Sorry for the delay in getting to your logs, If you still require assistance please follow the below instructions.
Welcome to Dell Community Malware Removal Forums,
I'm K27 and i will be reviewing your log for you.
Please DO NOT run any scans/tools/fixes on your own as this will conflict with the tools we are going to use.
Please Print or Save to Notepad all instructions and please follow them carefully and if there's something you don't understand or that will not work please let me know and we will go through it together.
Please DO NOT use this system for anything apart from visiting this forum and other sites I direct you too, as this will only make the cleanup process all the more diffecult.
OTL Extras logfile created on: 5/10/2010 8:42:53 PM - Run 1 OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\blondsurfer\Desktop 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
6.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 56.00% Memory free 12.00 Gb Paging File | 7.00 Gb Available in Paging File | 62.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 683.60 Gb Total Space | 450.15 Gb Free Space | 65.85% Space Free | Partition Type: NTFS Drive D: | 15.00 Gb Total Space | 7.50 Gb Free Space | 50.02% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded
Computer Name: BATCAVE4468 Current User Name: blondsurfer Logged in as Administrator.
Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard
[ System Events ] Error - 5/9/2010 5:40:48 PM | Computer Name = BATCAVE4468 | Source = atikmdag | ID = 43029 Description = Display is not active
Error - 5/9/2010 5:42:26 PM | Computer Name = BATCAVE4468 | Source = Service Control Manager | ID = 7031 Description = The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
Error - 5/9/2010 5:42:33 PM | Computer Name = BATCAVE4468 | Source = Service Control Manager | ID = 7034 Description = The Intel(R) Matrix Storage Event Monitor service terminated unexpectedly. It has done this 1 time(s).
Error - 5/9/2010 5:43:36 PM | Computer Name = BATCAVE4468 | Source = Service Control Manager | ID = 7031 Description = The Print Spooler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
Error - 5/9/2010 7:12:35 PM | Computer Name = BATCAVE4468 | Source = Service Control Manager | ID = 7034 Description = The Print Spooler service terminated unexpectedly. It has done this 3 time(s).
Error - 5/9/2010 10:28:48 PM | Computer Name = BATCAVE4468 | Source = atikmdag | ID = 43029 Description = Display is not active
Error - 5/10/2010 12:46:22 AM | Computer Name = BATCAVE4468 | Source = atikmdag | ID = 43029 Description = Display is not active
Error - 5/10/2010 3:52:54 AM | Computer Name = BATCAVE4468 | Source = atikmdag | ID = 43029 Description = Display is not active
Error - 5/10/2010 4:07:46 PM | Computer Name = BATCAVE4468 | Source = atikmdag | ID = 43029 Description = Display is not active
Error - 5/10/2010 8:27:38 PM | Computer Name = BATCAVE4468 | Source = atikmdag | ID = 43029 Description = Display is not active
< End of report >
OTL logfile created on: 5/10/2010 8:42:53 PM - Run 1 OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\blondsurfer\Desktop 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
6.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 56.00% Memory free 12.00 Gb Paging File | 7.00 Gb Available in Paging File | 62.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 683.60 Gb Total Space | 450.15 Gb Free Space | 65.85% Space Free | Partition Type: NTFS Drive D: | 15.00 Gb Total Space | 7.50 Gb Free Space | 50.02% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded
Computer Name: BATCAVE4468 Current User Name: blondsurfer Logged in as Administrator.
Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard
Before we continue can I ask you to please read all the information in the link below as it contain information for Peer2Peer programs, Not only is it illegal to download from P2P and torrent sites it is also a breeding ground for malware and more than likely the reason you were infected. It would be futile to try and remove any infection on your system all the time P2P programs are installed.
Then please uninstalll anything else running on the machine that may relate to P2P files sharing or cracked Software.
Then please post back a fresh OTL log so we can proceed with the cleanup.(there will be no "extras" log this time, thats fine, just post the OTL log) Thanks, K27
Thank you for help. I have followed your instructions re the p2p software, etc. Please bear with me as I will check in over the next few days as possible as many family events will happen over the next week, but I will still be here.
Following is the new OTL scan:
OTL logfile created on: 5/12/2010 8:17:06 PM - Run 2 OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\blondsurfer\Desktop 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 73.00% Memory free 12.00 Gb Paging File | 10.00 Gb Available in Paging File | 86.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 683.60 Gb Total Space | 459.27 Gb Free Space | 67.18% Space Free | Partition Type: NTFS Drive D: | 15.00 Gb Total Space | 7.50 Gb Free Space | 50.02% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded
Computer Name: BATCAVE4468 Current User Name: blondsurfer Logged in as Administrator.
Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard
There are a few things that worry me in your logs, please supply answers with your next response.
1) There are system files that are dated before Windows 7 final version was relased, please let me know if this is still the RC (release candidate) version.
2) If this is the full version, did you install over another system or did you format the Harddrive first.
3) You have proxy programs running on the system, when did you exactly install these and did updating work after they were installed.
4) Are you getting any browser redirects
5) There are McAfee Security Scan drivers and processes on the system and I dont see it in you add/remove log, please check you "Remove Programs" in "Control Panel" and if its there please uninstall it, (I dont think it will be but its always better to check there first). Its was more then likely install with an Adobe program but will conflict with Norton and should go, if its not there, dont worry we can remove it manually
Next we need to check a few files:
Please go to VirSCAN where you will see a browse button at the top of the screen.
Click the Browse button
Locate the following file(s)(Note:You can only upload one file at a time)
Click Upload button If you receive a message then this file has alread been scanned please select SCAN AGAIN
Once the scan has finished, click the Save to Clipboard button at the bottom of the page
Open Notepad and right click and then click paste
Post Report(s) back to this thread
Note: you may need to show hidden files to locate the files requested:
Go to Start>Search and at the top select Tools>Folder Options Select the View tab Look for "Hidden files and folders" Select "Show hidden files and folders" Click on Apply. Next go to the side of the Search box and select All files and folders. Go down to More advanced options. Be sure the first three boxes are selected:
Search System folders
Search Hidden Files and folders
Search SubFolders
Remember to hide hidden files/folders by reversing the action when you have finished
Also please navigate to this folder in bold: C:\Users\blondsurfer\Documents\Cheaper TV How to Shrink Your Bill _ WSPA_files and please let me know what files are in it.
Please post back the four(4) reports from VirScan, the contents of the "Cheaper TV" folder and the answers to the five(5) questions.
kevin27_b3d29f
2 Intern
•
1.5K Posts
0
May 10th, 2010 11:00
blondsurferdude
Sorry for the delay in getting to your logs, If you still require assistance please follow the below instructions.
Welcome to Dell Community Malware Removal Forums,
I'm K27 and i will be reviewing your log for you.
Please DO NOT run any scans/tools/fixes on your own as this will conflict with the tools we are going to use.
Please Print or Save to Notepad all instructions and please follow them carefully and if there's something you don't understand or that will not work please let me know and we will go through it together.
Please DO NOT use this system for anything apart from visiting this forum and other sites I direct you too, as this will only make the cleanup process all the more diffecult.
Download OTL to your desktop.
Double click the icon to start the tool. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
.
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of OTL.Txt and the Extras.txt in your next reply.
These will be long logs, so please use multipul post if need be.
Thanks
K27.
blondsurferdude
5 Posts
0
May 10th, 2010 19:00
K27,
Here are the results of the OTL scan:
OTL Extras logfile created on: 5/10/2010 8:42:53 PM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\blondsurfer\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
6.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 56.00% Memory free
12.00 Gb Paging File | 7.00 Gb Available in Paging File | 62.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 683.60 Gb Total Space | 450.15 Gb Free Space | 65.85% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 7.50 Gb Free Space | 50.02% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: BATCAVE4468
Current User Name: blondsurfer
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ ]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\ ]
.exe [@ = exefile] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ \shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ \shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{26A24AE4-039D-4CA4-87B4-2F86416013FF}" = Java(TM) 6 Update 13 (64-bit)
"{2CD65167-671F-49A3-B6C7-3B919DF028E2}_is1" = Streaming Video Recorder V2.1.0
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{08C0729E-3E50-11DF-9D81-005056806466}" = Google Earth
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java(TM) 6 Update 20
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5E4B86E5-CD0E-4D3D-BE21-45A30326850A}" = Microsoft Search Enhancement Pack
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D49D55D-9837-4E0E-AE3B-05C7BEC5CD1F}" = Opera 10.51
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}" = Microsoft Default Manager
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{DA107662-4A57-6E28-6D1D-DA6CC4BEF706}" = Catalyst Control Center InstallProxy
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E21DA178-9FB0-4F91-B79C-5A6DDEEBFB8D}" = Bing Bar Platform
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.11 beta
"8461-7759-5462-8226" = Vuze
"AbiWord2" = AbiWord 2.8.2
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AudioCS" = Creative Audio Control Panel
"CCleaner" = CCleaner
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"DVD Flick_is1" = DVD Flick 1.3.0.7
"FLV Player" = FLV Player 2.0 (build 25)
"Foxit Creator" = Foxit Creator
"Foxit PDF Editor" = Foxit PDF Editor
"FoxyTunesForFirefox" = FoxyTunes for Firefox
"GoToAssist" = GoToAssist 8.0.0.514
"Host OpenAL" = Host OpenAL
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Metacafe" = Metacafe
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"N360" = Norton 360
"Polipo" = Polipo 1.0.4.1
"Songbird-release-1438" = Songbird 1.4.3 (Build 1438)
"Tor" = Tor 0.2.1.25
"URLSnooper 2_is1" = URL Snooper v2.26.01
"uTorrent" = µTorrent
"Vidalia" = Vidalia 0.2.7
"VLC media player" = VLC media player 1.0.5
"WinPcapInst" = WinPcap 4.1.1
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f031ef6ac137efc5" = Dell Driver Download Manager
"Google Chrome" = Google Chrome
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 4/29/2010 1:06:51 AM | Computer Name = BATCAVE4468 | Source = Application Error | ID = 1000
Description = Faulting application name: firefox.exe, version: 1.9.2.3743, time
stamp: 0x4bb4be02 Faulting module name: js3250.dll, version: 0.0.0.0, time stamp:
0x4bb4b686 Exception code: 0xc0000005 Fault offset: 0x00023410 Faulting process id:
0x7a8 Faulting application start time: 0x01cae7563e2541e1 Faulting application path:
C:\Program Files (x86)\Mozilla Firefox\firefox.exe Faulting module path: C:\Program
Files (x86)\Mozilla Firefox\js3250.dll Report Id: 0536d94c-534d-11df-9d71-0025648ca73d
Error - 4/29/2010 2:11:11 AM | Computer Name = BATCAVE4468 | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "c:\program files (x86)\microsoft\search
enhancement pack\search helper\sepsearchhelperie.dll".Error in manifest or policy
file "c:\program files (x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll"
on line 2. Invalid Xml syntax.
Error - 4/29/2010 2:21:08 AM | Computer Name = BATCAVE4468 | Source = Application Error | ID = 1000
Description = Faulting application name: firefox.exe, version: 1.9.2.3743, time
stamp: 0x4bb4be02 Faulting module name: js3250.dll, version: 0.0.0.0, time stamp:
0x4bb4b686 Exception code: 0xc0000005 Fault offset: 0x00023410 Faulting process id:
0x18ec Faulting application start time: 0x01cae75a9c235aec Faulting application path:
C:\Program Files (x86)\Mozilla Firefox\firefox.exe Faulting module path: C:\Program
Files (x86)\Mozilla Firefox\js3250.dll Report Id: 65709383-5357-11df-9d71-0025648ca73d
Error - 4/29/2010 6:48:53 AM | Computer Name = BATCAVE4468 | Source = Application Error | ID = 1000
Description = Faulting application name: firefox.exe, version: 1.9.2.3743, time
stamp: 0x4bb4be02 Faulting module name: js3250.dll, version: 0.0.0.0, time stamp:
0x4bb4b686 Exception code: 0xc0000005 Fault offset: 0x0007c588 Faulting process id:
0xfb8 Faulting application start time: 0x01cae787da1a31ad Faulting application path:
C:\Program Files (x86)\Mozilla Firefox\firefox.exe Faulting module path: C:\Program
Files (x86)\Mozilla Firefox\js3250.dll Report Id: cd495bd2-537c-11df-9d71-0025648ca73d
Error - 4/29/2010 7:43:37 AM | Computer Name = BATCAVE4468 | Source = Application Error | ID = 1000
Description = Faulting application name: firefox.exe, version: 1.9.2.3743, time
stamp: 0x4bb4be02 Faulting module name: js3250.dll, version: 0.0.0.0, time stamp:
0x4bb4b686 Exception code: 0xc0000005 Fault offset: 0x0007c588 Faulting process id:
0xd9c Faulting application start time: 0x01cae7904183fb41 Faulting application path:
C:\Program Files (x86)\Mozilla Firefox\firefox.exe Faulting module path: C:\Program
Files (x86)\Mozilla Firefox\js3250.dll Report Id: 72b270b0-5384-11df-9d71-0025648ca73d
Error - 4/30/2010 7:33:40 AM | Computer Name = BATCAVE4468 | Source = Application Error | ID = 1000
Description = Faulting application name: firefox.exe, version: 1.9.2.3743, time
stamp: 0x4bb4be02 Faulting module name: js3250.dll, version: 0.0.0.0, time stamp:
0x4bb4b686 Exception code: 0xc0000005 Fault offset: 0x00023410 Faulting process id:
0x1fb0 Faulting application start time: 0x01cae85120445ccc Faulting application path:
C:\Program Files (x86)\Mozilla Firefox\firefox.exe Faulting module path: C:\Program
Files (x86)\Mozilla Firefox\js3250.dll Report Id: 38dc601e-544c-11df-9d71-0025648ca73d
Error - 4/30/2010 8:15:04 AM | Computer Name = BATCAVE4468 | Source = Application Error | ID = 1000
Description = Faulting application name: firefox.exe, version: 1.9.2.3743, time
stamp: 0x4bb4be02 Faulting module name: NPSWF32.dll, version: 10.0.45.2, time stamp:
0x4b5f91c2 Exception code: 0xc0000005 Fault offset: 0x00232574 Faulting process id:
0xd04 Faulting application start time: 0x01cae85d6e690d53 Faulting application path:
C:\Program Files (x86)\Mozilla Firefox\firefox.exe Faulting module path: C:\Windows\system32\Macromed\Flash\NPSWF32.dll
Report
Id: 01bf7142-5452-11df-9d71-0025648ca73d
Error - 4/30/2010 9:06:04 AM | Computer Name = BATCAVE4468 | Source = Application Error | ID = 1000
Description = Faulting application name: firefox.exe, version: 1.9.2.3743, time
stamp: 0x4bb4be02 Faulting module name: js3250.dll, version: 0.0.0.0, time stamp:
0x4bb4b686 Exception code: 0xc0000005 Fault offset: 0x00023410 Faulting process id:
0x16b4 Faulting application start time: 0x01cae85edf896c3b Faulting application path:
C:\Program Files (x86)\Mozilla Firefox\firefox.exe Faulting module path: C:\Program
Files (x86)\Mozilla Firefox\js3250.dll Report Id: 21c28ad6-5459-11df-9d71-0025648ca73d
Error - 4/30/2010 1:14:36 PM | Computer Name = BATCAVE4468 | Source = Application Error | ID = 1000
Description = Faulting application name: firefox.exe, version: 1.9.2.3743, time
stamp: 0x4bb4be02 Faulting module name: js3250.dll, version: 0.0.0.0, time stamp:
0x4bb4b686 Exception code: 0xc0000005 Fault offset: 0x00023410 Faulting process id:
0x1c24 Faulting application start time: 0x01cae886339b8af4 Faulting application path:
C:\Program Files (x86)\Mozilla Firefox\firefox.exe Faulting module path: C:\Program
Files (x86)\Mozilla Firefox\js3250.dll Report Id: da056a6e-547b-11df-9d71-0025648ca73d
Error - 4/30/2010 4:06:43 PM | Computer Name = BATCAVE4468 | Source = Application Error | ID = 1000
Description = Faulting application name: firefox.exe, version: 1.9.2.3743, time
stamp: 0x4bb4be02 Faulting module name: js3250.dll, version: 0.0.0.0, time stamp:
0x4bb4b686 Exception code: 0xc0000005 Fault offset: 0x00023410 Faulting process id:
0x23c4 Faulting application start time: 0x01cae892699094d1 Faulting application path:
C:\Program Files (x86)\Mozilla Firefox\firefox.exe Faulting module path: C:\Program
Files (x86)\Mozilla Firefox\js3250.dll Report Id: e4e36a24-5493-11df-9d71-0025648ca73d
[ System Events ]
Error - 5/9/2010 5:40:48 PM | Computer Name = BATCAVE4468 | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 5/9/2010 5:42:26 PM | Computer Name = BATCAVE4468 | Source = Service Control Manager | ID = 7031
Description = The Print Spooler service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.
Error - 5/9/2010 5:42:33 PM | Computer Name = BATCAVE4468 | Source = Service Control Manager | ID = 7034
Description = The Intel(R) Matrix Storage Event Monitor service terminated unexpectedly.
It has done this 1 time(s).
Error - 5/9/2010 5:43:36 PM | Computer Name = BATCAVE4468 | Source = Service Control Manager | ID = 7031
Description = The Print Spooler service terminated unexpectedly. It has done this
2 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.
Error - 5/9/2010 7:12:35 PM | Computer Name = BATCAVE4468 | Source = Service Control Manager | ID = 7034
Description = The Print Spooler service terminated unexpectedly. It has done this
3 time(s).
Error - 5/9/2010 10:28:48 PM | Computer Name = BATCAVE4468 | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 5/10/2010 12:46:22 AM | Computer Name = BATCAVE4468 | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 5/10/2010 3:52:54 AM | Computer Name = BATCAVE4468 | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 5/10/2010 4:07:46 PM | Computer Name = BATCAVE4468 | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 5/10/2010 8:27:38 PM | Computer Name = BATCAVE4468 | Source = atikmdag | ID = 43029
Description = Display is not active
< End of report >
OTL logfile created on: 5/10/2010 8:42:53 PM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\blondsurfer\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
6.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 56.00% Memory free
12.00 Gb Paging File | 7.00 Gb Available in Paging File | 62.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 683.60 Gb Total Space | 450.15 Gb Free Space | 65.85% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 7.50 Gb Free Space | 50.02% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: BATCAVE4468
Current User Name: blondsurfer
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2010/05/10 20:40:05 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\blondsurfer\Desktop\OTL.exe
PRC - [2010/05/02 11:06:40 | 000,834,248 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/05/02 11:06:38 | 001,285,864 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/04/01 13:58:04 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/03/31 01:27:26 | 000,298,608 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2010/03/29 21:24:03 | 000,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
PRC - [2010/02/27 23:45:02 | 005,344,807 | ---- | M] () -- C:\Program Files (x86)\Vidalia Bundle\Vidalia\vidalia.exe
PRC - [2010/02/12 07:27:38 | 000,393,728 | ---- | M] () -- C:\Program Files (x86)\AbiWord\bin\AbiWord.exe
PRC - [2010/01/30 18:27:38 | 000,141,061 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
PRC - [2010/01/14 21:05:28 | 000,311,168 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
PRC - [2010/01/14 21:05:26 | 000,242,048 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2010/01/13 11:42:06 | 000,232,896 | ---- | M] (Vuze Inc.) -- C:\Program Files (x86)\Vuze\Azureus.exe
PRC - [2009/02/23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2009/02/02 22:07:18 | 000,240,544 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10b.exe
========== Modules (SafeList) ==========
MOD - [2010/05/10 20:40:05 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\blondsurfer\Desktop\OTL.exe
MOD - [2009/07/13 21:15:07 | 000,486,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
MOD - [2009/07/13 21:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/13 21:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2010/03/30 01:20:07 | 001,255,736 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV:64bit: - [2009/08/18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV:64bit: - [2009/08/18 02:36:20 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 21:41:59 | 000,229,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wwansvc.dll -- (WwanSvc)
SRV:64bit: - [2009/07/13 21:41:56 | 000,202,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbiosrvc.dll -- (WbioSrvc)
SRV:64bit: - [2009/07/13 21:41:56 | 000,195,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2009/07/13 21:41:56 | 000,163,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpo.dll -- (Power)
SRV:64bit: - [2009/07/13 21:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2009/07/13 21:41:54 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sppuinotify.dll -- (sppuinotify)
SRV:64bit: - [2009/07/13 21:41:54 | 000,029,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sensrsvc.dll -- (SensrSvc)
SRV:64bit: - [2009/07/13 21:41:53 | 001,361,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc)
SRV:64bit: - [2009/07/13 21:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\pnrpsvc.dll -- (PNRPsvc)
SRV:64bit: - [2009/07/13 21:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\pnrpsvc.dll -- (p2pimsvc)
SRV:64bit: - [2009/07/13 21:41:53 | 000,187,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\provsvc.dll -- (HomeGroupProvider)
SRV:64bit: - [2009/07/13 21:41:53 | 000,067,072 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\SysNative\RpcEpMap.dll -- (RpcEptMapper)
SRV:64bit: - [2009/07/13 21:41:53 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpauto.dll -- (PNRPAutoReg)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:41:18 | 000,231,936 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ListSvc.dll -- (HomeGroupListener)
SRV:64bit: - [2009/07/13 21:40:54 | 001,127,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FntCache.dll -- (FontCache)
SRV:64bit: - [2009/07/13 21:40:28 | 000,314,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2009/07/13 21:40:28 | 000,291,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\defragsvc.dll -- (defragsvc)
SRV:64bit: - [2009/07/13 21:40:24 | 000,689,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2009/07/13 21:40:13 | 000,083,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\bthserv.dll -- (bthserv)
SRV:64bit: - [2009/07/13 21:40:10 | 000,100,864 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\bdesvc.dll -- (BDESVC)
SRV:64bit: - [2009/07/13 21:40:05 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AxInstSv.dll -- (AxInstSV)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/07/13 21:40:01 | 000,032,256 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appidsvc.dll -- (AppIDSvc)
SRV:64bit: - [2009/07/13 21:39:51 | 001,503,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbengine.exe -- (wbengine)
SRV:64bit: - [2009/07/13 21:39:28 | 003,524,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\sppsvc.exe -- (sppsvc)
SRV:64bit: - [2009/07/13 21:39:11 | 000,689,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FXSSVC.exe -- (Fax)
SRV - [2010/05/02 11:06:38 | 001,285,864 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/04/05 20:54:20 | 002,504,280 | ---- | M] () [Auto | Running] -- C:/Program Files (x86)/Common Files/Akamai/rswin_3653.dll -- (Akamai)
SRV - [2010/03/29 21:24:03 | 000,117,640 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\ccSvcHst.exe -- (N360)
SRV - [2010/03/29 20:33:07 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010/03/29 19:17:59 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2010/03/29 13:16:43 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL1Licensing.exe -- (Creative ALchemy AL1 Licensing Service)
SRV - [2010/01/14 21:05:26 | 000,242,048 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/10/20 14:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2009/07/13 23:20:14 | 000,000,000 | ---D | M] [On_Demand | Stopped] -- C:\Windows\Vss -- (VSS)
SRV - [2009/07/13 23:20:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2009/07/13 21:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 21:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 16:30:11 | 000,061,056 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2009/06/10 16:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2009/02/23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2008/07/20 18:45:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2010/04/15 12:47:39 | 000,639,512 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\t3.sys -- (t3)
DRV:64bit: - [2010/03/29 21:24:18 | 000,172,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2010/03/29 21:24:04 | 000,476,720 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0308000.029\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2010/03/29 21:24:04 | 000,402,992 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0308000.029\SymEFA64.sys -- (SymEFA)
DRV:64bit: - [2010/03/29 21:24:04 | 000,278,576 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0308000.029\symtdi.sys -- (SYMTDI)
DRV:64bit: - [2010/03/29 21:24:04 | 000,120,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0308000.029\symfw.sys -- (SYMFW)
DRV:64bit: - [2010/03/29 21:24:04 | 000,056,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0308000.029\symndisv.sys -- (SYMNDISV)
DRV:64bit: - [2010/03/29 21:24:04 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0308000.029\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2010/03/29 21:24:04 | 000,031,280 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SymIMV.sys -- (SymIM)
DRV:64bit: - [2010/03/29 21:24:03 | 000,583,296 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0308000.029\cchpx64.sys -- (ccHP)
DRV:64bit: - [2010/03/29 21:24:03 | 000,334,384 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0308000.029\BHDrvx64.sys -- (BHDrvx64)
DRV:64bit: - [2010/03/29 21:24:03 | 000,034,152 | R--- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2010/02/04 11:53:02 | 000,069,152 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd)
DRV:64bit: - [2009/12/11 06:29:27 | 000,153,160 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ksecpkg.sys -- (KSecPkg)
DRV:64bit: - [2009/10/20 14:19:54 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2009/09/26 02:20:38 | 000,223,448 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fvevol.sys -- (fvevol)
DRV:64bit: - [2009/08/18 03:48:48 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:48:04 | 000,014,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hwpolicy.sys -- (hwpolicy)
DRV:64bit: - [2009/07/13 21:47:49 | 000,055,376 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fsdepends.sys -- (FsDepends)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:56 | 000,022,096 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wimmount.sys -- (WIMMount)
DRV:64bit: - [2009/07/13 21:45:55 | 000,217,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vhdmp.sys -- (vhdmp)
DRV:64bit: - [2009/07/13 21:45:55 | 000,200,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbus.sys -- (vmbus)
DRV:64bit: - [2009/07/13 21:45:55 | 000,046,672 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmstorfl.sys -- (storflt)
DRV:64bit: - [2009/07/13 21:45:55 | 000,036,432 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vdrvroot.sys -- (vdrvroot)
DRV:64bit: - [2009/07/13 21:45:55 | 000,034,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsc.sys -- (storvsc)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 21:45:46 | 000,214,096 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\rdyboost.sys -- (rdyboost)
DRV:64bit: - [2009/07/13 21:45:45 | 000,050,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pcw.sys -- (pcw)
DRV:64bit: - [2009/07/13 21:43:14 | 000,460,504 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\cng.sys -- (CNG)
DRV:64bit: - [2009/07/13 20:17:46 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rdpbus.sys -- (rdpbus)
DRV:64bit: - [2009/07/13 20:16:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV:64bit: - [2009/07/13 20:10:24 | 000,060,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV:64bit: - [2009/07/13 20:09:26 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\wfplwf.sys -- (WfpLwf)
DRV:64bit: - [2009/07/13 20:08:13 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ndiscap.sys -- (NdisCap)
DRV:64bit: - [2009/07/13 20:07:22 | 000,059,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vwififlt.sys -- (vwififlt)
DRV:64bit: - [2009/07/13 20:07:21 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vwifibus.sys -- (vwifibus)
DRV:64bit: - [2009/07/13 20:07:13 | 000,227,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\1394ohci.sys -- (1394ohci)
DRV:64bit: - [2009/07/13 20:07:00 | 000,350,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService)
DRV:64bit: - [2009/07/13 20:06:52 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\umpass.sys -- (UmPass)
DRV:64bit: - [2009/07/13 20:06:24 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV:64bit: - [2009/07/13 20:05:37 | 000,112,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WUDFPf.sys -- (WudfPf)
DRV:64bit: - [2009/07/13 20:02:08 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MTConfig.sys -- (MTConfig)
DRV:64bit: - [2009/07/13 20:00:34 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CompositeBus.sys -- (CompositeBus)
DRV:64bit: - [2009/07/13 20:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\beep.sys -- (Beep)
DRV:64bit: - [2009/07/13 19:52:39 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\appid.sys -- (AppID)
DRV:64bit: - [2009/07/13 19:50:17 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\SysNative\drivers\scfilter.sys -- (scfilter)
DRV:64bit: - [2009/07/13 19:42:58 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vms3cap.sys -- (s3cap)
DRV:64bit: - [2009/07/13 19:42:44 | 000,021,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusHID.sys -- (VMBusHID)
DRV:64bit: - [2009/07/13 19:37:18 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\discache.sys -- (discache)
DRV:64bit: - [2009/07/13 19:31:06 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidbatt.sys -- (HidBatt)
DRV:64bit: - [2009/07/13 19:31:03 | 000,017,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CmBatt.sys -- (CmBatt)
DRV:64bit: - [2009/07/13 19:27:17 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipmi.sys -- (AcpiPmi)
DRV:64bit: - [2009/07/13 19:24:27 | 000,514,048 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)
DRV:64bit: - [2009/07/13 19:19:25 | 000,060,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdppm.sys -- (AmdPPM)
DRV:64bit: - [2009/07/08 00:45:50 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/22 23:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2008/12/18 01:43:24 | 000,062,464 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTSTOR64.sys -- (RTSTOR)
DRV:64bit: - [2008/12/15 04:37:38 | 000,098,144 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2008/12/15 01:09:30 | 000,174,592 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/07/20 18:44:54 | 000,402,456 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV - [2010/04/18 13:03:34 | 001,742,896 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100510.002\EX64.SYS -- (NAVEX15)
DRV - [2010/04/18 13:03:34 | 000,116,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100510.002\ENG64.SYS -- (NAVENG)
DRV - [2010/03/29 15:30:34 | 000,000,000 | ---D | M] [Kernel | System | Running] -- C:\Windows\CSC -- (CSC)
DRV - [2010/03/29 01:46:08 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2010/03/29 01:46:08 | 000,132,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/10/28 18:37:21 | 000,466,992 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100505.001\IDSviA64.sys -- (IDSVia64)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/13 21:16:02 | 000,014,336 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\netbios.dll -- (NetBIOS)
DRV - [2009/06/10 17:28:14 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)
DRV - [2009/06/10 17:15:18 | 000,003,066 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.dell.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.dell.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D5 4F 4D C8 A7 D2 CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: flashbug@coursevector.com:1.6.3
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:0.9.10.2
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.4
FF - prefs.js..extensions.enabledItems: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.11
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.21
FF - prefs.js..extensions.enabledItems: {2e61e246-e640-4c56-b1ed-f146dbed48cd}:0.7.6
FF - prefs.js..extensions.enabledItems: {B9C8BE50-7105-4ec6-8FB4-4935C0671648}:0.5.995
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..network.proxy.type: 4
FF - HKLM\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2010/04/25 02:45:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\Firefox [2010/04/15 00:22:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/04/15 00:22:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/04/03 20:21:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/04/29 00:01:40 | 000,000,000 | ---D | M]
[2010/03/30 02:31:02 | 000,000,000 | ---D | M] -- C:\Users\blondsurfer\AppData\Roaming\Mozilla\Extensions
[2010/03/30 02:31:02 | 000,000,000 | ---D | M] -- C:\Users\blondsurfer\AppData\Roaming\Mozilla\Extensions\songbird@songbirdnest.com
[2010/05/10 01:27:33 | 000,000,000 | ---D | M] -- C:\Users\blondsurfer\AppData\Roaming\Mozilla\Firefox\Profiles\ixtjtt0p.default\extensions
[2010/03/29 21:31:31 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\blondsurfer\AppData\Roaming\Mozilla\Firefox\Profiles\ixtjtt0p.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2010/04/27 19:35:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\blondsurfer\AppData\Roaming\Mozilla\Firefox\Profiles\ixtjtt0p.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2010/04/02 13:58:48 | 000,000,000 | ---D | M] (All-in-One Sidebar) -- C:\Users\blondsurfer\AppData\Roaming\Mozilla\Firefox\Profiles\ixtjtt0p.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}
[2010/04/11 02:09:25 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\blondsurfer\AppData\Roaming\Mozilla\Firefox\Profiles\ixtjtt0p.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010/04/27 19:35:33 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\blondsurfer\AppData\Roaming\Mozilla\Firefox\Profiles\ixtjtt0p.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/05 19:30:25 | 000,000,000 | ---D | M] (Stop Autoplay) -- C:\Users\blondsurfer\AppData\Roaming\Mozilla\Firefox\Profiles\ixtjtt0p.default\extensions\{2e61e246-e640-4c56-b1ed-f146dbed48cd}
[2010/03/29 21:31:31 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\blondsurfer\AppData\Roaming\Mozilla\Firefox\Profiles\ixtjtt0p.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/04/05 19:30:25 | 000,000,000 | ---D | M] (FoxyTunes) -- C:\Users\blondsurfer\AppData\Roaming\Mozilla\Firefox\Profiles\ixtjtt0p.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
[2010/04/05 19:30:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\blondsurfer\AppData\Roaming\Mozilla\Firefox\Profiles\ixtjtt0p.default\extensions\{B9C8BE50-7105-4ec6-8FB4-4935C0671648}
[2010/04/15 14:42:05 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\blondsurfer\AppData\Roaming\Mozilla\Firefox\Profiles\ixtjtt0p.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/04/05 19:40:18 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\blondsurfer\AppData\Roaming\Mozilla\Firefox\Profiles\ixtjtt0p.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/04/18 18:03:45 | 000,000,000 | ---D | M] -- C:\Users\blondsurfer\AppData\Roaming\Mozilla\Firefox\Profiles\ixtjtt0p.default\extensions\flashbug@coursevector.com
[2010/05/08 19:16:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/04/29 00:01:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg64.dll (Google Inc.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {10CECF4F-A96E-4803-8AC2-F565FB29FF47} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Bing Bar] C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe (Microsoft Corp.)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SPIRunE] C:\Windows\SysWow64\SpiRunE.dll (Creative Technology Ltd.)
O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [Vidalia] C:\Program Files (x86)\Vidalia Bundle\Vidalia\vidalia.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} http://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab (IGDTester Class)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://l.yimg.com/jh/games/web_games/popcap/bejeweled2/popcaploader_v6.cab (PopCapLoader Object)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - Reg Error: Key error. File not found
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - Reg Error: Key error. - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\Dell_XPS_silverswirl.jpg
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
========== Files/Folders - Created Within 30 Days ==========
[2010/05/10 20:40:04 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Users\blondsurfer\Desktop\OTL.exe
[2010/05/04 20:18:47 | 000,000,000 | ---D | C] -- C:\Users\blondsurfer\Documents\Hijack This
[2010/05/03 19:31:30 | 000,000,000 | ---D | C] -- C:\Users\blondsurfer\Documents\Cheaper TV How to Shrink Your Bill _ WSPA_files
[2010/04/29 00:01:39 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010/04/29 00:01:39 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/04/29 00:01:39 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/04/29 00:01:39 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/04/28 11:55:44 | 001,446,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2010/04/28 11:55:44 | 000,153,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ksecpkg.sys
[2010/04/28 11:34:55 | 000,223,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fvevol.sys
[2010/04/19 01:46:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010/04/18 20:41:57 | 000,000,000 | ---D | C] -- C:\Users\blondsurfer\AppData\Local\Symantec
[2010/04/17 01:37:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinPcap
[2010/04/16 18:32:35 | 000,000,000 | ---D | C] -- C:\Users\blondsurfer\AppData\Roaming\Apowersoft
[2010/04/16 18:32:32 | 000,000,000 | ---D | C] -- C:\Program Files\Apowersoft
[2010/04/15 14:05:34 | 000,466,456 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2010/04/15 14:05:34 | 000,444,952 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2010/04/15 14:05:34 | 000,122,904 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2010/04/15 14:05:34 | 000,109,080 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2010/04/15 14:05:13 | 002,873,823 | ---- | C] (Creative) -- C:\Windows\SysWow64\Sens_oal.dll
[2010/04/15 13:55:16 | 086,827,000 | ---- | C] (Creative Technology Ltd) -- C:\Users\blondsurfer\Desktop\XFXA_PCDRV_LB_1_04_0000.exe
[2010/04/15 13:38:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Creative Labs
[2010/04/15 00:59:46 | 000,000,000 | ---D | C] -- C:\Users\blondsurfer\Documents\Vuze Downloads
[2010/04/15 00:55:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vidalia Bundle
[2010/04/15 00:55:53 | 000,000,000 | ---D | C] -- C:\Users\blondsurfer\AppData\Roaming\Vidalia
[2010/04/15 00:55:53 | 000,000,000 | ---D | C] -- C:\Users\blondsurfer\AppData\Roaming\Tor
[2010/04/15 00:22:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSN Toolbar
[2010/04/15 00:22:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2010/04/15 00:22:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Azureus
[2010/04/15 00:21:59 | 000,000,000 | ---D | C] -- C:\Users\blondsurfer\AppData\Roaming\Azureus
[2010/04/15 00:21:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vuze
[2010/04/15 00:21:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bing Bar Installer
[2010/04/14 09:19:22 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2010/04/14 09:19:22 | 000,427,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vbscript.dll
[2010/04/14 09:19:21 | 005,509,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2010/04/14 09:19:20 | 003,954,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2010/04/14 09:19:20 | 003,899,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2010/04/14 09:18:02 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2010/04/14 09:18:02 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wintrust.dll
[2010/04/14 09:17:54 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cabview.dll
[2010/04/14 09:17:54 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cabview.dll
[2010/04/13 03:27:21 | 000,000,000 | ---D | C] -- C:\Users\blondsurfer\AppData\Roaming\IrfanView
[2010/04/13 03:03:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IrfanView
[2010/04/12 19:13:27 | 000,000,000 | ---D | C] -- C:\Users\blondsurfer\AppData\Roaming\Foxit Software
[2010/04/12 18:37:53 | 000,000,000 | ---D | C] -- C:\Users\blondsurfer\AppData\Roaming\dvdcss
[2010/04/11 15:10:24 | 000,000,000 | ---D | C] -- C:\Users\blondsurfer\Documents\DonationCoder
[2010/04/11 15:10:24 | 000,000,000 | ---D | C] -- C:\Users\blondsurfer\AppData\Roaming\DonationCoder
[2010/04/11 15:06:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\URLSnooper2
[2010/04/11 15:06:23 | 000,000,000 | ---D | C] -- C:\ProgramData\DonationCoder
[2010/04/11 11:40:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Plugins
[2010/04/11 11:21:09 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2010/04/11 01:42:52 | 000,000,000 | ---D | C] -- C:\Users\blondsurfer\AppData\Roaming\Foxit
[2010/04/11 01:42:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Foxit Software
========== Files - Modified Within 30 Days ==========
[2010/05/10 20:45:30 | 002,621,440 | -HS- | M] () -- C:\Users\blondsurfer\ntuser.dat
[2010/05/10 20:40:05 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\blondsurfer\Desktop\OTL.exe
[2010/05/10 20:37:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/10 20:27:44 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-954841379-3349999835-2930664112-1000UA.job
[2010/05/10 20:27:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/05/10 19:23:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-954841379-3349999835-2930664112-1000Core.job
[2010/05/10 01:37:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/09 17:48:17 | 000,011,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/05/09 17:48:17 | 000,011,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/05/09 17:47:04 | 000,615,122 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/05/09 17:47:04 | 000,103,496 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/05/09 17:47:03 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/05/09 17:41:50 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/05/09 17:41:02 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/05/09 17:40:40 | 529,780,735 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/08 19:12:59 | 004,555,734 | -H-- | M] () -- C:\Users\blondsurfer\AppData\Local\IconCache.db
[2010/05/07 00:03:55 | 000,002,286 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/05/06 22:08:28 | 000,003,003 | ---- | M] () -- C:\Users\blondsurfer\Desktop\HiJackThis.lnk
[2010/05/04 21:36:31 | 000,000,036 | ---- | M] () -- C:\Users\blondsurfer\AppData\Local\housecall.guid.cache
[2010/05/04 07:42:46 | 000,001,887 | ---- | M] () -- C:\Users\blondsurfer\Desktop\CCleaner.lnk
[2010/05/03 19:31:34 | 000,184,069 | ---- | M] () -- C:\Users\blondsurfer\Documents\Cheaper TV How to Shrink Your Bill _ WSPA.htm
[2010/05/02 14:06:54 | 355,641,818 | ---- | M] () -- C:\Users\blondsurfer\Documents\vlc-record-2010-05-02-13h57m33s-Streaming-.avi
[2010/04/29 18:11:20 | 000,001,288 | ---- | M] () -- C:\Users\blondsurfer\mm.cfg
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/04/29 15:39:28 | 000,024,664 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/04/28 21:24:53 | 000,002,288 | ---- | M] () -- C:\Users\blondsurfer\Desktop\Google Chrome.lnk
[2010/04/25 20:17:21 | 000,029,926 | ---- | M] () -- C:\Users\blondsurfer\Documents\DVR Programs.abw
[2010/04/19 22:01:49 | 000,524,288 | -HS- | M] () -- C:\Users\blondsurfer\ntuser.dat{8d55b1d5-4b4e-11df-974a-0025648ca73d}.TMContainer00000000000000000002.regtrans-ms
[2010/04/19 22:01:49 | 000,524,288 | -HS- | M] () -- C:\Users\blondsurfer\ntuser.dat{8d55b1d5-4b4e-11df-974a-0025648ca73d}.TMContainer00000000000000000001.regtrans-ms
[2010/04/19 22:01:49 | 000,065,536 | -HS- | M] () -- C:\Users\blondsurfer\ntuser.dat{8d55b1d5-4b4e-11df-974a-0025648ca73d}.TM.blf
[2010/04/18 19:23:14 | 000,012,698 | -HS- | M] () -- C:\Users\blondsurfer\AppData\Local\xSWFi252
[2010/04/18 19:23:14 | 000,012,698 | -HS- | M] () -- C:\ProgramData\xSWFi252
[2010/04/16 21:23:40 | 000,000,174 | ---- | M] () -- C:\3X3GC3J1.dat
[2010/04/16 18:32:37 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Streaming Video Recorder.lnk
[2010/04/15 14:05:34 | 000,466,456 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2010/04/15 14:05:34 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2010/04/15 14:05:34 | 000,122,904 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2010/04/15 14:05:34 | 000,109,080 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2010/04/15 14:00:58 | 000,001,802 | RH-- | M] () -- C:\Windows\ctfile.rfc
[2010/04/15 13:55:16 | 086,827,000 | ---- | M] (Creative Technology Ltd) -- C:\Users\blondsurfer\Desktop\XFXA_PCDRV_LB_1_04_0000.exe
[2010/04/15 12:47:40 | 000,498,688 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\SysWow64\T3APO32.dll
[2010/04/15 12:47:40 | 000,018,432 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\SysWow64\SpiRunE.dll
[2010/04/15 12:47:40 | 000,008,704 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\t3RDefE.exe
[2010/04/15 12:47:40 | 000,001,910 | ---- | M] () -- C:\Windows\SB0710.reg
[2010/04/15 12:47:40 | 000,001,702 | ---- | M] () -- C:\Windows\SB0820.reg
[2010/04/15 12:47:40 | 000,001,436 | ---- | M] () -- C:\Windows\CfgHPSp.ini
[2010/04/15 12:47:40 | 000,001,434 | ---- | M] () -- C:\Windows\Cfg05Sp.ini
[2010/04/15 12:47:40 | 000,001,434 | ---- | M] () -- C:\Windows\Cfg04Sp.ini
[2010/04/15 12:47:40 | 000,001,396 | ---- | M] () -- C:\Windows\SB1042.reg
[2010/04/15 12:47:40 | 000,001,091 | ---- | M] () -- C:\Windows\Cfg03Sp.ini
[2010/04/15 12:47:40 | 000,001,091 | ---- | M] () -- C:\Windows\Cfg02Sp.ini
[2010/04/15 12:47:40 | 000,001,000 | ---- | M] () -- C:\Windows\Cfg01Sp.ini
[2010/04/15 12:47:40 | 000,000,992 | ---- | M] () -- C:\Windows\SB1049.reg
[2010/04/15 12:47:40 | 000,000,992 | ---- | M] () -- C:\Windows\SB1040.reg
[2010/04/15 12:47:40 | 000,000,932 | ---- | M] () -- C:\Windows\CfgHPHp.ini
[2010/04/15 12:47:40 | 000,000,932 | ---- | M] () -- C:\Windows\CfgHPDO.ini
[2010/04/15 12:47:40 | 000,000,932 | ---- | M] () -- C:\Windows\Cfg05DO.ini
[2010/04/15 12:47:40 | 000,000,932 | ---- | M] () -- C:\Windows\Cfg04DO.ini
[2010/04/15 12:47:40 | 000,000,930 | ---- | M] () -- C:\Windows\Cfg05Hp.ini
[2010/04/15 12:47:40 | 000,000,930 | ---- | M] () -- C:\Windows\Cfg04Hp.ini
[2010/04/15 12:47:40 | 000,000,818 | ---- | M] () -- C:\Windows\Cfg01APR.ini
[2010/04/15 12:47:40 | 000,000,725 | ---- | M] () -- C:\Windows\Cfg03Hp.ini
[2010/04/15 12:47:40 | 000,000,725 | ---- | M] () -- C:\Windows\Cfg03DO.ini
[2010/04/15 12:47:40 | 000,000,725 | ---- | M] () -- C:\Windows\Cfg02Hp.ini
[2010/04/15 12:47:40 | 000,000,725 | ---- | M] () -- C:\Windows\Cfg02DO.ini
[2010/04/15 12:47:40 | 000,000,725 | ---- | M] () -- C:\Windows\Cfg01Hp.ini
[2010/04/15 12:47:40 | 000,000,725 | ---- | M] () -- C:\Windows\Cfg01DO.ini
[2010/04/15 12:47:40 | 000,000,453 | ---- | M] () -- C:\Windows\CfgHPRMi.ini
[2010/04/15 12:47:40 | 000,000,453 | ---- | M] () -- C:\Windows\CfgHPRLI.ini
[2010/04/15 12:47:40 | 000,000,453 | ---- | M] () -- C:\Windows\CfgHPFMi.ini
[2010/04/15 12:47:40 | 000,000,453 | ---- | M] () -- C:\Windows\CfgHPDI.ini
[2010/04/15 12:47:40 | 000,000,453 | ---- | M] () -- C:\Windows\Cfg05RMi.ini
[2010/04/15 12:47:40 | 000,000,453 | ---- | M] () -- C:\Windows\Cfg05RLI.ini
[2010/04/15 12:47:40 | 000,000,453 | ---- | M] () -- C:\Windows\Cfg05FMi.ini
[2010/04/15 12:47:40 | 000,000,453 | ---- | M] () -- C:\Windows\Cfg05DI.ini
[2010/04/15 12:47:40 | 000,000,453 | ---- | M] () -- C:\Windows\Cfg04RMi.ini
[2010/04/15 12:47:40 | 000,000,453 | ---- | M] () -- C:\Windows\Cfg04RLI.ini
[2010/04/15 12:47:40 | 000,000,453 | ---- | M] () -- C:\Windows\Cfg04FMi.ini
[2010/04/15 12:47:40 | 000,000,453 | ---- | M] () -- C:\Windows\Cfg04DI.ini
[2010/04/15 12:47:40 | 000,000,453 | ---- | M] () -- C:\Windows\Cfg03RMi.ini
[2010/04/15 12:47:40 | 000,000,453 | ---- | M] () -- C:\Windows\Cfg03RLI.ini
[2010/04/15 12:47:40 | 000,000,453 | ---- | M] () -- C:\Windows\Cfg03FMi.ini
[2010/04/15 12:47:40 | 000,000,453 | ---- | M] () -- C:\Windows\Cfg03DI.ini
[2010/04/15 12:47:40 | 000,000,453 | ---- | M] () -- C:\Windows\Cfg02RMi.ini
[2010/04/15 12:47:40 | 000,000,453 | ---- | M] () -- C:\Windows\Cfg02RLI.ini
[2010/04/15 12:47:40 | 000,000,453 | ---- | M] () -- C:\Windows\Cfg02FMi.ini
[2010/04/15 12:47:40 | 000,000,453 | ---- | M] () -- C:\Windows\Cfg02DI.ini
[2010/04/15 12:47:40 | 000,000,453 | ---- | M] () -- C:\Windows\Cfg01Mic.ini
[2010/04/15 12:47:40 | 000,000,453 | ---- | M] () -- C:\Windows\Cfg01LI.ini
[2010/04/15 12:47:40 | 000,000,453 | ---- | M] () -- C:\Windows\Cfg01DI.ini
[2010/04/15 12:47:39 | 000,639,512 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\SysNative\drivers\t3.sys
[2010/04/15 12:47:39 | 000,600,211 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWow64\t3aim64.exe
[2010/04/15 12:47:39 | 000,570,368 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\SysNative\T3APO64.dll
[2010/04/15 12:47:39 | 000,057,856 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\SysNative\t3ppld64.dll
[2010/04/15 00:21:41 | 000,001,850 | ---- | M] () -- C:\Users\Public\Desktop\Vuze.lnk
[2010/04/13 03:03:32 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\IrfanView Thumbnails.lnk
[2010/04/13 03:03:32 | 000,001,000 | ---- | M] () -- C:\Users\Public\Desktop\IrfanView.lnk
[2010/04/12 17:29:27 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/04/12 17:29:26 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/04/12 17:29:25 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010/04/11 16:19:48 | 000,040,846 | ---- | M] () -- C:\Users\blondsurfer\Documents\cc_20100411_161926.reg
[2010/04/11 15:10:24 | 000,000,046 | ---- | M] () -- C:\Windows\SysWow64\DonationCoder_urlsnooper_InstallInfo.dat
[2010/04/11 15:09:14 | 000,000,970 | ---- | M] () -- C:\Users\blondsurfer\Desktop\URLSnooper 2.lnk
[2010/04/11 01:49:27 | 000,001,143 | ---- | M] () -- C:\Users\blondsurfer\Desktop\Foxit PDF Editor.lnk
========== Files Created - No Company Name ==========
[2010/05/09 17:41:50 | 000,000,394 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/05/07 00:03:55 | 000,002,286 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/05/04 21:36:31 | 000,000,036 | ---- | C] () -- C:\Users\blondsurfer\AppData\Local\housecall.guid.cache
[2010/05/03 19:31:29 | 000,184,069 | ---- | C] () -- C:\Users\blondsurfer\Documents\Cheaper TV How to Shrink Your Bill _ WSPA.htm
[2010/05/02 13:58:03 | 355,641,818 | ---- | C] () -- C:\Users\blondsurfer\Documents\vlc-record-2010-05-02-13h57m33s-Streaming-.avi
[2010/04/29 18:11:20 | 000,001,288 | ---- | C] () -- C:\Users\blondsurfer\mm.cfg
[2010/04/25 20:17:21 | 000,029,926 | ---- | C] () -- C:\Users\blondsurfer\Documents\DVR Programs.abw
[2010/04/24 05:32:04 | 000,087,552 | -HS- | C] () -- C:\Users\blondsurfer\Thumbs.db
[2010/04/19 01:46:37 | 000,003,003 | ---- | C] () -- C:\Users\blondsurfer\Desktop\HiJackThis.lnk
[2010/04/18 20:58:26 | 000,524,288 | -HS- | C] () -- C:\Users\blondsurfer\ntuser.dat{8d55b1d5-4b4e-11df-974a-0025648ca73d}.TMContainer00000000000000000002.regtrans-ms
[2010/04/18 20:58:26 | 000,524,288 | -HS- | C] () -- C:\Users\blondsurfer\ntuser.dat{8d55b1d5-4b4e-11df-974a-0025648ca73d}.TMContainer00000000000000000001.regtrans-ms
[2010/04/18 20:58:26 | 000,065,536 | -HS- | C] () -- C:\Users\blondsurfer\ntuser.dat{8d55b1d5-4b4e-11df-974a-0025648ca73d}.TM.blf
[2010/04/18 18:24:09 | 000,012,698 | -HS- | C] () -- C:\Users\blondsurfer\AppData\Local\xSWFi252
[2010/04/18 18:24:09 | 000,012,698 | -HS- | C] () -- C:\ProgramData\xSWFi252
[2010/04/16 21:23:40 | 000,000,174 | ---- | C] () -- C:\3X3GC3J1.dat
[2010/04/16 18:32:37 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\Streaming Video Recorder.lnk
[2010/04/16 18:32:35 | 000,053,299 | ---- | C] () -- C:\Windows\SysNative\pthreadVC.dll
[2010/04/15 00:21:41 | 000,001,850 | ---- | C] () -- C:\Users\Public\Desktop\Vuze.lnk
[2010/04/13 03:03:32 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\IrfanView Thumbnails.lnk
[2010/04/13 03:03:32 | 000,001,000 | ---- | C] () -- C:\Users\Public\Desktop\IrfanView.lnk
[2010/04/11 16:19:28 | 000,040,846 | ---- | C] () -- C:\Users\blondsurfer\Documents\cc_20100411_161926.reg
[2010/04/11 15:10:24 | 000,000,046 | ---- | C] () -- C:\Windows\SysWow64\DonationCoder_urlsnooper_InstallInfo.dat
[2010/04/11 15:06:23 | 000,000,970 | ---- | C] () -- C:\Users\blondsurfer\Desktop\URLSnooper 2.lnk
[2010/04/11 01:49:27 | 000,001,143 | ---- | C] () -- C:\Users\blondsurfer\Desktop\Foxit PDF Editor.lnk
[2010/03/29 08:47:29 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2010/03/29 08:47:29 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2009/10/20 14:19:30 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2009/08/26 05:29:28 | 000,150,016 | ---- | C] () -- C:\Windows\SysWow64\OemSpiE.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/01/14 02:47:24 | 000,001,436 | ---- | C] () -- C:\Windows\CfgHPSp.ini
[2009/01/14 02:47:24 | 000,001,434 | ---- | C] () -- C:\Windows\Cfg05Sp.ini
[2009/01/14 02:47:24 | 000,001,434 | ---- | C] () -- C:\Windows\Cfg04Sp.ini
[2009/01/14 02:47:24 | 000,001,091 | ---- | C] () -- C:\Windows\Cfg03Sp.ini
[2009/01/14 02:47:24 | 000,001,091 | ---- | C] () -- C:\Windows\Cfg02Sp.ini
[2009/01/14 02:47:24 | 000,001,000 | ---- | C] () -- C:\Windows\Cfg01Sp.ini
[2009/01/14 02:47:24 | 000,000,932 | ---- | C] () -- C:\Windows\CfgHPHp.ini
[2009/01/14 02:47:24 | 000,000,932 | ---- | C] () -- C:\Windows\CfgHPDO.ini
[2009/01/14 02:47:24 | 000,000,932 | ---- | C] () -- C:\Windows\Cfg05DO.ini
[2009/01/14 02:47:24 | 000,000,932 | ---- | C] () -- C:\Windows\Cfg04DO.ini
[2009/01/14 02:47:24 | 000,000,930 | ---- | C] () -- C:\Windows\Cfg05Hp.ini
[2009/01/14 02:47:24 | 000,000,930 | ---- | C] () -- C:\Windows\Cfg04Hp.ini
[2009/01/14 02:47:24 | 000,000,818 | ---- | C] () -- C:\Windows\Cfg01APR.ini
[2009/01/14 02:47:24 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg03Hp.ini
[2009/01/14 02:47:24 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg03DO.ini
[2009/01/14 02:47:24 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg02Hp.ini
[2009/01/14 02:47:24 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg02DO.ini
[2009/01/14 02:47:24 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg01Hp.ini
[2009/01/14 02:47:24 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg01DO.ini
[2009/01/14 02:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPRMi.ini
[2009/01/14 02:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPRLI.ini
[2009/01/14 02:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPFMi.ini
[2009/01/14 02:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPDI.ini
[2009/01/14 02:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05RMi.ini
[2009/01/14 02:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05RLI.ini
[2009/01/14 02:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05FMi.ini
[2009/01/14 02:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05DI.ini
[2009/01/14 02:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04RMi.ini
[2009/01/14 02:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04RLI.ini
[2009/01/14 02:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04FMi.ini
[2009/01/14 02:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04DI.ini
[2009/01/14 02:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg03RMi.ini
[2009/01/14 02:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg03RLI.ini
[2009/01/14 02:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg03FMi.ini
[2009/01/14 02:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg03DI.ini
[2009/01/14 02:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg02RMi.ini
[2009/01/14 02:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg02RLI.ini
[2009/01/14 02:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg02FMi.ini
[2009/01/14 02:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg02DI.ini
[2009/01/14 02:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg01Mic.ini
[2009/01/14 02:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg01LI.ini
[2009/01/14 02:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg01DI.ini
========== LOP Check ==========
[2010/04/16 18:32:35 | 000,000,000 | ---D | M] -- C:\Users\blondsurfer\AppData\Roaming\Apowersoft
[2010/05/10 20:45:10 | 000,000,000 | ---D | M] -- C:\Users\blondsurfer\AppData\Roaming\Azureus
[2010/04/11 15:10:24 | 000,000,000 | ---D | M] -- C:\Users\blondsurfer\AppData\Roaming\DonationCoder
[2010/03/30 18:26:31 | 000,000,000 | ---D | M] -- C:\Users\blondsurfer\AppData\Roaming\enchant
[2010/04/11 01:42:52 | 000,000,000 | ---D | M] -- C:\Users\blondsurfer\AppData\Roaming\Foxit
[2010/04/12 19:13:27 | 000,000,000 | ---D | M] -- C:\Users\blondsurfer\AppData\Roaming\Foxit Software
[2010/04/11 20:03:58 | 000,000,000 | ---D | M] -- C:\Users\blondsurfer\AppData\Roaming\gtk-2.0
[2010/04/18 16:34:56 | 000,000,000 | ---D | M] -- C:\Users\blondsurfer\AppData\Roaming\IrfanView
[2010/04/07 01:44:29 | 000,000,000 | ---D | M] -- C:\Users\blondsurfer\AppData\Roaming\Opera
[2010/04/02 16:58:23 | 000,000,000 | ---D | M] -- C:\Users\blondsurfer\AppData\Roaming\Participatory Culture Foundation
[2010/04/11 20:08:18 | 000,000,000 | ---D | M] -- C:\Users\blondsurfer\AppData\Roaming\PCF-VLC
[2010/03/30 02:30:50 | 000,000,000 | ---D | M] -- C:\Users\blondsurfer\AppData\Roaming\Songbird2
[2010/04/01 19:43:59 | 000,000,000 | ---D | M] -- C:\Users\blondsurfer\AppData\Roaming\Template
[2010/05/09 17:41:57 | 000,000,000 | ---D | M] -- C:\Users\blondsurfer\AppData\Roaming\uTorrent
[2010/05/09 17:41:50 | 000,000,394 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2009/07/14 01:08:49 | 000,015,366 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
Thanks,
blondsurferdude
kevin27_b3d29f
2 Intern
•
1.5K Posts
0
May 11th, 2010 08:00
blondsuferdude,
Before we continue can I ask you to please read all the information in the link below as it contain information for Peer2Peer programs,
Not only is it illegal to download from P2P and torrent sites it is also a breeding ground for malware and more than likely the reason you were infected.
It would be futile to try and remove any infection on your system all the time P2P programs are installed.
http://en.community.dell.com/support-forums/virus-spyware/w/spyware_virus/perils-of-p2p-file-sharing.aspx
Then i need you to go to:
Vuze
uTorrent
Then please uninstalll anything else running on the machine that may relate to P2P files sharing or cracked Software.
Then please post back a fresh OTL log so we can proceed with the cleanup.(there will be no "extras" log this time, thats fine, just post the OTL log)
Thanks,
K27
blondsurferdude
5 Posts
0
May 12th, 2010 18:00
K27:
Thank you for help. I have followed your instructions re the p2p software, etc. Please bear with me as I will check in over the next few days as possible as many family events will happen over the next week, but I will still be here.
Following is the new OTL scan:
OTL logfile created on: 5/12/2010 8:17:06 PM - Run 2
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\blondsurfer\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 73.00% Memory free
12.00 Gb Paging File | 10.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 683.60 Gb Total Space | 459.27 Gb Free Space | 67.18% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 7.50 Gb Free Space | 50.02% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: BATCAVE4468
Current User Name: blondsurfer
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2010/05/10 20:40:05 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\blondsurfer\Desktop\OTL.exe
PRC - [2010/05/02 11:06:40 | 000,834,248 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/05/02 11:06:38 | 001,285,864 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/04/01 13:58:04 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/03/29 21:24:03 | 000,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
PRC - [2010/02/12 07:27:38 | 000,393,728 | ---- | M] () -- C:\Program Files (x86)\AbiWord\bin\AbiWord.exe
PRC - [2010/01/15 08:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2010/01/14 21:05:26 | 000,242,048 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/02/23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
========== Modules (SafeList) ==========
MOD - [2010/05/10 20:40:05 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\blondsurfer\Desktop\OTL.exe
MOD - [2009/07/13 21:15:07 | 000,486,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
MOD - [2009/07/13 21:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/13 21:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2010/03/30 01:20:07 | 001,255,736 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV:64bit: - [2009/08/18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV:64bit: - [2009/08/18 02:36:20 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 21:41:59 | 000,229,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wwansvc.dll -- (WwanSvc)
SRV:64bit: - [2009/07/13 21:41:56 | 000,202,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbiosrvc.dll -- (WbioSrvc)
SRV:64bit: - [2009/07/13 21:41:56 | 000,195,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2009/07/13 21:41:56 | 000,163,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpo.dll -- (Power)
SRV:64bit: - [2009/07/13 21:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2009/07/13 21:41:54 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sppuinotify.dll -- (sppuinotify)
SRV:64bit: - [2009/07/13 21:41:54 | 000,029,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sensrsvc.dll -- (SensrSvc)
SRV:64bit: - [2009/07/13 21:41:53 | 001,361,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc)
SRV:64bit: - [2009/07/13 21:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\pnrpsvc.dll -- (PNRPsvc)
SRV:64bit: - [2009/07/13 21:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\pnrpsvc.dll -- (p2pimsvc)
SRV:64bit: - [2009/07/13 21:41:53 | 000,187,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\provsvc.dll -- (HomeGroupProvider)
SRV:64bit: - [2009/07/13 21:41:53 | 000,067,072 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\SysNative\RpcEpMap.dll -- (RpcEptMapper)
SRV:64bit: - [2009/07/13 21:41:53 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpauto.dll -- (PNRPAutoReg)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:41:18 | 000,231,936 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ListSvc.dll -- (HomeGroupListener)
SRV:64bit: - [2009/07/13 21:40:54 | 001,127,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FntCache.dll -- (FontCache)
SRV:64bit: - [2009/07/13 21:40:28 | 000,314,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2009/07/13 21:40:28 | 000,291,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\defragsvc.dll -- (defragsvc)
SRV:64bit: - [2009/07/13 21:40:24 | 000,689,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2009/07/13 21:40:13 | 000,083,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\bthserv.dll -- (bthserv)
SRV:64bit: - [2009/07/13 21:40:10 | 000,100,864 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\bdesvc.dll -- (BDESVC)
SRV:64bit: - [2009/07/13 21:40:05 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AxInstSv.dll -- (AxInstSV)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/07/13 21:40:01 | 000,032,256 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appidsvc.dll -- (AppIDSvc)
SRV:64bit: - [2009/07/13 21:39:51 | 001,503,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbengine.exe -- (wbengine)
SRV:64bit: - [2009/07/13 21:39:28 | 003,524,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\sppsvc.exe -- (sppsvc)
SRV:64bit: - [2009/07/13 21:39:11 | 000,689,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FXSSVC.exe -- (Fax)
SRV - [2010/05/11 19:07:13 | 002,478,640 | ---- | M] () [Auto | Running] -- c:\Program Files (x86)\Common Files\Akamai\rswin_3697.dll -- (Akamai)
SRV - [2010/05/02 11:06:38 | 001,285,864 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/03/29 21:24:03 | 000,117,640 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\ccSvcHst.exe -- (N360)
SRV - [2010/03/29 20:33:07 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010/03/29 19:17:59 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2010/03/29 13:16:43 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL1Licensing.exe -- (Creative ALchemy AL1 Licensing Service)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2010/01/14 21:05:26 | 000,242,048 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/10/20 14:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2009/07/13 23:20:14 | 000,000,000 | ---D | M] [On_Demand | Stopped] -- C:\Windows\Vss -- (VSS)
SRV - [2009/07/13 23:20:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2009/07/13 21:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 21:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 16:30:11 | 000,061,056 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2009/06/10 16:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2009/02/23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2008/07/20 18:45:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2010/04/15 12:47:39 | 000,639,512 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\t3.sys -- (t3)
DRV:64bit: - [2010/03/29 21:24:18 | 000,172,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2010/03/29 21:24:04 | 000,476,720 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0308000.029\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2010/03/29 21:24:04 | 000,402,992 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0308000.029\SymEFA64.sys -- (SymEFA)
DRV:64bit: - [2010/03/29 21:24:04 | 000,278,576 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0308000.029\symtdi.sys -- (SYMTDI)
DRV:64bit: - [2010/03/29 21:24:04 | 000,120,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0308000.029\symfw.sys -- (SYMFW)
DRV:64bit: - [2010/03/29 21:24:04 | 000,056,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0308000.029\symndisv.sys -- (SYMNDISV)
DRV:64bit: - [2010/03/29 21:24:04 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0308000.029\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2010/03/29 21:24:04 | 000,031,280 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SymIMV.sys -- (SymIM)
DRV:64bit: - [2010/03/29 21:24:03 | 000,583,296 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0308000.029\cchpx64.sys -- (ccHP)
DRV:64bit: - [2010/03/29 21:24:03 | 000,334,384 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0308000.029\BHDrvx64.sys -- (BHDrvx64)
DRV:64bit: - [2010/03/29 21:24:03 | 000,034,152 | R--- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2010/02/04 11:53:02 | 000,069,152 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd)
DRV:64bit: - [2009/12/11 06:29:27 | 000,153,160 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ksecpkg.sys -- (KSecPkg)
DRV:64bit: - [2009/10/20 14:19:54 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2009/09/26 02:20:38 | 000,223,448 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fvevol.sys -- (fvevol)
DRV:64bit: - [2009/08/18 03:48:48 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:48:04 | 000,014,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hwpolicy.sys -- (hwpolicy)
DRV:64bit: - [2009/07/13 21:47:49 | 000,055,376 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fsdepends.sys -- (FsDepends)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:56 | 000,022,096 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wimmount.sys -- (WIMMount)
DRV:64bit: - [2009/07/13 21:45:55 | 000,217,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vhdmp.sys -- (vhdmp)
DRV:64bit: - [2009/07/13 21:45:55 | 000,200,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbus.sys -- (vmbus)
DRV:64bit: - [2009/07/13 21:45:55 | 000,046,672 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmstorfl.sys -- (storflt)
DRV:64bit: - [2009/07/13 21:45:55 | 000,036,432 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vdrvroot.sys -- (vdrvroot)
DRV:64bit: - [2009/07/13 21:45:55 | 000,034,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsc.sys -- (storvsc)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 21:45:46 | 000,214,096 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\rdyboost.sys -- (rdyboost)
DRV:64bit: - [2009/07/13 21:45:45 | 000,050,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pcw.sys -- (pcw)
DRV:64bit: - [2009/07/13 21:43:14 | 000,460,504 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\cng.sys -- (CNG)
DRV:64bit: - [2009/07/13 20:17:46 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rdpbus.sys -- (rdpbus)
DRV:64bit: - [2009/07/13 20:16:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV:64bit: - [2009/07/13 20:10:24 | 000,060,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV:64bit: - [2009/07/13 20:09:26 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\wfplwf.sys -- (WfpLwf)
DRV:64bit: - [2009/07/13 20:08:13 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ndiscap.sys -- (NdisCap)
DRV:64bit: - [2009/07/13 20:07:22 | 000,059,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vwififlt.sys -- (vwififlt)
DRV:64bit: - [2009/07/13 20:07:21 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vwifibus.sys -- (vwifibus)
DRV:64bit: - [2009/07/13 20:07:13 | 000,227,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\1394ohci.sys -- (1394ohci)
DRV:64bit: - [2009/07/13 20:07:00 | 000,350,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService)
DRV:64bit: - [2009/07/13 20:06:52 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\umpass.sys -- (UmPass)
DRV:64bit: - [2009/07/13 20:06:24 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV:64bit: - [2009/07/13 20:05:37 | 000,112,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WUDFPf.sys -- (WudfPf)
DRV:64bit: - [2009/07/13 20:02:08 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MTConfig.sys -- (MTConfig)
DRV:64bit: - [2009/07/13 20:00:34 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CompositeBus.sys -- (CompositeBus)
DRV:64bit: - [2009/07/13 20:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\beep.sys -- (Beep)
DRV:64bit: - [2009/07/13 19:52:39 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\appid.sys -- (AppID)
DRV:64bit: - [2009/07/13 19:50:17 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\SysNative\drivers\scfilter.sys -- (scfilter)
DRV:64bit: - [2009/07/13 19:42:58 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vms3cap.sys -- (s3cap)
DRV:64bit: - [2009/07/13 19:42:44 | 000,021,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusHID.sys -- (VMBusHID)
DRV:64bit: - [2009/07/13 19:37:18 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\discache.sys -- (discache)
DRV:64bit: - [2009/07/13 19:31:06 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidbatt.sys -- (HidBatt)
DRV:64bit: - [2009/07/13 19:31:03 | 000,017,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CmBatt.sys -- (CmBatt)
DRV:64bit: - [2009/07/13 19:27:17 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipmi.sys -- (AcpiPmi)
DRV:64bit: - [2009/07/13 19:24:27 | 000,514,048 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)
DRV:64bit: - [2009/07/13 19:19:25 | 000,060,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdppm.sys -- (AmdPPM)
DRV:64bit: - [2009/07/08 00:45:50 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/22 23:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2008/12/18 01:43:24 | 000,062,464 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTSTOR64.sys -- (RTSTOR)
DRV:64bit: - [2008/12/15 04:37:38 | 000,098,144 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2008/12/15 01:09:30 | 000,174,592 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/07/20 18:44:54 | 000,402,456 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV - [2010/05/10 04:00:00 | 001,773,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100512.005\EX64.SYS -- (NAVEX15)
DRV - [2010/05/10 04:00:00 | 000,117,808 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100512.005\ENG64.SYS -- (NAVENG)
DRV - [2010/03/29 15:30:34 | 000,000,000 | ---D | M] [Kernel | System | Running] -- C:\Windows\CSC -- (CSC)
DRV - [2010/03/29 01:46:08 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2010/03/29 01:46:08 | 000,132,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/10/28 18:37:21 | 000,466,992 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100505.001\IDSviA64.sys -- (IDSVia64)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/13 21:16:02 | 000,014,336 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\netbios.dll -- (NetBIOS)
DRV - [2009/06/10 17:28:14 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)
DRV - [2009/06/10 17:15:18 | 000,003,066 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.dell.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.dell.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D5 4F 4D C8 A7 D2 CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: flashbug@coursevector.com:1.6.3
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:0.9.10.2
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6
FF - prefs.js..extensions.enabledItems: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.11
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.21
FF - prefs.js..extensions.enabledItems: {2e61e246-e640-4c56-b1ed-f146dbed48cd}:0.7.6
FF - prefs.js..extensions.enabledItems: {B9C8BE50-7105-4ec6-8FB4-4935C0671648}:0.5.995
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..network.proxy.type: 4
FF - HKLM\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2010/04/25 02:45:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\Firefox [2010/04/15 00:22:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/04/15 00:22:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/04/03 20:21:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/05/12 11:24:04 | 000,000,000 | ---D | M]
[2010/03/30 02:31:02 | 000,000,000 | ---D | M] -- C:\Users\blondsurfer\AppData\Roaming\Mozilla\Extensions
[2010/03/30 02:31:02 | 000,000,000 | ---D | M] -- C:\Users\blondsurfer\AppData\Roaming\Mozilla\Extensions\songbird@songbirdnest.com
[2010/05/12 11:26:00 | 000,000,000 | ---D | M] -- C:\Users\blondsurfer\AppData\Roaming\Mozilla\Firefox\Profiles\ixtjtt0p.default\extensions
[2010/03/29 21:31:31 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\blondsurfer\AppData\Roaming\Mozilla\Firefox\Profiles\ixtjtt0p.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2010/05/11 21:41:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\blondsurfer\AppData\Roaming\Mozilla\Firefox\Profiles\ixtjtt0p.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2010/04/02 13:58:48 | 000,000,000 | ---D | M] (All-in-One Sidebar) -- C:\Users\blondsurfer\AppData\Roaming\Mozilla\Firefox\Profiles\ixtjtt0p.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}
[2010/04/11 02:09:25 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\blondsurfer\AppData\Roaming\Mozilla\Firefox\Profiles\ixtjtt0p.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010/04/27 19:35:33 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\blondsurfer\AppData\Roaming\Mozilla\Firefox\Profiles\ixtjtt0p.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/05 19:30:25 | 000,000,000 | ---D | M] (Stop Autoplay) -- C:\Users\blondsurfer\AppData\Roaming\Mozilla\Firefox\Profiles\ixtjtt0p.default\extensions\{2e61e246-e640-4c56-b1ed-f146dbed48cd}
[2010/03/29 21:31:31 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\blondsurfer\AppData\Roaming\Mozilla\Firefox\Profiles\ixtjtt0p.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/04/05 19:30:25 | 000,000,000 | ---D | M] (FoxyTunes) -- C:\Users\blondsurfer\AppData\Roaming\Mozilla\Firefox\Profiles\ixtjtt0p.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
[2010/04/05 19:30:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\blondsurfer\AppData\Roaming\Mozilla\Firefox\Profiles\ixtjtt0p.default\extensions\{B9C8BE50-7105-4ec6-8FB4-4935C0671648}
[2010/04/15 14:42:05 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\blondsurfer\AppData\Roaming\Mozilla\Firefox\Profiles\ixtjtt0p.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/04/05 19:40:18 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\blondsurfer\AppData\Roaming\Mozilla\Firefox\Profiles\ixtjtt0p.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/04/18 18:03:45 | 000,000,000 | ---D | M] -- C:\Users\blondsurfer\AppData\Roaming\Mozilla\Firefox\Profiles\ixtjtt0p.default\extensions\flashbug@coursevector.com
[2010/05/12 19:15:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/04/29 00:01:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg64.dll (Google Inc.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {10CECF4F-A96E-4803-8AC2-F565FB29FF47} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Bing Bar] C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe (Microsoft Corp.)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SPIRunE] C:\Windows\SysWow64\SpiRunE.dll (Creative Technology Ltd.)
O4 - HKCU..\Run: [Vidalia] C:\Program Files (x86)\Vidalia Bundle\Vidalia\vidalia.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} http://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab (IGDTester Class)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://l.yimg.com/jh/games/web_games/popcap/bejeweled2/popcaploader_v6.cab (PopCapLoader Object)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - Reg Error: Key error. File not found
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - Reg Error: Key error. - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\Dell_XPS_silverswirl.jpg
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
========== Files/Folders - Created Within 30 Days ==========
[2010/05/11 21:48:34 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2010/05/11 21:48:34 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2010/05/11 21:48:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee Security Scan
[2010/05/10 20:40:04 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Users\blondsurfer\Desktop\OTL.exe
[2010/05/04 20:18:47 | 000,000,000 | ---D | C] -- C:\Users\blondsurfer\Documents\Hijack This
[2010/05/03 19:31:30 | 000,000,000 | ---D | C] -- C:\Users\blondsurfer\Documents\Cheaper TV How to Shrink Your Bill _ WSPA_files
[2010/04/29 00:01:39 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010/04/29 00:01:39 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/04/29 00:01:39 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/04/29 00:01:39 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/04/28 11:55:44 | 001,446,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2010/04/28 11:55:44 | 000,153,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ksecpkg.sys
[2010/04/28 11:34:55 | 000,223,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fvevol.sys
[2010/04/19 01:46:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010/04/18 20:41:57 | 000,000,000 | ---D | C] -- C:\Users\blondsurfer\AppData\Local\Symantec
[2010/04/17 01:37:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinPcap
[2010/04/16 18:32:35 | 000,000,000 | ---D | C] -- C:\Users\blondsurfer\AppData\Roaming\Apowersoft
[2010/04/16 18:32:32 | 000,000,000 | ---D | C] -- C:\Program Files\Apowersoft
[2010/04/15 14:05:34 | 000,466,456 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2010/04/15 14:05:34 | 000,444,952 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2010/04/15 14:05:34 | 000,122,904 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2010/04/15 14:05:34 | 000,109,080 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2010/04/15 14:05:13 | 002,873,823 | ---- | C] (Creative) -- C:\Windows\SysWow64\Sens_oal.dll
[2010/04/15 13:55:16 | 086,827,000 | ---- | C] (Creative Technology Ltd) -- C:\Users\blondsurfer\Desktop\XFXA_PCDRV_LB_1_04_0000.exe
[2010/04/15 13:38:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Creative Labs
[2010/04/15 00:55:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vidalia Bundle
[2010/04/15 00:55:53 | 000,000,000 | ---D | C] -- C:\Users\blondsurfer\AppData\Roaming\Vidalia
[2010/04/15 00:55:53 | 000,000,000 | ---D | C] -- C:\Users\blondsurfer\AppData\Roaming\Tor
[2010/04/15 00:22:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSN Toolbar
[2010/04/15 00:22:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2010/04/15 00:22:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Azureus
[2010/04/15 00:21:59 | 000,000,000 | ---D | C] -- C:\Users\blondsurfer\AppData\Roaming\Azureus
[2010/04/15 00:21:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vuze
[2010/04/15 00:21:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bing Bar Installer
[2010/04/14 09:19:22 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2010/04/14 09:19:22 | 000,427,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vbscript.dll
[2010/04/14 09:19:21 | 005,509,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2010/04/14 09:19:20 | 003,954,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2010/04/14 09:19:20 | 003,899,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2010/04/14 09:18:02 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2010/04/14 09:18:02 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wintrust.dll
[2010/04/14 09:17:54 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cabview.dll
[2010/04/14 09:17:54 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cabview.dll
[2010/04/13 03:27:21 | 000,000,000 | ---D | C] -- C:\Users\blondsurfer\AppData\Roaming\IrfanView
[2010/04/13 03:03:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IrfanView
========== Files - Modified Within 30 Days ==========
[2010/05/12 20:18:43 | 002,621,440 | -HS- | M] () -- C:\Users\blondsurfer\ntuser.dat
[2010/05/12 19:37:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/12 19:23:00 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-954841379-3349999835-2930664112-1000UA.job
[2010/05/12 19:23:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-954841379-3349999835-2930664112-1000Core.job
[2010/05/12 19:22:56 | 000,011,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/05/12 19:22:56 | 000,011,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/05/12 19:21:42 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/05/12 19:21:42 | 000,615,122 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/05/12 19:21:42 | 000,103,496 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/05/12 19:16:13 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/05/12 19:16:02 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/12 19:15:39 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/05/12 19:15:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/05/12 19:15:28 | 529,780,735 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/12 19:14:21 | 004,511,669 | -H-- | M] () -- C:\Users\blondsurfer\AppData\Local\IconCache.db
[2010/05/11 21:48:33 | 000,001,938 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2010/05/11 21:48:33 | 000,001,936 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010/05/11 21:18:12 | 000,002,286 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/05/10 20:40:05 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\blondsurfer\Desktop\OTL.exe
[2010/05/06 22:08:28 | 000,003,003 | ---- | M] () -- C:\Users\blondsurfer\Desktop\HiJackThis.lnk
[2010/05/04 21:36:31 | 000,000,036 | ---- | M] () -- C:\Users\blondsurfer\AppData\Local\housecall.guid.cache
[2010/05/04 07:42:46 | 000,001,887 | ---- | M] () -- C:\Users\blondsurfer\Desktop\CCleaner.lnk
[2010/05/03 19:31:34 | 000,184,069 | ---- | M] () -- C:\Users\blondsurfer\Documents\Cheaper TV How to Shrink Your Bill _ WSPA.htm
[2010/05/02 14:06:54 | 355,641,818 | ---- | M] () -- C:\Users\blondsurfer\Documents\vlc-record-2010-05-02-13h57m33s-Streaming-.avi
[2010/04/29 18:11:20 | 000,001,288 | ---- | M] () -- C:\Users\blondsurfer\mm.cfg
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/04/29 15:39:28 | 000,024,664 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/04/28 21:24:53 | 000,002,288 | ---- | M] () -- C:\Users\blondsurfer\Desktop\Google Chrome.lnk
[2010/04/25 20:17:21 | 000,029,926 | ---- | M] () -- C:\Users\blondsurfer\Documents\DVR Programs.abw
[2010/04/19 22:01:49 | 000,524,288 | -HS- | M] () -- C:\Users\blondsurfer\ntuser.dat{8d55b1d5-4b4e-11df-974a-0025648ca73d}.TMContainer00000000000000000002.regtrans-ms
[2010/04/19 22:01:49 | 000,524,288 | -HS- | M] () -- C:\Users\blondsurfer\ntuser.dat{8d55b1d5-4b4e-11df-974a-0025648ca73d}.TMContainer00000000000000000001.regtrans-ms
[2010/04/19 22:01:49 | 000,065,536 | -HS- | M] () -- C:\Users\blondsurfer\ntuser.dat{8d55b1d5-4b4e-11df-974a-0025648ca73d}.TM.blf
[2010/04/18 19:23:14 | 000,012,698 | -HS- | M] () -- C:\Users\blondsurfer\AppData\Local\xSWFi252
[2010/04/18 19:23:14 | 000,012,698 | -HS- | M] () -- C:\ProgramData\xSWFi252
[2010/04/16 21:23:40 | 000,000,174 | ---- | M] () -- C:\3X3GC3J1.dat
[2010/04/16 18:32:37 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Streaming Video Recorder.lnk
[2010/04/15 14:05:34 | 000,466,456 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2010/04/15 14:05:34 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2010/04/15 14:05:34 | 000,122,904 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2010/04/15 14:05:34 | 000,109,080 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2010/04/15 14:00:58 | 000,001,802 | RH-- | M] () -- C:\Windows\ctfile.rfc
[2010/04/15 13:55:16 | 086,827,000 | ---- | M] (Creative Technology Ltd) -- C:\Users\blondsurfer\Desktop\XFXA_PCDRV_LB_1_04_0000.exe
[2010/04/15 12:47:40 | 000,498,688 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\SysWow64\T3APO32.dll
[2010/04/15 12:47:40 | 000,018,432 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\SysWow64\SpiRunE.dll
[2010/04/15 12:47:40 | 000,008,704 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\t3RDefE.exe
[2010/04/15 12:47:40 | 000,001,910 | ---- | M] () -- C:\Windows\SB0710.reg
[2010/04/15 12:47:40 | 000,001,702 | ---- | M] () -- C:\Windows\SB0820.reg
[2010/04/15 12:47:40 | 000,001,436 | ---- | M] () -- C:\Windows\CfgHPSp.ini
[2010/04/15 12:47:40 | 000,001,434 | ---- | M] () -- C:\Windows\Cfg05Sp.ini
[2010/04/15 12:47:40 | 000,001,434 | ---- | M] () -- C:\Windows\Cfg04Sp.ini
[2010/04/15 12:47:40 | 000,001,396 | ---- | M] () -- C:\Windows\SB1042.reg
[2010/04/15 12:47:40 | 000,001,091 | ---- | M] () -- C:\Windows\Cfg03Sp.ini
[2010/04/15 12:47:40 | 000,001,091 | ---- | M] () -- C:\Windows\Cfg02Sp.ini
[2010/04/15 12:47:40 | 000,001,000 | ---- | M] () -- C:\Windows\Cfg01Sp.ini
[2010/04/15 12:47:40 | 000,000,992 | ---- | M] () -- C:\Windows\SB1049.reg
[2010/04/15 12:47:40 | 000,000,992 | ---- | M] () -- C:\Windows\SB1040.reg
[2010/04/15 12:47:40 | 000,000,932 | ---- | M] () -- C:\Windows\CfgHPHp.ini
[2010/04/15 12:47:40 | 000,000,932 | ---- | M] () -- C:\Windows\CfgHPDO.ini
[2010/04/15 12:47:40 | 000,000,932 | ---- | M] () -- C:\Windows\Cfg05DO.ini
[2010/04/15 12:47:40 | 000,000,932 | ---- | M] () -- C:\Windows\Cfg04DO.ini
[2010/04/15 12:47:40 | 000,000,930 | ---- | M] () -- C:\Windows\Cfg05Hp.ini
[2010/04/15 12:47:40 | 000,000,930 | ---- | M] () -- C:\Windows\Cfg04Hp.ini
[2010/04/15 12:47:40 | 000,000,818 | ---- | M] () -- C:\Windows\Cfg01APR.ini
[2010/04/15 12:47:40 | 000,000,725 | ---- | M] () -- C:\Windows\Cfg03Hp.ini
[2010/04/15 12:47:40 | 000,000,725 | ---- | M] () -- C:\Windows\Cfg03DO.ini
[2010/04/15 12:47:40 | 000,000,725 | ---- | M] () -- C:\Windows\Cfg02Hp.ini
[2010/04/15 12:47:40 | 000,000,725 | ---- | M] () -- C:\Windows\Cfg02DO.ini
[2010/04/15 12:47:40 | 000,000,725 | ---- | M] () -- C:\Windows\Cfg01Hp.ini
[2010/04/15 12:47:40 | 000,000,725 | ---- | M] () -- C:\Windows\Cfg01DO.ini
[2010/04/15 12:47:40 | 000,000,453 | ---- | M] () -- C:\Windows\CfgHPRMi.ini
[2010/04/15 12:47:40 | 000,000,453 | ---- | M] () -- C:\Windows\CfgHPRLI.ini
[2010/04/15 12:47:40 | 000,000,453 | ---- | M] () -- C:\Windows\CfgHPFMi.ini
[2010/04/15 12:47:40 | 000,000,453 | ---- | M] () -- C:\Windows\CfgHPDI.ini
[2010/04/15 12:47:40 | 000,000,453 | ---- | M] () -- C:\Windows\Cfg05RMi.ini
[2010/04/15 12:47:40 | 000,000,453 | ---- | M] () -- C:\Windows\Cfg05RLI.ini
[2010/04/15 12:47:40 | 000,000,453 | ---- | M] () -- C:\Windows\Cfg05FMi.ini
[2010/04/15 12:47:40 | 000,000,453 | ---- | M] () -- C:\Windows\Cfg05DI.ini
[2010/04/15 12:47:40 | 000,000,453 | ---- | M] () -- C:\Windows\Cfg04RMi.ini
[2010/04/15 12:47:40 | 000,000,453 | ---- | M] () -- C:\Windows\Cfg04RLI.ini
[2010/04/15 12:47:40 | 000,000,453 | ---- | M] () -- C:\Windows\Cfg04FMi.ini
[2010/04/15 12:47:40 | 000,000,453 | ---- | M] () -- C:\Windows\Cfg04DI.ini
[2010/04/15 12:47:40 | 000,000,453 | ---- | M] () -- C:\Windows\Cfg03RMi.ini
[2010/04/15 12:47:40 | 000,000,453 | ---- | M] () -- C:\Windows\Cfg03RLI.ini
[2010/04/15 12:47:40 | 000,000,453 | ---- | M] () -- C:\Windows\Cfg03FMi.ini
[2010/04/15 12:47:40 | 000,000,453 | ---- | M] () -- C:\Windows\Cfg03DI.ini
[2010/04/15 12:47:40 | 000,000,453 | ---- | M] () -- C:\Windows\Cfg02RMi.ini
[2010/04/15 12:47:40 | 000,000,453 | ---- | M] () -- C:\Windows\Cfg02RLI.ini
[2010/04/15 12:47:40 | 000,000,453 | ---- | M] () -- C:\Windows\Cfg02FMi.ini
[2010/04/15 12:47:40 | 000,000,453 | ---- | M] () -- C:\Windows\Cfg02DI.ini
[2010/04/15 12:47:40 | 000,000,453 | ---- | M] () -- C:\Windows\Cfg01Mic.ini
[2010/04/15 12:47:40 | 000,000,453 | ---- | M] () -- C:\Windows\Cfg01LI.ini
[2010/04/15 12:47:40 | 000,000,453 | ---- | M] () -- C:\Windows\Cfg01DI.ini
[2010/04/15 12:47:39 | 000,639,512 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\SysNative\drivers\t3.sys
[2010/04/15 12:47:39 | 000,600,211 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWow64\t3aim64.exe
[2010/04/15 12:47:39 | 000,570,368 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\SysNative\T3APO64.dll
[2010/04/15 12:47:39 | 000,057,856 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\SysNative\t3ppld64.dll
[2010/04/13 03:03:32 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\IrfanView Thumbnails.lnk
[2010/04/13 03:03:32 | 000,001,000 | ---- | M] () -- C:\Users\Public\Desktop\IrfanView.lnk
========== Files Created - No Company Name ==========
[2010/05/12 19:16:13 | 000,000,394 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/05/11 21:48:33 | 000,001,938 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2010/05/11 21:48:33 | 000,001,936 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010/05/11 21:18:12 | 000,002,286 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/05/04 21:36:31 | 000,000,036 | ---- | C] () -- C:\Users\blondsurfer\AppData\Local\housecall.guid.cache
[2010/05/03 19:31:29 | 000,184,069 | ---- | C] () -- C:\Users\blondsurfer\Documents\Cheaper TV How to Shrink Your Bill _ WSPA.htm
[2010/05/02 13:58:03 | 355,641,818 | ---- | C] () -- C:\Users\blondsurfer\Documents\vlc-record-2010-05-02-13h57m33s-Streaming-.avi
[2010/04/29 18:11:20 | 000,001,288 | ---- | C] () -- C:\Users\blondsurfer\mm.cfg
[2010/04/25 20:17:21 | 000,029,926 | ---- | C] () -- C:\Users\blondsurfer\Documents\DVR Programs.abw
[2010/04/24 05:32:04 | 000,087,552 | -HS- | C] () -- C:\Users\blondsurfer\Thumbs.db
[2010/04/19 01:46:37 | 000,003,003 | ---- | C] () -- C:\Users\blondsurfer\Desktop\HiJackThis.lnk
[2010/04/18 20:58:26 | 000,524,288 | -HS- | C] () -- C:\Users\blondsurfer\ntuser.dat{8d55b1d5-4b4e-11df-974a-0025648ca73d}.TMContainer00000000000000000002.regtrans-ms
[2010/04/18 20:58:26 | 000,524,288 | -HS- | C] () -- C:\Users\blondsurfer\ntuser.dat{8d55b1d5-4b4e-11df-974a-0025648ca73d}.TMContainer00000000000000000001.regtrans-ms
[2010/04/18 20:58:26 | 000,065,536 | -HS- | C] () -- C:\Users\blondsurfer\ntuser.dat{8d55b1d5-4b4e-11df-974a-0025648ca73d}.TM.blf
[2010/04/18 18:24:09 | 000,012,698 | -HS- | C] () -- C:\Users\blondsurfer\AppData\Local\xSWFi252
[2010/04/18 18:24:09 | 000,012,698 | -HS- | C] () -- C:\ProgramData\xSWFi252
[2010/04/16 21:23:40 | 000,000,174 | ---- | C] () -- C:\3X3GC3J1.dat
[2010/04/16 18:32:37 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\Streaming Video Recorder.lnk
[2010/04/16 18:32:35 | 000,053,299 | ---- | C] () -- C:\Windows\SysNative\pthreadVC.dll
[2010/04/13 03:03:32 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\IrfanView Thumbnails.lnk
[2010/04/13 03:03:32 | 000,001,000 | ---- | C] () -- C:\Users\Public\Desktop\IrfanView.lnk
[2010/03/29 08:47:29 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2010/03/29 08:47:29 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2009/10/20 14:19:30 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2009/08/26 05:29:28 | 000,150,016 | ---- | C] () -- C:\Windows\SysWow64\OemSpiE.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/01/14 02:47:24 | 000,001,436 | ---- | C] () -- C:\Windows\CfgHPSp.ini
[2009/01/14 02:47:24 | 000,001,434 | ---- | C] () -- C:\Windows\Cfg05Sp.ini
[2009/01/14 02:47:24 | 000,001,434 | ---- | C] () -- C:\Windows\Cfg04Sp.ini
[2009/01/14 02:47:24 | 000,001,091 | ---- | C] () -- C:\Windows\Cfg03Sp.ini
[2009/01/14 02:47:24 | 000,001,091 | ---- | C] () -- C:\Windows\Cfg02Sp.ini
[2009/01/14 02:47:24 | 000,001,000 | ---- | C] () -- C:\Windows\Cfg01Sp.ini
[2009/01/14 02:47:24 | 000,000,932 | ---- | C] () -- C:\Windows\CfgHPHp.ini
[2009/01/14 02:47:24 | 000,000,932 | ---- | C] () -- C:\Windows\CfgHPDO.ini
[2009/01/14 02:47:24 | 000,000,932 | ---- | C] () -- C:\Windows\Cfg05DO.ini
[2009/01/14 02:47:24 | 000,000,932 | ---- | C] () -- C:\Windows\Cfg04DO.ini
[2009/01/14 02:47:24 | 000,000,930 | ---- | C] () -- C:\Windows\Cfg05Hp.ini
[2009/01/14 02:47:24 | 000,000,930 | ---- | C] () -- C:\Windows\Cfg04Hp.ini
[2009/01/14 02:47:24 | 000,000,818 | ---- | C] () -- C:\Windows\Cfg01APR.ini
[2009/01/14 02:47:24 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg03Hp.ini
[2009/01/14 02:47:24 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg03DO.ini
[2009/01/14 02:47:24 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg02Hp.ini
[2009/01/14 02:47:24 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg02DO.ini
[2009/01/14 02:47:24 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg01Hp.ini
[2009/01/14 02:47:24 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg01DO.ini
[2009/01/14 02:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPRMi.ini
[2009/01/14 02:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPRLI.ini
[2009/01/14 02:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPFMi.ini
[2009/01/14 02:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPDI.ini
[2009/01/14 02:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05RMi.ini
[2009/01/14 02:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05RLI.ini
[2009/01/14 02:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05FMi.ini
[2009/01/14 02:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05DI.ini
[2009/01/14 02:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04RMi.ini
[2009/01/14 02:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04RLI.ini
[2009/01/14 02:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04FMi.ini
[2009/01/14 02:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04DI.ini
[2009/01/14 02:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg03RMi.ini
[2009/01/14 02:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg03RLI.ini
[2009/01/14 02:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg03FMi.ini
[2009/01/14 02:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg03DI.ini
[2009/01/14 02:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg02RMi.ini
[2009/01/14 02:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg02RLI.ini
[2009/01/14 02:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg02FMi.ini
[2009/01/14 02:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg02DI.ini
[2009/01/14 02:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg01Mic.ini
[2009/01/14 02:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg01LI.ini
[2009/01/14 02:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg01DI.ini
< End of report >
Again, any help is greatly appreciated.
Sincerely,
blondsurferdude
kevin27_b3d29f
2 Intern
•
1.5K Posts
0
May 13th, 2010 15:00
Hi Blondsurferdude,
You are more than Welcome for the help.
There are a few things that worry me in your logs, please supply answers with your next response.
1) There are system files that are dated before Windows 7 final version was relased, please let me know if this is still the RC (release candidate) version.
2) If this is the full version, did you install over another system or did you format the Harddrive first.
3) You have proxy programs running on the system, when did you exactly install these and did updating work after they were installed.
4) Are you getting any browser redirects
5) There are McAfee Security Scan drivers and processes on the system and I dont see it in you add/remove log, please check you "Remove Programs" in "Control Panel" and if its there please uninstall it, (I dont think it will be but its always better to check there first).
Its was more then likely install with an Adobe program but will conflict with Norton and should go, if its not there, dont worry we can remove it manually
Next we need to check a few files:
Please go to VirSCAN where you will see a browse button at the top of the screen.
C:\3X3GC3J1.dat
C:\Windows\SysNative\pthreadVC.dll
C:\Windows\SysWow64\APOMngr.DLL
C:\Windows\SysWow64\CmdRtr.DLL
Note: you may need to show hidden files to locate the files requested:
Go to Start>Search and at the top select Tools>Folder Options
Select the View tab
Look for "Hidden files and folders"
Select "Show hidden files and folders"
Click on Apply.
Next go to the side of the Search box and select All files and folders. Go down to More advanced options.
Be sure the first three boxes are selected:
Remember to hide hidden files/folders by reversing the action when you have finished
Also please navigate to this folder in bold: C:\Users\blondsurfer\Documents\Cheaper TV How to Shrink Your Bill _ WSPA_files and please let me know what files are in it.
Please post back the four(4) reports from VirScan, the contents of the "Cheaper TV" folder and the answers to the five(5) questions.
Thanks
K27
kevin27_b3d29f
2 Intern
•
1.5K Posts
0
May 20th, 2010 13:00
This topic is now Inactive.....
The fixes in this topic were written specifically for this user, following them may cause harm to your machine and render it a brick (useless)
If you are the original poster and would like further assistance please post a fresh HJT log and details of the problems you are having
All other user's, please read THIS page and then please start a New Topic at the top of the Malware Removal Forum by clicking the
button.
Regards
K27