Solved Firefox Google Redirect

cakbar · 2010/05/17

[Resolved] Firefox Google Redirect

When doing a Google search via the Firefox plugin Google Search box in the top right hand corner, and I get Google search results, I sometimes get redirected to either 1. A **** site or 2. A pop-up malicious software removal download link spam message, when I click on one of the search results.

I have removed the "google xml" from the C:/program files(x86)/mozilla firefox/searchplugins folder, which obviously has stopped the redirects for the time being (as I can no longer search via the plugin bar), but I know that there must be some kind of malware lurking in the background. I am not coming across the redirects on IE or from the Google website, only the plugin search window when using Google.

Nothing is showing up on any of the malware removal software that I've tried. Namely, Malwarebytes, Spybot and Hitman 3.5. They all show that I have a clean machine.

I have tried restoring back a few weeks, to what I thought was a good restore point. I have also tried reinstalling Firefox. Both to no avail.

DDS (Ver_10-03-17.01) - NTFSX64
Run by Alan at 18:20:49.81 on Mon 05/17/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.12279.9622 [GMT -4:00]

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Input Director\IDWinService.exe
C:\Windows\System32\svchost.exe -k LPDService
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Input Director\InputDirectorSessionHelper.exe
C:\Windows\SysWOW64\PnkBstrB.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\RealVNC\VNC4\WinVNC4.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Input Director\IDVistaService.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\BumpTop\BumpTop.exe
C:\Program Files (x86)\BumpTop\TexHelper.exe
C:\Program Files (x86)\BumpTop\TexHelper.exe
C:\Program Files (x86)\Input Director\InputDirector.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Alan.PC.000\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uDefault_Page_URL = hxxp://www.dell.com
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\syswow64\blank.htm
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files (x86)\spybot - search & destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files (x86)\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files (x86)\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files (x86)\windows live\toolbar\wltcore.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [InputDirector] "c:\program files (x86)\input director\InputDirector.exe" /hide
uRun: [Simplify Media] "c:\program files (x86)\simplify media\SimplifyMedia.exe "
mRun: [StartCCC] "c:\program files (x86)\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [SunJavaUpdateSched] "c:\program files (x86)\common files\java\java update\jusched.exe "
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe "
mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe "
mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files (x86)\itunes\iTunesHelper.exe "
StartupFolder: c:\users\alanpc~1.000\appdata\roaming\micros~1\windows\startm~1\programs\startup\bumptop.lnk - c:\program files (x86)\bumptop\BumpTop.exe
StartupFolder: c:\users\alanpc~1.000\appdata\roaming\micros~1\windows\startm~1\programs\startup\checkf~1.lnk - c:\jts\WiseUpdt.exe
StartupFolder: c:\users\alanpc~1.000\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: SoftwareSASGeneration = 3 (0x3)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files (x86)\windows live\writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files (x86)\spybot - search & destroy\SDHelper.dll
DPF: {6F6FDB9E-5072-498C-BCB0-2B7F00C49EE7} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey

================= FIREFOX ===================

FF - ProfilePath - c:\users\alanpc~1.000\appdata\roaming\mozilla\firefox\profiles\p9svalu7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.elitetrader.com
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files (x86)\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\alan.pc.000\appdata\roaming\move networks\plugins\npqmp071503000010.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "ui.use_native_popup_windows ", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "browser.enable_click_image_resizing ", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "accessibility.browsewithcaret_shortcut.enabled ", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.high_water_mark ", 32);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.gc_frequency ", 1600);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "ui.trackpoint_hack.enabled ", -1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "browser.formfill.debug ", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "browser.formfill.agedWeight ", 2);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "browser.formfill.bucketSize ", 1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "browser.formfill.maxTimeGroupings ", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "browser.formfill.timeGroupingSize ", 604800);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "browser.formfill.boundaryWeight ", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "browser.formfill.prefixWeight ", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "html5.enable ", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl3.rsa_seed_sha ", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.download.backgroundInterval ", 600);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.url.manual ", "http://www.firefox.com ");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref( "browser.search.param.yahoo-fr-ja ", "mozff ");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add ", "addons.mozilla.org ");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add.36 ", "getpersonas.com ");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref( "lightweightThemes.update.enabled ", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref( "browser.allTabs.previews ", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.hide_infobar_for_outdated_plugin ", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref( "toolbar.customization.usesheet ", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.enable ", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.max ", 20);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.cachetime ", 20);

============= SERVICES / DRIVERS ===============

R0 PxHlpa64;PxHlpa64;c:\windows\system32\drivers\PxHlpa64.sys [2009-10-13 53488]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 173984]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-9-23 202752]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-12-18 155648]
R2 InputDirector;Input Director Service;c:\program files (x86)\input director\IDWinService.exe [2009-10-9 32768]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y60x64.sys [2009-6-10 281088]
R3 IDVistaService;Input Director Vista Service;c:\program files (x86)\input director\IDVistaService.exe [2009-2-7 13824]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2009-6-18 40832]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl64.sys [2009-8-28 49152]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-9 1255736]

=============== Created Last 30 ================

2010-05-17 19:46:27 19016 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-05-17 19:46:19 0 d-----w- c:\programdata\Hitman Pro
2010-05-17 19:46:17 0 d-----w- c:\program files\Hitman Pro 3.5
2010-05-17 19:44:56 0 d-----w- c:\program files (x86)\Hitman Pro 3.5
2010-05-17 18:25:43 24664 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-17 18:13:39 223448 ----a-w- c:\windows\system32\drivers\fvevol.sys
2010-05-17 18:13:37 976896 ----a-w- c:\windows\system32\inetcomm.dll
2010-05-17 18:13:37 740864 ----a-w- c:\windows\syswow64\inetcomm.dll
2010-05-17 18:13:33 96768 ----a-w- c:\windows\syswow64\sspicli.dll
2010-05-17 18:13:33 22016 ----a-w- c:\windows\syswow64\secur32.dll
2010-05-17 18:13:33 153160 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2010-05-17 18:13:33 1446912 ----a-w- c:\windows\system32\lsasrv.dll
2010-05-17 18:13:33 12867072 ----a-w- c:\windows\syswow64\shell32.dll
2010-05-17 18:06:39 524288 --sha-w- c:\users\alan.pc.000\ntuser.dat{9803f84f-61af-11df-bfea-002564cb68a4}.TMContainer00000000000000000002.regtrans-ms
2010-05-17 18:06:38 65536 --sha-w- c:\users\alan.pc.000\ntuser.dat{9803f84f-61af-11df-bfea-002564cb68a4}.TM.blf
2010-05-17 18:06:38 524288 --sha-w- c:\users\alan.pc.000\ntuser.dat{9803f84f-61af-11df-bfea-002564cb68a4}.TMContainer00000000000000000001.regtrans-ms
2010-05-17 13:47:31 0 d-----w- c:\users\alanpc~1.000\appdata\roaming\Malwarebytes
2010-05-17 13:47:22 0 d-----w- c:\programdata\Malwarebytes
2010-05-17 13:47:22 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2010-05-12 19:54:21 56 ---ha-w- c:\programdata\ezsidmv.dat
2010-05-12 19:52:11 0 d-----w- c:\program files (x86)\Skype
2010-05-12 19:52:09 0 d-----w- c:\programdata\Skype
2010-05-11 20:01:30 0 d-----w- c:\program files\New folder
2010-05-11 18:23:57 0 d-----w- c:\programdata\PrinterShare
2010-05-11 18:23:57 0 d-----w- c:\program files (x86)\PrinterShare
2010-05-10 20:05:56 0 d-----w- c:\users\alan.pc.000\Calibre Library
2010-05-10 20:05:44 0 d-----w- c:\users\alanpc~1.000\appdata\roaming\calibre
2010-05-10 20:05:16 0 d-----w- c:\program files (x86)\Calibre2
2010-04-30 13:33:58 0 d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2010-04-19 08:50:29 0 d-----w- c:\programdata\Sun
2010-04-19 08:50:16 411368 ----a-w- c:\windows\syswow64\deployJava1.dll
2010-04-19 08:50:16 153376 ----a-w- c:\windows\syswow64\javaws.exe
2010-04-19 08:50:16 145184 ----a-w- c:\windows\syswow64\javaw.exe
2010-04-19 08:50:16 145184 ----a-w- c:\windows\syswow64\java.exe
2010-04-19 08:37:31 220672 ----a-w- c:\windows\system32\wintrust.dll
2010-04-19 08:37:31 172032 ----a-w- c:\windows\syswow64\wintrust.dll
2010-04-19 08:37:29 139264 ----a-w- c:\windows\system32\cabview.dll
2010-04-19 08:37:29 132608 ----a-w- c:\windows\syswow64\cabview.dll

==================== Find3M ====================

2010-05-06 14:36:38 270208 ------w- c:\windows\system32\MpSigStub.exe
2010-04-26 18:28:07 219128 ----a-w- c:\windows\syswow64\PnkBstrB.exe
2010-04-19 08:34:35 2128 ----a-w- c:\users\alanpc~1.000\appdata\roaming\wklnhst.dat
2010-03-08 21:59:59 612352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-08 21:33:56 427520 ----a-w- c:\windows\syswow64\vbscript.dll
2010-02-27 15:17:00 5509008 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-27 12:07:48 3954568 ----a-w- c:\windows\syswow64\ntkrnlpa.exe
2010-02-27 12:07:48 3899280 ----a-w- c:\windows\syswow64\ntoskrnl.exe
2010-02-23 08:22:50 1192960 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 07:56:00 977920 ----a-w- c:\windows\syswow64\wininet.dll
2010-02-23 07:55:56 1225216 ----a-w- c:\windows\syswow64\urlmon.dll
2010-02-23 07:55:45 606208 ----a-w- c:\windows\syswow64\mstime.dll
2010-02-23 07:55:43 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2010-02-23 07:55:43 5964800 ----a-w- c:\windows\syswow64\mshtml.dll
2010-02-23 07:55:24 10978816 ----a-w- c:\windows\syswow64\ieframe.dll
2010-02-23 07:55:20 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2010-01-21 21:19:26 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 18:21:00.42 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 11/7/2009 9:29:26 PM
System Uptime: 5/17/2010 5:10:01 PM (1 hours ago)

Motherboard: Dell Inc. | | 0R849J
Processor: Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz | CPU 1 | 2668/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 916 GiB total, 612.593 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 8.66 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
L: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP173: 4/27/2010 8:11:56 AM - Windows Update
RP174: 4/28/2010 3:00:24 AM - Windows Update
RP175: 4/29/2010 8:30:56 AM - Windows Update
RP176: 4/30/2010 8:49:38 AM - Windows Update
RP177: 5/1/2010 5:25:47 PM - Windows Update
RP178: 5/2/2010 6:21:37 PM - Windows Update
RP179: 5/3/2010 11:47:24 AM - Windows Update
RP180: 5/3/2010 6:16:33 PM - Windows Update
RP181: 5/4/2010 7:29:46 PM - Windows Update
RP182: 5/7/2010 8:58:02 AM - Windows Update
RP183: 5/10/2010 8:21:24 AM - Windows Update
RP184: 5/10/2010 12:12:17 PM - Windows Update
RP185: 5/10/2010 4:04:50 PM - Installed calibre
RP186: 5/11/2010 2:23:34 PM - Installed PrinterShare 2.2.02
RP187: 5/12/2010 8:35:37 AM - Windows Update
RP188: 5/13/2010 3:00:10 AM - Windows Update
RP189: 5/13/2010 8:35:38 AM - Windows Update
RP190: 5/14/2010 8:55:32 AM - Windows Update
RP191: 5/17/2010 8:39:19 AM - Windows Update
RP192: 5/17/2010 12:28:09 PM - Windows Update
RP193: 5/17/2010 1:59:34 PM - Restore Operation
RP194: 5/17/2010 2:09:23 PM - Removed Google Earth.
RP195: 5/17/2010 2:11:20 PM - Removed Google Earth.
RP196: 5/17/2010 2:17:29 PM - Windows Update
RP197: 5/17/2010 5:06:31 PM - Windows Update

==== Installed Programs ======================

Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.2
Amazon MP3 Downloader 1.0.9
Apple Application Support
Apple Software Update
BumpTop
Call of Duty Single Player Demo
Call of Duty(R) 2 Demo
Call of Duty(R) 4 - Modern Warfare(TM)
Call of Duty(R) 4 - Modern Warfare(TM) Demo
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center HydraVision Full
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Turkish
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help English
CCC Help French
CCC Help German
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Portuguese
CCC Help Spanish
CCC Help Thai
CCC Help Turkish
Compatibility Pack for the 2007 Office system
Driver Sweeper 2.0.5
GoToAssist 8.0.0.514
Input Director v1.2.1
Java Auto Updater
Java(TM) 6 Update 20
Junk Mail filter update
Malwarebytes' Anti-Malware
Microsoft Choice Guard
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
Move Media Player
Mozilla Firefox (3.6.3)
MSVCRT
Netflix in Windows Media Center
QuickTime
Revo Uninstaller 1.83
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Simplify Media
Skins
Spybot - Search & Destroy
Tiks Texas Hold em
Trader Workstation 4.0
VNC Free Edition 4.1.3
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer

==== Event Viewer Messages From Past Week ========

5/17/2010 6:08:55 PM, Error: Application Popup [1060] - \??\C:\Users\ALANPC~1.000\AppData\Local\Temp\mbr.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
5/17/2010 5:11:21 PM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
5/17/2010 3:37:46 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
5/17/2010 3:36:01 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
5/17/2010 3:36:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments " " in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
5/17/2010 3:36:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments " " in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
5/17/2010 3:35:53 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/17/2010 3:35:47 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments " " in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
5/17/2010 3:35:40 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache MpFilter spldr Wanarpv6
5/17/2010 3:35:38 PM, Error: Service Control Manager [7001] - The LPD Service service depends on the Print Spooler service which failed to start because of the following error: The dependency service or group failed to start.

==== End Of File ===========================

cakbar · 2010/05/17

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4110

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

5/17/2010 4:54:26 PM
mbam-log-2010-05-17 (16-54-26).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 293305
Time elapsed: 34 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

broni · 2010/05/17

Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
Alternative downloads:
- http://majorgeeks.com/GMER_d5198.html
- http://www.softpedia.com/get/Interne...ers/GMER.shtml
Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
Do NOT use the computer while GMER is running!
When scan is completed, click Save button, and save the results as gmer.log
Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

cakbar · 2010/05/18

Thanks for your speedy reply.

When first trying to run GMER, I get the following error message: "C:\Windows\system32\config\system: The system cannot find the file specified. "
When I try to run a scan after the error message, I get the same error message again, but it begins to scan anyway. After the scan I get the message: "GMER hasn't found any system modification." When I save the log, the log is empty.

broni · 2010/05/18

I apologize. I just noticed, you have 64-bit system. GMER won't run there.

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
CREATERESTOREPOINT

* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

cakbar · 2010/05/18

OTL logfile created on: 5/18/2010 11:46:33 AM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\Alan.PC.000\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

12.00 Gb Total Physical Memory | 10.00 Gb Available Physical Memory | 86.00% Memory free
24.00 Gb Paging File | 22.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 916.44 Gb Total Space | 628.51 Gb Free Space | 68.58% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 8.66 Gb Free Space | 57.73% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC
Current User Name: Alan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/05/18 11:44:41 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Users\Alan.PC.000\Desktop\OTL.exe
PRC - [2010/05/14 16:31:22 | 000,219,128 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe
PRC - [2010/04/29 12:29:52 | 001,069,568 | ---- | M] (PrinterAnywhere) -- C:\Program Files (x86)\PrinterShare\paConsole.exe
PRC - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2009/12/03 12:21:33 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2009/10/09 06:53:20 | 000,122,880 | ---- | M] () -- C:\Program Files (x86)\Input Director\InputDirectorSessionHelper.exe
PRC - [2009/10/09 06:53:02 | 000,438,272 | ---- | M] () -- C:\Program Files (x86)\Input Director\InputDirector.exe
PRC - [2009/10/09 06:52:50 | 000,032,768 | ---- | M] () -- C:\Program Files (x86)\Input Director\IDWinService.exe
PRC - [2009/05/19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/02/07 23:15:36 | 000,013,824 | ---- | M] () -- C:\Program Files (x86)\Input Director\IDVistaService.exe
PRC - [2008/12/18 15:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/10/15 18:13:58 | 000,439,632 | ---- | M] (RealVNC Ltd.) -- C:\Program Files (x86)\RealVNC\VNC4\winvnc4.exe

========== Modules (SafeList) ==========

MOD - [2010/05/18 11:44:41 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Users\Alan.PC.000\Desktop\OTL.exe
MOD - [2009/07/13 21:15:07 | 000,486,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
MOD - [2009/07/13 21:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/13 21:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/03/09 17:12:11 | 001,255,736 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV:64bit: - [2009/12/09 21:30:34 | 000,017,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/09/23 18:28:02 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 21:41:59 | 000,229,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wwansvc.dll -- (WwanSvc)
SRV:64bit: - [2009/07/13 21:41:56 | 000,202,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbiosrvc.dll -- (WbioSrvc)
SRV:64bit: - [2009/07/13 21:41:56 | 000,163,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpo.dll -- (Power)
SRV:64bit: - [2009/07/13 21:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2009/07/13 21:41:54 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sppuinotify.dll -- (sppuinotify)
SRV:64bit: - [2009/07/13 21:41:54 | 000,029,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sensrsvc.dll -- (SensrSvc)
SRV:64bit: - [2009/07/13 21:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\pnrpsvc.dll -- (PNRPsvc)
SRV:64bit: - [2009/07/13 21:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\pnrpsvc.dll -- (p2pimsvc)
SRV:64bit: - [2009/07/13 21:41:53 | 000,187,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\provsvc.dll -- (HomeGroupProvider)
SRV:64bit: - [2009/07/13 21:41:53 | 000,067,072 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\SysNative\RpcEpMap.dll -- (RpcEptMapper)
SRV:64bit: - [2009/07/13 21:41:53 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpauto.dll -- (PNRPAutoReg)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:41:19 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lpdsvc.dll -- (LPDSVC)
SRV:64bit: - [2009/07/13 21:41:18 | 000,231,936 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ListSvc.dll -- (HomeGroupListener)
SRV:64bit: - [2009/07/13 21:40:54 | 001,127,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FntCache.dll -- (FontCache)
SRV:64bit: - [2009/07/13 21:40:28 | 000,314,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2009/07/13 21:40:28 | 000,291,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\defragsvc.dll -- (defragsvc)
SRV:64bit: - [2009/07/13 21:40:13 | 000,083,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\bthserv.dll -- (bthserv)
SRV:64bit: - [2009/07/13 21:40:10 | 000,100,864 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\bdesvc.dll -- (BDESVC)
SRV:64bit: - [2009/07/13 21:40:05 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AxInstSv.dll -- (AxInstSV)
SRV:64bit: - [2009/07/13 21:40:01 | 000,032,256 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appidsvc.dll -- (AppIDSvc)
SRV:64bit: - [2009/07/13 21:39:51 | 001,503,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbengine.exe -- (wbengine)
SRV:64bit: - [2009/07/13 21:39:28 | 003,524,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\sppsvc.exe -- (sppsvc)
SRV:64bit: - [2009/07/13 21:39:11 | 000,689,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FXSSVC.exe -- (Fax)
SRV:64bit: - [2008/12/18 15:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2010/05/14 16:31:22 | 000,219,128 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/12/03 12:21:33 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2009/10/30 16:16:58 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2009/10/09 06:52:50 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Input Director\IDWinService.exe -- (InputDirector)
SRV - [2009/07/13 23:20:14 | 000,000,000 | ---D | M] [On_Demand | Stopped] -- C:\Windows\Vss -- (VSS)
SRV - [2009/07/13 23:20:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2009/07/13 21:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 21:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 16:30:11 | 000,061,056 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2009/06/10 16:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2009/05/19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/02/07 23:15:36 | 000,013,824 | ---- | M] () [On_Demand | Running] -- C:\Program Files (x86)\Input Director\IDVistaService.exe -- (IDVistaService)
SRV - [2008/10/15 18:13:58 | 000,439,632 | ---- | M] (RealVNC Ltd.) [Auto | Running] -- C:\Program Files (x86)\RealVNC\VNC4\WinVNC4.exe -- (WinVNC4)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/04/16 08:33:36 | 000,050,176 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/12/11 06:29:27 | 000,153,160 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ksecpkg.sys -- (KSecPkg)
DRV:64bit: - [2009/09/26 02:20:38 | 000,223,448 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fvevol.sys -- (fvevol)
DRV:64bit: - [2009/09/23 19:01:24 | 006,175,744 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:48:04 | 000,014,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hwpolicy.sys -- (hwpolicy)
DRV:64bit: - [2009/07/13 21:47:49 | 000,055,376 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fsdepends.sys -- (FsDepends)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:56 | 000,022,096 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wimmount.sys -- (WIMMount)
DRV:64bit: - [2009/07/13 21:45:55 | 000,217,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vhdmp.sys -- (vhdmp)
DRV:64bit: - [2009/07/13 21:45:55 | 000,036,432 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vdrvroot.sys -- (vdrvroot)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 21:45:46 | 000,214,096 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\rdyboost.sys -- (rdyboost)
DRV:64bit: - [2009/07/13 21:45:45 | 000,050,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pcw.sys -- (pcw)
DRV:64bit: - [2009/07/13 21:43:14 | 000,460,504 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\cng.sys -- (CNG)
DRV:64bit: - [2009/07/13 20:17:46 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpbus.sys -- (rdpbus)
DRV:64bit: - [2009/07/13 20:16:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV:64bit: - [2009/07/13 20:10:24 | 000,060,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV:64bit: - [2009/07/13 20:09:26 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\wfplwf.sys -- (WfpLwf)
DRV:64bit: - [2009/07/13 20:08:13 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ndiscap.sys -- (NdisCap)
DRV:64bit: - [2009/07/13 20:07:21 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vwifibus.sys -- (vwifibus)
DRV:64bit: - [2009/07/13 20:07:13 | 000,227,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\1394ohci.sys -- (1394ohci)
DRV:64bit: - [2009/07/13 20:07:00 | 000,350,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService)
DRV:64bit: - [2009/07/13 20:06:52 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\umpass.sys -- (UmPass)
DRV:64bit: - [2009/07/13 20:06:28 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\winusb.sys -- (WinUsb)
DRV:64bit: - [2009/07/13 20:06:24 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV:64bit: - [2009/07/13 20:05:37 | 000,112,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WUDFPf.sys -- (WudfPf)
DRV:64bit: - [2009/07/13 20:02:08 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MTConfig.sys -- (MTConfig)
DRV:64bit: - [2009/07/13 20:00:34 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CompositeBus.sys -- (CompositeBus)
DRV:64bit: - [2009/07/13 20:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\beep.sys -- (Beep)
DRV:64bit: - [2009/07/13 19:52:39 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\appid.sys -- (AppID)
DRV:64bit: - [2009/07/13 19:50:17 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\SysNative\drivers\scfilter.sys -- (scfilter)
DRV:64bit: - [2009/07/13 19:37:18 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\discache.sys -- (discache)
DRV:64bit: - [2009/07/13 19:31:06 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidbatt.sys -- (HidBatt)
DRV:64bit: - [2009/07/13 19:31:03 | 000,017,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CmBatt.sys -- (CmBatt)
DRV:64bit: - [2009/07/13 19:27:17 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipmi.sys -- (AcpiPmi)
DRV:64bit: - [2009/07/13 19:19:25 | 000,060,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdppm.sys -- (AmdPPM)
DRV:64bit: - [2009/06/10 16:35:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress) Intel(R)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/05/23 17:54:38 | 000,033,888 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iqvw64e.sys -- (NAL)
DRV:64bit: - [2007/11/14 04:00:00 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/13 21:16:19 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\winusb.dll -- (WinUsb)
DRV - [2009/07/13 21:16:02 | 000,014,336 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\netbios.dll -- (NetBIOS)
DRV - [2009/06/10 17:28:14 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)
DRV - [2009/06/10 17:15:18 | 000,003,066 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/05/18 11:28:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/05/18 11:28:58 | 000,000,000 | ---D | M]

[2010/05/17 15:11:48 | 000,000,000 | ---D | M] -- C:\Users\Alan.PC.000\AppData\Roaming\mozilla\Extensions
[2010/05/18 11:43:19 | 000,000,000 | ---D | M] -- C:\Users\Alan.PC.000\AppData\Roaming\mozilla\Firefox\Profiles\gluio1z1.default\extensions
[2010/05/18 11:29:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alan.PC.000\AppData\Roaming\mozilla\Firefox\Profiles\gluio1z1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/18 11:38:57 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Alan.PC.000\AppData\Roaming\mozilla\Firefox\Profiles\gluio1z1.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2010/05/18 11:42:01 | 000,000,000 | ---D | M] (VyprÃƒ¡zdnit vyrovnÃƒ¡vacÃƒ* pamÃ„â€ºÃ…¥) -- C:\Users\Alan.PC.000\AppData\Roaming\mozilla\Firefox\Profiles\gluio1z1.default\extensions\{563e4790-7e70-11da-a72b-0800200c9a66}
[2010/05/18 11:43:17 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Alan.PC.000\AppData\Roaming\mozilla\Firefox\Profiles\gluio1z1.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/05/18 11:29:04 | 000,000,000 | ---D | M] -- C:\Users\Alan.PC.000\AppData\Roaming\mozilla\Firefox\Profiles\gluio1z1.default\extensions\clickclean@hotcleaner.com
[2010/05/18 11:42:01 | 000,000,000 | ---D | M] -- C:\Users\Alan.PC.000\AppData\Roaming\mozilla\Firefox\Profiles\gluio1z1.default\extensions\cookiekiller@joseph.moran
[2010/05/18 11:34:45 | 000,000,000 | ---D | M] -- C:\Users\Alan.PC.000\AppData\Roaming\mozilla\Firefox\Profiles\gluio1z1.default\extensions\foxmarks@kei.com
[2010/05/18 11:29:05 | 000,000,000 | ---D | M] -- C:\Users\Alan.PC.000\AppData\Roaming\mozilla\Firefox\Profiles\gluio1z1.default\extensions\speedtest@gotomyhelp.com
[2010/05/17 19:22:13 | 000,000,000 | ---D | M] -- C:\Users\Alan.PC.000\AppData\Roaming\mozilla\Firefox\Profiles\p9svalu7.default\extensions
[2010/05/17 15:13:43 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Alan.PC.000\AppData\Roaming\mozilla\Firefox\Profiles\p9svalu7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/18 11:28:41 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Alan.PC.000\AppData\Roaming\mozilla\Firefox\Profiles\p9svalu7.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2010/05/17 17:19:45 | 000,000,000 | ---D | M] (VyprÃƒ¡zdnit vyrovnÃƒ¡vacÃƒ* pamÃ„â€ºÃ…¥) -- C:\Users\Alan.PC.000\AppData\Roaming\mozilla\Firefox\Profiles\p9svalu7.default\extensions\{563e4790-7e70-11da-a72b-0800200c9a66}
[2010/05/18 11:28:40 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Alan.PC.000\AppData\Roaming\mozilla\Firefox\Profiles\p9svalu7.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/05/18 11:28:40 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Alan.PC.000\AppData\Roaming\mozilla\Firefox\Profiles\p9svalu7.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/05/17 17:23:22 | 000,000,000 | ---D | M] -- C:\Users\Alan.PC.000\AppData\Roaming\mozilla\Firefox\Profiles\p9svalu7.default\extensions\cookiekiller@joseph.moran
[2010/05/18 11:28:41 | 000,000,000 | ---D | M] -- C:\Users\Alan.PC.000\AppData\Roaming\mozilla\Firefox\Profiles\p9svalu7.default\extensions\foxmarks@kei.com
[2009/11/07 22:11:15 | 000,000,000 | ---D | M] -- C:\Users\Alan.PC.000\AppData\Roaming\mozilla\Firefox\Profiles\wsxqonm6.default\extensions
[2009/11/07 22:11:15 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Alan.PC.000\AppData\Roaming\mozilla\Firefox\Profiles\wsxqonm6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/11/07 22:11:15 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Alan.PC.000\AppData\Roaming\mozilla\Firefox\Profiles\wsxqonm6.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2009/11/07 22:11:15 | 000,000,000 | ---D | M] (Clear Cache Button) -- C:\Users\Alan.PC.000\AppData\Roaming\mozilla\Firefox\Profiles\wsxqonm6.default\extensions\{563e4790-7e70-11da-a72b-0800200c9a66}
[2009/11/07 22:11:15 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Alan.PC.000\AppData\Roaming\mozilla\Firefox\Profiles\wsxqonm6.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/11/07 22:11:13 | 000,000,000 | ---D | M] -- C:\Users\Alan.PC.000\AppData\Roaming\mozilla\Firefox\Profiles\wsxqonm6.default\extensions\cookiekiller@joseph.moran
[2009/11/07 22:11:15 | 000,000,000 | ---D | M] -- C:\Users\Alan.PC.000\AppData\Roaming\mozilla\Firefox\Profiles\wsxqonm6.default\extensions\foxmarks@kei.com
[2010/05/18 11:26:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/05/18 11:28:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [InputDirector] C:\Program Files (x86)\Input Director\InputDirector.exe ()
O4 - HKCU..\Run: [PrinterShare] C:\Program Files (x86)\PrinterShare\paConsole.exe (PrinterAnywhere)
O4 - HKCU..\Run: [Simplify Media] C:\Program Files (x86)\Simplify Media\SimplifyMedia.exe (Simplify Media, Inc.)
O4 - Startup: C:\Users\Alan.PC.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BumpTop.lnk = C:\Program Files (x86)\BumpTop\BumpTop.exe ()
O4 - Startup: C:\Users\Alan.PC.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Check for TWS Updates.lnk = C:\Jts\WiseUpdt.exe ()
O4 - Startup: C:\Users\Alan.PC.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files (x86)\Dell\DellDock\DellDock.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 3
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {6F6FDB9E-5072-498C-BCB0-2B7F00C49EE7} http://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - Reg Error: Key error. - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img35.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img35.jpg
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: Ias - C:\Windows\SysNative\ias [2009/07/13 23:20:14 | 000,000,000 | ---D | M]
NetSvcs:64bit: Irmon - C:\Windows\SysNative\irmon.dll (Microsoft Corporation)
NetSvcs:64bit: Wmi - C:\Windows\SysNative\wmi.dll (Microsoft Corporation)
NetSvcs:64bit: Themes - C:\Windows\SysNative\themeservice.dll (Microsoft Corporation)
NetSvcs:64bit: BDESVC - C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation)
NetSvcs: Ias - C:\Windows\SysWOW64\ias [2009/10/29 09:59:42 | 000,000,000 | ---D | M]
NetSvcs: Wmi - C:\Windows\SysWOW64\wmi.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 90 Days ==========

[2010/05/18 11:44:38 | 000,571,392 | ---- | C] (OldTimer Tools) -- C:\Users\Alan.PC.000\Desktop\OTL.exe
[2010/05/17 16:37:07 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/05/17 15:46:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2010/05/17 09:47:31 | 000,000,000 | ---D | C] -- C:\Users\Alan.PC.000\AppData\Roaming\Malwarebytes
[2010/05/17 09:47:23 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/05/17 09:47:22 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/05/17 09:47:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/05/17 09:47:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/05/12 15:54:21 | 000,000,000 | ---D | C] -- C:\Users\Alan.PC.000\AppData\Roaming\skypePM
[2010/05/12 15:52:36 | 000,000,000 | ---D | C] -- C:\Users\Alan.PC.000\AppData\Roaming\Skype
[2010/05/12 15:52:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2010/05/12 15:52:11 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2010/05/12 15:52:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2010/05/11 16:01:30 | 000,000,000 | ---D | C] -- C:\Program Files\New folder
[2010/05/11 14:23:57 | 000,000,000 | ---D | C] -- C:\ProgramData\PrinterShare
[2010/05/11 14:23:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PrinterShare
[2010/05/10 16:05:56 | 000,000,000 | ---D | C] -- C:\Users\Alan.PC.000\Calibre Library
[2010/05/10 16:05:44 | 000,000,000 | ---D | C] -- C:\Users\Alan.PC.000\AppData\Roaming\calibre
[2010/05/10 16:05:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Calibre2
[2010/05/06 10:56:39 | 000,000,000 | R--D | C] -- C:\Users\Alan.PC.000\Documents\Scanned Documents
[2010/05/06 10:56:38 | 000,000,000 | ---D | C] -- C:\Users\Alan.PC.000\Documents\Fax
[2010/04/30 09:33:59 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/04/30 09:33:58 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/04/30 09:33:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010/04/30 09:33:58 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2010/04/30 09:32:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010/04/30 09:31:39 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/04/30 09:31:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2010/04/21 13:40:56 | 000,000,000 | ---D | C] -- C:\Users\Alan.PC.000\Documents\confirmed_order.jsp_files
[2010/04/19 04:50:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/04/19 04:50:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/03/25 12:05:25 | 000,000,000 | ---D | C] -- C:\Users\Alan.PC.000\Documents\thankyou.do_files
[2010/03/12 12:42:23 | 000,000,000 | ---D | C] -- C:\Users\Alan.PC.000\Documents\SummaryPage.aspx_files
[2010/03/11 14:59:23 | 000,000,000 | ---D | C] -- C:\Users\Alan.PC.000\AppData\Roaming\TeamViewer
[2010/03/11 14:59:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
[2010/03/10 10:55:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Antimalware
[2010/03/09 17:12:12 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2010/03/09 17:12:12 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2010/03/09 15:24:02 | 000,000,000 | ---D | C] -- C:\Users\Alan.PC.000\AppData\Local\Diagnostics
[2010/03/08 10:27:47 | 000,000,000 | ---D | C] -- C:\Users\Alan.PC.000\Documents\Ebay. Hotel Collection Payment Info_files
[2010/03/05 10:42:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Simplify Media

========== Files - Modified Within 90 Days ==========

[2010/05/18 11:48:37 | 002,097,152 | -HS- | M] () -- C:\Users\Alan.PC.000\ntuser.dat
[2010/05/18 11:44:41 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Users\Alan.PC.000\Desktop\OTL.exe
[2010/05/18 11:38:27 | 000,011,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/05/18 11:38:27 | 000,011,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/05/18 11:36:54 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/05/18 11:36:54 | 000,615,122 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/05/18 11:36:54 | 000,103,496 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/05/18 11:30:55 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/18 11:30:44 | 000,524,288 | -HS- | M] () -- C:\Users\Alan.PC.000\ntuser.dat{15b30688-6283-11df-8bf8-002564cb68a4}.TMContainer00000000000000000002.regtrans-ms
[2010/05/18 11:30:44 | 000,524,288 | -HS- | M] () -- C:\Users\Alan.PC.000\ntuser.dat{15b30688-6283-11df-8bf8-002564cb68a4}.TMContainer00000000000000000001.regtrans-ms
[2010/05/18 11:30:44 | 000,065,536 | -HS- | M] () -- C:\Users\Alan.PC.000\ntuser.dat{15b30688-6283-11df-8bf8-002564cb68a4}.TM.blf
[2010/05/18 11:30:44 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/05/18 11:30:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/05/18 11:30:23 | 1066,803,198 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/18 11:24:50 | 002,905,109 | -H-- | M] () -- C:\Users\Alan.PC.000\AppData\Local\IconCache.db
[2010/05/17 15:34:10 | 000,524,288 | -HS- | M] () -- C:\Users\Alan.PC.000\ntuser.dat{9803f84f-61af-11df-bfea-002564cb68a4}.TMContainer00000000000000000002.regtrans-ms
[2010/05/17 15:34:10 | 000,524,288 | -HS- | M] () -- C:\Users\Alan.PC.000\ntuser.dat{9803f84f-61af-11df-bfea-002564cb68a4}.TMContainer00000000000000000001.regtrans-ms
[2010/05/17 15:34:10 | 000,065,536 | -HS- | M] () -- C:\Users\Alan.PC.000\ntuser.dat{9803f84f-61af-11df-bfea-002564cb68a4}.TM.blf
[2010/05/17 13:07:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/17 09:47:26 | 000,001,015 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/14 16:31:23 | 000,219,128 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2010/05/14 16:31:22 | 000,219,128 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010/05/12 15:54:21 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[2010/05/12 15:52:13 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010/05/10 16:05:38 | 000,000,962 | ---- | M] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/04/29 15:39:28 | 000,024,664 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/04/21 13:40:57 | 000,065,838 | ---- | M] () -- C:\Users\Alan.PC.000\Documents\confirmed_order.jsp.htm
[2010/04/19 04:34:35 | 000,002,128 | ---- | M] () -- C:\Users\Alan.PC.000\AppData\Roaming\wklnhst.dat
[2010/03/25 12:05:27 | 000,061,428 | ---- | M] () -- C:\Users\Alan.PC.000\Documents\thankyou.do.htm
[2010/03/12 12:42:24 | 000,025,265 | ---- | M] () -- C:\Users\Alan.PC.000\Documents\SummaryPage.aspx.htm
[2010/03/08 10:27:48 | 000,047,174 | ---- | M] () -- C:\Users\Alan.PC.000\Documents\Ebay. Hotel Collection Payment Info.htm

========== Files Created - No Company Name ==========

[2010/05/18 11:30:44 | 000,524,288 | -HS- | C] () -- C:\Users\Alan.PC.000\ntuser.dat{15b30688-6283-11df-8bf8-002564cb68a4}.TMContainer00000000000000000002.regtrans-ms
[2010/05/18 11:30:44 | 000,524,288 | -HS- | C] () -- C:\Users\Alan.PC.000\ntuser.dat{15b30688-6283-11df-8bf8-002564cb68a4}.TMContainer00000000000000000001.regtrans-ms
[2010/05/18 11:30:44 | 000,065,536 | -HS- | C] () -- C:\Users\Alan.PC.000\ntuser.dat{15b30688-6283-11df-8bf8-002564cb68a4}.TM.blf
[2010/05/17 14:06:39 | 000,524,288 | -HS- | C] () -- C:\Users\Alan.PC.000\ntuser.dat{9803f84f-61af-11df-bfea-002564cb68a4}.TMContainer00000000000000000002.regtrans-ms
[2010/05/17 14:06:38 | 000,524,288 | -HS- | C] () -- C:\Users\Alan.PC.000\ntuser.dat{9803f84f-61af-11df-bfea-002564cb68a4}.TMContainer00000000000000000001.regtrans-ms
[2010/05/17 14:06:38 | 000,065,536 | -HS- | C] () -- C:\Users\Alan.PC.000\ntuser.dat{9803f84f-61af-11df-bfea-002564cb68a4}.TM.blf
[2010/05/17 09:47:26 | 000,001,015 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/12 15:54:21 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/05/12 15:52:13 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2010/05/10 16:05:38 | 000,000,962 | ---- | C] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2010/05/05 16:02:16 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/05 16:02:15 | 000,000,890 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/21 13:40:56 | 000,065,838 | ---- | C] () -- C:\Users\Alan.PC.000\Documents\confirmed_order.jsp.htm
[2010/03/25 12:05:25 | 000,061,428 | ---- | C] () -- C:\Users\Alan.PC.000\Documents\thankyou.do.htm
[2010/03/12 12:42:23 | 000,025,265 | ---- | C] () -- C:\Users\Alan.PC.000\Documents\SummaryPage.aspx.htm
[2010/03/08 10:27:47 | 000,047,174 | ---- | C] () -- C:\Users\Alan.PC.000\Documents\Ebay. Hotel Collection Payment Info.htm
[2009/11/28 19:30:49 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini
[2009/11/25 19:24:22 | 000,000,291 | ---- | C] () -- C:\Windows\cod2demo.ini
[2009/10/29 10:24:16 | 000,000,042 | ---- | C] () -- C:\Windows\ib.ini
[2009/10/29 10:24:15 | 000,026,624 | ---- | C] () -- C:\Windows\GetIe.dll
[2009/10/29 10:21:38 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/10/13 16:02:14 | 000,146,432 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2009/10/13 16:02:14 | 000,072,704 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2009/11/25 23:17:45 | 000,000,000 | ---D | M] -- C:\Users\Alan.PC.000\AppData\Roaming\2K Sports
[2010/01/03 18:57:09 | 000,000,000 | ---D | M] -- C:\Users\Alan.PC.000\AppData\Roaming\Amazon
[2009/11/14 18:40:42 | 000,000,000 | ---D | M] -- C:\Users\Alan.PC.000\AppData\Roaming\App Launcher Gadget
[2010/01/21 10:53:03 | 000,000,000 | ---D | M] -- C:\Users\Alan.PC.000\AppData\Roaming\Bump Technologies, Inc
[2010/05/10 16:06:49 | 000,000,000 | ---D | M] -- C:\Users\Alan.PC.000\AppData\Roaming\calibre
[2009/11/07 22:11:07 | 000,000,000 | ---D | M] -- C:\Users\Alan.PC.000\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/11/24 16:35:47 | 000,000,000 | ---D | M] -- C:\Users\Alan.PC.000\AppData\Roaming\Gamelab
[2010/03/11 14:59:23 | 000,000,000 | ---D | M] -- C:\Users\Alan.PC.000\AppData\Roaming\TeamViewer
[2009/11/07 22:11:15 | 000,000,000 | ---D | M] -- C:\Users\Alan.PC.000\AppData\Roaming\Template
[2009/07/14 01:08:49 | 000,030,388 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AGP440.SYS >
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/13 21:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: IASTOR.SYS >
[2008/09/28 04:22:14 | 000,402,456 | ---- | M] (Intel Corporation) MD5=FC28E90F2204D8FD147FA9BFA8A51C01 -- C:\Drivers\storage\R200390\IaStor.sys
[2008/09/28 04:22:14 | 000,402,456 | ---- | M] (Intel Corporation) MD5=FC28E90F2204D8FD147FA9BFA8A51C01 -- C:\Windows\SysWow64\DriverStore\FileRepository\iaahci.inf_amd64_neutral_b713da3dc2c70b47\iaStor.sys
[2008/09/28 04:22:14 | 000,402,456 | ---- | M] (Intel Corporation) MD5=FC28E90F2204D8FD147FA9BFA8A51C01 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastor.inf_amd64_neutral_916ee8d64bb718d0\iaStor.sys

< MD5 for: IASTORV.SYS >
[2009/07/13 21:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/13 21:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/07/13 21:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009/07/13 21:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/13 21:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/13 21:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009/07/13 21:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/13 21:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/13 21:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/13 21:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/13 21:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/13 21:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

========== Alternate Data Streams ==========

@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:73933431
< End of report >

cakbar · 2010/05/18

OTL Extras logfile created on: 5/18/2010 11:46:33 AM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\Alan.PC.000\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

12.00 Gb Total Physical Memory | 10.00 Gb Available Physical Memory | 86.00% Memory free
24.00 Gb Paging File | 22.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 916.44 Gb Total Space | 628.51 Gb Free Space | 68.58% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 8.66 Gb Free Space | 57.73% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC
Current User Name: Alan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll ",PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll ",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1 ",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll ",PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll ",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E96FD88-FF86-25BB-112E-804C2F1B1128}" = ATI Catalyst Install Manager
"{26A24AE4-039D-4CA4-87B4-2F86416013FF}" = Java(TM) 6 Update 13 (64-bit)
"{404BB1FF-A84F-432F-B77B-301E88E8D1C7}" = Apple Mobile Device Support
"{893D9341-6AEA-8463-83E1-70D004A56AD3}" = ccc-utility64
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95C9C76F-ECF3-40FA-94F8-5DDFB6BAF40D}" = Microsoft Security Essentials
"{96D5EB02-DE18-4DCD-A713-929B4461CA8D}" = iTunes
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B71779A7-9931-A01C-FE36-26D30133B3A1}" = ccc-utility64
"{C19D4D8F-4433-4F6D-9F0C-79589FD0B973}" = Bonjour
"{DDD076BF-C5C3-468C-AA1B-F9A7E47446FE}" = Intel(R) Network Connections 13.1.33.0
"{E590FD1C-E8C6-4D2E-8CA9-77B403F7EE01}" = Microsoft Antimalware
"{E60B7350-EA5F-41E0-9D6F-E508781E36D2}" = Dell Dock
"{ED48B4B4-52BA-46C3-9D03-C7155BF7390D}" = PrinterShare 2.2.02
"Microsoft Security Essentials" = Microsoft Security Essentials
"PROSetDX" = Intel(R) Network Connections 13.1.33.0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0764694E-4C2E-1A05-B6A2-3C0B4F061AB5}" = CCC Help Hungarian
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0C2D2976-6F6B-EB9A-57CB-0F479510E29D}" = Catalyst Control Center Localization Portuguese
"{0F52FBBC-D076-9A9A-5A0F-FFC6D46361B0}" = Catalyst Control Center Graphics Previews Common
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1833C9AB-38B3-2B52-6A66-46B366327FE8}" = Catalyst Control Center Localization French
"{186FC6A7-3E47-67AB-BF01-B2D86A1FA34B}" = CCC Help Thai
"{1E132C9D-042E-E68D-9A85-5273085FBF75}" = Catalyst Control Center Graphics Full Existing
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{1FF713E1-FE5E-4AD0-9C8C-B2E877846B45}" = Catalyst Control Center - Branding
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{269FC1B2-92D3-1AA7-CC2E-E3BFB141ED08}" = Catalyst Control Center Graphics Light
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 20
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{292E1FC7-C42A-5ED5-0904-94C1A0A1538A}" = Catalyst Control Center InstallProxy
"{2AF983E8-983E-AEAD-BB41-D7CAED800C03}" = CCC Help Chinese Traditional
"{2E094936-B6D2-67FC-9680-7D83FD9722EA}" = CCC Help Chinese Standard
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{319397B7-88C3-FF5E-788E-6EC3D9C7F10F}" = Catalyst Control Center Localization Chinese Standard
"{33303B83-3081-5C68-EBD9-9140DD374B5A}" = Catalyst Control Center Core Implementation
"{364F416C-CA2E-20FA-193C-267192F339A7}" = CCC Help Japanese
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{41F1BC2D-182A-706D-B48D-F88B097CAA3C}" = CCC Help Chinese Traditional
"{4250568D-A456-7DF3-4832-21CC15E7D0B1}" = CCC Help Korean
"{42B4E7DE-52DD-4037-B7CF-562F8748C4ED}" = Simplify Media
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A3E4DFA-6AC2-8E80-AF5C-DF34CC97FEA5}" = Catalyst Control Center HydraVision Full
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4F668F8E-56FC-6DFF-4F2F-603542D7413B}" = Catalyst Control Center Graphics Full Existing
"{5070E761-C5ED-A868-CE4E-B3C7B4674E06}" = Catalyst Control Center Localization Hungarian
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{59B8EE7B-A449-A1F5-45A2-6F58C305925E}" = Catalyst Control Center Graphics Light
"{5AED8F22-D3F2-C924-4F2A-1D6C80162C78}" = CCC Help Italian
"{5F837C12-F45A-ADC7-DF59-3CF43C228226}" = ccc-core-static
"{63A7AA0B-6EDC-40F0-B14E-5289599EE2A3}" = Catalyst Control Center - Branding
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6734CA10-8FB8-4C7F-B8C7-75317C617DC5}" = Call of Duty(R) 4 - Modern Warfare(TM) Demo
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69A01F5F-EF07-C3C6-3B94-E895E931FCF1}" = Catalyst Control Center Graphics Full New
"{71702641-2849-45A4-8E62-4B85974B24A0}_is1" = BumpTop
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77082BFF-AFC4-CDFD-26C1-79AD8CCC9452}" = CCC Help Korean
"{785740DF-DC05-F730-4309-09DDC7848A40}" = Catalyst Control Center Graphics Full New
"{7B68D39D-C167-DA59-587A-5143B0FF3458}" = Catalyst Control Center InstallProxy
"{7CF115FC-BA7C-E81A-631A-B9545D446AF0}" = Catalyst Control Center Graphics Previews Common
"{80250615-2FF1-0AAE-9C71-375BA6E5CF7E}" = ccc-core-static
"{80F0EB59-D25F-2A39-92E9-B1D593255E64}" = Skins
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110422467}" = Tiks Texas Hold em
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86925C00-AB04-17B3-D9FB-373943F39DE0}" = Catalyst Control Center Core Implementation
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8B5A3788-7DE7-668B-437A-2EDF278F8324}" = CCC Help English
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{96173BCD-08AC-57B1-FCE3-E7A9018BE585}" = Catalyst Control Center Localization All
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AE79FD8-90DD-AA27-06FA-0DF8A0FFCE88}" = CCC Help French
"{9B947CCE-D5B2-1AE4-D3EE-B073D5D5D4D7}" = Catalyst Control Center Graphics Previews Vista
"{A2233F8C-B7AC-0E77-0DF3-57678388A816}" = Catalyst Control Center Localization Japanese
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{B210130E-835C-4581-A695-CE10616B8B55}_is1" = Driver Sweeper 2.0.5
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4E24CA6-5254-7E2D-F1FC-B01881AD4556}" = Catalyst Control Center Localization Italian
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C4A40111-4DD6-C90E-27E7-CA8F3E647DF0}" = CCC Help Chinese Standard
"{C61798EC-C148-DCAF-0BBB-983E3F2A358A}" = CCC Help German
"{D0B7DE9F-D63D-57DD-1872-3F0207A437AC}" = CCC Help Turkish
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skypeâ„¢ 4.2
"{D222C5F9-C8A4-A32F-8A58-EFAF7178F5ED}" = CCC Help Japanese
"{D42E3F13-E45C-33A1-7FBF-FB84419858E1}" = Catalyst Control Center Graphics Previews Vista
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DCEBE43A-834D-67B5-306E-E95E9180D5B7}" = CCC Help English
"{DDEE3690-E766-135E-39F9-1069E44364FF}" = Catalyst Control Center Localization Turkish
"{DE6D0FDB-3B65-48B9-6F71-A61D5A7B576F}" = CCC Help Portuguese
"{E14D7E83-C764-F6D9-FA7E-DA50596C8B02}" = Catalyst Control Center Localization Spanish
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F39A1538-F97D-702B-AD48-F8FD2A01D0B2}" = Catalyst Control Center Localization Korean
"{F569D2CB-5BB9-B8A1-9B1D-AA813D974372}" = CCC Help Spanish
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F751C062-87DA-4D33-8A12-6E7F1D4C051C}" = Netflix in Windows Media Center
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{FAD98B49-AFB8-402E-8EC5-FEC6858D9226}" = calibre
"{FB997B37-623B-E151-6AC5-5EEA34FE4178}" = Catalyst Control Center Localization Chinese Traditional
"{FB9CDF41-F0B9-4F31-9230-7DF0D6637270}" = Call of Duty(R) 2 Demo
"{FCDDA9CC-10DC-F720-53DE-D23A96EA8792}" = Catalyst Control Center Localization German
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.9
"Call of Duty Single Player Demo" = Call of Duty Single Player Demo
"GoToAssist" = GoToAssist 8.0.0.514
"Input Director" = Input Director v1.2.1
"InstallShield_{6734CA10-8FB8-4C7F-B8C7-75317C617DC5}" = Call of Duty(R) 4 - Modern Warfare(TM) Demo
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"InstallShield_{FB9CDF41-F0B9-4F31-9230-7DF0D6637270}" = Call of Duty(R) 2 Demo
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"RealVNC_is1" = VNC Free Edition 4.1.3
"Revo Uninstaller" = Revo Uninstaller 1.83
"Trader Workstation 4.0" = Trader Workstation 4.0
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

broni · 2010/05/18

Run OTL

Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following

Code:

:OTL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - Reg Error: Key error. - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
[2010/05/12 15:54:21 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat


:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[resethosts]
[Reboot]

Then click the [color= "#FF0000"]Run Fix[/color] button at the top
Let the program run unhindered, reboot the PC when it is done
You will get a log that shows the results of the fix. Please post it.
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

cakbar · 2010/05/18

Before I go any further, I must apologize. Since my last post, I have had to restore my PC back to yesterday mornings state (before I restored back to a point a few weeks back), in order to retrieve some program settings that I required for my work. I am sorry if this has ******* things up and we have to start from scratch.
I will do the scan as you suggested, but please let me know if you need me to go back a few steps and rescan earlier stuff.

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F}\ deleted successfully.
File {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-itss\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A9007C0-4076-11D3-8789-0000F8105754}\ deleted successfully.
File {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F}\ not found.
File {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D}\ deleted successfully.
File {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype-ie-addon-data\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91774881-D725-4E58-B298-07617B9B86A8}\ deleted successfully.
File {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03C514A3-1EFB-4856-9F99-10D7BE1653C0}\ deleted successfully.
File {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToAssist\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
C:\ProgramData\ezsidmv.dat moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Alan
->Temp folder emptied: 5509540 bytes
->Temporary Internet Files folder emptied: 6866282 bytes
->Java cache emptied: 22170731 bytes
->FireFox cache emptied: 27335377 bytes
->Flash cache emptied: 1539 bytes

User: Alan.PC
->Temp folder emptied: 196758 bytes
->Temporary Internet Files folder emptied: 6179279 bytes
->Java cache emptied: 22170731 bytes
->Flash cache emptied: 564 bytes

User: Alan.PC.000
->Temp folder emptied: 102351180 bytes
->Temporary Internet Files folder emptied: 23641711 bytes
->Java cache emptied: 53735589 bytes
->FireFox cache emptied: 87331989 bytes
->Flash cache emptied: 87669 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 41044 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 87596 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67563 bytes
RecycleBin emptied: 7277281671 bytes

Total Files Cleaned = 7,281.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.4.1 log created on 05182010_133011

Files\Folders moved on Reboot...
C:\Users\Alan.PC.000\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Alan.PC.000\AppData\Local\Temp\VGX4ECA.tmp not found!

Registry entries deleted on Reboot...

cakbar · 2010/05/18

OTL logfile created on: 5/18/2010 1:36:24 PM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\Alan.PC.000\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

12.00 Gb Total Physical Memory | 10.00 Gb Available Physical Memory | 85.00% Memory free
24.00 Gb Paging File | 22.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 916.44 Gb Total Space | 629.54 Gb Free Space | 68.69% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 8.66 Gb Free Space | 57.73% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC
Current User Name: Alan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/05/18 13:28:18 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Users\Alan.PC.000\Desktop\OTL.exe
PRC - [2010/05/14 16:31:22 | 000,219,128 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe
PRC - [2010/04/29 12:29:52 | 001,069,568 | ---- | M] (PrinterAnywhere) -- C:\Program Files (x86)\PrinterShare\paConsole.exe
PRC - [2010/04/19 13:03:01 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/03/02 16:54:20 | 022,144,520 | ---- | M] (Simplify Media, Inc.) -- C:\Program Files (x86)\Simplify Media\SimplifyMedia.exe
PRC - [2009/12/03 12:21:33 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2009/10/09 06:53:20 | 000,122,880 | ---- | M] () -- C:\Program Files (x86)\Input Director\InputDirectorSessionHelper.exe
PRC - [2009/10/09 06:53:02 | 000,438,272 | ---- | M] () -- C:\Program Files (x86)\Input Director\InputDirector.exe
PRC - [2009/10/09 06:52:50 | 000,032,768 | ---- | M] () -- C:\Program Files (x86)\Input Director\IDWinService.exe
PRC - [2009/05/19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/02/07 23:15:36 | 000,013,824 | ---- | M] () -- C:\Program Files (x86)\Input Director\IDVistaService.exe
PRC - [2008/12/18 15:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/10/15 18:13:58 | 000,439,632 | ---- | M] (RealVNC Ltd.) -- C:\Program Files (x86)\RealVNC\VNC4\winvnc4.exe

========== Modules (SafeList) ==========

MOD - [2010/05/18 13:28:18 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Users\Alan.PC.000\Desktop\OTL.exe
MOD - [2009/07/13 21:15:07 | 000,486,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
MOD - [2009/07/13 21:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/13 21:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/03/09 17:12:11 | 001,255,736 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV:64bit: - [2009/12/09 21:30:34 | 000,017,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/09/23 18:28:02 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 21:41:59 | 000,229,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wwansvc.dll -- (WwanSvc)
SRV:64bit: - [2009/07/13 21:41:56 | 000,202,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbiosrvc.dll -- (WbioSrvc)
SRV:64bit: - [2009/07/13 21:41:56 | 000,163,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpo.dll -- (Power)
SRV:64bit: - [2009/07/13 21:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2009/07/13 21:41:54 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sppuinotify.dll -- (sppuinotify)
SRV:64bit: - [2009/07/13 21:41:54 | 000,029,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sensrsvc.dll -- (SensrSvc)
SRV:64bit: - [2009/07/13 21:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\pnrpsvc.dll -- (PNRPsvc)
SRV:64bit: - [2009/07/13 21:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\pnrpsvc.dll -- (p2pimsvc)
SRV:64bit: - [2009/07/13 21:41:53 | 000,187,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\provsvc.dll -- (HomeGroupProvider)
SRV:64bit: - [2009/07/13 21:41:53 | 000,067,072 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\SysNative\RpcEpMap.dll -- (RpcEptMapper)
SRV:64bit: - [2009/07/13 21:41:53 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpauto.dll -- (PNRPAutoReg)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:41:19 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lpdsvc.dll -- (LPDSVC)
SRV:64bit: - [2009/07/13 21:41:18 | 000,231,936 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ListSvc.dll -- (HomeGroupListener)
SRV:64bit: - [2009/07/13 21:40:54 | 001,127,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FntCache.dll -- (FontCache)
SRV:64bit: - [2009/07/13 21:40:28 | 000,314,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2009/07/13 21:40:28 | 000,291,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\defragsvc.dll -- (defragsvc)
SRV:64bit: - [2009/07/13 21:40:13 | 000,083,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\bthserv.dll -- (bthserv)
SRV:64bit: - [2009/07/13 21:40:10 | 000,100,864 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\bdesvc.dll -- (BDESVC)
SRV:64bit: - [2009/07/13 21:40:05 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AxInstSv.dll -- (AxInstSV)
SRV:64bit: - [2009/07/13 21:40:01 | 000,032,256 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appidsvc.dll -- (AppIDSvc)
SRV:64bit: - [2009/07/13 21:39:51 | 001,503,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbengine.exe -- (wbengine)
SRV:64bit: - [2009/07/13 21:39:28 | 003,524,608 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\sppsvc.exe -- (sppsvc)
SRV:64bit: - [2009/07/13 21:39:11 | 000,689,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FXSSVC.exe -- (Fax)
SRV:64bit: - [2008/12/18 15:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2010/05/14 16:31:22 | 000,219,128 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/12/03 12:21:33 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2009/10/30 16:16:58 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2009/10/09 06:52:50 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Input Director\IDWinService.exe -- (InputDirector)
SRV - [2009/07/13 23:20:14 | 000,000,000 | ---D | M] [On_Demand | Stopped] -- C:\Windows\Vss -- (VSS)
SRV - [2009/07/13 23:20:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2009/07/13 21:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 21:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 16:30:11 | 000,061,056 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2009/06/10 16:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2009/05/19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/02/07 23:15:36 | 000,013,824 | ---- | M] () [On_Demand | Running] -- C:\Program Files (x86)\Input Director\IDVistaService.exe -- (IDVistaService)
SRV - [2008/10/15 18:13:58 | 000,439,632 | ---- | M] (RealVNC Ltd.) [Auto | Running] -- C:\Program Files (x86)\RealVNC\VNC4\WinVNC4.exe -- (WinVNC4)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/04/16 08:33:36 | 000,050,176 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/12/11 06:29:27 | 000,153,160 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ksecpkg.sys -- (KSecPkg)
DRV:64bit: - [2009/09/26 02:20:38 | 000,223,448 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fvevol.sys -- (fvevol)
DRV:64bit: - [2009/09/23 19:01:24 | 006,175,744 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:48:04 | 000,014,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hwpolicy.sys -- (hwpolicy)
DRV:64bit: - [2009/07/13 21:47:49 | 000,055,376 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fsdepends.sys -- (FsDepends)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:56 | 000,022,096 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wimmount.sys -- (WIMMount)
DRV:64bit: - [2009/07/13 21:45:55 | 000,217,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vhdmp.sys -- (vhdmp)
DRV:64bit: - [2009/07/13 21:45:55 | 000,036,432 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vdrvroot.sys -- (vdrvroot)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 21:45:46 | 000,214,096 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\rdyboost.sys -- (rdyboost)
DRV:64bit: - [2009/07/13 21:45:45 | 000,050,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pcw.sys -- (pcw)
DRV:64bit: - [2009/07/13 21:43:14 | 000,460,504 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\cng.sys -- (CNG)
DRV:64bit: - [2009/07/13 20:17:46 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpbus.sys -- (rdpbus)
DRV:64bit: - [2009/07/13 20:16:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV:64bit: - [2009/07/13 20:10:24 | 000,060,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV:64bit: - [2009/07/13 20:09:26 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\wfplwf.sys -- (WfpLwf)
DRV:64bit: - [2009/07/13 20:08:13 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ndiscap.sys -- (NdisCap)
DRV:64bit: - [2009/07/13 20:07:21 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vwifibus.sys -- (vwifibus)
DRV:64bit: - [2009/07/13 20:07:13 | 000,227,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\1394ohci.sys -- (1394ohci)
DRV:64bit: - [2009/07/13 20:07:00 | 000,350,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService)
DRV:64bit: - [2009/07/13 20:06:52 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\umpass.sys -- (UmPass)
DRV:64bit: - [2009/07/13 20:06:28 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\winusb.sys -- (WinUsb)
DRV:64bit: - [2009/07/13 20:06:24 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV:64bit: - [2009/07/13 20:05:37 | 000,112,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WUDFPf.sys -- (WudfPf)
DRV:64bit: - [2009/07/13 20:02:08 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MTConfig.sys -- (MTConfig)
DRV:64bit: - [2009/07/13 20:00:34 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CompositeBus.sys -- (CompositeBus)
DRV:64bit: - [2009/07/13 20:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\beep.sys -- (Beep)
DRV:64bit: - [2009/07/13 19:52:39 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\appid.sys -- (AppID)
DRV:64bit: - [2009/07/13 19:50:17 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\SysNative\drivers\scfilter.sys -- (scfilter)
DRV:64bit: - [2009/07/13 19:37:18 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\discache.sys -- (discache)
DRV:64bit: - [2009/07/13 19:31:06 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidbatt.sys -- (HidBatt)
DRV:64bit: - [2009/07/13 19:31:03 | 000,017,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CmBatt.sys -- (CmBatt)
DRV:64bit: - [2009/07/13 19:27:17 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipmi.sys -- (AcpiPmi)
DRV:64bit: - [2009/07/13 19:19:25 | 000,060,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdppm.sys -- (AmdPPM)
DRV:64bit: - [2009/06/10 16:35:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress) Intel(R)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/05/23 17:54:38 | 000,033,888 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iqvw64e.sys -- (NAL)
DRV:64bit: - [2007/11/14 04:00:00 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/13 21:16:19 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\winusb.dll -- (WinUsb)
DRV - [2009/07/13 21:16:02 | 000,014,336 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\netbios.dll -- (NetBIOS)
DRV - [2009/06/10 17:28:14 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)
DRV - [2009/06/10 17:15:18 | 000,003,066 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/05/18 12:31:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/05/18 12:31:28 | 000,000,000 | ---D | M]

[2010/05/17 15:11:48 | 000,000,000 | ---D | M] -- C:\Users\Alan.PC.000\AppData\Roaming\mozilla\Extensions
[2010/05/18 13:20:25 | 000,000,000 | ---D | M] -- C:\Users\Alan.PC.000\AppData\Roaming\mozilla\Firefox\Profiles\gluio1z1.default\extensions
[2010/05/18 12:31:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alan.PC.000\AppData\Roaming\mozilla\Firefox\Profiles\gluio1z1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/18 12:31:36 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Alan.PC.000\AppData\Roaming\mozilla\Firefox\Profiles\gluio1z1.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2010/05/18 12:31:36 | 000,000,000 | ---D | M] (VyprÃƒ¡zdnit vyrovnÃƒ¡vacÃƒ* pamÃ„â€ºÃ…¥) -- C:\Users\Alan.PC.000\AppData\Roaming\mozilla\Firefox\Profiles\gluio1z1.default\extensions\{563e4790-7e70-11da-a72b-0800200c9a66}
[2010/05/18 12:31:36 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Alan.PC.000\AppData\Roaming\mozilla\Firefox\Profiles\gluio1z1.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/05/18 12:31:36 | 000,000,000 | ---D | M] -- C:\Users\Alan.PC.000\AppData\Roaming\mozilla\Firefox\Profiles\gluio1z1.default\extensions\clickclean@hotcleaner.com
[2010/05/18 12:31:36 | 000,000,000 | ---D | M] -- C:\Users\Alan.PC.000\AppData\Roaming\mozilla\Firefox\Profiles\gluio1z1.default\extensions\cookiekiller@joseph.moran
[2010/05/18 12:31:36 | 000,000,000 | ---D | M] -- C:\Users\Alan.PC.000\AppData\Roaming\mozilla\Firefox\Profiles\gluio1z1.default\extensions\foxmarks@kei.com
[2010/05/18 12:31:36 | 000,000,000 | ---D | M] -- C:\Users\Alan.PC.000\AppData\Roaming\mozilla\Firefox\Profiles\gluio1z1.default\extensions\speedtest@gotomyhelp.com
[2010/05/17 19:22:13 | 000,000,000 | ---D | M] -- C:\Users\Alan.PC.000\AppData\Roaming\mozilla\Firefox\Profiles\p9svalu7.default\extensions
[2010/05/17 15:13:43 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Alan.PC.000\AppData\Roaming\mozilla\Firefox\Profiles\p9svalu7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/18 11:28:41 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Alan.PC.000\AppData\Roaming\mozilla\Firefox\Profiles\p9svalu7.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2010/05/17 17:19:45 | 000,000,000 | ---D | M] (VyprÃƒ¡zdnit vyrovnÃƒ¡vacÃƒ* pamÃ„â€ºÃ…¥) -- C:\Users\Alan.PC.000\AppData\Roaming\mozilla\Firefox\Profiles\p9svalu7.default\extensions\{563e4790-7e70-11da-a72b-0800200c9a66}
[2010/05/18 11:28:40 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Alan.PC.000\AppData\Roaming\mozilla\Firefox\Profiles\p9svalu7.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/05/18 11:28:40 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Alan.PC.000\AppData\Roaming\mozilla\Firefox\Profiles\p9svalu7.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/05/17 17:23:22 | 000,000,000 | ---D | M] -- C:\Users\Alan.PC.000\AppData\Roaming\mozilla\Firefox\Profiles\p9svalu7.default\extensions\cookiekiller@joseph.moran
[2010/05/18 11:28:41 | 000,000,000 | ---D | M] -- C:\Users\Alan.PC.000\AppData\Roaming\mozilla\Firefox\Profiles\p9svalu7.default\extensions\foxmarks@kei.com
[2009/11/07 22:11:15 | 000,000,000 | ---D | M] -- C:\Users\Alan.PC.000\AppData\Roaming\mozilla\Firefox\Profiles\wsxqonm6.default\extensions
[2009/11/07 22:11:15 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Alan.PC.000\AppData\Roaming\mozilla\Firefox\Profiles\wsxqonm6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/11/07 22:11:15 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Alan.PC.000\AppData\Roaming\mozilla\Firefox\Profiles\wsxqonm6.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2009/11/07 22:11:15 | 000,000,000 | ---D | M] (Clear Cache Button) -- C:\Users\Alan.PC.000\AppData\Roaming\mozilla\Firefox\Profiles\wsxqonm6.default\extensions\{563e4790-7e70-11da-a72b-0800200c9a66}
[2009/11/07 22:11:15 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Alan.PC.000\AppData\Roaming\mozilla\Firefox\Profiles\wsxqonm6.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/11/07 22:11:13 | 000,000,000 | ---D | M] -- C:\Users\Alan.PC.000\AppData\Roaming\mozilla\Firefox\Profiles\wsxqonm6.default\extensions\cookiekiller@joseph.moran
[2009/11/07 22:11:15 | 000,000,000 | ---D | M] -- C:\Users\Alan.PC.000\AppData\Roaming\mozilla\Firefox\Profiles\wsxqonm6.default\extensions\foxmarks@kei.com
[2010/05/18 12:29:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/05/18 12:31:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/05/18 13:30:56 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [InputDirector] C:\Program Files (x86)\Input Director\InputDirector.exe ()
O4 - HKCU..\Run: [PrinterShare] C:\Program Files (x86)\PrinterShare\paConsole.exe (PrinterAnywhere)
O4 - HKCU..\Run: [Simplify Media] C:\Program Files (x86)\Simplify Media\SimplifyMedia.exe (Simplify Media, Inc.)
O4 - Startup: C:\Users\Alan.PC.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BumpTop.lnk = C:\Program Files (x86)\BumpTop\BumpTop.exe ()
O4 - Startup: C:\Users\Alan.PC.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Check for TWS Updates.lnk = C:\Jts\WiseUpdt.exe ()
O4 - Startup: C:\Users\Alan.PC.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files (x86)\Dell\DellDock\DellDock.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 3
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {6F6FDB9E-5072-498C-BCB0-2B7F00C49EE7} http://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (systempropertiesperformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - Reg Error: Key error. - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img35.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img35.jpg
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/05/18 13:30:11 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/05/18 13:28:16 | 000,571,392 | ---- | C] (OldTimer Tools) -- C:\Users\Alan.PC.000\Desktop\OTL.exe
[2010/05/17 16:37:07 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/05/17 15:46:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2010/05/17 09:47:31 | 000,000,000 | ---D | C] -- C:\Users\Alan.PC.000\AppData\Roaming\Malwarebytes
[2010/05/17 09:47:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/05/17 09:47:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/05/12 15:54:21 | 000,000,000 | ---D | C] -- C:\Users\Alan.PC.000\AppData\Roaming\skypePM
[2010/05/12 15:52:36 | 000,000,000 | ---D | C] -- C:\Users\Alan.PC.000\AppData\Roaming\Skype
[2010/05/12 15:52:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2010/05/12 15:52:11 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2010/05/12 15:52:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2010/05/11 16:01:30 | 000,000,000 | ---D | C] -- C:\Program Files\New folder
[2010/05/11 14:23:57 | 000,000,000 | ---D | C] -- C:\ProgramData\PrinterShare
[2010/05/11 14:23:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PrinterShare
[2010/05/10 16:05:56 | 000,000,000 | ---D | C] -- C:\Users\Alan.PC.000\Calibre Library
[2010/05/10 16:05:44 | 000,000,000 | ---D | C] -- C:\Users\Alan.PC.000\AppData\Roaming\calibre
[2010/05/10 16:05:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Calibre2
[2010/05/06 10:56:39 | 000,000,000 | R--D | C] -- C:\Users\Alan.PC.000\Documents\Scanned Documents
[2010/05/06 10:56:38 | 000,000,000 | ---D | C] -- C:\Users\Alan.PC.000\Documents\Fax
[2010/04/30 09:33:59 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/04/30 09:33:58 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/04/30 09:33:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010/04/30 09:33:58 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2010/04/30 09:32:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010/04/30 09:31:39 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/04/30 09:31:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2010/04/21 13:40:56 | 000,000,000 | ---D | C] -- C:\Users\Alan.PC.000\Documents\confirmed_order.jsp_files
[2010/04/19 04:50:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/04/19 04:50:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/03/25 12:05:25 | 000,000,000 | ---D | C] -- C:\Users\Alan.PC.000\Documents\thankyou.do_files
[2010/03/12 12:42:23 | 000,000,000 | ---D | C] -- C:\Users\Alan.PC.000\Documents\SummaryPage.aspx_files
[2010/03/11 14:59:23 | 000,000,000 | ---D | C] -- C:\Users\Alan.PC.000\AppData\Roaming\TeamViewer
[2010/03/11 14:59:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
[2010/03/10 10:55:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Antimalware
[2010/03/09 17:12:12 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2010/03/09 17:12:12 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2010/03/09 15:24:02 | 000,000,000 | ---D | C] -- C:\Users\Alan.PC.000\AppData\Local\Diagnostics
[2010/03/08 10:27:47 | 000,000,000 | ---D | C] -- C:\Users\Alan.PC.000\Documents\Ebay. Hotel Collection Payment Info_files
[2010/03/05 10:42:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Simplify Media

========== Files - Modified Within 90 Days ==========

[2010/05/18 13:32:23 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/18 13:32:13 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/05/18 13:32:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/05/18 13:31:54 | 1066,803,198 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/18 13:31:03 | 002,097,152 | -HS- | M] () -- C:\Users\Alan.PC.000\ntuser.dat
[2010/05/18 13:31:02 | 000,524,288 | -HS- | M] () -- C:\Users\Alan.PC.000\ntuser.dat{80f4290a-6298-11df-bcb8-002564cb68a4}.TMContainer00000000000000000002.regtrans-ms
[2010/05/18 13:31:02 | 000,524,288 | -HS- | M] () -- C:\Users\Alan.PC.000\ntuser.dat{80f4290a-6298-11df-bcb8-002564cb68a4}.TMContainer00000000000000000001.regtrans-ms
[2010/05/18 13:31:02 | 000,065,536 | -HS- | M] () -- C:\Users\Alan.PC.000\ntuser.dat{80f4290a-6298-11df-bcb8-002564cb68a4}.TM.blf
[2010/05/18 13:31:00 | 002,909,545 | -H-- | M] () -- C:\Users\Alan.PC.000\AppData\Local\IconCache.db
[2010/05/18 13:30:56 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2010/05/18 13:28:18 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Users\Alan.PC.000\Desktop\OTL.exe
[2010/05/18 13:07:05 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/18 12:40:28 | 000,011,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/05/18 12:40:28 | 000,011,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/05/18 12:39:04 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/05/18 12:39:04 | 000,615,122 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/05/18 12:39:04 | 000,103,496 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/05/18 12:14:15 | 000,524,288 | -HS- | M] () -- C:\Users\Alan.PC.000\ntuser.dat{15b30688-6283-11df-8bf8-002564cb68a4}.TMContainer00000000000000000002.regtrans-ms
[2010/05/18 12:14:15 | 000,524,288 | -HS- | M] () -- C:\Users\Alan.PC.000\ntuser.dat{15b30688-6283-11df-8bf8-002564cb68a4}.TMContainer00000000000000000001.regtrans-ms
[2010/05/18 12:14:15 | 000,065,536 | -HS- | M] () -- C:\Users\Alan.PC.000\ntuser.dat{15b30688-6283-11df-8bf8-002564cb68a4}.TM.blf
[2010/05/17 15:34:10 | 000,524,288 | -HS- | M] () -- C:\Users\Alan.PC.000\ntuser.dat{9803f84f-61af-11df-bfea-002564cb68a4}.TMContainer00000000000000000002.regtrans-ms
[2010/05/17 15:34:10 | 000,524,288 | -HS- | M] () -- C:\Users\Alan.PC.000\ntuser.dat{9803f84f-61af-11df-bfea-002564cb68a4}.TMContainer00000000000000000001.regtrans-ms
[2010/05/17 15:34:10 | 000,065,536 | -HS- | M] () -- C:\Users\Alan.PC.000\ntuser.dat{9803f84f-61af-11df-bfea-002564cb68a4}.TM.blf
[2010/05/14 16:31:23 | 000,219,128 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2010/05/14 16:31:22 | 000,219,128 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010/05/12 15:52:13 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010/05/10 16:05:38 | 000,000,962 | ---- | M] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2010/04/21 13:40:57 | 000,065,838 | ---- | M] () -- C:\Users\Alan.PC.000\Documents\confirmed_order.jsp.htm
[2010/04/19 04:34:35 | 000,002,128 | ---- | M] () -- C:\Users\Alan.PC.000\AppData\Roaming\wklnhst.dat
[2010/03/25 12:05:27 | 000,061,428 | ---- | M] () -- C:\Users\Alan.PC.000\Documents\thankyou.do.htm
[2010/03/12 12:42:24 | 000,025,265 | ---- | M] () -- C:\Users\Alan.PC.000\Documents\SummaryPage.aspx.htm
[2010/03/08 10:27:48 | 000,047,174 | ---- | M] () -- C:\Users\Alan.PC.000\Documents\Ebay. Hotel Collection Payment Info.htm

========== Files Created - No Company Name ==========

[2010/05/18 12:33:05 | 000,524,288 | -HS- | C] () -- C:\Users\Alan.PC.000\ntuser.dat{80f4290a-6298-11df-bcb8-002564cb68a4}.TMContainer00000000000000000002.regtrans-ms
[2010/05/18 12:33:05 | 000,524,288 | -HS- | C] () -- C:\Users\Alan.PC.000\ntuser.dat{80f4290a-6298-11df-bcb8-002564cb68a4}.TMContainer00000000000000000001.regtrans-ms
[2010/05/18 12:33:05 | 000,065,536 | -HS- | C] () -- C:\Users\Alan.PC.000\ntuser.dat{80f4290a-6298-11df-bcb8-002564cb68a4}.TM.blf
[2010/05/18 11:30:44 | 000,524,288 | -HS- | C] () -- C:\Users\Alan.PC.000\ntuser.dat{15b30688-6283-11df-8bf8-002564cb68a4}.TMContainer00000000000000000002.regtrans-ms
[2010/05/18 11:30:44 | 000,524,288 | -HS- | C] () -- C:\Users\Alan.PC.000\ntuser.dat{15b30688-6283-11df-8bf8-002564cb68a4}.TMContainer00000000000000000001.regtrans-ms
[2010/05/18 11:30:44 | 000,065,536 | -HS- | C] () -- C:\Users\Alan.PC.000\ntuser.dat{15b30688-6283-11df-8bf8-002564cb68a4}.TM.blf
[2010/05/17 14:06:39 | 000,524,288 | -HS- | C] () -- C:\Users\Alan.PC.000\ntuser.dat{9803f84f-61af-11df-bfea-002564cb68a4}.TMContainer00000000000000000002.regtrans-ms
[2010/05/17 14:06:38 | 000,524,288 | -HS- | C] () -- C:\Users\Alan.PC.000\ntuser.dat{9803f84f-61af-11df-bfea-002564cb68a4}.TMContainer00000000000000000001.regtrans-ms
[2010/05/17 14:06:38 | 000,065,536 | -HS- | C] () -- C:\Users\Alan.PC.000\ntuser.dat{9803f84f-61af-11df-bfea-002564cb68a4}.TM.blf
[2010/05/12 15:52:13 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2010/05/10 16:05:38 | 000,000,962 | ---- | C] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2010/05/05 16:02:16 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/05 16:02:15 | 000,000,890 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/21 13:40:56 | 000,065,838 | ---- | C] () -- C:\Users\Alan.PC.000\Documents\confirmed_order.jsp.htm
[2010/03/25 12:05:25 | 000,061,428 | ---- | C] () -- C:\Users\Alan.PC.000\Documents\thankyou.do.htm
[2010/03/12 12:42:23 | 000,025,265 | ---- | C] () -- C:\Users\Alan.PC.000\Documents\SummaryPage.aspx.htm
[2010/03/08 10:27:47 | 000,047,174 | ---- | C] () -- C:\Users\Alan.PC.000\Documents\Ebay. Hotel Collection Payment Info.htm
[2009/11/28 19:30:49 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini
[2009/11/25 19:24:22 | 000,000,291 | ---- | C] () -- C:\Windows\cod2demo.ini
[2009/10/29 10:24:16 | 000,000,042 | ---- | C] () -- C:\Windows\ib.ini
[2009/10/29 10:24:15 | 000,026,624 | ---- | C] () -- C:\Windows\GetIe.dll
[2009/10/29 10:21:38 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/10/13 16:02:14 | 000,146,432 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2009/10/13 16:02:14 | 000,072,704 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2009/11/25 23:17:45 | 000,000,000 | ---D | M] -- C:\Users\Alan.PC.000\AppData\Roaming\2K Sports
[2010/01/03 18:57:09 | 000,000,000 | ---D | M] -- C:\Users\Alan.PC.000\AppData\Roaming\Amazon
[2009/11/14 18:40:42 | 000,000,000 | ---D | M] -- C:\Users\Alan.PC.000\AppData\Roaming\App Launcher Gadget
[2010/01/21 10:53:03 | 000,000,000 | ---D | M] -- C:\Users\Alan.PC.000\AppData\Roaming\Bump Technologies, Inc
[2010/05/10 16:06:49 | 000,000,000 | ---D | M] -- C:\Users\Alan.PC.000\AppData\Roaming\calibre
[2009/11/07 22:11:07 | 000,000,000 | ---D | M] -- C:\Users\Alan.PC.000\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/11/24 16:35:47 | 000,000,000 | ---D | M] -- C:\Users\Alan.PC.000\AppData\Roaming\Gamelab
[2010/03/11 14:59:23 | 000,000,000 | ---D | M] -- C:\Users\Alan.PC.000\AppData\Roaming\TeamViewer
[2009/11/07 22:11:15 | 000,000,000 | ---D | M] -- C:\Users\Alan.PC.000\AppData\Roaming\Template
[2009/07/14 01:08:49 | 000,030,638 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:73933431
< End of report >

cakbar · 2010/05/18

OTL Extras logfile created on: 5/18/2010 1:36:24 PM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\Alan.PC.000\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

12.00 Gb Total Physical Memory | 10.00 Gb Available Physical Memory | 85.00% Memory free
24.00 Gb Paging File | 22.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 916.44 Gb Total Space | 629.54 Gb Free Space | 68.69% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 8.66 Gb Free Space | 57.73% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC
Current User Name: Alan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll ",PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll ",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1 ",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll ",PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll ",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E96FD88-FF86-25BB-112E-804C2F1B1128}" = ATI Catalyst Install Manager
"{26A24AE4-039D-4CA4-87B4-2F86416013FF}" = Java(TM) 6 Update 13 (64-bit)
"{404BB1FF-A84F-432F-B77B-301E88E8D1C7}" = Apple Mobile Device Support
"{893D9341-6AEA-8463-83E1-70D004A56AD3}" = ccc-utility64
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95C9C76F-ECF3-40FA-94F8-5DDFB6BAF40D}" = Microsoft Security Essentials
"{96D5EB02-DE18-4DCD-A713-929B4461CA8D}" = iTunes
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B71779A7-9931-A01C-FE36-26D30133B3A1}" = ccc-utility64
"{C19D4D8F-4433-4F6D-9F0C-79589FD0B973}" = Bonjour
"{DDD076BF-C5C3-468C-AA1B-F9A7E47446FE}" = Intel(R) Network Connections 13.1.33.0
"{E590FD1C-E8C6-4D2E-8CA9-77B403F7EE01}" = Microsoft Antimalware
"{E60B7350-EA5F-41E0-9D6F-E508781E36D2}" = Dell Dock
"{ED48B4B4-52BA-46C3-9D03-C7155BF7390D}" = PrinterShare 2.2.02
"Microsoft Security Essentials" = Microsoft Security Essentials
"PROSetDX" = Intel(R) Network Connections 13.1.33.0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0764694E-4C2E-1A05-B6A2-3C0B4F061AB5}" = CCC Help Hungarian
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0C2D2976-6F6B-EB9A-57CB-0F479510E29D}" = Catalyst Control Center Localization Portuguese
"{0F52FBBC-D076-9A9A-5A0F-FFC6D46361B0}" = Catalyst Control Center Graphics Previews Common
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1833C9AB-38B3-2B52-6A66-46B366327FE8}" = Catalyst Control Center Localization French
"{186FC6A7-3E47-67AB-BF01-B2D86A1FA34B}" = CCC Help Thai
"{1E132C9D-042E-E68D-9A85-5273085FBF75}" = Catalyst Control Center Graphics Full Existing
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{1FF713E1-FE5E-4AD0-9C8C-B2E877846B45}" = Catalyst Control Center - Branding
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{269FC1B2-92D3-1AA7-CC2E-E3BFB141ED08}" = Catalyst Control Center Graphics Light
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 20
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{292E1FC7-C42A-5ED5-0904-94C1A0A1538A}" = Catalyst Control Center InstallProxy
"{2AF983E8-983E-AEAD-BB41-D7CAED800C03}" = CCC Help Chinese Traditional
"{2E094936-B6D2-67FC-9680-7D83FD9722EA}" = CCC Help Chinese Standard
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{319397B7-88C3-FF5E-788E-6EC3D9C7F10F}" = Catalyst Control Center Localization Chinese Standard
"{33303B83-3081-5C68-EBD9-9140DD374B5A}" = Catalyst Control Center Core Implementation
"{364F416C-CA2E-20FA-193C-267192F339A7}" = CCC Help Japanese
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{41F1BC2D-182A-706D-B48D-F88B097CAA3C}" = CCC Help Chinese Traditional
"{4250568D-A456-7DF3-4832-21CC15E7D0B1}" = CCC Help Korean
"{42B4E7DE-52DD-4037-B7CF-562F8748C4ED}" = Simplify Media
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A3E4DFA-6AC2-8E80-AF5C-DF34CC97FEA5}" = Catalyst Control Center HydraVision Full
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4F668F8E-56FC-6DFF-4F2F-603542D7413B}" = Catalyst Control Center Graphics Full Existing
"{5070E761-C5ED-A868-CE4E-B3C7B4674E06}" = Catalyst Control Center Localization Hungarian
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{59B8EE7B-A449-A1F5-45A2-6F58C305925E}" = Catalyst Control Center Graphics Light
"{5AED8F22-D3F2-C924-4F2A-1D6C80162C78}" = CCC Help Italian
"{5F837C12-F45A-ADC7-DF59-3CF43C228226}" = ccc-core-static
"{63A7AA0B-6EDC-40F0-B14E-5289599EE2A3}" = Catalyst Control Center - Branding
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6734CA10-8FB8-4C7F-B8C7-75317C617DC5}" = Call of Duty(R) 4 - Modern Warfare(TM) Demo
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69A01F5F-EF07-C3C6-3B94-E895E931FCF1}" = Catalyst Control Center Graphics Full New
"{71702641-2849-45A4-8E62-4B85974B24A0}_is1" = BumpTop
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77082BFF-AFC4-CDFD-26C1-79AD8CCC9452}" = CCC Help Korean
"{785740DF-DC05-F730-4309-09DDC7848A40}" = Catalyst Control Center Graphics Full New
"{7B68D39D-C167-DA59-587A-5143B0FF3458}" = Catalyst Control Center InstallProxy
"{7CF115FC-BA7C-E81A-631A-B9545D446AF0}" = Catalyst Control Center Graphics Previews Common
"{80250615-2FF1-0AAE-9C71-375BA6E5CF7E}" = ccc-core-static
"{80F0EB59-D25F-2A39-92E9-B1D593255E64}" = Skins
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110422467}" = Tiks Texas Hold em
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86925C00-AB04-17B3-D9FB-373943F39DE0}" = Catalyst Control Center Core Implementation
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8B5A3788-7DE7-668B-437A-2EDF278F8324}" = CCC Help English
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{96173BCD-08AC-57B1-FCE3-E7A9018BE585}" = Catalyst Control Center Localization All
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AE79FD8-90DD-AA27-06FA-0DF8A0FFCE88}" = CCC Help French
"{9B947CCE-D5B2-1AE4-D3EE-B073D5D5D4D7}" = Catalyst Control Center Graphics Previews Vista
"{A2233F8C-B7AC-0E77-0DF3-57678388A816}" = Catalyst Control Center Localization Japanese
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{B210130E-835C-4581-A695-CE10616B8B55}_is1" = Driver Sweeper 2.0.5
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4E24CA6-5254-7E2D-F1FC-B01881AD4556}" = Catalyst Control Center Localization Italian
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C4A40111-4DD6-C90E-27E7-CA8F3E647DF0}" = CCC Help Chinese Standard
"{C61798EC-C148-DCAF-0BBB-983E3F2A358A}" = CCC Help German
"{D0B7DE9F-D63D-57DD-1872-3F0207A437AC}" = CCC Help Turkish
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skypeâ„¢ 4.2
"{D222C5F9-C8A4-A32F-8A58-EFAF7178F5ED}" = CCC Help Japanese
"{D42E3F13-E45C-33A1-7FBF-FB84419858E1}" = Catalyst Control Center Graphics Previews Vista
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DCEBE43A-834D-67B5-306E-E95E9180D5B7}" = CCC Help English
"{DDEE3690-E766-135E-39F9-1069E44364FF}" = Catalyst Control Center Localization Turkish
"{DE6D0FDB-3B65-48B9-6F71-A61D5A7B576F}" = CCC Help Portuguese
"{E14D7E83-C764-F6D9-FA7E-DA50596C8B02}" = Catalyst Control Center Localization Spanish
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F39A1538-F97D-702B-AD48-F8FD2A01D0B2}" = Catalyst Control Center Localization Korean
"{F569D2CB-5BB9-B8A1-9B1D-AA813D974372}" = CCC Help Spanish
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F751C062-87DA-4D33-8A12-6E7F1D4C051C}" = Netflix in Windows Media Center
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{FAD98B49-AFB8-402E-8EC5-FEC6858D9226}" = calibre
"{FB997B37-623B-E151-6AC5-5EEA34FE4178}" = Catalyst Control Center Localization Chinese Traditional
"{FB9CDF41-F0B9-4F31-9230-7DF0D6637270}" = Call of Duty(R) 2 Demo
"{FCDDA9CC-10DC-F720-53DE-D23A96EA8792}" = Catalyst Control Center Localization German
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.9
"Call of Duty Single Player Demo" = Call of Duty Single Player Demo
"GoToAssist" = GoToAssist 8.0.0.514
"Input Director" = Input Director v1.2.1
"InstallShield_{6734CA10-8FB8-4C7F-B8C7-75317C617DC5}" = Call of Duty(R) 4 - Modern Warfare(TM) Demo
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"InstallShield_{FB9CDF41-F0B9-4F31-9230-7DF0D6637270}" = Call of Duty(R) 2 Demo
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"RealVNC_is1" = VNC Free Edition 4.1.3
"Revo Uninstaller" = Revo Uninstaller 1.83
"Trader Workstation 4.0" = Trader Workstation 4.0
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

broni · 2010/05/18

Yes, please. Re-run Malwarebytes and full OTL scan.

cakbar · 2010/05/18

The results of the OTL and Malwarebytes scans will follow, however another problem has suddenly cropped up that wasn't there earlier this morning. My Windows Live emails are no longer showing any text. All saved emails, all trashed emails, all new emails are missing text. Everything is basically just a blank page with the subject showing. This is happening for emails that I am currently receiving also. Not just new ones that were there this morning.

cakbar · 2010/05/18

OTL logfile created on: 5/18/2010 3:11:20 PM - Run 2
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\Alan.PC.000\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

12.00 Gb Total Physical Memory | 10.00 Gb Available Physical Memory | 86.00% Memory free
24.00 Gb Paging File | 22.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 916.44 Gb Total Space | 629.48 Gb Free Space | 68.69% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 8.66 Gb Free Space | 57.73% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC
Current User Name: Alan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/18 15:10:54 | 000,103,736 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe
PRC - [2010/05/18 13:28:18 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Users\Alan.PC.000\Desktop\OTL.exe
PRC - [2010/04/29 12:29:52 | 001,069,568 | ---- | M] (PrinterAnywhere) -- C:\Program Files (x86)\PrinterShare\paConsole.exe
PRC - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/03/02 16:54:20 | 022,144,520 | ---- | M] (Simplify Media, Inc.) -- C:\Program Files (x86)\Simplify Media\SimplifyMedia.exe
PRC - [2009/12/03 12:21:33 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2009/10/09 06:53:20 | 000,122,880 | ---- | M] () -- C:\Program Files (x86)\Input Director\InputDirectorSessionHelper.exe
PRC - [2009/10/09 06:53:02 | 000,438,272 | ---- | M] () -- C:\Program Files (x86)\Input Director\InputDirector.exe
PRC - [2009/10/09 06:52:50 | 000,032,768 | ---- | M] () -- C:\Program Files (x86)\Input Director\IDWinService.exe
PRC - [2009/05/19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/02/07 23:15:36 | 000,013,824 | ---- | M] () -- C:\Program Files (x86)\Input Director\IDVistaService.exe
PRC - [2008/12/18 15:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/10/15 18:13:58 | 000,439,632 | ---- | M] (RealVNC Ltd.) -- C:\Program Files (x86)\RealVNC\VNC4\winvnc4.exe

========== Modules (SafeList) ==========

MOD - [2010/05/18 13:28:18 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Users\Alan.PC.000\Desktop\OTL.exe
MOD - [2009/07/13 21:15:07 | 000,486,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
MOD - [2009/07/13 21:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/13 21:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/03/09 17:12:11 | 001,255,736 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV:64bit: - [2009/12/09 21:30:34 | 000,017,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/09/23 18:28:02 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 21:41:59 | 000,229,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wwansvc.dll -- (WwanSvc)
SRV:64bit: - [2009/07/13 21:41:56 | 000,202,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbiosrvc.dll -- (WbioSrvc)
SRV:64bit: - [2009/07/13 21:41:56 | 000,163,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpo.dll -- (Power)
SRV:64bit: - [2009/07/13 21:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2009/07/13 21:41:54 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sppuinotify.dll -- (sppuinotify)
SRV:64bit: - [2009/07/13 21:41:54 | 000,029,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sensrsvc.dll -- (SensrSvc)
SRV:64bit: - [2009/07/13 21:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\pnrpsvc.dll -- (PNRPsvc)
SRV:64bit: - [2009/07/13 21:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\pnrpsvc.dll -- (p2pimsvc)
SRV:64bit: - [2009/07/13 21:41:53 | 000,187,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\provsvc.dll -- (HomeGroupProvider)
SRV:64bit: - [2009/07/13 21:41:53 | 000,067,072 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\SysNative\RpcEpMap.dll -- (RpcEptMapper)
SRV:64bit: - [2009/07/13 21:41:53 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpauto.dll -- (PNRPAutoReg)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:41:19 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lpdsvc.dll -- (LPDSVC)
SRV:64bit: - [2009/07/13 21:41:18 | 000,231,936 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ListSvc.dll -- (HomeGroupListener)
SRV:64bit: - [2009/07/13 21:40:54 | 001,127,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FntCache.dll -- (FontCache)
SRV:64bit: - [2009/07/13 21:40:28 | 000,314,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2009/07/13 21:40:28 | 000,291,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\defragsvc.dll -- (defragsvc)
SRV:64bit: - [2009/07/13 21:40:13 | 000,083,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\bthserv.dll -- (bthserv)
SRV:64bit: - [2009/07/13 21:40:10 | 000,100,864 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\bdesvc.dll -- (BDESVC)
SRV:64bit: - [2009/07/13 21:40:05 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AxInstSv.dll -- (AxInstSV)
SRV:64bit: - [2009/07/13 21:40:01 | 000,032,256 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appidsvc.dll -- (AppIDSvc)
SRV:64bit: - [2009/07/13 21:39:51 | 001,503,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbengine.exe -- (wbengine)
SRV:64bit: - [2009/07/13 21:39:28 | 003,524,608 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\sppsvc.exe -- (sppsvc)
SRV:64bit: - [2009/07/13 21:39:11 | 000,689,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FXSSVC.exe -- (Fax)
SRV:64bit: - [2008/12/18 15:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2010/05/18 15:10:54 | 000,103,736 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/12/03 12:21:33 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2009/10/30 16:16:58 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2009/10/09 06:52:50 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Input Director\IDWinService.exe -- (InputDirector)
SRV - [2009/07/13 23:20:14 | 000,000,000 | ---D | M] [On_Demand | Stopped] -- C:\Windows\Vss -- (VSS)
SRV - [2009/07/13 23:20:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2009/07/13 21:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 21:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 16:30:11 | 000,061,056 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2009/06/10 16:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2009/05/19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/02/07 23:15:36 | 000,013,824 | ---- | M] () [On_Demand | Running] -- C:\Program Files (x86)\Input Director\IDVistaService.exe -- (IDVistaService)
SRV - [2008/10/15 18:13:58 | 000,439,632 | ---- | M] (RealVNC Ltd.) [Auto | Running] -- C:\Program Files (x86)\RealVNC\VNC4\WinVNC4.exe -- (WinVNC4)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/04/16 08:33:36 | 000,050,176 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/12/11 06:29:27 | 000,153,160 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ksecpkg.sys -- (KSecPkg)
DRV:64bit: - [2009/09/26 02:20:38 | 000,223,448 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fvevol.sys -- (fvevol)
DRV:64bit: - [2009/09/23 19:01:24 | 006,175,744 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:48:04 | 000,014,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hwpolicy.sys -- (hwpolicy)
DRV:64bit: - [2009/07/13 21:47:49 | 000,055,376 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fsdepends.sys -- (FsDepends)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:56 | 000,022,096 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wimmount.sys -- (WIMMount)
DRV:64bit: - [2009/07/13 21:45:55 | 000,217,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vhdmp.sys -- (vhdmp)
DRV:64bit: - [2009/07/13 21:45:55 | 000,036,432 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vdrvroot.sys -- (vdrvroot)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 21:45:46 | 000,214,096 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\rdyboost.sys -- (rdyboost)
DRV:64bit: - [2009/07/13 21:45:45 | 000,050,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pcw.sys -- (pcw)
DRV:64bit: - [2009/07/13 21:43:14 | 000,460,504 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\cng.sys -- (CNG)
DRV:64bit: - [2009/07/13 20:17:46 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpbus.sys -- (rdpbus)
DRV:64bit: - [2009/07/13 20:16:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV:64bit: - [2009/07/13 20:10:24 | 000,060,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV:64bit: - [2009/07/13 20:09:26 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\wfplwf.sys -- (WfpLwf)
DRV:64bit: - [2009/07/13 20:08:13 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ndiscap.sys -- (NdisCap)
DRV:64bit: - [2009/07/13 20:07:21 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vwifibus.sys -- (vwifibus)
DRV:64bit: - [2009/07/13 20:07:13 | 000,227,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\1394ohci.sys -- (1394ohci)
DRV:64bit: - [2009/07/13 20:07:00 | 000,350,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService)
DRV:64bit: - [2009/07/13 20:06:52 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\umpass.sys -- (UmPass)
DRV:64bit: - [2009/07/13 20:06:28 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\winusb.sys -- (WinUsb)
DRV:64bit: - [2009/07/13 20:06:24 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV:64bit: - [2009/07/13 20:05:37 | 000,112,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WUDFPf.sys -- (WudfPf)
DRV:64bit: - [2009/07/13 20:02:08 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MTConfig.sys -- (MTConfig)
DRV:64bit: - [2009/07/13 20:00:34 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CompositeBus.sys -- (CompositeBus)
DRV:64bit: - [2009/07/13 20:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\beep.sys -- (Beep)
DRV:64bit: - [2009/07/13 19:52:39 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\appid.sys -- (AppID)
DRV:64bit: - [2009/07/13 19:50:17 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\SysNative\drivers\scfilter.sys -- (scfilter)
DRV:64bit: - [2009/07/13 19:37:18 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\discache.sys -- (discache)
DRV:64bit: - [2009/07/13 19:31:06 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidbatt.sys -- (HidBatt)
DRV:64bit: - [2009/07/13 19:31:03 | 000,017,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CmBatt.sys -- (CmBatt)
DRV:64bit: - [2009/07/13 19:27:17 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipmi.sys -- (AcpiPmi)
DRV:64bit: - [2009/07/13 19:19:25 | 000,060,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdppm.sys -- (AmdPPM)
DRV:64bit: - [2009/06/10 16:35:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress) Intel(R)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/05/23 17:54:38 | 000,033,888 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iqvw64e.sys -- (NAL)
DRV:64bit: - [2007/11/14 04:00:00 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/13 21:16:19 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\winusb.dll -- (WinUsb)
DRV - [2009/07/13 21:16:02 | 000,014,336 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\netbios.dll -- (NetBIOS)
DRV - [2009/06/10 17:28:14 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)
DRV - [2009/06/10 17:15:18 | 000,003,066 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/05/18 12:31:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/05/18 12:31:28 | 000,000,000 | ---D | M]

[2010/05/17 15:11:48 | 000,000,000 | ---D | M] -- C:\Users\Alan.PC.000\AppData\Roaming\mozilla\Extensions
[2010/05/18 14:45:47 | 000,000,000 | ---D | M] -- C:\Users\Alan.PC.000\AppData\Roaming\mozilla\Firefox\Profiles\gluio1z1.default\extensions
[2010/05/18 12:31:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alan.PC.000\AppData\Roaming\mozilla\Firefox\Profiles\gluio1z1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/18 12:31:36 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Alan.PC.000\AppData\Roaming\mozilla\Firefox\Profiles\gluio1z1.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2010/05/18 12:31:36 | 000,000,000 | ---D | M] (VyprÃƒ¡zdnit vyrovnÃƒ¡vacÃƒ* pamÃ„â€ºÃ…¥) -- C:\Users\Alan.PC.000\AppData\Roaming\mozilla\Firefox\Profiles\gluio1z1.default\extensions\{563e4790-7e70-11da-a72b-0800200c9a66}
[2010/05/18 12:31:36 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Alan.PC.000\AppData\Roaming\mozilla\Firefox\Profiles\gluio1z1.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/05/18 14:11:47 | 000,000,000 | ---D | M] -- C:\Users\Alan.PC.000\AppData\Roaming\mozilla\Firefox\Profiles\gluio1z1.default\extensions\bandwidthmeter@gotomyhelp.com
[2010/05/18 12:31:36 | 000,000,000 | ---D | M] -- C:\Users\Alan.PC.000\AppData\Roaming\mozilla\Firefox\Profiles\gluio1z1.default\extensions\clickclean@hotcleaner.com
[2010/05/18 12:31:36 | 000,000,000 | ---D | M] -- C:\Users\Alan.PC.000\AppData\Roaming\mozilla\Firefox\Profiles\gluio1z1.default\extensions\cookiekiller@joseph.moran
[2010/05/18 12:31:36 | 000,000,000 | ---D | M] -- C:\Users\Alan.PC.000\AppData\Roaming\mozilla\Firefox\Profiles\gluio1z1.default\extensions\foxmarks@kei.com
[2010/05/18 12:31:36 | 000,000,000 | ---D | M] -- C:\Users\Alan.PC.000\AppData\Roaming\mozilla\Firefox\Profiles\gluio1z1.default\extensions\speedtest@gotomyhelp.com
[2010/05/17 19:22:13 | 000,000,000 | ---D | M] -- C:\Users\Alan.PC.000\AppData\Roaming\mozilla\Firefox\Profiles\p9svalu7.default\extensions
[2010/05/17 15:13:43 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Alan.PC.000\AppData\Roaming\mozilla\Firefox\Profiles\p9svalu7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/18 11:28:41 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Alan.PC.000\AppData\Roaming\mozilla\Firefox\Profiles\p9svalu7.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2010/05/17 17:19:45 | 000,000,000 | ---D | M] (VyprÃƒ¡zdnit vyrovnÃƒ¡vacÃƒ* pamÃ„â€ºÃ…¥) -- C:\Users\Alan.PC.000\AppData\Roaming\mozilla\Firefox\Profiles\p9svalu7.default\extensions\{563e4790-7e70-11da-a72b-0800200c9a66}
[2010/05/18 11:28:40 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Alan.PC.000\AppData\Roaming\mozilla\Firefox\Profiles\p9svalu7.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/05/18 11:28:40 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Alan.PC.000\AppData\Roaming\mozilla\Firefox\Profiles\p9svalu7.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/05/17 17:23:22 | 000,000,000 | ---D | M] -- C:\Users\Alan.PC.000\AppData\Roaming\mozilla\Firefox\Profiles\p9svalu7.default\extensions\cookiekiller@joseph.moran
[2010/05/18 11:28:41 | 000,000,000 | ---D | M] -- C:\Users\Alan.PC.000\AppData\Roaming\mozilla\Firefox\Profiles\p9svalu7.default\extensions\foxmarks@kei.com
[2009/11/07 22:11:15 | 000,000,000 | ---D | M] -- C:\Users\Alan.PC.000\AppData\Roaming\mozilla\Firefox\Profiles\wsxqonm6.default\extensions
[2009/11/07 22:11:15 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Alan.PC.000\AppData\Roaming\mozilla\Firefox\Profiles\wsxqonm6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/11/07 22:11:15 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Alan.PC.000\AppData\Roaming\mozilla\Firefox\Profiles\wsxqonm6.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2009/11/07 22:11:15 | 000,000,000 | ---D | M] (Clear Cache Button) -- C:\Users\Alan.PC.000\AppData\Roaming\mozilla\Firefox\Profiles\wsxqonm6.default\extensions\{563e4790-7e70-11da-a72b-0800200c9a66}
[2009/11/07 22:11:15 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Alan.PC.000\AppData\Roaming\mozilla\Firefox\Profiles\wsxqonm6.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/11/07 22:11:13 | 000,000,000 | ---D | M] -- C:\Users\Alan.PC.000\AppData\Roaming\mozilla\Firefox\Profiles\wsxqonm6.default\extensions\cookiekiller@joseph.moran
[2009/11/07 22:11:15 | 000,000,000 | ---D | M] -- C:\Users\Alan.PC.000\AppData\Roaming\mozilla\Firefox\Profiles\wsxqonm6.default\extensions\foxmarks@kei.com
[2010/05/18 12:29:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/05/18 12:31:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/05/18 13:30:56 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [InputDirector] C:\Program Files (x86)\Input Director\InputDirector.exe ()
O4 - HKCU..\Run: [PrinterShare] C:\Program Files (x86)\PrinterShare\paConsole.exe (PrinterAnywhere)
O4 - HKCU..\Run: [Simplify Media] C:\Program Files (x86)\Simplify Media\SimplifyMedia.exe (Simplify Media, Inc.)
O4 - Startup: C:\Users\Alan.PC.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BumpTop.lnk = C:\Program Files (x86)\BumpTop\BumpTop.exe ()
O4 - Startup: C:\Users\Alan.PC.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Check for TWS Updates.lnk = C:\Jts\WiseUpdt.exe ()
O4 - Startup: C:\Users\Alan.PC.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files (x86)\Dell\DellDock\DellDock.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 3
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {6F6FDB9E-5072-498C-BCB0-2B7F00C49EE7} http://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (systempropertiesperformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - Reg Error: Key error. - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img35.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img35.jpg
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/05/18 14:36:04 | 000,000,000 | ---D | C] -- C:\Users\Alan.PC.000\Desktop\SCANS
[2010/05/18 14:27:34 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/05/18 14:27:33 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/05/18 13:30:11 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/05/18 13:28:16 | 000,571,392 | ---- | C] (OldTimer Tools) -- C:\Users\Alan.PC.000\Desktop\OTL.exe
[2010/05/17 16:37:07 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/05/17 15:46:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2010/05/17 09:47:31 | 000,000,000 | ---D | C] -- C:\Users\Alan.PC.000\AppData\Roaming\Malwarebytes
[2010/05/17 09:47:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/05/17 09:47:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/05/12 15:54:21 | 000,000,000 | ---D | C] -- C:\Users\Alan.PC.000\AppData\Roaming\skypePM
[2010/05/12 15:52:36 | 000,000,000 | ---D | C] -- C:\Users\Alan.PC.000\AppData\Roaming\Skype
[2010/05/12 15:52:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2010/05/12 15:52:11 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2010/05/12 15:52:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2010/05/11 16:01:30 | 000,000,000 | ---D | C] -- C:\Program Files\New folder
[2010/05/11 14:23:57 | 000,000,000 | ---D | C] -- C:\ProgramData\PrinterShare
[2010/05/11 14:23:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PrinterShare
[2010/05/10 16:05:56 | 000,000,000 | ---D | C] -- C:\Users\Alan.PC.000\Calibre Library
[2010/05/10 16:05:44 | 000,000,000 | ---D | C] -- C:\Users\Alan.PC.000\AppData\Roaming\calibre
[2010/05/10 16:05:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Calibre2
[2010/05/06 10:56:39 | 000,000,000 | R--D | C] -- C:\Users\Alan.PC.000\Documents\Scanned Documents
[2010/05/06 10:56:38 | 000,000,000 | ---D | C] -- C:\Users\Alan.PC.000\Documents\Fax
[2010/04/30 09:33:59 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/04/30 09:33:58 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/04/30 09:33:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010/04/30 09:33:58 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2010/04/30 09:32:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010/04/30 09:31:39 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/04/30 09:31:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2010/04/28 00:47:24 | 000,223,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fvevol.sys
[2010/04/28 00:47:23 | 001,446,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2010/04/28 00:47:22 | 000,153,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ksecpkg.sys
[2010/04/21 13:40:56 | 000,000,000 | ---D | C] -- C:\Users\Alan.PC.000\Documents\confirmed_order.jsp_files
[2010/04/19 04:50:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/04/19 04:50:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/04/19 04:50:16 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010/04/19 04:50:16 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/04/19 04:50:16 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/04/19 04:50:16 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/04/19 04:38:12 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2010/04/19 04:38:12 | 000,427,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vbscript.dll
[2010/04/19 04:38:07 | 001,192,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wininet.dll
[2010/04/19 04:38:07 | 001,026,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstime.dll
[2010/04/19 04:38:07 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstime.dll
[2010/04/19 04:38:06 | 000,977,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll
[2010/04/19 04:38:06 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iedkcs32.dll
[2010/04/19 04:38:06 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iedkcs32.dll
[2010/04/19 04:38:06 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedsbs.dll
[2010/04/19 04:38:06 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedsbs.dll
[2010/04/19 04:38:03 | 005,509,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2010/04/19 04:38:02 | 003,899,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2010/04/19 04:38:01 | 003,954,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2010/04/19 04:37:31 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2010/04/19 04:37:31 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wintrust.dll
[2010/04/19 04:37:29 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cabview.dll
[2010/04/19 04:37:29 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cabview.dll

========== Files - Modified Within 30 Days ==========

[2010/05/18 15:12:18 | 000,011,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/05/18 15:12:18 | 000,011,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/05/18 15:10:54 | 000,103,736 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010/05/18 15:09:33 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/05/18 15:09:33 | 000,615,122 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/05/18 15:09:33 | 000,103,496 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/05/18 15:07:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/18 15:05:17 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/18 15:05:11 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/05/18 15:05:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/05/18 15:04:56 | 1066,803,198 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/18 15:03:51 | 002,097,152 | -HS- | M] () -- C:\Users\Alan.PC.000\ntuser.dat
[2010/05/18 15:03:46 | 002,914,169 | -H-- | M] () -- C:\Users\Alan.PC.000\AppData\Local\IconCache.db
[2010/05/18 14:27:37 | 000,001,015 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/18 13:31:02 | 000,524,288 | -HS- | M] () -- C:\Users\Alan.PC.000\ntuser.dat{80f4290a-6298-11df-bcb8-002564cb68a4}.TMContainer00000000000000000002.regtrans-ms
[2010/05/18 13:31:02 | 000,524,288 | -HS- | M] () -- C:\Users\Alan.PC.000\ntuser.dat{80f4290a-6298-11df-bcb8-002564cb68a4}.TMContainer00000000000000000001.regtrans-ms
[2010/05/18 13:31:02 | 000,065,536 | -HS- | M] () -- C:\Users\Alan.PC.000\ntuser.dat{80f4290a-6298-11df-bcb8-002564cb68a4}.TM.blf
[2010/05/18 13:30:56 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2010/05/18 13:28:18 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Users\Alan.PC.000\Desktop\OTL.exe
[2010/05/18 12:14:15 | 000,524,288 | -HS- | M] () -- C:\Users\Alan.PC.000\ntuser.dat{15b30688-6283-11df-8bf8-002564cb68a4}.TMContainer00000000000000000002.regtrans-ms
[2010/05/18 12:14:15 | 000,524,288 | -HS- | M] () -- C:\Users\Alan.PC.000\ntuser.dat{15b30688-6283-11df-8bf8-002564cb68a4}.TMContainer00000000000000000001.regtrans-ms
[2010/05/18 12:14:15 | 000,065,536 | -HS- | M] () -- C:\Users\Alan.PC.000\ntuser.dat{15b30688-6283-11df-8bf8-002564cb68a4}.TM.blf
[2010/05/17 15:34:10 | 000,524,288 | -HS- | M] () -- C:\Users\Alan.PC.000\ntuser.dat{9803f84f-61af-11df-bfea-002564cb68a4}.TMContainer00000000000000000002.regtrans-ms
[2010/05/17 15:34:10 | 000,524,288 | -HS- | M] () -- C:\Users\Alan.PC.000\ntuser.dat{9803f84f-61af-11df-bfea-002564cb68a4}.TMContainer00000000000000000001.regtrans-ms
[2010/05/17 15:34:10 | 000,065,536 | -HS- | M] () -- C:\Users\Alan.PC.000\ntuser.dat{9803f84f-61af-11df-bfea-002564cb68a4}.TM.blf
[2010/05/14 16:31:23 | 000,219,128 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2010/05/12 15:52:13 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010/05/10 16:05:38 | 000,000,962 | ---- | M] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/04/29 15:39:28 | 000,024,664 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/04/21 13:40:57 | 000,065,838 | ---- | M] () -- C:\Users\Alan.PC.000\Documents\confirmed_order.jsp.htm
[2010/04/19 04:34:35 | 000,002,128 | ---- | M] () -- C:\Users\Alan.PC.000\AppData\Roaming\wklnhst.dat

========== Files Created - No Company Name ==========

[2010/05/18 14:27:37 | 000,001,015 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/18 12:33:05 | 000,524,288 | -HS- | C] () -- C:\Users\Alan.PC.000\ntuser.dat{80f4290a-6298-11df-bcb8-002564cb68a4}.TMContainer00000000000000000002.regtrans-ms
[2010/05/18 12:33:05 | 000,524,288 | -HS- | C] () -- C:\Users\Alan.PC.000\ntuser.dat{80f4290a-6298-11df-bcb8-002564cb68a4}.TMContainer00000000000000000001.regtrans-ms
[2010/05/18 12:33:05 | 000,065,536 | -HS- | C] () -- C:\Users\Alan.PC.000\ntuser.dat{80f4290a-6298-11df-bcb8-002564cb68a4}.TM.blf
[2010/05/18 11:30:44 | 000,524,288 | -HS- | C] () -- C:\Users\Alan.PC.000\ntuser.dat{15b30688-6283-11df-8bf8-002564cb68a4}.TMContainer00000000000000000002.regtrans-ms
[2010/05/18 11:30:44 | 000,524,288 | -HS- | C] () -- C:\Users\Alan.PC.000\ntuser.dat{15b30688-6283-11df-8bf8-002564cb68a4}.TMContainer00000000000000000001.regtrans-ms
[2010/05/18 11:30:44 | 000,065,536 | -HS- | C] () -- C:\Users\Alan.PC.000\ntuser.dat{15b30688-6283-11df-8bf8-002564cb68a4}.TM.blf
[2010/05/17 14:06:39 | 000,524,288 | -HS- | C] () -- C:\Users\Alan.PC.000\ntuser.dat{9803f84f-61af-11df-bfea-002564cb68a4}.TMContainer00000000000000000002.regtrans-ms
[2010/05/17 14:06:38 | 000,524,288 | -HS- | C] () -- C:\Users\Alan.PC.000\ntuser.dat{9803f84f-61af-11df-bfea-002564cb68a4}.TMContainer00000000000000000001.regtrans-ms
[2010/05/17 14:06:38 | 000,065,536 | -HS- | C] () -- C:\Users\Alan.PC.000\ntuser.dat{9803f84f-61af-11df-bfea-002564cb68a4}.TM.blf
[2010/05/12 15:52:13 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2010/05/10 16:05:38 | 000,000,962 | ---- | C] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2010/05/05 16:02:16 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/05 16:02:15 | 000,000,890 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/21 13:40:56 | 000,065,838 | ---- | C] () -- C:\Users\Alan.PC.000\Documents\confirmed_order.jsp.htm
[2009/11/28 19:30:49 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini
[2009/11/25 19:24:22 | 000,000,291 | ---- | C] () -- C:\Windows\cod2demo.ini
[2009/10/29 10:24:16 | 000,000,042 | ---- | C] () -- C:\Windows\ib.ini
[2009/10/29 10:24:15 | 000,026,624 | ---- | C] () -- C:\Windows\GetIe.dll
[2009/10/29 10:21:38 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/10/13 16:02:14 | 000,146,432 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2009/10/13 16:02:14 | 000,072,704 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:73933431
< End of report >

cakbar · 2010/05/18

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4113

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

5/18/2010 3:02:12 PM
mbam-log-2010-05-18 (15-02-12).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 289013
Time elapsed: 34 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

broni · 2010/05/18

How is redirection issue?

cakbar · 2010/05/18

Redirection issue seems to be ok. I've tried doing some searches with the Google "searchplugin" and haven't come across any problems yet. I also managed to fix Windows Live Mail by doing a program repair from the Control Panel.
If, in fact, everything ends up ok, I'd like to thank you very much. You are providing a fantastic service.

broni · 2010/05/18

Good news

Just to make sure...

1. Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

2. Go to Kaspersky website and perform an online antivirus scan.

1. Disable your active antivirus program.
2. Read through the requirements and privacy statement and click on Accept button.
3. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
4. When the downloads have finished, click on Settings.
5. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

Spyware, Adware, Dialers, and other potentially dangerous programs
[*] Archives
[*] Mail databases

6. Click on My Computer under Scan.
7. Once the scan is complete, it will display the results. Click on View Scan Report.
8. You will see a list of infected items there. Click on Save Report As....
9. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

Post fresh HijackThis log as well.

cakbar · 2010/05/19

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Wednesday, May 19, 2010
Operating system: Microsoft (build 7600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Wednesday, May 19, 2010 08:56:31
Records in database: 4131678
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
L:\
Z:\

Scan statistics:
Objects scanned: 142292
Threats found: 2
Infected objects found: 3
Suspicious objects found: 0
Scan duration: 01:14:51

File name / Threat / Threats count
C:\Program Files (x86)\Input Director\IDHookLibrary.dll Infected: not-a-virus:Monitor.Win32.Hooker.am 1
C:\Program Files (x86)\RealVNC\VNC4\vncconfig.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.ad 1
C:\Program Files (x86)\RealVNC\VNC4\winvnc4.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.ad 1

Selected area has been scanned.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:42:35 AM, on 5/19/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Input Director\InputDirector.exe
C:\Program Files (x86)\Simplify Media\SimplifyMedia.exe
C:\Program Files (x86)\PrinterShare\paConsole.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\PROGRA~2\Java\jre6\bin\jp2launcher.exe
C:\Program Files (x86)\Java\jre6\bin\java.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: Ã¿Ã¾127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe "
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe "
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [InputDirector] "C:\Program Files (x86)\Input Director\InputDirector.exe" /hide
O4 - HKCU\..\Run: [Simplify Media] "C:\Program Files (x86)\Simplify Media\SimplifyMedia.exe" -splash
O4 - HKCU\..\Run: [PrinterShare] C:\Program Files (x86)\PrinterShare\paConsole.exe -minimized
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: BumpTop.lnk = C:\Program Files (x86)\BumpTop\BumpTop.exe
O4 - Startup: Check for TWS Updates.lnk = C:\Jts\WiseUpdt.exe
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O16 - DPF: {6F6FDB9E-5072-498C-BCB0-2B7F00C49EE7} (DellSystemLite.Scanner) - http://support.dell.com/systemprofiler/DellSystemLite.CAB
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Input Director Vista Service (IDVistaService) - Unknown owner - C:\Program Files (x86)\Input Director\IDVistaService.exe
O23 - Service: Input Director Service (InputDirector) - Unknown owner - C:\Program Files (x86)\Input Director\IDWinService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files (x86)\RealVNC\VNC4\WinVNC4.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9587 bytes

broni · 2010/05/19

Re-run HJT and checkmark:
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
Click "Fix checked" button.

Other than that...

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point.

Turn off System Restore:

- Windows XP:
1. Click Start.
2. Right-click the My Computer icon, and then click Properties.
3. Click the System Restore tab.
4. Check "Turn off System Restore ".
5. Click Apply.
6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
7. Click OK.
- Windows Vista and 7:
1. Click Start.
2. Right-click the Computer icon, and then click Properties.
3. Click on System Protection under the Tasks column on the left side
4. Click on Continue on the "User Account Control" window that pops up
5. Under the System Protection tab, find Available Disks
6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C: ")
7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
8. Click OK

2. Restart computer.

3. Turn System Restore on.

4. Make sure, Windows Updates are current.

[SIZE= "4"]5. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately![/SIZE]

6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

7. Run defrag at your convenience.

8. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

9. Please, let me know, how is your computer doing.

Log in or Sign up

Solved Firefox Google Redirect

cakbar Inactive Thread Starter

cakbar Inactive Thread Starter

broni Moderator Malware Analyst

cakbar Inactive Thread Starter

broni Moderator Malware Analyst

cakbar Inactive Thread Starter

cakbar Inactive Thread Starter

broni Moderator Malware Analyst

cakbar Inactive Thread Starter

cakbar Inactive Thread Starter

cakbar Inactive Thread Starter

broni Moderator Malware Analyst

cakbar Inactive Thread Starter

cakbar Inactive Thread Starter

cakbar Inactive Thread Starter

broni Moderator Malware Analyst

cakbar Inactive Thread Starter

broni Moderator Malware Analyst

cakbar Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Solved Firefox Google Redirect

cakbar Inactive Thread Starter

cakbar Inactive Thread Starter

broni Moderator Malware Analyst

cakbar Inactive Thread Starter

broni Moderator Malware Analyst

cakbar Inactive Thread Starter

cakbar Inactive Thread Starter

broni Moderator Malware Analyst

cakbar Inactive Thread Starter

cakbar Inactive Thread Starter

cakbar Inactive Thread Starter

broni Moderator Malware Analyst

cakbar Inactive Thread Starter

cakbar Inactive Thread Starter

cakbar Inactive Thread Starter

broni Moderator Malware Analyst

cakbar Inactive Thread Starter

broni Moderator Malware Analyst

cakbar Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches