Solved Google Redirect

[Resolved] Google Redirect

Getting symptoms of Google redirect and new window pop ups when using IE8.

Followed steps, however the Mbam could not perform update (following error) so ran with database from 4/29/2010 version 4052

"An error has occurred. Please report this error code to our support team. MBAM_ERROR_UPDATING (12007, 0, WinHttpSendRequest) "

All tools did not detect any issues, logs below:

----------------------------------------------------------------------

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975

11/8/2010 10:36:31 PM
mbam-log-2010-11-08 (22-36-31).txt

Scan type: Full scan (C:\|)
Objects scanned: 303063
Time elapsed: 45 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

----------------------------------------------------------------------

GMER, empty

----------------------------------------------------------------------

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 64-bit
Base Board Manufacturer: Gigabyte Technology Co., Ltd.
BIOS Manufacturer: Award Software International, Inc.
System Manufacturer: Gigabyte Technology Co., Ltd.
System Product Name: EP45-UD3R
Logical Drives Mask: 0x000007fd

Kernel Drivers (total 155):
0x02058000 \SystemRoot\system32\ntoskrnl.exe
0x02012000 \SystemRoot\system32\hal.dll
0x00606000 \SystemRoot\system32\kdcom.dll
0x00610000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x0064B000 \SystemRoot\system32\PSHED.dll
0x0065F000 \SystemRoot\system32\CLFS.SYS
0x006BC000 \SystemRoot\system32\CI.dll
0x00803000 \SystemRoot\system32\drivers\Wdf01000.sys
0x008DD000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x008EB000 \SystemRoot\system32\drivers\acpi.sys
0x00941000 \SystemRoot\system32\drivers\WMILIB.SYS
0x0094A000 \SystemRoot\system32\drivers\msisadrv.sys
0x00954000 \SystemRoot\system32\drivers\pci.sys
0x00984000 \SystemRoot\System32\drivers\partmgr.sys
0x00999000 \SystemRoot\system32\drivers\volmgr.sys
0x0076E000 \SystemRoot\System32\drivers\volmgrx.sys
0x009AD000 \SystemRoot\system32\drivers\pciide.sys
0x009B4000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x009C4000 \SystemRoot\System32\drivers\mountmgr.sys
0x009D7000 \SystemRoot\system32\drivers\atapi.sys
0x007D4000 \SystemRoot\system32\drivers\ataport.SYS
0x009DF000 \SystemRoot\system32\DRIVERS\jraid.sys
0x00A07000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x00A35000 \SystemRoot\system32\drivers\fltmgr.sys
0x00A7C000 \SystemRoot\system32\drivers\fileinfo.sys
0x00A90000 \SystemRoot\system32\DRIVERS\Lbd.sys
0x00AA5000 \SystemRoot\System32\Drivers\PxHlpa64.sys
0x00AB1000 \SystemRoot\System32\Drivers\ksecdd.sys
0x00C0D000 \SystemRoot\system32\drivers\ndis.sys
0x00B38000 \SystemRoot\system32\drivers\msrpc.sys
0x00B88000 \SystemRoot\system32\drivers\NETIO.SYS
0x00E02000 \SystemRoot\System32\drivers\tcpip.sys
0x00F78000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01009000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01189000 \SystemRoot\system32\drivers\volsnap.sys
0x011CD000 \SystemRoot\System32\Drivers\spldr.sys
0x011D5000 \SystemRoot\System32\Drivers\mup.sys
0x00FA4000 \SystemRoot\System32\drivers\ecache.sys
0x011E7000 \SystemRoot\system32\drivers\disk.sys
0x00FD0000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x00DD0000 \SystemRoot\system32\drivers\crcdisk.sys
0x00C00000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x00DF4000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x00BE1000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x02808000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x0317B000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x0220A000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x022ED000 \SystemRoot\System32\drivers\watchdog.sys
0x022FD000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x02309000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x0234F000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x02404000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x024F1000 \SystemRoot\system32\DRIVERS\Rtlh64.sys
0x0250F000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x02521000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x02531000 \SystemRoot\system32\DRIVERS\fdc.sys
0x0253E000 \SystemRoot\system32\DRIVERS\serial.sys
0x0255B000 \SystemRoot\system32\DRIVERS\serenum.sys
0x02567000 \SystemRoot\system32\DRIVERS\parport.sys
0x02583000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x02599000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x025A7000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x025C3000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x025D0000 \SystemRoot\system32\DRIVERS\wacomvhid.sys
0x025D3000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x025E5000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x025ED000 \SystemRoot\system32\DRIVERS\WacomVKHid.sys
0x02360000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x02399000 \SystemRoot\system32\DRIVERS\storport.sys
0x025EF000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x0317D000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x031A0000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x031AC000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x031DD000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x03203000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x03221000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x03239000 \SystemRoot\system32\DRIVERS\termdd.sys
0x0324C000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x03258000 \SystemRoot\system32\DRIVERS\swenum.sys
0x0325A000 \SystemRoot\system32\DRIVERS\ks.sys
0x0328E000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x03299000 \SystemRoot\system32\DRIVERS\umbus.sys
0x032A9000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x032F1000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0x032FC000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x03307000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x04405000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x0456F000 \SystemRoot\system32\drivers\portcls.sys
0x045AA000 \SystemRoot\system32\drivers\drmk.sys
0x045CD000 \SystemRoot\system32\drivers\ksthunk.sys
0x045D3000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x045DD000 \SystemRoot\System32\Drivers\Null.SYS
0x045E6000 \SystemRoot\System32\drivers\vga.sys
0x0331B000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x045F4000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x03340000 \SystemRoot\system32\drivers\rdpencdd.sys
0x03349000 \SystemRoot\System32\Drivers\Msfs.SYS
0x03354000 \SystemRoot\System32\Drivers\Npfs.SYS
0x03365000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x0336E000 \SystemRoot\system32\DRIVERS\tdx.sys
0x0338B000 \SystemRoot\system32\DRIVERS\smb.sys
0x04209000 \SystemRoot\system32\drivers\afd.sys
0x04274000 \SystemRoot\System32\DRIVERS\netbt.sys
0x042B8000 \SystemRoot\system32\DRIVERS\pacer.sys
0x042D6000 \SystemRoot\system32\DRIVERS\netbios.sys
0x042E5000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x04300000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x0434D000 \SystemRoot\system32\drivers\nsiproxy.sys
0x04359000 \SystemRoot\System32\Drivers\dfsc.sys
0x04376000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x04392000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x04394000 \SystemRoot\system32\drivers\usbaudio.sys
0x043AD000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x043B6000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
0x043C9000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x043D4000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
0x043E8000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x033A6000 \SystemRoot\System32\Drivers\crashdmp.sys
0x033B4000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x04200000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x00030000 \SystemRoot\System32\win32k.sys
0x033C0000 \SystemRoot\System32\drivers\Dxapi.sys
0x033CC000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00490000 \SystemRoot\System32\TSDDD.dll
0x008A0000 \SystemRoot\System32\ATMFD.DLL
0x00640000 \SystemRoot\System32\cdd.dll
0x0840A000 \SystemRoot\system32\drivers\luafv.sys
0x08435000 \SystemRoot\system32\drivers\spsys.sys
0x084CF000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x084E3000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x084FB000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x08506000 \SystemRoot\system32\drivers\HTTP.sys
0x085A9000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x085D2000 \SystemRoot\system32\DRIVERS\bowser.sys
0x033DF000 \SystemRoot\System32\drivers\mpsdrv.sys
0x08C09000 \SystemRoot\system32\drivers\mrxdav.sys
0x08C30000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x08C59000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x08CA2000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x08CC1000 \SystemRoot\System32\DRIVERS\srv2.sys
0x08CF3000 \SystemRoot\System32\DRIVERS\srv.sys
0x08D87000 \SystemRoot\System32\Drivers\adfs.SYS
0x09608000 \SystemRoot\system32\drivers\peauth.sys
0x096BE000 \SystemRoot\System32\Drivers\secdrv.SYS
0x096C9000 \SystemRoot\System32\drivers\tcpipreg.sys
0x096D9000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x096F9000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0x0970F000 \??\C:\Windows\gdrv.sys
0x09718000 \SystemRoot\system32\drivers\tdtcp.sys
0x09725000 \SystemRoot\System32\DRIVERS\tssecsrv.sys
0x09733000 \SystemRoot\System32\Drivers\RDPWD.SYS
0x0976F000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x0978B000 \??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys
0x09792000 \SystemRoot\System32\Drivers\fastfat.SYS
0x776A0000 \Windows\System32\ntdll.dll

Processes (total 78):
0 System Idle Process
4 System
428 C:\Windows\System32\smss.exe
504 csrss.exe
556 C:\Windows\System32\wininit.exe
576 csrss.exe
612 C:\Windows\System32\services.exe
640 C:\Windows\System32\lsass.exe
648 C:\Windows\System32\lsm.exe
728 C:\Windows\System32\winlogon.exe
840 C:\Windows\System32\svchost.exe
884 C:\Windows\System32\nvvsvc.exe
912 C:\Windows\System32\svchost.exe
972 C:\Windows\System32\svchost.exe
1008 C:\Windows\System32\svchost.exe
212 C:\Windows\System32\svchost.exe
296 C:\Windows\System32\svchost.exe
452 C:\Windows\System32\audiodg.exe
476 C:\Windows\System32\svchost.exe
12 C:\Windows\System32\SLsvc.exe
568 C:\Windows\System32\svchost.exe
1088 C:\Windows\System32\svchost.exe
1184 C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
1372 C:\Windows\System32\spoolsv.exe
1396 C:\Windows\System32\svchost.exe
1836 C:\Windows\System32\rundll32.exe
1872 C:\Windows\System32\wisptis.exe
1880 C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe
1472 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1176 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
1768 C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe
904 C:\Windows\System32\svchost.exe
2140 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2196 C:\Windows\System32\svchost.exe
2232 C:\Windows\System32\svchost.exe
2328 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2352 C:\Windows\System32\SearchIndexer.exe
2480 WUDFHost.exe
2624 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
2636 C:\Windows\System32\taskeng.exe
2648 C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
2944 C:\Windows\System32\dwm.exe
3024 C:\Windows\System32\wisptis.exe
3032 C:\Windows\System32\taskeng.exe
3040 C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe
2344 C:\Program Files (x86)\Common Files\microsoft shared\ink\TabTip32.exe
2744 unsecapp.exe
3128 WmiPrvSE.exe
3144 C:\Windows\explorer.exe
3528 C:\Program Files\Windows Defender\MSASCui.exe
3536 C:\Windows\RAVCpl64.exe
3560 C:\Windows\System32\rundll32.exe
3572 C:\Program Files\Java\jre6\bin\jusched.exe
3592 C:\Program Files\Windows Sidebar\sidebar.exe
3600 E:\Program Files\Steam\Steam.exe
3608 C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
3768 C:\Program Files\Logitech\SetPoint II\SetPointII.exe
3896 C:\Program Files\Windows Media Player\wmpnscfg.exe
3940 C:\Program Files\Windows Media Player\wmpnetwk.exe
3352 E:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
3432 C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
3504 E:\Program Files\iTunes\iTunesHelper.exe
3420 C:\Program Files\iPod\bin\iPodService.exe
3004 C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
3476 C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
4256 C:\Windows\System32\svchost.exe
4344 C:\Program Files (x86)\Common Files\Steam\SteamService.exe
4824 C:\Program Files (x86)\Internet Explorer\iexplore.exe
4932 C:\Program Files (x86)\Internet Explorer\iexplore.exe
5060 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
3272 C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
3464 C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10i_ActiveX.exe
4596 C:\Windows\SysWOW64\notepad.exe
4216 C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe
2276 taskeng.exe
436 C:\Windows\System32\SearchProtocolHost.exe
4508 C:\Windows\System32\SearchFilterHost.exe
4660 C:\Users\Andy\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive2 at offset 0x00000000`00100000 (NTFS)
\\.\E: --> \\.\PhysicalDrive1 at offset 0x0000000e`a5d00000 (NTFS)
\\.\G: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)

PhysicalDrive1 Model Number: ST3250410AS, Rev: 4.AAA
PhysicalDrive2 Model Number: SAMSUNGHD501LJ, Rev: CR100-10
PhysicalDrive0 Model Number: SAMSUNGHD501LJ, Rev: CR100-10

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive1 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979
465 GB \\.\PhysicalDrive2 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979
465 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!

----------------------------------------------------------------------

 

DDS (Ver_10-11-09.01) - NTFS_AMD64
Run by Andy at 23:00:25.13 on Mon 11/08/2010
Internet Explorer: 8.0.6001.18975
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6002.2.1252.1.1033.18.8190.5231 [GMT -6:00]

SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\rundll32.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\Dwm.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RAVCpl64.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
E:\Program Files\Steam\Steam.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Logitech\SetPoint II\SetPointII.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
E:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
E:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10i_ActiveX.exe
C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Andy\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - E:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - E:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Steam] "e:\program files\steam\steam.exe" -silent
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [AdobeBridge]
uRun: [EPSON NX125 NX127 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGGA.EXE /FU "C:\Windows\TEMP\E_SA16A.tmp" /EF "HKCU "
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "E:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe "
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "E:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe "
mRun: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe "
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe "
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe "
mRunOnce: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SETPOI~1.LNK - C:\Program Files\Logitech\SetPoint II\SetPointII.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://www.mpix.com/customer/uploading/activex/ImageUploader5.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://rcconnect.rockwellcollins.com/dana-cached/sc/JuniperSetupClient.cab
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun-x64: [RtHDVCpl] RAVCpl64.exe
mRun-x64: [Skytel] Skytel.exe
mRun-x64: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
mRun-x64: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
mRun-x64: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
mRun-x64: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;C:\Windows\System32\drivers\Lbd.sys [2010-11-7 69152]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-2-24 54480]
R2 GEST Service;GEST Service for program management.;C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe [2009-2-21 68136]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2010-9-23 1375992]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-11-8 1153368]
R3 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-2-24 27648]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2010-9-23 17440]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-30 136176]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-8-15 284016]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2009-2-24 1038088]
S3 fssfltr;FssFltr;C:\Windows\System32\drivers\fssfltr.sys [2010-11-4 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-22 1493352]
S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\System32\drivers\motccgp.sys [2007-11-2 18944]
S3 motccgpfl;MotCcgpFlService;C:\Windows\System32\drivers\motccgpfl.sys [2007-1-23 8704]
S3 motport;Motorola USB Diagnostic Port;C:\Windows\System32\drivers\motport.sys [2007-6-20 29184]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2009-2-24 19968]
S3 wacmoumonitor;Wacom Mode Helper;C:\Windows\System32\drivers\wacmoumonitor.sys [2009-2-25 17192]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-9-24 89920]
S4 TabletServicePen;TabletServicePen;C:\Windows\System32\Pen_Tablet.exe [2009-2-25 4510504]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

=============== File Associations ===============

JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*

=============== Created Last 30 ================

2010-11-09 03:49:28 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2010-11-09 03:49:26 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2010-11-09 02:30:11 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2010-11-09 02:30:11 -------- d-----w- C:\PROGRA~3\Spybot - Search & Destroy
2010-11-09 02:10:20 -------- d-----w- C:\Users\Andy\AppData\Roaming\Malwarebytes
2010-11-09 02:10:06 24664 ----a-w- C:\Windows\System32\drivers\mbam.sys
2010-11-09 02:10:06 -------- d-----w- C:\PROGRA~3\Malwarebytes
2010-11-09 01:32:45 -------- d-----w- C:\Program Files (x86)\Trend Micro
2010-11-07 20:29:39 69152 ----a-w- C:\Windows\System32\drivers\Lbd.sys
2010-11-07 20:29:13 49752 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys
2010-11-07 20:26:40 -------- d-----w- C:\Users\Andy\AppData\Local\Sunbelt Software
2010-11-07 20:24:05 -------- dc-h--w- C:\PROGRA~3\{E961CE1B-C3EA-4882-9F67-F859B555D097}
2010-11-05 06:38:28 8006480 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{5A5C21EA-11BE-4083-93F1-3256E47640E1}\mpengine.dll
2010-11-04 13:14:41 -------- d-----w- C:\Windows\en
2010-11-04 13:13:47 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2010-11-04 13:11:38 48488 ----a-w- C:\Windows\System32\drivers\fssfltr.sys
2010-11-04 13:09:57 -------- d-----w- C:\Program Files (x86)\MSN Toolbar
2010-11-04 13:09:45 69464 ----a-w- C:\Windows\SysWow64\XAPOFX1_3.dll
2010-11-04 13:09:45 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll
2010-11-04 13:09:45 515416 ----a-w- C:\Windows\SysWow64\XAudio2_5.dll
2010-11-04 13:09:45 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll
2010-10-31 20:13:38 -------- d-----w- C:\Program Files\iPod
2010-10-31 20:13:37 -------- d-----w- C:\Program Files\iTunes
2010-10-31 20:12:30 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2010-10-31 20:12:30 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2010-10-31 20:12:30 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2010-10-31 20:12:30 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2010-10-31 20:12:30 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2010-10-31 20:12:30 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2010-10-31 20:12:30 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2010-10-31 20:09:48 -------- d-----w- C:\Program Files\Bonjour
2010-10-31 20:09:48 -------- d-----w- C:\Program Files (x86)\Bonjour
2010-10-26 21:33:11 4240384 ----a-w- C:\Windows\SysWow64\GameUXLegacyGDFs.dll
2010-10-26 21:33:11 32256 ----a-w- C:\Windows\System32\Apphlpdm.dll
2010-10-26 21:33:11 28672 ----a-w- C:\Windows\SysWow64\Apphlpdm.dll
2010-10-26 21:33:11 1927680 ----a-w- C:\Windows\System32\gameux.dll
2010-10-26 21:33:11 1696256 ----a-w- C:\Windows\SysWow64\gameux.dll
2010-10-26 21:33:10 4240384 ----a-w- C:\Windows\System32\GameUXLegacyGDFs.dll
2010-10-22 22:15:24 469256 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\9e9953401cb72362f\InstallManager_WLE_WLE.exe
2010-10-22 22:15:08 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\962812001cb723623\MeshBetaRemover.exe
2010-10-22 22:14:55 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\8e622bf01cb72361c\DSETUP.dll
2010-10-22 22:14:55 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\8e622bf01cb72361c\DXSETUP.exe
2010-10-22 22:14:55 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\8e622bf01cb72361c\dsetup32.dll
2010-10-22 22:14:54 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\8dadf7201cb72361b\DSETUP.dll
2010-10-22 22:14:54 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\8dadf7201cb72361b\DXSETUP.exe
2010-10-22 22:14:54 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\8dadf7201cb72361b\dsetup32.dll
2010-10-22 22:14:34 6260088 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\80e988601cb72360f\Silverlight.4.0.exe
2010-10-22 22:14:09 -------- d-----w- C:\Users\Andy\AppData\Local\Windows Live
2010-10-22 22:13:27 754688 ----a-w- C:\Windows\SysWow64\webservices.dll
2010-10-22 22:13:27 1103872 ----a-w- C:\Windows\System32\webservices.dll
2010-10-14 22:46:03 408064 ----a-w- C:\Program Files\Windows NT\Accessories\wordpad.exe
2010-10-14 22:46:03 1915904 ----a-w- C:\Windows\System32\ole32.dll
2010-10-14 22:46:03 1316864 ----a-w- C:\Windows\SysWow64\ole32.dll
2010-10-14 22:46:02 339968 ----a-w- C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
2010-10-14 22:46:01 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
2010-10-14 22:46:01 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll
2010-10-14 22:46:00 189952 ----a-w- C:\Windows\System32\t2embed.dll
2010-10-14 22:46:00 157184 ----a-w- C:\Windows\SysWow64\t2embed.dll

==================== Find3M ====================

2010-11-09 03:41:18 24072 ----a-w- C:\Windows\gdrv.sys
2010-10-19 16:41:44 270720 ------w- C:\Windows\System32\MpSigStub.exe
2010-09-23 07:46:08 15880 ----a-w- C:\Windows\System32\lsdelete.exe
2010-09-23 05:47:28 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll
2010-09-23 05:32:56 301936 ----a-w- C:\Windows\WLXPGSS.SCR
2010-09-15 10:50:37 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2010-09-13 14:32:37 8147968 ----a-w- C:\Windows\System32\wmploc.DLL
2010-09-13 13:56:41 8147456 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2010-09-08 16:17:46 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2010-09-08 16:17:46 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2010-09-08 06:41:05 1147904 ----a-w- C:\Windows\System32\wininet.dll
2010-09-08 06:36:53 56832 ----a-w- C:\Windows\System32\licmgr10.dll
2010-09-08 06:36:38 1538560 ----a-w- C:\Windows\System32\inetcpl.cpl
2010-09-08 06:36:24 132096 ----a-w- C:\Windows\System32\iesysprep.dll
2010-09-08 06:36:23 77312 ----a-w- C:\Windows\System32\iesetup.dll
2010-09-08 06:01:28 916480 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-09-08 05:57:18 43520 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-09-08 05:57:05 1469440 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2010-09-08 05:56:53 71680 ----a-w- C:\Windows\SysWow64\iesetup.dll
2010-09-08 05:56:53 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2010-09-08 05:36:07 479232 ----a-w- C:\Windows\System32\html.iec
2010-09-08 05:04:36 385024 ----a-w- C:\Windows\SysWow64\html.iec
2010-09-08 04:51:18 162816 ----a-w- C:\Windows\System32\ieUnatt.exe
2010-09-08 04:49:56 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-09-08 04:26:46 133632 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2010-09-08 04:25:15 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-09-06 18:28:38 179712 ----a-w- C:\Windows\System32\srvsvc.dll
2010-09-06 18:28:38 12288 ----a-w- C:\Windows\System32\sscore.dll
2010-09-06 18:27:03 17920 ----a-w- C:\Windows\System32\netevent.dll
2010-09-06 16:20:29 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2010-09-06 16:19:06 17920 ----a-w- C:\Windows\SysWow64\netevent.dll
2010-09-06 15:34:14 451584 ----a-w- C:\Windows\System32\drivers\srv.sys
2010-09-06 15:33:51 175104 ----a-w- C:\Windows\System32\drivers\srv2.sys
2010-09-06 15:33:49 145920 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2010-08-31 17:27:07 633856 ----a-w- C:\Windows\System32\comctl32.dll
2010-08-31 15:44:31 531968 ----a-w- C:\Windows\SysWow64\comctl32.dll
2010-08-31 14:57:39 2753024 ----a-w- C:\Windows\System32\win32k.sys
2010-08-26 17:40:08 100352 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2010-08-26 17:40:07 331776 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2010-08-26 17:40:07 284672 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2010-08-26 16:33:06 173056 ----a-w- C:\Windows\apppatch\AcXtrnal.dll
2010-08-26 16:33:04 542720 ----a-w- C:\Windows\apppatch\AcLayers.dll
2010-08-26 16:33:04 458752 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2010-08-26 16:33:04 2159616 ----a-w- C:\Windows\apppatch\AcGenral.dll
2010-08-20 16:57:50 1090048 ----a-w- C:\Windows\System32\wmpmde.dll
2010-08-20 16:05:07 867328 ----a-w- C:\Windows\SysWow64\wmpmde.dll
2010-08-17 14:54:20 273920 ----a-w- C:\Windows\System32\spoolsv.exe

============= FINISH: 23:00:47.01 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-11-09.01)

Microsoft® Windows Vistaâ„¢ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 2/21/2009 5:28:14 PM
System Uptime: 11/8/2010 9:40:43 PM (2 hours ago)

Motherboard: Gigabyte Technology Co., Ltd. | | EP45-UD3R
Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz | Socket 775 | 3000/355mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 59 GiB total, 2.128 GiB free.
D: is FIXED (NTFS) - 466 GiB total, 223.319 GiB free.
E: is FIXED (NTFS) - 117 GiB total, 81.558 GiB free.
F: is CDROM ()
G: is FIXED (NTFS) - 466 GiB total, 423.465 GiB free.
H: is Removable
I: is Removable
J: is Removable
K: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
Description: Wacom Mouse
Device ID: HID\WACOMVIRTUALHID&COL03\1&2D595CA7&0&0002
Manufacturer: Wacom Technology
Name: Wacom Mouse
PNP Device ID: HID\WACOMVIRTUALHID&COL03\1&2D595CA7&0&0002
Service: mouhid

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

Acrobat.com
Ad-Aware
Adobe Acrobat 9 Pro - English, Français, Deutsch
Adobe After Effects CS4
Adobe After Effects CS4 Presets
Adobe After Effects CS4 Third Party Content
Adobe AIR
Adobe Anchor Service CS4
Adobe Asset Services CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles AE CS4
Adobe Color Video Profiles CS CS4
Adobe Contribute CS4
Adobe Creative Suite 4 Master Collection
Adobe CS4 American English Speech Analysis Models
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Dreamweaver CS4
Adobe Drive CS4
Adobe Dynamiclink Support
Adobe Encore CS4
Adobe Encore CS4 Codecs
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Fireworks CS4
Adobe Flash CS4
Adobe Flash CS4 Extension - Flash Lite STI en
Adobe Flash CS4 STI-en
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Illustrator CS4
Adobe InDesign CS4
Adobe InDesign CS4 Application Feature Set Files (Roman)
Adobe InDesign CS4 Common Base Files
Adobe InDesign CS4 Icon Handler
Adobe Linguistics CS4
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Additional Exporter
Adobe Media Encoder CS4 Dolby
Adobe Media Encoder CS4 Exporter
Adobe Media Encoder CS4 Importer
Adobe Media Player
Adobe MotionPicture Color Files CS4
Adobe OnLocation CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Premiere Pro CS4
Adobe Premiere Pro CS4 Functional Content
Adobe Premiere Pro CS4 Third Party Content
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe SGM CS4
Adobe SING CS4
Adobe Soundbooth CS4
Adobe Soundbooth CS4 Codecs
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe Version Cue CS4 Server
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Apple Application Support
Apple Software Update
Better Homes and Gardens Home Designer 7.0
Bing Bar Platform
Browser Configuration Utility
Citrix XenApp Web Plugin
Connect
Counter-Strike: Source
D3DX10
DVD Shrink 3.2
Energy Saver Advance B8.1015.1
Epson CreativeZone
Epson Event Manager
EPSON Scan
Gigabyte Raid Configurer
Google Chrome
Google Earth
Google SketchUp 7
Google Update Helper
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
ImgBurn
Java Auto Updater
Java(TM) 6 Update 22
Juniper Citrix Services Client
Juniper Networks Host Checker
Juniper Networks Setup Client
Juniper Terminal Services Client
Junk Mail filter update
kuler
Malwarebytes' Anti-Malware
Mesh Runtime
Messenger Companion
Microsoft Office Visio Professional 2003
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
MSVCRT
MSVCRT_amd64
NVIDIA PhysX v8.10.13
PDF Settings CS4
Pen Tablet
Photoshop Camera Raw
Pixel Bender Toolkit
QuickTime
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Segoe UI
Spybot - Search & Destroy
Steam
Suite Shared Configuration CS4
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources

==== Event Viewer Messages From Past Week ========

11/8/2010 9:43:40 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.
11/8/2010 9:43:40 PM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/8/2010 9:42:21 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
11/8/2010 9:38:04 PM, Error: Service Control Manager [7031] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
11/8/2010 7:54:53 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
11/8/2010 7:54:53 PM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/7/2010 2:29:42 PM, Error: Service Control Manager [7000] - The Lbd service failed to start due to the following error: The system cannot find the file specified.
11/7/2010 2:26:33 PM, Error: Service Control Manager [7030] - The Lavasoft Ad-Aware Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
11/6/2010 8:29:52 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer JODEE that believes that it is the master browser for the domain on transport NetBT_Tcpip_{63671241-AF2E-4F39-943C-1BEEA0D26D41}. The master browser is stopping or an election is being forced.
11/6/2010 6:12:47 PM, Error: cdrom [11] - The driver detected a controller error on \Device\CdRom0.
11/4/2010 8:13:26 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
11/4/2010 8:13:26 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/4/2010 8:13:26 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments " " in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
11/3/2010 8:09:02 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706be: Windows Live Essentials 2011 (KB2434419).

==== End Of File ===========================

 

Avira AntiVir Personal
Report file date: Tuesday, November 09, 2010 18:18

Scanning for 3030851 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows Vista x64
Windows version : (Service Pack 2) [6.0.6002]
Boot mode : Normally booted
Username : Andy
Computer name : ANDY-PC

Version information:
BUILD.DAT : 10.0.0.592 31823 Bytes 8/9/2010 11:00:00
AVSCAN.EXE : 10.0.3.1 434344 Bytes 8/2/2010 22:09:56
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 19:57:04
LUKE.DLL : 10.0.2.3 104296 Bytes 8/2/2010 22:10:00
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 06:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 16:05:36
VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 02:27:49
VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 00:37:42
VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 23:37:42
VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 18:29:03
VBASE005.VDF : 7.10.6.82 2494464 Bytes 4/15/2010 22:10:03
VBASE006.VDF : 7.10.7.218 2294784 Bytes 6/2/2010 22:10:04
VBASE007.VDF : 7.10.9.165 4840960 Bytes 7/23/2010 22:10:06
VBASE008.VDF : 7.10.11.133 3454464 Bytes 9/13/2010 00:17:45
VBASE009.VDF : 7.10.13.80 2265600 Bytes 11/2/2010 00:17:49
VBASE010.VDF : 7.10.13.81 2048 Bytes 11/2/2010 00:17:49
VBASE011.VDF : 7.10.13.82 2048 Bytes 11/2/2010 00:17:49
VBASE012.VDF : 7.10.13.83 2048 Bytes 11/2/2010 00:17:50
VBASE013.VDF : 7.10.13.116 147968 Bytes 11/4/2010 00:17:51
VBASE014.VDF : 7.10.13.147 146944 Bytes 11/7/2010 00:17:51
VBASE015.VDF : 7.10.13.180 123904 Bytes 11/9/2010 00:17:52
VBASE016.VDF : 7.10.13.181 2048 Bytes 11/9/2010 00:17:53
VBASE017.VDF : 7.10.13.182 2048 Bytes 11/9/2010 00:17:53
VBASE018.VDF : 7.10.13.183 2048 Bytes 11/9/2010 00:17:53
VBASE019.VDF : 7.10.13.184 2048 Bytes 11/9/2010 00:17:53
VBASE020.VDF : 7.10.13.185 2048 Bytes 11/9/2010 00:17:53
VBASE021.VDF : 7.10.13.186 2048 Bytes 11/9/2010 00:17:53
VBASE022.VDF : 7.10.13.187 2048 Bytes 11/9/2010 00:17:53
VBASE023.VDF : 7.10.13.188 2048 Bytes 11/9/2010 00:17:54
VBASE024.VDF : 7.10.13.189 2048 Bytes 11/9/2010 00:17:54
VBASE025.VDF : 7.10.13.190 2048 Bytes 11/9/2010 00:17:54
VBASE026.VDF : 7.10.13.191 2048 Bytes 11/9/2010 00:17:54
VBASE027.VDF : 7.10.13.192 2048 Bytes 11/9/2010 00:17:54
VBASE028.VDF : 7.10.13.193 2048 Bytes 11/9/2010 00:17:54
VBASE029.VDF : 7.10.13.194 2048 Bytes 11/9/2010 00:17:54
VBASE030.VDF : 7.10.13.195 2048 Bytes 11/9/2010 00:17:54
VBASE031.VDF : 7.10.13.196 2048 Bytes 11/9/2010 00:17:55
Engineversion : 8.2.4.92
AEVDF.DLL : 8.1.2.1 106868 Bytes 8/2/2010 22:09:54
AESCRIPT.DLL : 8.1.3.46 1364347 Bytes 11/10/2010 00:18:05
AESCN.DLL : 8.1.6.1 127347 Bytes 8/2/2010 22:09:53
AESBX.DLL : 8.1.3.1 254324 Bytes 8/2/2010 22:09:53
AERDL.DLL : 8.1.9.2 635252 Bytes 11/10/2010 00:18:04
AEPACK.DLL : 8.2.3.11 471416 Bytes 11/10/2010 00:18:03
AEOFFICE.DLL : 8.1.1.8 201081 Bytes 8/2/2010 22:09:52
AEHEUR.DLL : 8.1.2.38 2990455 Bytes 11/10/2010 00:18:02
AEHELP.DLL : 8.1.14.0 246134 Bytes 11/10/2010 00:17:59
AEGEN.DLL : 8.1.3.24 401781 Bytes 11/10/2010 00:17:58
AEEMU.DLL : 8.1.2.0 393588 Bytes 8/2/2010 22:09:49
AECORE.DLL : 8.1.17.0 196982 Bytes 11/10/2010 00:17:57
AEBB.DLL : 8.1.1.0 53618 Bytes 8/2/2010 22:09:48
AVWINLL.DLL : 10.0.0.0 19304 Bytes 8/2/2010 22:09:56
AVPREF.DLL : 10.0.0.0 44904 Bytes 8/2/2010 22:09:55
AVREP.DLL : 10.0.0.8 62209 Bytes 6/17/2010 21:27:13
AVREG.DLL : 10.0.3.2 53096 Bytes 8/2/2010 22:09:55
AVSCPLR.DLL : 10.0.3.1 83816 Bytes 8/2/2010 22:09:56
AVARKT.DLL : 10.0.0.14 227176 Bytes 8/2/2010 22:09:54
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 8/2/2010 22:09:55
SQLITE3.DLL : 3.6.19.0 355688 Bytes 6/17/2010 21:27:22
AVSMTP.DLL : 10.0.0.17 63848 Bytes 8/2/2010 22:09:56
NETNT.DLL : 10.0.0.0 11624 Bytes 6/17/2010 21:27:21
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 20:10:20
RCTEXT.DLL : 10.0.58.0 97128 Bytes 8/2/2010 22:10:08

Configuration settings for the scan:
Jobname.............................: Short system scan after installation
Configuration file..................: c:\program files (x86)\avira\antivir desktop\setupprf.dat
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: Intelligent file selection
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: Tuesday, November 09, 2010 18:18

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avnotify.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avconfig.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'setup.exe' - '1' Module(s) have been scanned
Scan process 'presetup.exe' - '1' Module(s) have been scanned
Scan process 'avira_antivir_personal_en[1].exe' - '1' Module(s) have been scanned
Scan process 'IELowutil.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'FlashUtil10i_ActiveX.exe' - '1' Module(s) have been scanned
Scan process 'SCServer.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'SteamService.exe' - '1' Module(s) have been scanned
Scan process 'AAWTray.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'EEventManager.exe' - '1' Module(s) have been scanned
Scan process 'acrotray.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'Steam.exe' - '1' Module(s) have been scanned
Scan process 'TabTip32.exe' - '1' Module(s) have been scanned
Scan process 'SDWinSec.exe' - '1' Module(s) have been scanned
Scan process 'SeaPort.exe' - '1' Module(s) have been scanned
Scan process 'GSvr.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'AAWService.exe' - '1' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!
Master boot sector HD3
[INFO] No virus was found!
Master boot sector HD4
[INFO] No virus was found!
Master boot sector HD5
[INFO] No virus was found!
Master boot sector HD6
[INFO] No virus was found!

Start scanning boot sectors:

Starting to scan executable files (registry).
The registry was scanned ( '841' files ).



End of the scan: Tuesday, November 09, 2010 18:18
Used time: 00:15 Minute(s)

The scan has been done completely.

0 Scanned directories
1303 Files were scanned
0 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
1303 Files not concerned
4 Archives were scanned
0 Warnings
0 Notes

 

OTL logfile created on: 11/9/2010 6:39:44 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Andy\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 77.00% Memory free
16.00 Gb Paging File | 13.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 58.59 Gb Total Space | 1.74 Gb Free Space | 2.97% Space Free | Partition Type: NTFS
Drive D: | 465.66 Gb Total Space | 223.32 Gb Free Space | 47.96% Space Free | Partition Type: NTFS
Drive E: | 117.19 Gb Total Space | 81.56 Gb Free Space | 69.60% Space Free | Partition Type: NTFS
Drive G: | 465.76 Gb Total Space | 423.46 Gb Free Space | 90.92% Space Free | Partition Type: NTFS

Computer Name: ANDY-PC | User Name: Andy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/09 18:37:51 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Andy\Desktop\OTL.exe
PRC - [2010/11/08 19:54:45 | 000,403,240 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2010/08/26 06:42:20 | 001,242,448 | ---- | M] (Valve Corporation) -- E:\Program Files\Steam\Steam.exe
PRC - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/08/02 16:10:00 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2010/08/02 16:09:55 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/08/02 16:09:55 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/12/03 09:12:12 | 000,976,320 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/09/24 17:35:14 | 000,068,136 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe
PRC - [2008/06/11 22:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- E:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe


========== Modules (SafeList) ==========

MOD - [2010/11/09 18:37:51 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Andy\Desktop\OTL.exe
MOD - [2010/08/31 09:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/02/24 19:31:20 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2008/05/01 16:37:30 | 004,510,504 | ---- | M] (Wacom Technology, Corp.) [Disabled | Stopped] -- C:\Windows\SysNative\Pen_Tablet.exe -- (TabletServicePen)
SRV:64bit: - [2008/01/19 00:06:52 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/11/08 19:54:45 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/08/02 16:10:00 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/08/02 16:09:55 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/03/29 22:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/02/24 19:29:24 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/09/24 17:35:14 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe -- (GEST Service)
SRV - [2008/08/15 05:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV:64bit: - File not found [File_System | Boot | Stopped] -- C:\Windows\SysNative\DRIVERS\Lbd.sys -- (Lbd)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ipinip.sys -- (IpInIp)
DRV:64bit: - [2010/09/22 23:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/08/02 16:10:08 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)
DRV:64bit: - [2010/08/02 16:10:08 | 000,081,584 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2009/06/17 08:54:46 | 000,040,976 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\LUsbFilt.Sys -- (LUsbFilt)
DRV:64bit: - [2009/06/17 08:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009/06/17 08:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/07/30 20:21:48 | 000,093,784 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\jraid.sys -- (JRAID)
DRV:64bit: - [2008/05/06 15:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2008/03/17 14:08:08 | 000,017,192 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wacmoumonitor.sys -- (wacmoumonitor)
DRV:64bit: - [2008/02/06 03:00:00 | 000,054,480 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2008/01/15 14:11:40 | 000,015,272 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\wacomvhid.sys -- (wacomvhid)
DRV:64bit: - [2007/11/02 13:37:26 | 000,018,944 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\motccgp.sys -- (motccgp)
DRV:64bit: - [2007/06/25 05:37:14 | 000,108,032 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2007/06/20 12:57:40 | 000,029,184 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\motport.sys -- (motport)
DRV:64bit: - [2007/06/20 12:57:36 | 000,029,184 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\motmodem.sys -- (motmodem)
DRV:64bit: - [2007/02/16 13:12:36 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wacommousefilter.sys -- (wacommousefilter)
DRV:64bit: - [2007/02/15 18:11:26 | 000,012,976 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\WacomVKHid.sys -- (WacomVKHid)
DRV:64bit: - [2007/01/23 18:03:34 | 000,008,704 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\motccgpfl.sys -- (motccgpfl)
DRV:64bit: - [2006/09/18 15:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
DRV - [2010/11/08 21:41:18 | 000,024,072 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2008/08/14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



O1 HOSTS File: ([2010/11/08 21:21:33 | 000,424,752 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 14639 more lines...
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - E:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - E:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] E:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] E:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [EPSON NX125 NX127 Series] C:\Windows\SysWow64\spool\DRIVERS\x64\3\E_IATIGGA.EXE File not found
O4 - HKCU..\Run: [Steam] e:\program files\steam\steam.exe (Valve Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://www.mpix.com/customer/uploading/activex/ImageUploader5.cab (Image Uploader Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://rcconnect.rockwellcollins.com/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img20.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img20.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/02/21 16:04:14 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{b1061acd-3ccb-11de-8371-001fd0d478eb}\Shell - " " = AutoRun
O33 - MountPoints2\{b1061acd-3ccb-11de-8371-001fd0d478eb}\Shell\AutoRun\command - " " = L:\LaunchU3.exe -- File not found
O33 - MountPoints2\{be093787-0bbc-11df-b6e7-001fd0d478eb}\Shell - " " = AutoRun
O33 - MountPoints2\{be093787-0bbc-11df-b6e7-001fd0d478eb}\Shell\AutoRun\command - " " = L:\WD SmartWare.exe -- File not found
O33 - MountPoints2\{e19ac2e7-4c4a-11de-a66b-001fd0d478eb}\Shell\AutoRun\command - " " = g8k.exe
O33 - MountPoints2\{e19ac2e7-4c4a-11de-a66b-001fd0d478eb}\Shell\open\Command - " " = g8k.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/11/09 18:37:49 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Andy\Desktop\OTL.exe
[2010/11/09 18:21:56 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/11/09 18:16:53 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2010/11/09 18:16:53 | 000,081,584 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2010/11/09 18:16:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010/11/09 18:16:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2010/11/08 21:49:28 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/11/08 21:49:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/11/08 21:48:56 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Andy\Desktop\mbam-setup.exe
[2010/11/08 21:36:37 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Andy\Desktop\TFC.exe
[2010/11/08 20:30:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/11/08 20:30:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010/11/08 20:27:11 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2010/11/08 20:10:20 | 000,000,000 | ---D | C] -- C:\Users\Andy\AppData\Roaming\Malwarebytes
[2010/11/08 20:10:06 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/11/08 20:10:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/11/08 20:00:06 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/11/08 19:32:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010/11/07 14:29:13 | 000,049,752 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2010/11/07 14:26:40 | 000,000,000 | ---D | C] -- C:\Users\Andy\AppData\Local\Sunbelt Software
[2010/11/07 14:24:05 | 000,000,000 | -H-D | C] -- C:\ProgramData\~0
[2010/11/04 07:14:41 | 000,000,000 | ---D | C] -- C:\Windows\en
[2010/11/04 07:13:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2010/11/04 07:11:17 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2010/11/04 07:09:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSN Toolbar
[2010/11/04 07:09:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2010/10/31 14:13:38 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/10/31 14:13:37 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/10/31 14:12:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010/10/31 14:09:48 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/10/31 14:09:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2010/10/22 16:14:09 | 000,000,000 | ---D | C] -- C:\Users\Andy\AppData\Local\Windows Live

========== Files - Modified Within 30 Days ==========

[2010/11/09 18:37:51 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Andy\Desktop\OTL.exe
[2010/11/09 18:18:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/09 18:16:59 | 000,001,901 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010/11/09 18:11:37 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{6D3A71AF-45CB-4AE0-8062-4477E3B45055}.job
[2010/11/09 18:09:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/08 23:41:05 | 000,003,952 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/08 23:41:05 | 000,003,952 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/08 23:00:05 | 000,630,272 | ---- | M] () -- C:\Users\Andy\Desktop\dds.scr
[2010/11/08 21:53:48 | 000,080,384 | ---- | M] () -- C:\Users\Andy\Desktop\MBRCheck.exe
[2010/11/08 21:53:10 | 000,296,448 | ---- | M] () -- C:\Users\Andy\Desktop\gmer.exe
[2010/11/08 21:52:47 | 000,288,107 | ---- | M] () -- C:\Users\Andy\Desktop\gmer.zip
[2010/11/08 21:49:30 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/08 21:49:06 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Andy\Desktop\mbam-setup.exe
[2010/11/08 21:47:27 | 000,703,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/11/08 21:47:27 | 000,604,264 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/11/08 21:47:27 | 000,103,964 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/11/08 21:41:23 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/08 21:41:01 | 4293,386,239 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/08 21:36:37 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Andy\Desktop\TFC.exe
[2010/11/08 21:21:33 | 000,424,752 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010/11/08 20:30:14 | 000,001,097 | ---- | M] () -- C:\Users\Andy\Desktop\Spybot - Search & Destroy.lnk
[2010/11/08 20:12:18 | 003,906,043 | ---- | M] () -- C:\Users\Andy\Desktop\ComboFix.exe
[2010/11/08 19:52:53 | 002,846,288 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/11/08 19:32:45 | 000,001,928 | ---- | M] () -- C:\Users\Andy\Desktop\HijackThis.lnk
[2010/11/07 14:29:13 | 000,049,752 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2010/11/05 08:18:31 | 000,002,025 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2010/10/31 14:13:51 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

========== Files Created - No Company Name ==========

[2010/11/09 18:16:59 | 000,001,901 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010/11/09 18:13:43 | 000,417,966 | ---- | C] () -- C:\Users\Andy\AppData\Local\dd_vcredistMSI253A.txt
[2010/11/09 18:13:43 | 000,012,382 | ---- | C] () -- C:\Users\Andy\AppData\Local\dd_vcredistUI253A.txt
[2010/11/08 23:00:04 | 000,630,272 | ---- | C] () -- C:\Users\Andy\Desktop\dds.scr
[2010/11/08 21:53:47 | 000,080,384 | ---- | C] () -- C:\Users\Andy\Desktop\MBRCheck.exe
[2010/11/08 21:52:43 | 000,288,107 | ---- | C] () -- C:\Users\Andy\Desktop\gmer.zip
[2010/11/08 21:49:30 | 000,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/08 20:30:14 | 000,001,097 | ---- | C] () -- C:\Users\Andy\Desktop\Spybot - Search & Destroy.lnk
[2010/11/08 20:12:05 | 003,906,043 | ---- | C] () -- C:\Users\Andy\Desktop\ComboFix.exe
[2010/11/08 19:32:45 | 000,001,928 | ---- | C] () -- C:\Users\Andy\Desktop\HijackThis.lnk
[2010/11/08 10:32:38 | 000,296,448 | ---- | C] () -- C:\Users\Andy\Desktop\gmer.exe
[2010/10/31 14:13:51 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/07/27 18:32:45 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2010/07/27 18:30:45 | 000,000,094 | ---- | C] () -- C:\Windows\ENX125_127.ini
[2009/10/29 18:44:46 | 000,000,680 | ---- | C] () -- C:\Users\Andy\AppData\Local\d3d9caps.dat
[2009/09/24 06:21:54 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/09/24 06:21:18 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/03/08 17:20:07 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/02/24 18:38:00 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2009/02/22 20:34:02 | 000,014,848 | ---- | C] () -- C:\Users\Andy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/21 18:11:34 | 000,000,000 | ---- | C] () -- C:\Windows\lgfwup.ini
[2009/02/21 17:40:11 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2009/02/21 17:37:37 | 000,000,732 | ---- | C] () -- C:\Users\Andy\AppData\Local\d3d9caps64.dat
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll

========== LOP Check ==========

[2010/08/04 06:05:03 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Epson
[2009/10/21 20:43:35 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\ICAClient
[2010/07/18 19:35:04 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\ImgBurn
[2010/10/17 17:17:39 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Juniper Networks
[2010/07/27 18:39:14 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Leadertech
[2010/11/08 21:39:33 | 000,032,626 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/11/09 18:11:37 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{6D3A71AF-45CB-4AE0-8062-4477E3B45055}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/11/08 21:40:58 | 000,013,660 | ---- | M] () -- C:\aaw7boot.log
[2009/04/11 00:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2009/02/21 19:15:25 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2009/02/21 17:51:37 | 000,000,197 | ---- | M] () -- C:\csb.log
[2010/11/08 21:41:01 | 4293,386,239 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/08 21:40:58 | 312,033,278 | -HS- | M] () -- C:\pagefile.sys
[2009/02/21 17:48:10 | 000,000,473 | ---- | M] () -- C:\RHDSetup.log
[2010/11/08 23:00:26 | 000,000,223 | ---- | M] () -- C:\service.log

< %systemroot%\Fonts\*.com >
[2006/11/02 09:06:41 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 09:06:41 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 09:06:41 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/11/17 19:02:20 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 15:35:48 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/09/22 23:32:56 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/02/24 19:13:28 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/06/28 14:41:25 | 000,000,286 | -HS- | M] () -- C:\Users\Andy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2009/06/14 13:41:52 | 005,827,040 | ---- | M] (Hewlett Packard) -- C:\Users\Andy\Desktop\990-enu-nt4infu.exe
[2010/11/08 20:12:18 | 003,906,043 | ---- | M] () -- C:\Users\Andy\Desktop\ComboFix.exe
[2010/11/08 21:53:10 | 000,296,448 | ---- | M] () -- C:\Users\Andy\Desktop\gmer.exe
[2009/10/21 18:55:02 | 025,492,336 | ---- | M] (Microsoft Corporation) -- C:\Users\Andy\Desktop\IE8-WindowsVista-x64-ENU.exe
[2010/11/08 21:49:06 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Andy\Desktop\mbam-setup.exe
[2010/11/08 21:53:48 | 000,080,384 | ---- | M] () -- C:\Users\Andy\Desktop\MBRCheck.exe
[2010/11/09 18:37:51 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Andy\Desktop\OTL.exe
[2009/10/21 18:32:46 | 023,175,544 | ---- | M] (Logitech Inc. ) -- C:\Users\Andy\Desktop\setpoint520_g9_x64.exe
[2010/11/08 21:36:37 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Andy\Desktop\TFC.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2009/02/21 17:38:14 | 000,000,402 | -HS- | M] () -- C:\Users\Andy\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


========== Alternate Data Streams ==========

@Alternate Data Stream - 500 bytes -> C:\ProgramData\TEMP:05EE1EEF

< End of report >

 

OTL Extras logfile created on: 11/9/2010 6:39:44 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Andy\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 77.00% Memory free
16.00 Gb Paging File | 13.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 58.59 Gb Total Space | 1.74 Gb Free Space | 2.97% Space Free | Partition Type: NTFS
Drive D: | 465.66 Gb Total Space | 223.32 Gb Free Space | 47.96% Space Free | Partition Type: NTFS
Drive E: | 117.19 Gb Total Space | 81.56 Gb Free Space | 69.60% Space Free | Partition Type: NTFS
Drive G: | 465.76 Gb Total Space | 423.46 Gb Free Space | 90.92% Space Free | Partition Type: NTFS

Computer Name: ANDY-PC | User Name: Andy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll ",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll ",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1 ",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = D2 57 EA 38 E6 96 C9 01 [binary data]
"VistaSp2" = F6 CC 07 01 56 68 CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{051332F3-4D7E-4743-A5D6-FDA7FB2C0153}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{0EC9037E-F490-4C41-9716-17EA54A49EC3}" = lport=10243 | protocol=6 | dir=in | app=system |
"{0F4947E7-972D-4C15-B3BB-95ECE2E90760}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3D04ED38-AC1B-4BDF-9B22-AECA312A477A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{55337687-3C88-441F-ACBA-EDC19F547BD1}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{573D1E14-BE80-4F52-AE89-22D09AF05D43}" = lport=51000 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{5F11ADE0-E3E0-44E0-A6F7-8F00BC3EFB3B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{657074ED-FF23-4B01-98C9-F0DEDBB412F0}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{73DAD773-9B8D-47D3-900D-5619E6BB2351}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{7FBCEAD0-E47E-4F31-895B-B9E67979BD6F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{931187B8-3E7A-4877-8CDC-45664478A358}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9494ACA4-5C62-440D-AEEB-3FEA570777A9}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{A4DF37E2-2C45-4984-AF01-FA9D114DF644}" = rport=10243 | protocol=6 | dir=out | app=system |
"{CCAB66EC-8C3A-4F63-B866-9A2733872F54}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D26D3CBE-9EC6-4DDB-A8D2-CD9E041F79B4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D74E774D-2B1C-434D-8710-D3CAECAC1329}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DFDC30DD-8596-4E6A-ABF9-77EDCE8A7106}" = lport=51001 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{FCF7041A-24C5-4A48-B925-9A80B6BDD834}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0AF4B8F8-C50E-4E27-BAB9-7D89E564313F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0B025E10-4ED6-4788-A1AE-EADED76EF222}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0B43AC34-E885-44FF-A010-D27DB7136752}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{0B7E50A6-BCD7-48EC-89D0-C0950423D421}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0C16BFFE-3A21-459B-8379-5FBB6952A208}" = dir=in | app=e:\program files\itunes\itunes.exe |
"{160142BE-1263-435A-9093-1467C6C83D7F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1745CDF6-A601-41B4-B05B-FE7113175355}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{1C134FD8-2E8E-4C96-A326-97967D2273EC}" = protocol=6 | dir=in | app=e:\program files\steam\steamapps\silentar\counter-strike source\hl2.exe |
"{21003AEB-39E6-4430-997F-21A06D4C0F3A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{24133598-1C73-4B34-B35C-1ADBF45FA294}" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"{359133F9-5B75-4B32-B782-5F3F01BF0FD5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{38C3F485-BAD6-4835-B221-D62747A5AFED}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3C988E9B-9424-47A3-A260-E91EFB9E6021}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4812E824-B166-4E6B-AF15-8DBE8EE27173}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5C06D2EF-2C94-4A7D-AB04-C103943629B6}" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"{64254502-746F-47A7-99AB-F824C68AC8A9}" = protocol=17 | dir=in | app=e:\program files\steam\steamapps\silentar\counter-strike source\hl2.exe |
"{64AEAAB9-8D23-4D5B-9C36-715F961D1B6A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6D0E95F2-64DE-4348-9D16-5F5A9E1BE104}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{8AF93265-C4FA-4A43-98F3-FCCC5B0ED642}" = protocol=6 | dir=out | app=system |
"{8D7A0E89-5CC0-412B-BD9E-92571C14A055}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe |
"{9040427E-8CF2-4715-BB64-6836AA527D0C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{94DEF5F5-18D6-44AD-89F6-85139C70C2B7}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{9B3EC61A-291D-43A2-A273-4956A3005F24}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{9FCF18F1-2981-4E77-A6EC-BCF47122FE42}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B3ECDFB8-BDD9-4069-AB82-C06D8A60D9BB}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B6BF01DA-55AF-4C89-9B7D-7883CCE6D86F}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BD187876-D144-4174-859B-568CD6B3ADBF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DCE76387-335F-4AE6-8ED1-EC478E88EAB6}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe |
"{EA6A0A50-BC61-48C3-9929-927DC97B0626}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{F0FB20BC-54C0-42DD-AF64-E785172742DB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F18A0775-1B25-4149-8B0C-9DE796C573EA}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{FF42A9B9-0EFD-4BCE-B6BF-BF4B4D3504D2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"TCP Query User{FB58FF3A-5880-4BC8-9FB7-59229DECA104}F:\common\driver update\edupdate.exe" = protocol=6 | dir=in | app=f:\common\driver update\edupdate.exe |
"UDP Query User{DBDC4E7F-3079-484F-AF6C-E4CA5060079E}F:\common\driver update\edupdate.exe" = protocol=17 | dir=in | app=f:\common\driver update\edupdate.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{104FB32A-7CE3-4C4B-B2AA-70C613FF9DFA}" = iTunes
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416013FF}" = Java(TM) 6 Update 13 (64-bit)
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{33EB1061-ABF1-4470-A540-32E97A610536}" = Apple Mobile Device Support
"{37EA4EB5-2C4D-40CC-9EB1-762F1711ECDE}" = Adobe Photoshop Lightroom 2.2 64-bit
"{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{A7B9041E-9635-4AFF-BB1E-EFAF490A231B}" = Motorola Driver Installation 3.2.0
"{B37A99DD-88E2-4ED0-80B4-1E054AB354BF}" = Adobe InDesign CS4 Icon Handler x64
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3120436-1358-4253-9EB2-257FFE8CE1D9}" = Logitech SetPoint 5.20
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"EPSON NX125 NX127 Series" = EPSON NX125 NX127 Series Printer Uninstall
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager
"{03DEEAD2-F3B7-45BF-9006-A25D015F00D2}" = Adobe Flash Player 10 Plugin
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D503B8E-97E3-45B7-96CB-4936269B902C}" = Better Homes and Gardens Home Designer 7.0
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 22
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{597E70FF-7C46-4EED-8092-91B7C2E0529D}" = Google SketchUp 7
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{65C0025A-2CDE-43C5-82D0-C7A56EF0DB39}" = Bing Bar Platform
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{7ED169D4-5053-4166-93DF-53B12AE6C539}" = Energy Saver Advance B8.1015.1
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{91510409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A6EC82A0-1414-475D-8AFD-469089F3080D}" = Adobe Contribute CS4
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC54E544-3E42-443C-A91D-A00A6974C592}" = NVIDIA PhysX v8.10.13
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E6C82F8F-2031-4825-8CC3-98C5960875C1}" = Epson CreativeZone
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E8AEA11B-E60A-455E-B008-E4E763604612}" = Browser Configuration Utility
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}" = Citrix XenApp Web Plugin
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe_b2d6abde968e6f277ddbfd501383e02" = Adobe Creative Suite 4 Master Collection
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DVD Shrink_is1" = DVD Shrink 3.2
"EPSON Scanner" = EPSON Scan
"Google Chrome" = Google Chrome
"HijackThis" = HijackThis 2.0.2
"ImgBurn" = ImgBurn
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Pen Tablet Driver" = Pen Tablet
"Steam App 240" = Counter-Strike: Source
"WinLiveSuite" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Juniper_Citrix_Services" = Juniper Citrix Services Client
"Juniper_Setup_Client" = Juniper Networks Setup Client
"Juniper_Term_Services" = Juniper Terminal Services Client
"Neoteris_Host_Checker" = Juniper Networks Host Checker

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/9/2010 11:05:51 AM | Computer Name = Andy-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 11/9/2010 11:05:51 AM | Computer Name = Andy-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6022

Error - 11/9/2010 11:05:51 AM | Computer Name = Andy-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6022

Error - 11/9/2010 11:05:52 AM | Computer Name = Andy-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 11/9/2010 11:05:52 AM | Computer Name = Andy-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7020

Error - 11/9/2010 11:05:52 AM | Computer Name = Andy-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7020

Error - 11/9/2010 11:05:53 AM | Computer Name = Andy-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 11/9/2010 11:05:53 AM | Computer Name = Andy-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8018

Error - 11/9/2010 11:05:53 AM | Computer Name = Andy-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8018

Error - 11/9/2010 8:13:42 PM | Computer Name = Andy-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Users\Andy\AppData\Local\Temp\RarSFX0\redist.dll ".
Dependent
Assembly Microsoft.VC90.MFC,processorArchitecture= "x86 ",publicKeyToken= "1fc8b3b9a1e18e3b ",type= "win32 ",version= "9.0.30729.4148 "
could not be found. Please use sxstrace.exe for detailed diagnosis.

[ System Events ]
Error - 11/8/2010 10:08:48 PM | Computer Name = Andy-PC | Source = BROWSER | ID = 8032
Description =

Error - 11/8/2010 11:38:04 PM | Computer Name = Andy-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 11/8/2010 11:42:21 PM | Computer Name = Andy-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 11/8/2010 11:43:40 PM | Computer Name = Andy-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 11/8/2010 11:43:40 PM | Computer Name = Andy-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11/8/2010 11:57:17 PM | Computer Name = Andy-PC | Source = BROWSER | ID = 8032
Description =

Error - 11/9/2010 9:55:47 AM | Computer Name = Andy-PC | Source = BROWSER | ID = 8032
Description =

Error - 11/9/2010 8:17:10 PM | Computer Name = Andy-PC | Source = Service Control Manager | ID = 7006
Description =

Error - 11/9/2010 8:21:53 PM | Computer Name = Andy-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11/9/2010 8:25:12 PM | Computer Name = Andy-PC | Source = BROWSER | ID = 8032
Description =


< End of report >

 

Only have IE8, haven't tried anything else.

 

same problem with Firefox. After performing a google search, when a link is left clicked, a new window/tab is opened and redirects to advertisements. When you close that window and click the link again from google, it will again open a new window/tab, but with the correct site. It will not open the link in the current window like I am used to having it do.

Thanks for your continued help!

 

The drive space thing is a separate issue I'm also working at the moment, after learning about this site when searching for solutions to the redirect issue.

http://www.windowsbbs.com/windows-v...nant-vista-os-after-upgrading-vista-64-a.html



All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Malwarebytes' Anti-Malware deleted successfully.
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\text/xml\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{807553E5-5146-11D5-A672-00B0D022E945}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b1061acd-3ccb-11de-8371-001fd0d478eb}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b1061acd-3ccb-11de-8371-001fd0d478eb}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b1061acd-3ccb-11de-8371-001fd0d478eb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b1061acd-3ccb-11de-8371-001fd0d478eb}\ not found.
File L:\LaunchU3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{be093787-0bbc-11df-b6e7-001fd0d478eb}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{be093787-0bbc-11df-b6e7-001fd0d478eb}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{be093787-0bbc-11df-b6e7-001fd0d478eb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{be093787-0bbc-11df-b6e7-001fd0d478eb}\ not found.
File L:\WD SmartWare.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e19ac2e7-4c4a-11de-a66b-001fd0d478eb}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e19ac2e7-4c4a-11de-a66b-001fd0d478eb}\ not found.
File g8k.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e19ac2e7-4c4a-11de-a66b-001fd0d478eb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e19ac2e7-4c4a-11de-a66b-001fd0d478eb}\ not found.
File g8k.exe not found.
C:\ProgramData\~0 folder moved successfully.
ADS C:\ProgramData\TEMP:05EE1EEF deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Andy
->Temp folder emptied: 945432 bytes
->Temporary Internet Files folder emptied: 53203808 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 25545052 bytes
->Flash cache emptied: 1287 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 71914 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 76.00 mb


[EMPTYFLASH]

User: All Users

User: Andy
->Flash cache emptied: 0 bytes

User: Default

User: Default User

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.17.3 log created on 11092010_193235

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

 

Firefox appears to be working now without issues from the google website, however IE is still experiencing the problem without getting better or worse.

 

I get the following message after attempting each of the commands:
The requested operation requires elevation