountPoints2\{a466b403-4dc6-11dd-a27f-00037ab3930e}\Shell\Shell02\Command - " " = Autorun.exe /uninstall
O33 - MountPoints2\F\Shell - " " = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - " " = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2010/04/11 00:03:01 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/04/09 22:10:56 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\Deployment
[2010/04/09 17:46:06 | 000,000,000 | ---D | C] -- C:\Users\Nadine\Desktop\GooredFix Backups
[2010/04/09 17:43:38 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Users\Nadine\Desktop\OTL.exe
[2010/04/09 17:43:02 | 000,070,858 | ---- | C] (jpshortstuff) -- C:\Users\Nadine\Desktop\GooredFix.exe
[2010/04/08 00:50:17 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2010/04/08 00:24:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2010/04/08 00:24:33 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/04/07 22:48:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2010/04/07 22:48:24 | 000,000,000 | ---D | C] -- C:\Users\Nadine\Office Genuine Advantage
[2010/04/07 21:27:48 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Roaming\Registry Mechanic
[2010/04/07 21:13:31 | 001,101,824 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\System32\UniBox210.ocx
[2010/04/07 21:13:31 | 000,212,992 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\System32\UniBoxVB12.ocx
[2010/04/07 21:13:30 | 000,880,640 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\System32\UniBox10.ocx
[2010/04/07 21:13:16 | 000,000,000 | ---D | C] -- C:\Program Files\Registry Mechanic
[2010/04/06 23:02:41 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/06 23:00:41 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2010/04/06 23:00:40 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2010/04/06 23:00:40 | 001,640,400 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll.old
[2010/04/06 23:00:40 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2010/04/06 22:57:13 | 000,233,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2010/04/06 22:57:13 | 000,100,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
[2010/04/06 22:57:08 | 000,207,280 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2010/04/06 22:57:08 | 000,087,784 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2010/04/06 22:57:00 | 000,070,408 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2010/04/06 22:56:51 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/04/06 22:56:51 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Roaming\PC Tools
[2010/04/06 22:56:51 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010/04/06 22:56:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/04/03 23:49:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun

========== Files - Modified Within 14 Days ==========

[2010/04/11 00:31:46 | 005,767,168 | ---- | M] () -- C:\Users\Nadine\NTUSER.DAT
[2010/04/11 00:30:38 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{7D79F7E0-2B2B-4809-BBB2-E620A7198416}.job
[2010/04/11 00:18:03 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1224792601-3371567533-4042545913-1000UA.job
[2010/04/11 00:17:53 | 000,695,758 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/04/11 00:17:53 | 000,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/04/11 00:17:53 | 000,105,952 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/04/11 00:11:10 | 000,000,310 | -HS- | M] () -- C:\Windows\tasks\Btykf.job
[2010/04/11 00:11:06 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/04/11 00:11:01 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/04/11 00:11:01 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/04/11 00:08:33 | 000,524,288 | -HS- | M] () -- C:\Users\Nadine\NTUSER.DAT{0f1252ef-42c7-11df-986b-00037ab3930e}.TMContainer00000000000000000001.regtrans-ms
[2010/04/11 00:08:33 | 000,065,536 | -HS- | M] () -- C:\Users\Nadine\NTUSER.DAT{0f1252ef-42c7-11df-986b-00037ab3930e}.TM.blf
[2010/04/11 00:08:10 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2010/04/10 22:18:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1224792601-3371567533-4042545913-1000Core.job
[2010/04/09 22:14:15 | 000,002,047 | ---- | M] () -- C:\Users\Nadine\Desktop\Google Chrome.lnk
[2010/04/09 21:07:47 | 000,015,944 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2010/04/09 21:00:44 | 001,865,204 | -H-- | M] () -- C:\Users\Nadine\AppData\Local\IconCache.db
[2010/04/09 17:43:40 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Users\Nadine\Desktop\OTL.exe
[2010/04/09 17:43:03 | 000,070,858 | ---- | M] (jpshortstuff) -- C:\Users\Nadine\Desktop\GooredFix.exe
[2010/04/09 02:20:45 | 000,035,840 | ---- | M] () -- C:\Users\Nadine\Desktop\Book1.xls
[2010/04/08 23:05:37 | 000,195,584 | ---- | M] () -- C:\Users\Nadine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/08 17:55:31 | 000,000,308 | ---- | M] () -- C:\Windows\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2010/04/08 00:50:17 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2010/04/08 00:25:12 | 000,524,288 | -HS- | M] () -- C:\Users\Nadine\NTUSER.DAT{0f1252ef-42c7-11df-986b-00037ab3930e}.TMContainer00000000000000000002.regtrans-ms
[2010/04/07 23:53:33 | 005,767,168 | -HS- | M] () -- C:\Users\Nadine\ntuser.dat.rmbak
[2010/04/07 23:53:33 | 000,524,288 | -HS- | M] () -- C:\Users\Nadine\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TMContainer00000000000000000002.regtrans-ms
[2010/04/07 23:53:33 | 000,065,536 | -HS- | M] () -- C:\Users\Nadine\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TM.blf
[2010/04/07 23:08:17 | 000,009,597 | ---- | M] () -- C:\Users\Nadine\Desktop\mileages.xlsx

========== Files Created - No Company Name ==========

[2010/04/09 22:14:15 | 000,002,047 | ---- | C] () -- C:\Users\Nadine\Desktop\Google Chrome.lnk
[2010/04/09 22:13:05 | 000,000,912 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1224792601-3371567533-4042545913-1000UA.job
[2010/04/09 22:13:05 | 000,000,860 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1224792601-3371567533-4042545913-1000Core.job
[2010/04/09 02:19:29 | 000,035,840 | ---- | C] () -- C:\Users\Nadine\Desktop\Book1.xls
[2010/04/08 00:57:28 | 000,000,308 | ---- | C] () -- C:\Windows\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2010/04/08 00:39:56 | 000,015,944 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2010/04/07 23:55:34 | 000,524,288 | -HS- | C] () -- C:\Users\Nadine\NTUSER.DAT{0f1252ef-42c7-11df-986b-00037ab3930e}.TMContainer00000000000000000002.regtrans-ms
[2010/04/07 23:55:33 | 000,524,288 | -HS- | C] () -- C:\Users\Nadine\NTUSER.DAT{0f1252ef-42c7-11df-986b-00037ab3930e}.TMContainer00000000000000000001.regtrans-ms
[2010/04/07 23:55:33 | 000,065,536 | -HS- | C] () -- C:\Users\Nadine\NTUSER.DAT{0f1252ef-42c7-11df-986b-00037ab3930e}.TM.blf
[2010/04/07 23:53:21 | 000,262,144 | -H-- | C] () -- C:\Users\Nadine\S-1-5-21-1224792601-3371567533-4042545913-1000.rrr.LOG1
[2010/04/07 23:53:21 | 000,000,000 | -H-- | C] () -- C:\Users\Nadine\S-1-5-21-1224792601-3371567533-4042545913-1000.rrr.LOG2
[2010/04/06 23:00:41 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll.old
[2010/04/06 23:00:41 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2010/04/06 23:00:41 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml
[2010/04/06 23:00:41 | 000,000,879 | ---- | C] () -- C:\Windows\RegISSImport.xml
[2010/04/06 23:00:41 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip
[2010/04/06 23:00:40 | 001,152,444 | ---- | C] () -- C:\Windows\UDB.zip
[2010/04/06 22:57:13 | 000,007,387 | ---- | C] () -- C:\Windows\System32\drivers\pctgntdi.cat
[2010/04/06 22:57:08 | 000,007,412 | ---- | C] () -- C:\Windows\System32\drivers\PCTAppEvent.cat
[2010/04/06 22:57:08 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctcore.cat
[2010/04/06 22:57:00 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctplsg.cat
[2009/12/20 03:15:44 | 000,068,096 | RHS- | C] () -- C:\Windows\System32\diskcopyv.dll
[2009/09/15 19:09:55 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2008/08/20 00:16:57 | 000,000,372 | ---- | C] () -- C:\Users\Nadine\Documents - Shortcut.lnk
[2008/06/12 14:36:38 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008/05/07 19:09:42 | 000,004,096 | -H-- | C] () -- C:\Users\Nadine\AppData\Local\keyfile3.drm
[2008/04/12 07:41:20 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008/04/12 07:30:20 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008/03/10 06:08:47 | 000,023,580 | ---- | C] () -- C:\Users\Nadine\AppData\Roaming\UserTile.png
[2008/03/10 05:48:02 | 000,000,680 | ---- | C] () -- C:\Users\Nadine\AppData\Local\d3d9caps.dat
[2008/03/05 17:23:09 | 000,195,584 | ---- | C] () -- C:\Users\Nadine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/03/05 17:20:20 | 000,000,418 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/03/02 05:11:46 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/03/02 04:37:13 | 000,639,224 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2008/03/02 03:59:22 | 000,000,000 | ---- | C] () -- C:\Windows\tosOBEX.INI
[2008/03/02 03:53:02 | 000,000,020 | -HS- | C] () -- C:\Users\Nadine\ntuser.ini
[2008/03/02 03:53:01 | 000,524,288 | -HS- | C] () -- C:\Users\Nadine\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TMContainer00000000000000000002.regtrans-ms
[2008/03/02 03:53:01 | 000,524,288 | -HS- | C] () -- C:\Users\Nadine\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TMContainer00000000000000000001.regtrans-ms
[2008/03/02 03:53:01 | 000,262,144 | ---- | C] () -- C:\Users\Nadine\ntuser.dat.LOG1
[2008/03/02 03:53:01 | 000,065,536 | -HS- | C] () -- C:\Users\Nadine\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TM.blf
[2008/03/02 03:53:01 | 000,000,000 | ---- | C] () -- C:\Users\Nadine\ntuser.dat.LOG2
[2008/03/02 03:53:00 | 005,767,168 | -HS- | C] () -- C:\Users\Nadine\ntuser.dat.rmbak
[2008/03/02 03:53:00 | 005,767,168 | ---- | C] () -- C:\Users\Nadine\NTUSER.DAT
[2008/03/02 03:50:35 | 000,001,803 | ---- | C] () -- C:\Windows\fjtmf.ini
[2008/03/02 03:45:30 | 000,167,936 | ---- | C] () -- C:\Windows\System32\nvccoin.dll
[2008/03/02 03:29:39 | 000,910,464 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2008/03/02 03:29:39 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1283.dll
[2008/03/02 03:29:38 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2008/03/02 03:26:40 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007/06/27 08:00:00 | 011,194,368 | ---- | C] () -- C:\Windows\System32\ZHHP_RES.DLL
[2007/06/27 08:00:00 | 000,749,568 | ---- | C] () -- C:\Windows\System32\AGISSI.DLL
[2007/04/17 16:50:02 | 000,003,164 | ---- | C] () -- C:\Windows\System32\FJSaver.ini
[2007/02/07 04:20:50 | 000,050,127 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2007/02/05 20:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006/12/05 14:05:06 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005/07/22 22:30:20 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll

========== LOP Check ==========

[2008/03/02 11:18:04 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\Autodesk
[2008/09/17 12:29:00 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\Cogniview
[2010/03/29 22:06:07 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\Facebook
[2008/03/10 05:59:51 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\Fujitsu
[2008/09/12 21:05:39 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\Juniper Networks
[2008/03/10 06:08:47 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\PeerNetworking
[2010/04/09 21:00:16 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\Registry Mechanic
[2008/05/02 12:24:49 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\Toshiba
[2010/04/11 00:11:10 | 000,000,310 | -HS- | M] () -- C:\Windows\Tasks\Btykf.job
[2010/04/11 00:08:47 | 000,032,626 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/04/11 00:30:38 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{7D79F7E0-2B2B-4809-BBB2-E620A7198416}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 195 bytes -> C:\ProgramData\TEMPFC5A2B2
@Alternate Data Stream - 153 bytes -> C:\ProgramData\TEMP1B5B4F1
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8
< End of report >

 

here is the log after quick scan:

OTL logfile created on: 4/11/2010 12:18:14 AM - Run 2
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Users\Nadine\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 52.00% Memory free
7.00 Gb Paging File | 5.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.23 Gb Total Space | 46.51 Gb Free Space | 62.65% Space Free | Partition Type: NTFS
Drive D: | 73.84 Gb Total Space | 73.67 Gb Free Space | 99.77% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NADINE-PC
Current User Name: Nadine
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/04/09 17:43:40 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Users\Nadine\Desktop\OTL.exe
PRC - [2010/04/07 21:15:28 | 000,632,792 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2010/04/02 15:21:11 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/01/21 18:21:02 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2010/01/18 14:14:26 | 001,286,608 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe
PRC - [2010/01/18 14:14:24 | 001,141,712 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe
PRC - [2009/12/09 15:23:34 | 000,365,280 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
PRC - [2009/11/25 15:42:20 | 000,292,824 | ---- | M] (PC Tools ) -- C:\Program Files\Registry Mechanic\RMTray.exe
PRC - [2009/11/25 15:42:18 | 000,104,408 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
PRC - [2009/05/19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/04/11 01:28:15 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/05 17:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/30 14:50:54 | 000,423,280 | ---- | M] (Juniper Networks) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
PRC - [2008/01/28 11:43:32 | 000,810,320 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2007/12/14 16:45:34 | 000,193,832 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe
PRC - [2007/07/24 20:02:44 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/07/24 20:02:42 | 000,174,616 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/07/12 17:28:50 | 002,560,000 | ---- | M] () -- C:\Program Files\Softex\OmniPass\scureapp.exe
PRC - [2007/07/12 16:44:00 | 000,069,632 | ---- | M] () -- C:\Program Files\Softex\OmniPass\opvapp.exe
PRC - [2007/07/12 16:42:58 | 000,040,960 | ---- | M] (Softex Inc.) -- C:\Program Files\Softex\OmniPass\OmniServ.exe
PRC - [2007/07/10 17:59:32 | 000,077,824 | ---- | M] () -- C:\Windows\RDrvMon.exe
PRC - [2007/06/20 03:56:16 | 004,493,312 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/05/24 11:33:32 | 001,150,976 | ---- | M] (AuthenTec, Inc.) -- C:\Program Files\Fingerprint Sensor\ATSwpNav.exe
PRC - [2007/05/22 17:57:26 | 002,756,608 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2007/05/18 17:14:14 | 002,170,880 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
PRC - [2007/04/26 15:53:38 | 000,274,432 | ---- | M] (TOSHIBA CORPORATION.) -- c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
PRC - [2007/02/27 21:21:10 | 000,278,528 | ---- | M] (TOSHIBA CORPORATION.) -- c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2007/02/27 20:57:56 | 000,278,528 | ---- | M] (TOSHIBA CORPORATION.) -- c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
PRC - [2007/02/25 22:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) -- c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2007/01/30 18:47:48 | 000,307,200 | ---- | M] (TOSHIBA CORPORATION.) -- c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe
PRC - [2006/11/28 06:34:38 | 000,134,808 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2006/11/28 06:34:28 | 000,075,416 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\SavUI.exe
PRC - [2006/11/28 06:34:26 | 000,122,008 | ---- | M] (symantec) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe
PRC - [2006/11/28 06:34:18 | 001,962,136 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2006/11/28 06:34:02 | 000,024,728 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DoScan.exe
PRC - [2006/11/28 06:34:00 | 000,030,872 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2006/11/25 18:09:32 | 000,260,912 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
PRC - [2006/11/22 17:12:36 | 000,107,112 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2006/11/22 17:12:16 | 000,107,624 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2006/11/17 16:38:40 | 000,080,688 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
PRC - [2006/11/12 17:13:58 | 000,068,400 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
PRC - [2006/11/07 15:45:38 | 000,097,072 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
PRC - [2006/10/30 03:37:36 | 000,063,016 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\PSUtility\PSUService.exe
PRC - [2006/10/30 03:37:32 | 000,136,744 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\PSUtility\TrayManager.exe
PRC - [2006/10/05 09:10:00 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006/01/24 00:14:10 | 000,069,632 | ---- | M] (TOSHIBA CORPORATION.) -- c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe


========== Modules (SafeList) ==========

MOD - [2010/04/09 17:43:40 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Users\Nadine\Desktop\OTL.exe
MOD - [2009/10/30 11:18:16 | 000,147,024 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\PCTGMhk.dll
MOD - [2009/04/11 01:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/04/07 21:15:28 | 000,632,792 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2010/01/21 18:21:02 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2010/01/18 14:14:24 | 001,141,712 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009/12/09 15:23:34 | 000,365,280 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/09/24 20:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/08/05 23:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/05/19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/04/30 14:50:54 | 000,423,280 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2008/01/28 11:43:32 | 000,810,320 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/07/24 20:02:44 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007/07/12 16:42:58 | 000,040,960 | ---- | M] (Softex Inc.) [Auto | Running] -- C:\Program Files\Softex\OmniPass\OmniServ.exe -- (omniserv)
SRV - [2007/04/03 00:32:26 | 000,105,248 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2007/04/03 00:29:46 | 000,076,576 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- c:\Program Files\Common Files\LogiShrd\LvIBTSvr\LvIBTSvr.exe -- (LvIBTSvr)
SRV - [2007/02/25 22:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2006/11/28 06:34:26 | 000,122,008 | ---- | M] (symantec) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2006/11/28 06:34:18 | 001,962,136 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2006/11/28 06:34:00 | 000,030,872 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2006/11/22 17:12:16 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2006/11/22 17:12:16 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2006/10/31 10:32:09 | 002,541,248 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2006/10/30 03:37:36 | 000,063,016 | ---- | M] (FUJITSU LIMITED) [Auto | Running] -- C:\Program Files\Fujitsu\PSUtility\PSUService.exe -- (PowerSavingUtilityService)
SRV - [2006/10/05 09:10:00 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.pc-ap.fujitsu.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: " "

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/02 15:21:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/02 15:21:13 | 000,000,000 | ---D | M]

[2009/12/21 00:56:05 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\Mozilla\Extensions
[2010/04/08 23:24:14 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\auq79100.default\extensions
[2009/12/21 18:29:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\auq79100.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/07 21:55:40 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/09/03 19:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll

O1 HOSTS File: ([2010/04/11 00:08:10 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ATSwpNav] C:\Program Files\Fingerprint Sensor\ATSwpNav.exe (AuthenTec, Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [FjRDrvMon] C:\Windows\RDrvMon.exe ()
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IaNvSrv] C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe (Intel Corporation)
O4 - HKLM..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe ()
O4 - HKLM..\Run: [PSUtility] C:\Program Files\Fujitsu\PSUtility\TrayManager.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
O4 - HKLM..\Run: [SSUtility] C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [TvOutSwitch] C:\Program Files\Fujitsu\DispSwitch\DispSwitchLauncher.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\rmtray.exe (PC Tools )
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebook.com/controls/FacebookPhotoUploader3.cab (Facebook Photo Uploader 4 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.94.156.1 68.94.157.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Nadine\Pictures\IMG_2476.JPG
O24 - Desktop BackupWallPaper: C:\Users\Nadine\Pictures\IMG_2476.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{3b8a7819-77db-11dd-8051-00037ab3930e}\Shell - " " = AutoRun
O33 - MountPoints2\{3b8a7819-77db-11dd-8051-00037ab3930e}\Shell\AutoRun\command - " " = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\{3b8a7820-77db-11dd-8051-00037ab3930e}\Shell - " " = AutoRun
O33 - MountPoints2\{3b8a7820-77db-11dd-8051-00037ab3930e}\Shell\AutoRun\command - " " = J:\LaunchU3.exe -- File not found
O33 - MountPoints2\{45260f72-dd21-11dd-bcba-00037ab3930e}\Shell - " " = AutoRun
O33 - MountPoints2\{45260f72-dd21-11dd-bcba-00037ab3930e}\Shell\AutoRun\command - " " = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{6593f001-a23f-11dd-8ef1-00037ab3930e}\Shell - " " = AutoRun
O33 - MountPoints2\{6593f001-a23f-11dd-8ef1-00037ab3930e}\Shell\AutoRun\command - " " = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{8c16bd50-e0b7-11dd-b56a-00037ab3930e}\Shell - " " = AutoRun
O33 - MountPoints2\{8c16bd50-e0b7-11dd-b56a-00037ab3930e}\Shell\AutoRun\command - " " = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{a466b403-4dc6-11dd-a27f-00037ab3930e}\Shell\AutoRun\command - " " = Autorun.exe /run
O33 - MountPoints2\{a466b403-4dc6-11dd-a27f-00037ab3930e}\Shell\Shell00\Command - " " = Autorun.exe /run
O33 - MountPoints2\{a466b403-4dc6-11dd-a27f-00037ab3930e}\Shell\Shell01\Command - " " = Autorun.exe /action
O33 - MountPoints2\{a466b403-4dc6-11dd-a27f-00037ab3930e}\Shell\Shell02\Command - " " = Autorun.exe /uninstall
O33 - MountPoints2\F\Shell - " " = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - " " = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2010/04/11 00:03:01 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/04/09 22:10:56 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\Deployment
[2010/04/09 17:46:06 | 000,000,000 | ---D | C] -- C:\Users\Nadine\Desktop\GooredFix Backups
[2010/04/09 17:43:38 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Users\Nadine\Desktop\OTL.exe
[2010/04/09 17:43:02 | 000,070,858 | ---- | C] (jpshortstuff) -- C:\Users\Nadine\Desktop\GooredFix.exe
[2010/04/08 00:50:17 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2010/04/08 00:24:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2010/04/08 00:24:33 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/04/07 22:48:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2010/04/07 22:48:24 | 000,000,000 | ---D | C] -- C:\Users\Nadine\Office Genuine Advantage
[2010/04/07 21:27:48 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Roaming\Registry Mechanic
[2010/04/07 21:13:31 | 001,101,824 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\System32\UniBox210.ocx
[2010/04/07 21:13:31 | 000,212,992 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\System32\UniBoxVB12.ocx
[2010/04/07 21:13:30 | 000,880,640 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\System32\UniBox10.ocx
[2010/04/07 21:13:16 | 000,000,000 | ---D | C] -- C:\Program Files\Registry Mechanic
[2010/04/06 23:02:41 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/06 23:00:41 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2010/04/06 23:00:40 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2010/04/06 23:00:40 | 001,640,400 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll.old
[2010/04/06 23:00:40 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2010/04/06 22:57:13 | 000,233,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2010/04/06 22:57:13 | 000,100,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
[2010/04/06 22:57:08 | 000,207,280 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2010/04/06 22:57:08 | 000,087,784 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2010/04/06 22:57:00 | 000,070,408 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2010/04/06 22:56:51 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/04/06 22:56:51 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Roaming\PC Tools
[2010/04/06 22:56:51 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010/04/06 22:56:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/04/03 23:49:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun

========== Files - Modified Within 14 Days ==========

[2010/04/11 00:31:46 | 005,767,168 | ---- | M] () -- C:\Users\Nadine\NTUSER.DAT
[2010/04/11 00:30:38 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{7D79F7E0-2B2B-4809-BBB2-E620A7198416}.job
[2010/04/11 00:18:03 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1224792601-3371567533-4042545913-1000UA.job
[2010/04/11 00:17:53 | 000,695,758 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/04/11 00:17:53 | 000,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/04/11 00:17:53 | 000,105,952 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/04/11 00:11:10 | 000,000,310 | -HS- | M] () -- C:\Windows\tasks\Btykf.job
[2010/04/11 00:11:06 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/04/11 00:11:01 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/04/11 00:11:01 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/04/11 00:08:33 | 000,524,288 | -HS- | M] () -- C:\Users\Nadine\NTUSER.DAT{0f1252ef-42c7-11df-986b-00037ab3930e}.TMContainer00000000000000000001.regtrans-ms
[2010/04/11 00:08:33 | 000,065,536 | -HS- | M] () -- C:\Users\Nadine\NTUSER.DAT{0f1252ef-42c7-11df-986b-00037ab3930e}.TM.blf
[2010/04/11 00:08:10 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2010/04/10 22:18:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1224792601-3371567533-4042545913-1000Core.job
[2010/04/09 22:14:15 | 000,002,047 | ---- | M] () -- C:\Users\Nadine\Desktop\Google Chrome.lnk
[2010/04/09 21:07:47 | 000,015,944 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2010/04/09 21:00:44 | 001,865,204 | -H-- | M] () -- C:\Users\Nadine\AppData\Local\IconCache.db
[2010/04/09 17:43:40 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Users\Nadine\Desktop\OTL.exe
[2010/04/09 17:43:03 | 000,070,858 | ---- | M] (jpshortstuff) -- C:\Users\Nadine\Desktop\GooredFix.exe
[2010/04/09 02:20:45 | 000,035,840 | ---- | M] () -- C:\Users\Nadine\Desktop\Book1.xls
[2010/04/08 23:05:37 | 000,195,584 | ---- | M] () -- C:\Users\Nadine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/08 17:55:31 | 000,000,308 | ---- | M] () -- C:\Windows\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2010/04/08 00:50:17 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2010/04/08 00:25:12 | 000,524,288 | -HS- | M] () -- C:\Users\Nadine\NTUSER.DAT{0f1252ef-42c7-11df-986b-00037ab3930e}.TMContainer00000000000000000002.regtrans-ms
[2010/04/07 23:53:33 | 005,767,168 | -HS- | M] () -- C:\Users\Nadine\ntuser.dat.rmbak
[2010/04/07 23:53:33 | 000,524,288 | -HS- | M] () -- C:\Users\Nadine\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TMContainer00000000000000000002.regtrans-ms
[2010/04/07 23:53:33 | 000,065,536 | -HS- | M] () -- C:\Users\Nadine\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TM.blf
[2010/04/07 23:08:17 | 000,009,597 | ---- | M] () -- C:\Users\Nadine\Desktop\mileages.xlsx

========== Files Created - No Company Name ==========

[2010/04/09 22:14:15 | 000,002,047 | ---- | C] () -- C:\Users\Nadine\Desktop\Google Chrome.lnk
[2010/04/09 22:13:05 | 000,000,912 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1224792601-3371567533-4042545913-1000UA.job
[2010/04/09 22:13:05 | 000,000,860 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1224792601-3371567533-4042545913-1000Core.job
[2010/04/09 02:19:29 | 000,035,840 | ---- | C] () -- C:\Users\Nadine\Desktop\Book1.xls
[2010/04/08 00:57:28 | 000,000,308 | ---- | C] () -- C:\Windows\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2010/04/08 00:39:56 | 000,015,944 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2010/04/07 23:55:34 | 000,524,288 | -HS- | C] () -- C:\Users\Nadine\NTUSER.DAT{0f1252ef-42c7-11df-986b-00037ab3930e}.TMContainer00000000000000000002.regtrans-ms
[2010/04/07 23:55:33 | 000,524,288 | -HS- | C] () -- C:\Users\Nadine\NTUSER.DAT{0f1252ef-42c7-11df-986b-00037ab3930e}.TMContainer00000000000000000001.regtrans-ms
[2010/04/07 23:55:33 | 000,065,536 | -HS- | C] () -- C:\Users\Nadine\NTUSER.DAT{0f1252ef-42c7-11df-986b-00037ab3930e}.TM.blf
[2010/04/07 23:53:21 | 000,262,144 | -H-- | C] () -- C:\Users\Nadine\S-1-5-21-1224792601-3371567533-4042545913-1000.rrr.LOG1
[2010/04/07 23:53:21 | 000,000,000 | -H-- | C] () -- C:\Users\Nadine\S-1-5-21-1224792601-3371567533-4042545913-1000.rrr.LOG2
[2010/04/06 23:00:41 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll.old
[2010/04/06 23:00:41 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2010/04/06 23:00:41 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml
[2010/04/06 23:00:41 | 000,000,879 | ---- | C] () -- C:\Windows\RegISSImport.xml
[2010/04/06 23:00:41 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip
[2010/04/06 23:00:40 | 001,152,444 | ---- | C] () -- C:\Windows\UDB.zip
[2010/04/06 22:57:13 | 000,007,387 | ---- | C] () -- C:\Windows\System32\drivers\pctgntdi.cat
[2010/04/06 22:57:08 | 000,007,412 | ---- | C] () -- C:\Windows\System32\drivers\PCTAppEvent.cat
[2010/04/06 22:57:08 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctcore.cat
[2010/04/06 22:57:00 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctplsg.cat
[2009/12/20 03:15:44 | 000,068,096 | RHS- | C] () -- C:\Windows\System32\diskcopyv.dll
[2009/09/15 19:09:55 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2008/08/20 00:16:57 | 000,000,372 | ---- | C] () -- C:\Users\Nadine\Documents - Shortcut.lnk
[2008/06/12 14:36:38 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008/05/07 19:09:42 | 000,004,096 | -H-- | C] () -- C:\Users\Nadine\AppData\Local\keyfile3.drm
[2008/04/12 07:41:20 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008/04/12 07:30:20 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008/03/10 06:08:47 | 000,023,580 | ---- | C] () -- C:\Users\Nadine\AppData\Roaming\UserTile.png
[2008/03/10 05:48:02 | 000,000,680 | ---- | C] () -- C:\Users\Nadine\AppData\Local\d3d9caps.dat
[2008/03/05 17:23:09 | 000,195,584 | ---- | C] () -- C:\Users\Nadine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/03/05 17:20:20 | 000,000,418 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/03/02 05:11:46 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/03/02 04:37:13 | 000,639,224 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2008/03/02 03:59:22 | 000,000,000 | ---- | C] () -- C:\Windows\tosOBEX.INI
[2008/03/02 03:53:02 | 000,000,020 | -HS- | C] () -- C:\Users\Nadine\ntuser.ini
[2008/03/02 03:53:01 | 000,524,288 | -HS- | C] () -- C:\Users\Nadine\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TMContainer00000000000000000002.regtrans-ms
[2008/03/02 03:53:01 | 000,524,288 | -HS- | C] () -- C:\Users\Nadine\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TMContainer00000000000000000001.regtrans-ms
[2008/03/02 03:53:01 | 000,262,144 | ---- | C] () -- C:\Users\Nadine\ntuser.dat.LOG1
[2008/03/02 03:53:01 | 000,065,536 | -HS- | C] () -- C:\Users\Nadine\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TM.blf
[2008/03/02 03:53:01 | 000,000,000 | ---- | C] () -- C:\Users\Nadine\ntuser.dat.LOG2
[2008/03/02 03:53:00 | 005,767,168 | -HS- | C] () -- C:\Users\Nadine\ntuser.dat.rmbak
[2008/03/02 03:53:00 | 005,767,168 | ---- | C] () -- C:\Users\Nadine\NTUSER.DAT
[2008/03/02 03:50:35 | 000,001,803 | ---- | C] () -- C:\Windows\fjtmf.ini
[2008/03/02 03:45:30 | 000,167,936 | ---- | C] () -- C:\Windows\System32\nvccoin.dll
[2008/03/02 03:29:39 | 000,910,464 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2008/03/02 03:29:39 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1283.dll
[2008/03/02 03:29:38 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2008/03/02 03:26:40 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007/06/27 08:00:00 | 011,194,368 | ---- | C] () -- C:\Windows\System32\ZHHP_RES.DLL
[2007/06/27 08:00:00 | 000,749,568 | ---- | C] () -- C:\Windows\System32\AGISSI.DLL
[2007/04/17 16:50:02 | 000,003,164 | ---- | C] () -- C:\Windows\System32\FJSaver.ini
[2007/02/07 04:20:50 | 000,050,127 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2007/02/05 20:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006/12/05 14:05:06 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005/07/22 22:30:20 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll

========== LOP Check ==========

[2008/03/02 11:18:04 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\Autodesk
[2008/09/17 12:29:00 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\Cogniview
[2010/03/29 22:06:07 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\Facebook
[2008/03/10 05:59:51 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\Fujitsu
[2008/09/12 21:05:39 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\Juniper Networks
[2008/03/10 06:08:47 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\PeerNetworking
[2010/04/09 21:00:16 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\Registry Mechanic
[2008/05/02 12:24:49 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\Toshiba
[2010/04/11 00:11:10 | 000,000,310 | -HS- | M] () -- C:\Windows\Tasks\Btykf.job
[2010/04/11 00:08:47 | 000,032,626 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/04/11 00:30:38 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{7D79F7E0-2B2B-4809-BBB2-E620A7198416}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 195 bytes -> C:\ProgramData\TEMPFC5A2B2
@Alternate Data Stream - 153 bytes -> C:\ProgramData\TEMP1B5B4F1
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8
< End of report >

 

Ok. Are you still being re-directed now?

 

unfortunately yes, only when using firefox or ie, not with google chrome....yet

 

Please download ComboFix by sUBs from HERE or HERE

• You must download it to and run it from your Desktop
• Physically disconnect from the internet.
• Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
• Double click combofix.exe & follow the prompts.
• When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log
• Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Run Combofix ONCE only!!

 

here is the combofix log:

ComboFix 10-04-11.01 - Nadine 04/11/2010 23:01:01.1.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.3317.2190 [GMT -5:00]
Running from: c:\users\Nadine\Desktop\ComboFix.exe
AV: Symantec AntiVirus *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Symantec AntiVirus *disabled* (Updated) {6C85A515-B91D-4D2B-AF18-40984A4A8493}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1689568117-3836872924-966550717-500
c:\$recycle.bin\S-1-5-21-1856269817-129307719-3147762357-500
c:\$recycle.bin\S-1-5-21-196393405-2436601039-480696740-500
c:\$recycle.bin\S-1-5-21-918056312-2952985149-2686913973-500

.
((((((((((((((((((((((((( Files Created from 2010-03-12 to 2010-04-12 )))))))))))))))))))))))))))))))
.

2010-04-12 04:10 . 2010-04-12 04:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-04-11 05:03 . 2010-04-11 05:03 -------- d-----w- C:\_OTL
2010-04-10 03:10 . 2010-04-10 03:11 -------- d-----w- c:\users\Nadine\AppData\Local\Deployment
2010-04-09 05:45 . 2010-02-16 09:00 84912 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100408.002\NAVENG.SYS
2010-04-09 05:45 . 2010-02-16 09:00 1324720 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100408.002\NAVEX15.SYS
2010-04-09 05:45 . 2010-01-18 09:00 2747440 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100408.002\CCERASER.DLL
2010-04-09 05:45 . 2010-01-18 09:00 259440 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100408.002\ECMSVR32.DLL
2010-04-09 05:45 . 2009-08-27 08:00 371248 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100408.002\EECTRL.SYS
2010-04-09 05:45 . 2009-08-27 08:00 177520 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100408.002\NAVENG32.DLL
2010-04-09 05:45 . 2009-08-27 08:00 1647984 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100408.002\NAVEX32A.DLL
2010-04-09 05:45 . 2009-08-27 08:00 102448 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100408.002\ERASER.SYS
2010-04-08 05:50 . 2010-04-08 05:50 12872 ----a-w- c:\windows\system32\bootdelete.exe
2010-04-08 05:39 . 2010-04-10 02:07 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-04-08 05:24 . 2010-04-08 05:50 -------- d-----w- c:\programdata\Hitman Pro
2010-04-08 05:24 . 2010-04-08 05:24 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-04-08 03:48 . 2010-04-08 03:48 -------- d-----w- c:\programdata\Office Genuine Advantage
2010-04-08 03:48 . 2010-04-08 03:48 -------- d-----w- c:\users\Nadine\Office Genuine Advantage
2010-04-08 02:27 . 2010-04-10 02:00 -------- d-----w- c:\users\Nadine\AppData\Roaming\Registry Mechanic
2010-04-08 02:13 . 2004-08-04 13:00 506368 ----a-w- c:\windows\system32\msxml.dll
2010-04-07 04:02 . 2010-04-08 04:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-07 04:00 . 2010-01-21 23:21 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-04-07 04:00 . 2010-01-21 23:21 767952 ----a-w- c:\windows\BDTSupport.dll
2010-04-07 04:00 . 2008-11-26 17:08 131 ----a-w- c:\windows\IDB.zip
2010-04-07 04:00 . 2010-01-21 23:21 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-04-07 04:00 . 2010-01-21 23:21 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-04-07 04:00 . 2009-10-28 06:36 1152444 ----a-w- c:\windows\UDB.zip
2010-04-07 03:57 . 2010-02-05 14:18 100136 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2010-04-07 03:57 . 2010-02-05 14:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-04-07 03:57 . 2009-10-06 21:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-04-07 03:57 . 2009-09-23 21:10 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-04-07 03:57 . 2010-02-05 14:25 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-04-07 03:56 . 2010-04-12 04:05 -------- d-----w- c:\program files\Spyware Doctor
2010-04-07 03:56 . 2010-04-08 02:13 -------- d-----w- c:\program files\Common Files\PC Tools
2010-04-07 03:56 . 2010-04-07 03:56 -------- d-----w- c:\users\Nadine\AppData\Roaming\PC Tools
2010-04-07 03:56 . 2010-04-07 03:56 -------- d-----w- c:\programdata\PC Tools
2010-04-07 03:26 . 2010-02-16 09:00 84912 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100406.003\NAVENG.SYS
2010-04-07 03:26 . 2010-02-16 09:00 1324720 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100406.003\NAVEX15.SYS
2010-04-07 03:26 . 2010-01-18 09:00 2747440 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100406.003\CCERASER.DLL
2010-04-07 03:26 . 2010-01-18 09:00 259440 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100406.003\ECMSVR32.DLL
2010-04-07 03:26 . 2009-08-27 08:00 371248 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100406.003\EECTRL.SYS
2010-04-07 03:26 . 2009-08-27 08:00 177520 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100406.003\NAVENG32.DLL
2010-04-07 03:26 . 2009-08-27 08:00 1647984 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100406.003\NAVEX32A.DLL
2010-04-07 03:26 . 2009-08-27 08:00 102448 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100406.003\ERASER.SYS
2010-03-16 22:11 . 2010-03-16 22:11 -------- d-----w- c:\program files\iPod
2010-03-16 22:11 . 2010-03-16 22:11 -------- d-----w- c:\program files\iTunes
2010-03-16 22:07 . 2010-03-16 22:07 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-04 04:49 . 2007-04-17 21:16 -------- d-----w- c:\program files\Common Files\Java
2010-04-04 04:47 . 2007-04-17 21:16 -------- d-----w- c:\program files\Java
2010-03-30 03:06 . 2010-01-31 18:23 50354 ----a-w- c:\users\Nadine\AppData\Roaming\Facebook\uninstall.exe
2010-03-30 03:06 . 2010-01-31 18:23 -------- d-----w- c:\users\Nadine\AppData\Roaming\Facebook
2010-03-16 22:11 . 2008-04-30 05:32 -------- d-----w- c:\program files\Common Files\Apple
2010-03-10 09:22 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-03-10 09:06 . 2007-04-18 00:15 -------- d-----w- c:\programdata\Microsoft Help
2010-03-09 09:28 . 2009-01-20 04:52 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-06 05:30 . 2010-03-06 05:30 5582848 ----a-w- c:\users\Nadine\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
2010-03-03 13:27 . 2009-09-20 06:13 -------- d-----w- c:\users\Nadine\AppData\Roaming\Skype
2010-02-25 02:27 . 2008-04-30 05:35 -------- d-----w- c:\users\Nadine\AppData\Roaming\Apple Computer
2010-02-24 15:16 . 2009-10-08 05:07 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-24 09:21 . 2008-03-02 08:57 103360 ----a-w- c:\users\Nadine\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-23 06:39 . 2010-03-30 23:08 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33 . 2010-03-30 23:08 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 06:33 . 2010-03-30 23:08 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 04:55 . 2010-03-30 23:08 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-20 23:06 . 2010-03-10 09:01 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:05 . 2010-03-10 09:01 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-02-20 20:53 . 2010-03-10 09:01 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-01-27 03:21 . 2010-01-27 03:21 847040 ----a-w- c:\users\Nadine\AppData\Roaming\Facebook\axfbootloader.dll
2010-01-27 03:20 . 2010-01-27 03:20 5578752 ----a-w- c:\users\Nadine\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll
2010-01-25 12:00 . 2010-02-23 23:34 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:00 . 2010-02-23 23:34 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:00 . 2010-02-23 23:34 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:00 . 2010-02-23 23:34 471552 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 11:58 . 2010-02-23 23:34 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:21 . 2010-02-23 23:34 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:21 . 2010-02-23 23:34 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:21 . 2010-02-23 23:34 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:21 . 2010-02-23 23:34 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-23 09:26 . 2010-02-23 23:34 2048 ----a-w- c:\windows\system32\tzres.dll
2010-01-18 09:00 . 2010-01-18 09:00 2747440 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\cceraser.dll
2010-01-18 09:00 . 2010-01-18 09:00 259440 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\ecmsvr32.dll
2009-12-20 08:15 . 2009-12-20 08:15 68096 --sha-r- c:\windows\System32\diskcopyv.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar "= "c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"SpybotSD TeaTimer "= "c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"msnmsgr "= "c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"RegistryMechanic "= "c:\program files\Registry Mechanic\rmtray.exe" [2009-11-25 292824]
"WMPNSCFG "= "c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"Google Update "= "c:\users\Nadine\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-04-10 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATSwpNav "= "c:\program files\Fingerprint Sensor\ATSwpNav -run" [X]
"Windows Defender "= "c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"RtHDVCpl "= "RtHDVCpl.exe" [2007-06-20 4493312]
"SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-15 894512]
"HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2007-08-31 154392]
"Persistence "= "c:\windows\system32\igfxpers.exe" [2007-08-31 138008]
"LoadFUJ02E3 "= "c:\program files\Fujitsu\FUJ02E3\FUJ02E3.exe" [2006-11-17 80688]
"IndicatorUtility "= "c:\program files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2006-11-07 97072]
"LoadFujitsuQuickTouch "= "c:\program files\Fujitsu\Application Panel\QuickTouch.exe" [2006-11-25 260912]
"LoadBtnHnd "= "c:\program files\Fujitsu\BtnHnd\BtnHnd.exe" [2006-11-12 68400]
"TvOutSwitch "= "c:\program files\Fujitsu\DispSwitch\DispSwitchLauncher.exe" [2007-08-09 106496]
"SSUtility "= "c:\program files\Fujitsu\SSUtility\FJSSDMN.exe" [2007-12-14 193832]
"PSUtility "= "c:\program files\Fujitsu\PSUtility\TrayManager.exe" [2006-10-30 136744]
"OmniPass "= "c:\program files\Softex\OmniPass\scureapp.exe" [2007-07-12 2560000]
"IAAnotif "= "c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-07-25 174616]
"IaNvSrv "= "c:\program files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe" [2007-07-25 33304]
"FjRDrvMon "= "c:\windows\RDrvMon.exe" [2007-07-10 77824]
"ccApp "= "c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-22 107112]
"vptray "= "c:\progra~1\SYMANT~1\VPTray.exe" [2006-11-28 134808]
"Skytel "= "Skytel.exe" [2007-06-15 1826816]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"AppleSyncNotifier "= "c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2010-02-15 141608]
"ISTray "= "c:\program files\Spyware Doctor\pctsTray.exe" [2010-01-18 1286608]
"SSDMonitor "= "c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2009-11-25 104408]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-5-22 2756608]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle "= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@= "Service "
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 07:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2009-08-13 21:51 177440 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-02-15 23:07 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 22:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 05:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2008-08-03 23:02 36352 ----a-w- c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2 "=hex(b):13,bc,2b,c3,cc,3c,ca,01

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2008-03-02 639224]
R2 LvIBTSvr;Logitech IBT Service;c:\program files\Common Files\LogiShrd\LvIBTSvr\LvIBTSvr.exe [2007-04-03 76576]
R4 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\system32\DRIVERS\iaNvStor.sys [2007-07-09 209408]
S0 FJGSDisk;G-Sensor Application Filter Driver;c:\windows\system32\DRIVERS\FJGSDisk.sys [2007-10-25 12712]
S0 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2006-10-03 36640]
S0 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [2007-05-11 35456]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-09-23 207280]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [2010-01-21 112592]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2010-04-08 632792]
S2 PowerSavingUtilityService;PowerSavingUtilityService;c:\program files\Fujitsu\PSUtility\PSUService.exe [2006-10-30 63016]
S2 SavRoam;SavRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2006-11-28 122008]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 810320]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-12-09 365280]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-08-27 102448]
S3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\DRIVERS\FUJ02E3.sys [2006-11-02 5632]
S3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\DRIVERS\SMSCirda.sys [2007-04-25 31232]


--- Other Services/Drivers In Memory ---

*Deregistered* - PCTSDInjDriver32

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-04-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1224792601-3371567533-4042545913-1000Core.job
- c:\users\Nadine\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-10 03:13]

2010-04-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1224792601-3371567533-4042545913-1000UA.job
- c:\users\Nadine\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-10 03:13]

2010-04-08 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2008-03-29 16:43]

2010-04-12 c:\windows\Tasks\User_Feed_Synchronization-{7D79F7E0-2B2B-4809-BBB2-E620A7198416}.job
- c:\windows\system32\msfeedssync.exe [2010-03-30 04:54]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
FF - ProfilePath - c:\users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\auq79100.default\
FF - prefs.js: browser.startup.homepage -
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Nadine\AppData\Local\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\users\Nadine\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\users\Nadine\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.use_native_popup_windows ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.enable_click_image_resizing ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "accessibility.browsewithcaret_shortcut.enabled ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "javascript.options.mem.high_water_mark ", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "javascript.options.mem.gc_frequency ", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.trackpoint_hack.enabled ", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.debug ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.agedWeight ", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.bucketSize ", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.maxTimeGroupings ", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.timeGroupingSize ", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.boundaryWeight ", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.prefixWeight ", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "html5.enable ", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref( "app.update.download.backgroundInterval ", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref( "app.update.url.manual ", "http://www.firefox.com ");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref( "browser.search.param.yahoo-fr-ja ", "mozff ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add ", "addons.mozilla.org ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add.36 ", "getpersonas.com ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "lightweightThemes.update.enabled ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.allTabs.previews ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "plugins.hide_infobar_for_outdated_plugin ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "toolbar.customization.usesheet ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.enable ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.max ", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.cachetime ", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-11 23:10
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
"MSCurrentCountry "=dword:000000b5
.
Completion time: 2010-04-11 23:14:48
ComboFix-quarantined-files.txt 2010-04-12 04:14

Pre-Run: 49,614,356,480 bytes free
Post-Run: 49,570,484,224 bytes free

- - End Of File - - 2A7061701359D2739B12E8B605A946DA

 

Here is the DDS report:


DDS (Ver_10-03-17.01) - NTFSx86
Run by Nadine at 23:31:24.84 on Sun 04/11/2010
Internet Explorer: 8.0.6001.18904 BrowserJavaVersion: 1.6.0_19
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.3317.1606 [GMT -5:00]

AV: Symantec AntiVirus *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
SP: Spybot - Search and Destroy *enabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Symantec AntiVirus *enabled* (Updated) {6C85A515-B91D-4D2B-AF18-40984A4A8493}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Softex\OmniPass\OmniServ.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Fujitsu\PSUtility\PSUService.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\explorer.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\Nadine\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nadine\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nadine\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Nadine\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = about:blank
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [RegistryMechanic] c:\program files\registry mechanic\rmtray.exe /H
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Google Update] "c:\users\nadine\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [LoadFUJ02E3] c:\program files\fujitsu\fuj02e3\FUJ02E3.exe
mRun: [IndicatorUtility] c:\program files\fujitsu\fujitsu hotkey utility\IndicatorUty.exe
mRun: [LoadFujitsuQuickTouch] c:\program files\fujitsu\application panel\QuickTouch.exe
mRun: [LoadBtnHnd] c:\program files\fujitsu\btnhnd\BtnHnd.exe
mRun: [TvOutSwitch] c:\program files\fujitsu\dispswitch\DispSwitchLauncher.exe
mRun: [SSUtility] c:\program files\fujitsu\ssutility\FJSSDMN.exe
mRun: [PSUtility] c:\program files\fujitsu\psutility\TrayManager.exe
mRun: [ATSwpNav] "c:\program files\fingerprint sensor\ATSwpNav" -run
mRun: [OmniPass] c:\program files\softex\omnipass\scureapp.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [IaNvSrv] c:\program files\intel\intel matrix storage manager\orom\ianvsrv\IaNvSrv.exe
mRun: [FjRDrvMon] c:\windows\RDrvMon.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe "
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [Skytel] Skytel.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe "
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe "
mRun: [SSDMonitor] c:\program files\common files\pc tools\smonitor\SSDMonitor.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: intuit.com\ttlc
DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\nadine\appdata\roaming\mozilla\firefox\profiles\auq79100.default\
FF - prefs.js: browser.startup.homepage -
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.use_native_popup_windows ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.enable_click_image_resizing ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "accessibility.browsewithcaret_shortcut.enabled ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.high_water_mark ", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.gc_frequency ", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.trackpoint_hack.enabled ", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.debug ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.agedWeight ", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.bucketSize ", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.maxTimeGroupings ", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.timeGroupingSize ", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.boundaryWeight ", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.prefixWeight ", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref( "html5.enable ", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl3.rsa_seed_sha ", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.download.backgroundInterval ", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.url.manual ", "http://www.firefox.com ");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "browser.search.param.yahoo-fr-ja ", "mozff ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add ", "addons.mozilla.org ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add.36 ", "getpersonas.com ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "lightweightThemes.update.enabled ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.allTabs.previews ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.hide_infobar_for_outdated_plugin ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "toolbar.customization.usesheet ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.enable ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.max ", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.cachetime ", 20);

============= SERVICES / DRIVERS ===============

R0 FJGSDisk;G-Sensor Application Filter Driver;c:\windows\system32\drivers\FJGSDisk.sys [2008-6-25 12712]
R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2008-3-2 36640]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2008-3-2 35456]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-4-6 207280]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-4-6 112592]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2010-4-7 632792]
R2 PowerSavingUtilityService;PowerSavingUtilityService;c:\program files\fujitsu\psutility\PSUService.exe [2006-10-30 63016]
R2 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2006-11-28 122008]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2008-3-29 810320]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-4-6 365280]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-4-6 1141712]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2006-11-28 1962136]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-8-28 102448]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\drivers\fuj02e3.sys [2007-4-25 5632]
R3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\drivers\smscirda.sys [2007-4-25 31232]
S2 LvIBTSvr;Logitech IBT Service;c:\program files\common files\logishrd\lvibtsvr\LvIBTSvr.exe [2007-4-3 76576]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-24 21504]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-11-5 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S4 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\system32\drivers\iaNvStor.sys [2008-3-2 209408]

=============== Created Last 30 ================

2010-04-12 04:14:55 0 d-sh--w- C:\$RECYCLE.BIN
2010-04-12 03:54:31 98816 ----a-w- c:\windows\sed.exe
2010-04-12 03:54:31 77312 ----a-w- c:\windows\MBR.exe
2010-04-12 03:54:31 261632 ----a-w- c:\windows\PEV.exe
2010-04-12 03:54:31 161792 ----a-w- c:\windows\SWREG.exe
2010-04-12 03:51:13 0 d-----w- C:\ComboFix
2010-04-11 05:03:01 0 d-----w- C:\_OTL
2010-04-08 05:50:17 12872 ----a-w- c:\windows\system32\bootdelete.exe
2010-04-08 05:39:56 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-04-08 05:24:35 0 d-----w- c:\programdata\Hitman Pro
2010-04-08 05:24:33 0 d-----w- c:\program files\Hitman Pro 3.5
2010-04-08 04:55:34 524288 --sha-w- c:\users\nadine\NTUSER.DAT{0f1252ef-42c7-11df-986b-00037ab3930e}.TMContainer00000000000000000002.regtrans-ms
2010-04-08 04:55:33 65536 --sha-w- c:\users\nadine\NTUSER.DAT{0f1252ef-42c7-11df-986b-00037ab3930e}.TM.blf
2010-04-08 04:55:33 524288 --sha-w- c:\users\nadine\NTUSER.DAT{0f1252ef-42c7-11df-986b-00037ab3930e}.TMContainer00000000000000000001.regtrans-ms
2010-04-08 04:53:21 262144 ---ha-w- c:\users\nadine\S-1-5-21-1224792601-3371567533-4042545913-1000.rrr.LOG1
2010-04-08 04:53:21 0 ---ha-w- c:\users\nadine\S-1-5-21-1224792601-3371567533-4042545913-1000.rrr.LOG2
2010-04-08 03:48:34 0 d-----w- c:\programdata\Office Genuine Advantage
2010-04-08 03:48:24 0 d-----w- c:\users\nadine\Office Genuine Advantage
2010-04-08 02:27:48 0 d-----w- c:\users\nadine\appdata\roaming\Registry Mechanic
2010-04-08 02:13:31 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx
2010-04-08 02:13:31 1101824 ----a-w- c:\windows\system32\UniBox210.ocx
2010-04-08 02:13:30 880640 ----a-w- c:\windows\system32\UniBox10.ocx
2010-04-08 02:13:30 506368 ----a-w- c:\windows\system32\msxml.dll
2010-04-07 04:02:41 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-07 04:00:41 882 ----a-w- c:\windows\RegSDImport.xml
2010-04-07 04:00:41 879 ----a-w- c:\windows\RegISSImport.xml
2010-04-07 04:00:41 767952 ----a-w- c:\windows\BDTSupport.dll.old
2010-04-07 04:00:41 767952 ----a-w- c:\windows\BDTSupport.dll
2010-04-07 04:00:41 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-04-07 04:00:41 131 ----a-w- c:\windows\IDB.zip
2010-04-07 04:00:40 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-04-07 04:00:40 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-04-07 04:00:40 1640400 ----a-w- c:\windows\PCTBDCore.dll.old
2010-04-07 04:00:40 1152444 ----a-w- c:\windows\UDB.zip
2010-04-07 03:57:13 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2010-04-07 03:57:13 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-04-07 03:57:13 100136 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2010-04-07 03:57:08 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-04-07 03:57:08 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2010-04-07 03:57:08 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2010-04-07 03:57:08 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-04-07 03:57:00 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat
2010-04-07 03:57:00 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-04-07 03:56:51 0 d-----w- c:\users\nadine\appdata\roaming\PC Tools
2010-04-07 03:56:51 0 d-----w- c:\programdata\PC Tools
2010-04-07 03:56:51 0 d-----w- c:\program files\Spyware Doctor
2010-04-07 03:56:51 0 d-----w- c:\program files\common files\PC Tools
2010-04-04 04:49:03 0 d-----w- c:\programdata\Sun
2010-03-16 22:11:14 0 d-----w- c:\program files\iPod
2010-03-16 22:11:12 0 d-----w- c:\program files\iTunes

==================== Find3M ====================

2010-03-09 09:28:20 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-24 15:16:06 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-23 06:39:13 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33:45 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 06:33:45 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 04:55:36 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-20 23:06:41 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:05:14 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-02-20 20:53:34 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-01-25 12:00:35 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:00:35 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:00:35 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:00:22 471552 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 11:58:52 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:21:20 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:21:20 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:21:18 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:21:18 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-23 09:26:13 2048 ----a-w- c:\windows\system32\tzres.dll
2010-01-04 22:43:08 86016 ----a-w- c:\windows\inf\infstor.dat
2010-01-04 22:43:08 51200 ----a-w- c:\windows\inf\infpub.dat
2010-01-04 22:43:08 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-11-17 09:21:32 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-06-25 03:46:18 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:07 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:07 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:07 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:07 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-12-20 09:18:18 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\cookies\index.dat
2009-12-20 09:18:18 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\history\history.ie5\index.dat
2009-12-20 09:18:18 32768 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\temporary internet files\content.ie5\index.dat
2009-10-14 14:54:05 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-12-20 08:15:44 68096 --sha-r- c:\windows\system32\diskcopyv.dll

============= FINISH: 23:32:09.53 ===============

 

here is the attach file:


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft® Windows Vistaâ„¢ Business
Boot Device: \Device\HarddiskVolume2
Install Date: 3/2/2008 3:07:53 AM
System Uptime: 4/11/2010 10:52:07 PM (1 hours ago)

Motherboard: FUJITSU | | FJNB1D3
Processor: Intel(R) Core(TM)2 Duo CPU T7500 @ 2.20GHz | Onboard | 2201/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 74 GiB total, 46.211 GiB free.
D: is FIXED (NTFS) - 74 GiB total, 73.719 GiB free.
E: is CDROM ()
G: is FIXED (NTFS) - 1863 GiB total, 1699.322 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0001
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #3
PNP Device ID: ROOT\*ISATAP\0001
Service: tunnel

Class GUID: {4d36e97b-e325-11ce-bfc1-08002be10318}
Description: Intel(R) Turbo Memory Controller
Device ID: PCI\VEN_8086&DEV_444E&SUBSYS_444E8086&REV_01\4&28FE0F98&1&00E3
Manufacturer: Intel
Name: Intel(R) Turbo Memory Controller
PNP Device ID: PCI\VEN_8086&DEV_444E&SUBSYS_444E8086&REV_01\4&28FE0F98&1&00E3
Service: iaNvStor

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.4
Agere Systems HDA Modem
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AuthenTec Fingerprint Sensor Minimum Install
AutoUpdate
Bluetooth Stack for Windows by Toshiba
Bonjour
Browser Defender 2.0.6.15
Chinese Traditional Fonts Support For Adobe Reader 8
DivX Codec
DivX Converter
DivX Player
DivX Version Checker
Facebook Plug-In
Fujitsu Display Manager
Fujitsu Hotkey Utility
Fujitsu MobilityCenter Extension Utility
Fujitsu System Extension Utility
Fujitsu WebCam
Google Chrome
Google SketchUp 6
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Inst5657
Intel(R) Graphics Media Accelerator Driver
Intel® Turbo Memory and Intel® Matrix Storage Manager
iTunes
Java Auto Updater
Java(TM) 6 Update 19
Java(TM) 6 Update 5
Java(TM) SE Runtime Environment 6
Juniper Networks Host Checker
Juniper Networks Network Connect 6.0.0
Juniper Networks Setup Client
Junk Mail filter update
LifeBook Application Panel
LiveUpdate 3.2 (Symantec Corporation)
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.3
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Project 2007 Service Pack 2 (SP2)
Microsoft Office Project MUI (English) 2007
Microsoft Office Project Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Visio 2007 Service Pack 2 (SP2)
Microsoft Office Visio MUI (English) 2007
Microsoft Office Visio Professional 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
MobileMe Control Panel
Mozilla Firefox (3.6.3)
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
OGA Notifier 2.0.0048.0
OmniPass 5.00.62
Power Saving Utility
QuickTime
Realtek High Definition Audio Driver
Registry Mechanic 9.0
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB978380)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB978382)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Shock Sensor Utility
Skype web features
Skypeâ„¢ 4.1
Spelling Dictionaries Support For Adobe Reader 8
Spybot - Search & Destroy
Spyware Doctor 7.0
Symantec AntiVirus
Synaptics Pointing Device Driver
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB977724)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Project 2007 Help (KB963668)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Visio 2007 Help (KB963666)
Update for Microsoft Office Word 2007 (KB974561)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb979895)
VC80CRTRedist - 8.0.50727.762
Vista Codec Package
Winamp
Winamp Remote
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
WinRAR archiver

==== Event Viewer Messages From Past Week ========

4/9/2010 9:08:09 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.2.9 for the Network Card with network address 0013E8EBC4D1 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
4/9/2010 9:07:36 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
4/9/2010 9:07:36 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/9/2010 9:07:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments " " in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
4/9/2010 9:07:32 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
4/9/2010 9:07:28 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).
4/9/2010 9:06:10 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.101 for the Network Card with network address 0013E8EBC4D1 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
4/9/2010 10:25:57 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {0C0A3666-30C9-11D0-8F20-00805F2CD064} to the user Nadine-PC\Nadine SID (S-1-5-21-1224792601-3371567533-4042545913-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
4/8/2010 5:57:21 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running.
4/8/2010 12:36:31 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC eeCtrl NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb SPBBCDrv spldr SRTSP SRTSPX SYMTDI tdx Tosrfcom Wanarpv6
4/8/2010 12:36:31 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
4/8/2010 12:36:31 AM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
4/8/2010 12:36:31 AM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
4/8/2010 12:36:31 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
4/8/2010 12:36:31 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
4/8/2010 12:36:31 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
4/8/2010 12:36:31 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
4/8/2010 12:36:31 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
4/8/2010 12:36:31 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
4/8/2010 12:36:31 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
4/8/2010 12:36:31 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
4/8/2010 12:36:31 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/8/2010 12:36:31 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
4/8/2010 12:36:31 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
4/8/2010 12:36:00 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments " " in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
4/8/2010 12:35:31 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MDM with arguments " " in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
4/8/2010 12:35:26 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments " " in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
4/8/2010 12:35:26 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments " " in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
4/8/2010 12:35:25 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/8/2010 12:35:18 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments " " in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
4/8/2010 12:35:11 AM, Error: EventLog [6008] - The previous system shutdown at 12:25:31 AM on 4/8/2010 was unexpected.
4/8/2010 12:00:59 AM, Error: Service Control Manager [7022] - The KtmRm for Distributed Transaction Coordinator service hung on starting.
4/4/2010 1:55:41 AM, Error: yukonwlh [101] - Driver has encountered an internal error
4/11/2010 12:03:02 AM, Error: Service Control Manager [7034] - The Softex OmniPass Service service terminated unexpectedly. It has done this 1 time(s).
4/11/2010 11:10:35 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
4/11/2010 10:58:55 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.

==== End Of File ===========================

 

it works!!!!!!!!!!! thank you so much!!!

Any idea how I get what I got in the first place so I can prevent it in the future.

Thanks again!! You have no idea how happy I am now

 

Hard to say exactly where you managed to get this. All I can say is that you need to be careful of what sites you visit and make certain that all MS updates are installed and that your AV is up-to-date.

==

Launch OTL and click on the Cleanup button. Follow the prompts.

==

As a final step, please do the following;

Please use the Internet Explorer browser (or FireFox with IETab), and do an online scan with [color= "blue"]Kaspersky Online Scanner[/color]

Note: If you have used this particular scanner before, you MAY HAVE TO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component

Click Yes, when prompted to install its ActiveX component.
(Note.. for Internet [color= "#3333FF"]Explorer 7[/color] users: If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.)
The program launches and downloads the latest definition files.

• Once the files are downloaded click on Next
• Click on Scan Settings and configure as follows:
  • Scan using the following Anti-Virus database:
    • [color= "#6666CC"]Extended[/color]
  • Scan Options:
    • [color= "#6666CC"]Scan Archives[/color]
    • [color= "#6666CC"]Scan Mail Bases[/color]
• Click OK and, under select a target to scan, select My Computer

When the scan is done, in the [color= "Navy"]Scan is completed [/color]window (below), any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.

To obtain the report:
Click on: Save Report As (above - red blinking arrow)
Next, in the [color= "Navy"]Save as [/color]prompt, [color= "navy"]Save in[/color] area, select: Desktop
In the [color= "navy"]File name[/color] area, use KScan, or something similar
In [color= "navy"]Save as type[/color], click the drop arrow and select: Text file [*.txt]
Then, click: Save
Please post the [color= "Navy"]Kaspersky Online Scanner Report [/color]in your reply.