Babylon virus in Firefox [Solved]
Started by
Zambian
, Sep 06 2012 07:53 AM
-
This topic is locked
#1
Posted 06 September 2012 - 07:53 AM
Zambian
-
- Member
-
- 66 posts
Member
#2
Posted 06 September 2012 - 08:32 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Hi there two programmes to run the first to kill, and the second to check
Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete
Once done it will ask to reboot, allow this
On reboot a log will be produced please attach that
THEN
Download OTL to your Desktop
Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete
Once done it will ask to reboot, allow this
On reboot a log will be produced please attach that
THEN
Download OTL to your Desktop
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- Select All Users
- Under the Custom Scan box paste this in
netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
qmgr.dll
/md5stop
%systemdrive%\$Recycle.Bin|@;true;true;true
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS /s
CREATERESTOREPOINT - Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Post both logs
#3
Posted 06 September 2012 - 09:34 AM
Zambian
- Topic Starter
-
- Member
-
- 66 posts
Member
Thanks for the quick reply, here are the logs# AdwCleaner v2.000 - Logfile created 09/06/2012 at 23:12:36
# Updated 30/08/2012 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# User : Davie - DAVIE-PC
# Boot Mode : Normal
# Running from : C:\Users\Davie\Desktop\adwcleaner.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
Deleted on reboot : C:\ProgramData\Browser Manager
***** [Registry] *****
Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~2\browse~1\22630~1.40\{16cdf~1\browse~1.dll
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKU\S-1-5-21-30905629-1660685971-3630012643-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Registry is clean.
-\\ Mozilla Firefox v15.0 (en-US)
Profile name : default
File : C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\huvoosx4.default\prefs.js
Deleted : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
Deleted : user_pref("browser.search.order.1", "Search the web (Babylon)");
Deleted : user_pref("browser.search.selectedEngine", "Search the web (Babylon)");
Deleted : user_pref("browser.startup.homepage", "hxxp://search.babylon.com/?affID=44444&tt=3612_6&babsrc=HP_ss[...]
-\\ Google Chrome v [Unable to get version]
File : C:\Users\Davie\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [37318 octets] - [06/09/2012 20:28:58]
AdwCleaner[R2].txt - [37379 octets] - [06/09/2012 20:35:04]
AdwCleaner[S1].txt - [38612 octets] - [06/09/2012 20:37:31]
AdwCleaner[S2].txt - [1909 octets] - [06/09/2012 23:12:36]
########## EOF - C:\AdwCleaner[S2].txt - [1969 octets] ##########
OTL logfile created on: 6/09/2012 11:22:23 PM - Run 2
OTL by OldTimer - Version 3.2.61.0 Folder = C:\Users\Davie\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy
3.25 Gb Total Physical Memory | 2.04 Gb Available Physical Memory | 62.81% Memory free
6.72 Gb Paging File | 5.51 Gb Available in Paging File | 81.95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 450.68 Gb Total Space | 382.05 Gb Free Space | 84.77% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 8.61 Gb Free Space | 57.41% Space Free | Partition Type: NTFS
Computer Name: DAVIE-PC | User Name: Davie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/09/06 21:16:08 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\Davie\Downloads\OTL.exe
PRC - [2012/09/05 15:54:43 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/07/28 04:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2011/09/07 01:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011/08/18 23:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2011/08/18 23:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files\Dell DataSafe Local Backup\SftService.exe
PRC - [2011/08/02 01:56:48 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2010/05/20 15:27:24 | 000,762,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\vVX1000.exe
PRC - [2010/05/20 15:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2009/04/11 14:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/05/13 16:33:10 | 001,058,088 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DellDock.exe
PRC - [2008/04/28 16:56:28 | 000,161,048 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/03/06 19:52:56 | 004,706,304 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/11/21 10:11:05 | 003,289,088 | ---- | M] (Google) -- C:\Program Files\Google\Google Talk\googletalk.exe
PRC - [2006/01/25 16:14:44 | 001,646,592 | ---- | M] (Webshots.com) -- C:\Program Files\Webshots\webshots.scr
========== Modules (No Company Name) ==========
MOD - [2012/09/06 12:57:08 | 002,073,112 | ---- | M] () -- c:\ProgramData\Browser Manager\2.2.630.40\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll
MOD - [2012/09/05 15:54:28 | 002,242,528 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/06/14 11:17:43 | 001,523,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\DellDock\cbaab9a3d542f178ef9f4ed2998b6347\DellDock.ni.exe
MOD - [2012/06/14 11:17:43 | 000,223,744 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\VistaBridgeLibrary\09921757c265f71e2458696d7f64cc5e\VistaBridgeLibrary.ni.dll
MOD - [2012/06/14 11:17:42 | 000,061,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MyDock.Util\7c673f0e46d9d52167ee9ae5d1e73a7a\MyDock.Util.ni.dll
MOD - [2012/06/14 10:31:02 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
MOD - [2012/06/14 10:30:54 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
MOD - [2012/06/14 10:30:33 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7343fbab1ba137db2f8b284047ef3f3c\PresentationFramework.ni.dll
MOD - [2012/06/14 10:29:55 | 012,219,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7b6293b0c23321c255c2530aea8e32bb\PresentationCore.ni.dll
MOD - [2012/05/10 13:29:12 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3d4d5fe5ab848fbfcf91a49960dc8ae\System.Management.ni.dll
MOD - [2012/05/10 13:29:07 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll
MOD - [2012/05/10 12:28:39 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012/05/10 12:28:03 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\0f2b877ed16daa577f95be735a63d19c\System.Core.ni.dll
MOD - [2012/05/10 12:28:00 | 000,224,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d81872939252c65b6f1127f331b84de0\PresentationFramework.Classic.ni.dll
MOD - [2012/05/10 12:27:26 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\54426ee1881b42af5b090e223f43823c\WindowsBase.ni.dll
MOD - [2012/05/10 12:27:23 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012/05/10 12:27:16 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2011/08/18 23:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
MOD - [2008/06/13 19:34:14 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
========== Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- -- (sprtsvc_dellsupportcenter)
SRV - [2012/09/05 15:54:43 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/03 14:38:39 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/28 04:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/08/18 23:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2010/05/20 15:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2008/08/01 17:29:11 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/04/28 16:56:28 | 000,161,048 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/01/21 10:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\sscdmdm.sys -- (sscdmdm)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\sscdmdfl.sys -- (sscdmdfl)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\sscdbus.sys -- (sscdbus)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\BCEB.tmp -- (MEMSWEEP2)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\massfilter.sys -- (massfilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/10/27 18:38:21 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2010/07/21 16:52:14 | 000,044,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
DRV - [2010/05/21 15:03:18 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2010/05/20 15:27:26 | 001,961,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VX1000.sys -- (VX1000)
DRV - [2008/06/13 19:34:12 | 003,592,704 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2008/06/13 19:34:12 | 003,592,704 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/03/06 19:47:34 | 000,106,496 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/03/06 19:44:48 | 000,027,648 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\RtNdPt60.sys -- (RtNdPt60)
DRV - [2008/01/21 10:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2006/11/01 18:50:00 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2006/10/19 02:08:18 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2006/08/05 08:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...ie7&rlz=1I7DAAU
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-30905629-1660685971-3630012643-1000\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = http://google/
IE - HKU\S-1-5-21-30905629-1660685971-3630012643-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=au&ibd=1080802
IE - HKU\S-1-5-21-30905629-1660685971-3630012643-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-30905629-1660685971-3630012643-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-30905629-1660685971-3630012643-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-30905629-1660685971-3630012643-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=au&ibd=1080802
IE - HKU\S-1-5-21-30905629-1660685971-3630012643-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-30905629-1660685971-3630012643-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-30905629-1660685971-3630012643-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-30905629-1660685971-3630012643-1000\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
IE - HKU\S-1-5-21-30905629-1660685971-3630012643-1000\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-30905629-1660685971-3630012643-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-30905629-1660685971-3630012643-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-30905629-1660685971-3630012643-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...00000219b028d60
IE - HKU\S-1-5-21-30905629-1660685971-3630012643-1000\..\SearchScopes\{1A32E4AF-245D-4132-B773-163AC7DE962A}: "URL" = http://websearch.ask...C3-882B2ED3DD41
IE - HKU\S-1-5-21-30905629-1660685971-3630012643-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7GPEA_en
IE - HKU\S-1-5-21-30905629-1660685971-3630012643-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaultthis.engineName: "Google Powered Search"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://search.babylo...0000219b028d60"
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.9
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}:6.0.33
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: {3EC9C995-8072-4fc0-953E-4F30620D17F3}:2.0.0.4
FF - prefs.js..extensions.enabledItems: {ba14329e-9550-4989-b3f2-9732e92d17cc}:2.7.2.0
FF - prefs.js..extensions.enabledItems: [email protected]:3.12.2.16749
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/06 20:37:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/24 08:42:17 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/06 20:37:35 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/24 08:42:17 | 000,000,000 | ---D | M]
[2010/02/08 23:09:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Davie\AppData\Roaming\Mozilla\Extensions
[2010/02/08 23:09:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Davie\AppData\Roaming\Mozilla\Extensions\[email protected]
[2012/09/06 20:37:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\huvoosx4.default\extensions
[2010/04/28 11:53:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\huvoosx4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/12/23 11:07:44 | 000,000,000 | ---D | M] (WeatherBug) -- C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\huvoosx4.default\extensions\{3EC9C995-8072-4fc0-953E-4F30620D17F3}
[2012/03/31 08:09:53 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\huvoosx4.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/12/15 12:19:53 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\huvoosx4.default\extensions\engine@conduit(72).com
[2012/08/31 18:22:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/07/01 18:33:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/08/31 18:22:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/09/05 15:54:43 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/09/05 15:54:27 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
O1 HOSTS File: ([2006/09/19 05:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O3 - HKU\S-1-5-21-30905629-1660685971-3630012643-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-30905629-1660685971-3630012643-1000\..\Toolbar\WebBrowser: (no name) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-30905629-1660685971-3630012643-1000..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - Startup: C:\Users\Davie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Davie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Webshots.lnk = C:\Program Files\Webshots\Launcher.exe ()
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C310A4B4-D2D0-4B83-B141-9D0887C7C045}: DhcpNameServer = 192.168.0.1
O20 - AppInit_DLLs: (c:\progra~2\browse~1\22630~1.40\{16cdf~1\browse~1.dll) - c:\ProgramData\Browser Manager\2.2.630.40\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Users\Davie\AppData\Roaming\Webshots\The Webshots Desktop\Webshots Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Users\Davie\AppData\Roaming\Webshots\The Webshots Desktop\Webshots Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 05:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004/04/30 17:01:00 | 000,000,053 | -HS- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2012/09/06 12:57:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager
[2012/09/05 16:38:17 | 000,000,000 | ---D | C] -- C:\Users\Davie\.thumbnails
[2012/09/05 16:36:14 | 000,000,000 | ---D | C] -- C:\Users\Davie\AppData\Local\fontconfig
[2012/09/05 16:36:13 | 000,000,000 | ---D | C] -- C:\Users\Davie\.gimp-2.8
[2012/09/05 16:36:12 | 000,000,000 | ---D | C] -- C:\Users\Davie\AppData\Local\gegl-0.2
[2012/09/05 16:32:21 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2
[2012/09/05 11:48:37 | 000,000,000 | ---D | C] -- C:\Users\Davie\AppData\Local\{E6B1822A-87DA-4FD6-AE5A-E5727E5E6E6D}
[2012/08/24 09:45:15 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Support Center
[2012/08/24 09:45:14 | 000,000,000 | ---D | C] -- C:\ProgramData\PC-Doctor for Windows
========== Files - Modified Within 30 Days ==========
[2012/09/06 23:22:00 | 000,000,392 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{482C88B6-77D7-485C-AA97-80C9C2BCAB5A}.job
[2012/09/06 23:16:10 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/06 23:15:59 | 000,000,276 | ---- | M] () -- C:\Windows\tasks\RtlNICDiagVistaStart.job
[2012/09/06 23:13:59 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/06 23:13:59 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/06 23:13:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/06 23:05:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/09/06 22:43:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/06 21:17:34 | 000,000,511 | ---- | M] () -- C:\Users\Davie\Desktop\OTL - Shortcut.lnk
[2012/09/06 20:27:16 | 000,511,265 | ---- | M] () -- C:\Users\Davie\Desktop\adwcleaner.exe
[2012/09/06 12:56:54 | 000,104,025 | ---- | M] () -- C:\Windows\unins000.dat
[2012/09/06 12:56:43 | 000,723,294 | ---- | M] () -- C:\Windows\unins000.exe
[2012/09/05 17:11:29 | 000,001,503 | ---- | M] () -- C:\Users\Davie\AppData\Local\recently-used.xbel
[2012/09/05 11:50:21 | 000,039,424 | ---- | M] () -- C:\Users\Davie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/09/03 14:30:56 | 000,001,704 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2012/08/28 09:43:03 | 000,986,149 | ---- | M] () -- C:\Users\Davie\Documents\Alinta Aug 12.PDF
[2012/08/26 20:43:27 | 000,313,720 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
========== Files Created - No Company Name ==========
[2012/09/06 21:17:34 | 000,000,511 | ---- | C] () -- C:\Users\Davie\Desktop\OTL - Shortcut.lnk
[2012/09/06 20:27:11 | 000,511,265 | ---- | C] () -- C:\Users\Davie\Desktop\adwcleaner.exe
[2012/09/06 12:56:53 | 000,723,294 | ---- | C] () -- C:\Windows\unins000.exe
[2012/09/06 12:56:53 | 000,104,025 | ---- | C] () -- C:\Windows\unins000.dat
[2012/09/05 17:11:29 | 000,001,503 | ---- | C] () -- C:\Users\Davie\AppData\Local\recently-used.xbel
[2012/09/05 16:34:34 | 000,000,882 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
[2012/08/28 09:39:21 | 000,986,149 | ---- | C] () -- C:\Users\Davie\Documents\Alinta Aug 12.PDF
[2012/04/18 13:56:30 | 000,000,552 | ---- | C] () -- C:\Users\Davie\AppData\Local\d3d8caps.dat
[2011/06/18 11:49:28 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2011/03/01 11:33:56 | 000,044,598 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2011/03/01 11:33:56 | 000,029,114 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2011/03/01 11:33:56 | 000,021,021 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2011/03/01 11:33:56 | 000,013,280 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2011/03/01 11:33:56 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2010/02/10 17:23:08 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/09/24 16:17:41 | 000,000,000 | ---- | C] () -- C:\Users\Davie\AppData\Roaming\wklnhst.dat
[2009/06/07 14:46:06 | 000,008,248 | ---- | C] () -- C:\Users\Davie\AppData\Local\en.ini
[2008/10/15 16:08:07 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2008/10/12 13:48:59 | 000,026,340 | ---- | C] () -- C:\Users\Davie\AppData\Roaming\UserTile.png
[2008/09/26 11:56:49 | 000,006,836 | ---- | C] () -- C:\Users\Davie\AppData\Local\d3d9caps.dat
[2008/09/25 20:09:50 | 000,039,424 | ---- | C] () -- C:\Users\Davie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
========== LOP Check ==========
[2011/07/04 17:32:35 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\20000Leagues
[2011/06/18 11:57:06 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Absolutist
[2012/01/25 14:57:10 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Apowersoft
[2010/11/15 15:16:05 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Artogon
[2012/01/25 09:17:55 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Azureus
[2010/10/02 12:53:20 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Clickteam
[2010/09/08 16:52:19 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\EleFun Games
[2011/01/07 15:30:36 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\ElementalsTheMagicKey
[2011/04/09 13:01:44 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Eluvo
[2008/09/29 12:23:10 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Eyeblaster
[2010/09/27 16:17:52 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\FreeBurner
[2009/03/04 15:19:22 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\GameHouse
[2010/12/28 12:55:48 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\HitPoint Studios
[2008/09/29 11:45:38 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\iWin
[2011/04/18 20:14:46 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Meridian93
[2011/04/09 09:40:54 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Myme
[2010/04/01 20:33:44 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\MysteryStudio
[2012/03/08 17:19:19 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Natural Threat.Ominous Shores
[2010/12/22 18:49:40 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\NCH Swift Sound
[2009/08/18 14:39:19 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\OpenOffice.org
[2010/12/10 18:39:59 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\PCDr
[2008/10/12 13:48:59 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\PeerNetworking
[2011/07/04 09:36:17 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\PlayFirst
[2011/01/15 20:30:29 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Raptr
[2010/07/07 16:53:01 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\RobinsonCrusoeOM
[2010/10/27 18:19:35 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Samsung
[2011/06/18 10:30:34 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Silverback Productions
[2008/10/18 19:57:10 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\SpinTop
[2012/01/26 15:13:02 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\SpinTop Games
[2011/01/11 16:16:48 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Template
[2012/02/28 15:06:46 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\TOMI3
[2009/10/26 14:23:51 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Uniblue
[2010/12/27 18:23:20 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Watchtower
[2008/09/28 21:14:20 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Webshots
[2011/11/25 15:20:03 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Windows Live Writer
[2012/09/06 23:15:59 | 000,000,276 | ---- | M] () -- C:\Windows\Tasks\RtlNICDiagVistaStart.job
[2012/09/06 23:13:00 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/09/06 23:22:00 | 000,000,392 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{482C88B6-77D7-485C-AA97-80C9C2BCAB5A}.job
========== Purity Check ==========
========== Custom Scans ==========
========== Base Services ==========
SRV - [2006/11/02 17:46:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\aelupsvc.dll -- (AeLookupSvc)
SRV - [2008/01/21 10:24:17 | 000,033,280 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\appinfo.dll -- (Appinfo)
SRV - [2008/01/21 10:24:14 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\alg.exe -- (ALG)
SRV - [2009/04/11 14:28:23 | 000,758,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\qmgr.dll -- (BITS)
SRV - [2009/04/11 14:28:18 | 000,334,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\BFE.DLL -- (BFE)
SRV - [2011/11/16 22:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (KeyIso)
SRV - [2009/04/11 14:28:19 | 000,268,800 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\es.dll -- (EventSystem)
SRV - [2008/01/21 10:24:36 | 000,081,920 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\browser.dll -- (Browser)
SRV - [2012/04/24 00:00:53 | 000,133,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\cryptsvc.dll -- (CryptSvc)
SRV - [2009/04/11 14:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (DcomLaunch)
SRV - [2009/04/11 14:28:18 | 000,204,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcsvc.dll -- (Dhcp)
SRV - [2011/03/02 23:44:27 | 000,086,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dnsrslvr.dll -- (Dnscache)
SRV - [2008/01/21 10:25:01 | 000,057,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\eapsvc.dll -- (EapHost)
SRV - [2009/04/11 14:28:19 | 000,026,112 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\hidserv.dll -- (hidserv)
SRV - [2008/01/21 10:24:09 | 000,288,256 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess)
SRV - [2009/04/11 14:28:20 | 000,364,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\IPSECSVC.DLL -- (PolicyAgent)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2009/04/11 14:28:24 | 000,311,808 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\swprv.dll -- (swprv)
SRV - [2008/01/21 10:24:54 | 000,045,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\mmcss.dll -- (MMCSS)
SRV - [2008/01/21 10:24:11 | 000,274,432 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netman.dll -- (Netman)
SRV - [2008/01/21 10:24:23 | 000,237,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\netprofm.dll -- (netprofm)
SRV - [2008/01/21 10:23:44 | 000,168,448 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nlasvc.dll -- (NlaSvc)
SRV - [2008/01/21 10:24:47 | 000,018,432 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nsisvc.dll -- (nsi)
SRV - [2009/04/11 14:28:25 | 000,222,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpnpmgr.dll -- (PlugPlay)
SRV - [2010/08/17 22:11:37 | 000,128,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\spoolsv.exe -- (Spooler)
SRV - [2011/11/16 22:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (ProtectedStorage)
SRV - [2009/04/11 14:28:19 | 000,564,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\emdmgmt.dll -- (EMDMgmt)
SRV - [2008/01/21 10:24:19 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasauto.dll -- (RasAuto)
SRV - [2009/04/11 14:28:24 | 000,262,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\rasmans.dll -- (RasMan)
SRV - [2009/04/11 14:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (RpcSs)
SRV - [2008/01/21 10:24:35 | 000,019,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\seclogon.dll -- (seclogon)
SRV - [2011/11/16 22:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsass.exe -- (SamSs)
SRV - [2009/04/11 14:28:26 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wscsvc.dll -- (wscsvc)
SRV - [2010/09/07 00:20:29 | 000,125,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\srvsvc.dll -- (LanmanServer)
SRV - [2009/07/10 19:47:42 | 000,247,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (ShellHWDetection)
SRV - [2009/04/11 14:27:49 | 003,408,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\SLsvc.exe -- (slsvc)
SRV - [2010/11/05 02:55:12 | 000,601,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\schedsvc.dll -- (Schedule)
SRV - [2009/04/11 14:28:24 | 000,242,688 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\tapisrv.dll -- (TapiSrv)
SRV - [2009/07/10 19:47:42 | 000,247,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (Themes)
SRV - [2009/04/11 14:28:23 | 000,153,088 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\profsvc.dll -- (ProfSvc)
SRV - [2009/04/11 14:28:10 | 001,055,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\VSSVC.exe -- (VSS)
SRV - [2009/04/11 14:28:18 | 000,315,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (Audiosrv)
SRV - [2009/04/11 14:28:18 | 000,315,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (AudioEndpointBuilder)
SRV - [2008/01/21 10:23:27 | 000,104,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sdrsvc.dll -- (SDRSVC)
SRV - [2008/01/21 10:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/04/11 14:28:25 | 001,017,856 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wevtsvc.dll -- (Eventlog)
SRV - [2009/04/11 14:28:20 | 000,407,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\MPSSVC.dll -- (MpsSvc)
SRV - [2009/04/11 14:28:25 | 000,453,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wiaservc.dll -- (stisvc)
SRV - [2009/04/11 14:27:45 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\msiexec.exe -- (msiserver)
SRV - [2009/04/11 14:28:25 | 000,162,304 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wbem\WMIsvc.dll -- (Winmgmt)
SRV - [2012/06/03 06:19:17 | 001,933,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wuaueng.dll -- (wuauserv)
SRV - [2009/04/11 14:28:18 | 000,175,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dot3svc.dll -- (dot3svc)
SRV - [2009/07/12 03:01:42 | 000,513,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wlansvc.dll -- (Wlansvc)
SRV - [2009/06/10 19:42:23 | 000,160,256 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wkssvc.dll -- (LanmanWorkstation)
< %SYSTEMDRIVE%\*.exe >
[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
< MD5 for: EXPLORER.EXE >
[2008/10/29 14:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 14:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/30 11:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 14:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 14:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/28 10:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/21 10:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
< MD5 for: QMGR.DLL >
[2008/01/21 10:25:00 | 000,758,272 | ---- | M] (Microsoft Corporation) MD5=02ED7B4DBC2A3232A389106DA7515C3D -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6001.18000_none_2390c4ecf9720b8c\qmgr.dll
[2009/04/11 14:28:23 | 000,758,784 | ---- | M] (Microsoft Corporation) MD5=93952506C6D67330367F7E7934B6A02F -- C:\Windows\System32\qmgr.dll
[2009/04/11 14:28:23 | 000,758,784 | ---- | M] (Microsoft Corporation) MD5=93952506C6D67330367F7E7934B6A02F -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6002.18005_none_257c3df8f693d6d8\qmgr.dll
< MD5 for: SERVICES >
[2006/09/19 05:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\System32\drivers\etc\services
[2006/09/19 05:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6000.16386_none_024e4071fa6fea95\services
< MD5 for: SERVICES.CFG >
[2012/07/28 04:51:34 | 000,586,083 | ---- | M] () MD5=6DE4EA437EC1FE6DB27CADB0A7EA8DC2 -- C:\Program Files\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011/06/06 12:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg
< MD5 for: SERVICES.EXE >
[2008/01/21 10:24:48 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2009/04/11 14:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\System32\services.exe
[2009/04/11 14:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
< MD5 for: SERVICES.EXE.MUI >
[2006/11/02 20:40:53 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\System32\en-US\services.exe.mui
[2006/11/02 20:40:53 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.0.6000.16386_en-us_67c6851b290a1ced\services.exe.mui
< MD5 for: SERVICES.LNK >
[2008/01/21 10:42:58 | 000,001,688 | ---- | M] () MD5=C50AE46E57C3F3FB61A3B3A1E5D9C412 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/21 10:42:58 | 000,001,688 | ---- | M] () MD5=C50AE46E57C3F3FB61A3B3A1E5D9C412 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
< MD5 for: SERVICES.MOF >
[2006/09/19 05:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2006/09/19 05:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.mof
[2006/09/19 05:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.mof
< MD5 for: SERVICES.MSC >
[2006/11/02 20:41:29 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\en-US\services.msc
[2006/09/19 05:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2006/11/02 20:41:29 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.0.6000.16386_en-us_a2085506ff73b6e0\services.msc
[2006/09/19 05:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6001.18000_none_cf63e2a445bae4e3\services.msc
< MD5 for: SERVICES.PNG >
[2012/08/18 05:27:50 | 000,001,509 | ---- | M] () MD5=F4EC3ABEAE15FA9BB42D721E9D543F44 -- C:\Program Files\Dell Support Center\Images\icons\png\24_24\services.png
< MD5 for: SERVICES.RDB >
[2011/01/17 19:14:32 | 000,237,568 | ---- | M] () MD5=507957679AE4579C15D57FA741EA6FFA -- C:\Program Files\OpenOffice.org 3\URE\misc\services.rdb
[2011/01/17 19:14:04 | 005,539,328 | ---- | M] () MD5=F2B666905F7FDAA80C86A101A7DE62F9 -- C:\Program Files\OpenOffice.org 3\Basis\program\services.rdb
< MD5 for: SERVICES.XML >
[2008/09/26 17:29:27 | 000,000,747 | ---- | M] () MD5=02A6C165D6B7F2D7614F5819A4BFA7B2 -- C:\Users\Davie\AppData\Local\VirtualStore\Program Files\Telstra\BigPond Assist\services.xml
< MD5 for: SVCHOST.EXE >
[2008/01/21 10:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/21 10:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
< MD5 for: USERINIT.EXE >
[2008/01/21 10:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/21 10:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
< MD5 for: WINLOGON.EXE >
[2009/04/11 14:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 14:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/01/21 10:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
< %systemdrive%\$Recycle.Bin|@;true;true;true >
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS /s >
"DisplayName" = @%SystemRoot%\system32\qmgr.dll,-1000
"ImagePath" = %SystemRoot%\System32\svchost.exe -k netsvcs -- [2008/01/21 10:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation)
"Description" = @%SystemRoot%\system32\qmgr.dll,-1001
"ObjectName" = LocalSystem
"ErrorControl" = 1
"Start" = 2
"DelayedAutoStart" = 1
"Type" = 32
"DependOnService" = RpcSsEventSystem [binary data]
"ServiceSidType" = 1
"RequiredPrivileges" = [Binary data over 100 bytes]
"FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 60 EA 00 00 01 00 00 00 C0 D4 01 00 00 00 00 00 00 00 00 00 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Parameters]
"ServiceDll" = %SystemRoot%\System32\qmgr.dll -- [2009/04/11 14:28:23 | 000,758,784 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Performance]
"Library" = bitsperf.dll -- [2006/11/02 17:46:02 | 000,017,920 | ---- | M] (Microsoft Corporation)
"Open" = PerfMon_Open
"Collect" = PerfMon_Collect
"Close" = PerfMon_Close
"InstallType" = 1
"PerfIniFile" = bitsctrs.ini
"First Counter" = 1908
"Last Counter" = 1924
"First Help" = 1909
"Last Help" = 1925
"Object List" = 1908
"1008" = Reg Error: Unknown registry data type -- File not found
"PerfMMFileName" = Global\MMF_BITS_s
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Security]
"Security" = [Binary data over 100 bytes]
========== Alternate Data Streams ==========
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:621BEE66
@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:5A9AF3C7
@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:57DC3B52
@Alternate Data Stream - 249 bytes -> C:\ProgramData\TEMP:4D8FCBEF
@Alternate Data Stream - 220 bytes -> C:\ProgramData\TEMP:89A5891E
@Alternate Data Stream - 194 bytes -> C:\ProgramData\TEMP:C0A1A8AA
@Alternate Data Stream - 176 bytes -> C:\ProgramData\TEMP:55422315
@Alternate Data Stream - 162 bytes -> C:\ProgramData\TEMP:ABE30DDB
@Alternate Data Stream - 156 bytes -> C:\ProgramData\TEMP:77A023CE
@Alternate Data Stream - 154 bytes -> C:\ProgramData\TEMP:EF1813D7
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:D751C674
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:A53FFC56
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:0441DB7A
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:6C1A9365
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:D5BF78B4
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:157D4840
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:83E716F0
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:872B86AD
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:2F4A0A6B
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:F216755A
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:5311B0B8
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:C7F04040
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:0D31DA45
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:B6C77675
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:8DFE5191
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:444169A0
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:FFFCB9A9
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:8668AB36
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:3E69E337
< End of report >
OTL logfile created on: 6/09/2012 11:22:23 PM - Run 2
OTL by OldTimer - Version 3.2.61.0 Folder = C:\Users\Davie\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy
3.25 Gb Total Physical Memory | 2.04 Gb Available Physical Memory | 62.81% Memory free
6.72 Gb Paging File | 5.51 Gb Available in Paging File | 81.95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 450.68 Gb Total Space | 382.05 Gb Free Space | 84.77% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 8.61 Gb Free Space | 57.41% Space Free | Partition Type: NTFS
Computer Name: DAVIE-PC | User Name: Davie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/09/06 21:16:08 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\Davie\Downloads\OTL.exe
PRC - [2012/09/05 15:54:43 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/07/28 04:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2011/09/07 01:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011/08/18 23:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2011/08/18 23:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files\Dell DataSafe Local Backup\SftService.exe
PRC - [2011/08/02 01:56:48 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2010/05/20 15:27:24 | 000,762,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\vVX1000.exe
PRC - [2010/05/20 15:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2009/04/11 14:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/05/13 16:33:10 | 001,058,088 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DellDock.exe
PRC - [2008/04/28 16:56:28 | 000,161,048 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/03/06 19:52:56 | 004,706,304 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/11/21 10:11:05 | 003,289,088 | ---- | M] (Google) -- C:\Program Files\Google\Google Talk\googletalk.exe
PRC - [2006/01/25 16:14:44 | 001,646,592 | ---- | M] (Webshots.com) -- C:\Program Files\Webshots\webshots.scr
========== Modules (No Company Name) ==========
MOD - [2012/09/06 12:57:08 | 002,073,112 | ---- | M] () -- c:\ProgramData\Browser Manager\2.2.630.40\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll
MOD - [2012/09/05 15:54:28 | 002,242,528 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/06/14 11:17:43 | 001,523,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\DellDock\cbaab9a3d542f178ef9f4ed2998b6347\DellDock.ni.exe
MOD - [2012/06/14 11:17:43 | 000,223,744 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\VistaBridgeLibrary\09921757c265f71e2458696d7f64cc5e\VistaBridgeLibrary.ni.dll
MOD - [2012/06/14 11:17:42 | 000,061,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MyDock.Util\7c673f0e46d9d52167ee9ae5d1e73a7a\MyDock.Util.ni.dll
MOD - [2012/06/14 10:31:02 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
MOD - [2012/06/14 10:30:54 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
MOD - [2012/06/14 10:30:33 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7343fbab1ba137db2f8b284047ef3f3c\PresentationFramework.ni.dll
MOD - [2012/06/14 10:29:55 | 012,219,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7b6293b0c23321c255c2530aea8e32bb\PresentationCore.ni.dll
MOD - [2012/05/10 13:29:12 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3d4d5fe5ab848fbfcf91a49960dc8ae\System.Management.ni.dll
MOD - [2012/05/10 13:29:07 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll
MOD - [2012/05/10 12:28:39 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012/05/10 12:28:03 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\0f2b877ed16daa577f95be735a63d19c\System.Core.ni.dll
MOD - [2012/05/10 12:28:00 | 000,224,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d81872939252c65b6f1127f331b84de0\PresentationFramework.Classic.ni.dll
MOD - [2012/05/10 12:27:26 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\54426ee1881b42af5b090e223f43823c\WindowsBase.ni.dll
MOD - [2012/05/10 12:27:23 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012/05/10 12:27:16 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2011/08/18 23:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
MOD - [2008/06/13 19:34:14 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
========== Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- -- (sprtsvc_dellsupportcenter)
SRV - [2012/09/05 15:54:43 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/03 14:38:39 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/28 04:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/08/18 23:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2010/05/20 15:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2008/08/01 17:29:11 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/04/28 16:56:28 | 000,161,048 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/01/21 10:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\sscdmdm.sys -- (sscdmdm)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\sscdmdfl.sys -- (sscdmdfl)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\sscdbus.sys -- (sscdbus)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\BCEB.tmp -- (MEMSWEEP2)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\massfilter.sys -- (massfilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/10/27 18:38:21 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2010/07/21 16:52:14 | 000,044,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
DRV - [2010/05/21 15:03:18 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2010/05/20 15:27:26 | 001,961,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VX1000.sys -- (VX1000)
DRV - [2008/06/13 19:34:12 | 003,592,704 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2008/06/13 19:34:12 | 003,592,704 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/03/06 19:47:34 | 000,106,496 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/03/06 19:44:48 | 000,027,648 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\RtNdPt60.sys -- (RtNdPt60)
DRV - [2008/01/21 10:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2006/11/01 18:50:00 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2006/10/19 02:08:18 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2006/08/05 08:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...ie7&rlz=1I7DAAU
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-30905629-1660685971-3630012643-1000\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = http://google/
IE - HKU\S-1-5-21-30905629-1660685971-3630012643-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=au&ibd=1080802
IE - HKU\S-1-5-21-30905629-1660685971-3630012643-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-30905629-1660685971-3630012643-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-30905629-1660685971-3630012643-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-30905629-1660685971-3630012643-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=au&ibd=1080802
IE - HKU\S-1-5-21-30905629-1660685971-3630012643-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-30905629-1660685971-3630012643-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-30905629-1660685971-3630012643-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-30905629-1660685971-3630012643-1000\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
IE - HKU\S-1-5-21-30905629-1660685971-3630012643-1000\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-30905629-1660685971-3630012643-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-30905629-1660685971-3630012643-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-30905629-1660685971-3630012643-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...00000219b028d60
IE - HKU\S-1-5-21-30905629-1660685971-3630012643-1000\..\SearchScopes\{1A32E4AF-245D-4132-B773-163AC7DE962A}: "URL" = http://websearch.ask...C3-882B2ED3DD41
IE - HKU\S-1-5-21-30905629-1660685971-3630012643-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7GPEA_en
IE - HKU\S-1-5-21-30905629-1660685971-3630012643-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaultthis.engineName: "Google Powered Search"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://search.babylo...0000219b028d60"
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.9
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}:6.0.33
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: {3EC9C995-8072-4fc0-953E-4F30620D17F3}:2.0.0.4
FF - prefs.js..extensions.enabledItems: {ba14329e-9550-4989-b3f2-9732e92d17cc}:2.7.2.0
FF - prefs.js..extensions.enabledItems: [email protected]:3.12.2.16749
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/06 20:37:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/24 08:42:17 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/06 20:37:35 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/24 08:42:17 | 000,000,000 | ---D | M]
[2010/02/08 23:09:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Davie\AppData\Roaming\Mozilla\Extensions
[2010/02/08 23:09:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Davie\AppData\Roaming\Mozilla\Extensions\[email protected]
[2012/09/06 20:37:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\huvoosx4.default\extensions
[2010/04/28 11:53:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\huvoosx4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/12/23 11:07:44 | 000,000,000 | ---D | M] (WeatherBug) -- C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\huvoosx4.default\extensions\{3EC9C995-8072-4fc0-953E-4F30620D17F3}
[2012/03/31 08:09:53 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\huvoosx4.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/12/15 12:19:53 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\huvoosx4.default\extensions\engine@conduit(72).com
[2012/08/31 18:22:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/07/01 18:33:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/08/31 18:22:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/09/05 15:54:43 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/09/05 15:54:27 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
O1 HOSTS File: ([2006/09/19 05:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O3 - HKU\S-1-5-21-30905629-1660685971-3630012643-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-30905629-1660685971-3630012643-1000\..\Toolbar\WebBrowser: (no name) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-30905629-1660685971-3630012643-1000..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - Startup: C:\Users\Davie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Davie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Webshots.lnk = C:\Program Files\Webshots\Launcher.exe ()
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C310A4B4-D2D0-4B83-B141-9D0887C7C045}: DhcpNameServer = 192.168.0.1
O20 - AppInit_DLLs: (c:\progra~2\browse~1\22630~1.40\{16cdf~1\browse~1.dll) - c:\ProgramData\Browser Manager\2.2.630.40\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Users\Davie\AppData\Roaming\Webshots\The Webshots Desktop\Webshots Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Users\Davie\AppData\Roaming\Webshots\The Webshots Desktop\Webshots Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 05:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004/04/30 17:01:00 | 000,000,053 | -HS- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2012/09/06 12:57:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager
[2012/09/05 16:38:17 | 000,000,000 | ---D | C] -- C:\Users\Davie\.thumbnails
[2012/09/05 16:36:14 | 000,000,000 | ---D | C] -- C:\Users\Davie\AppData\Local\fontconfig
[2012/09/05 16:36:13 | 000,000,000 | ---D | C] -- C:\Users\Davie\.gimp-2.8
[2012/09/05 16:36:12 | 000,000,000 | ---D | C] -- C:\Users\Davie\AppData\Local\gegl-0.2
[2012/09/05 16:32:21 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2
[2012/09/05 11:48:37 | 000,000,000 | ---D | C] -- C:\Users\Davie\AppData\Local\{E6B1822A-87DA-4FD6-AE5A-E5727E5E6E6D}
[2012/08/24 09:45:15 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Support Center
[2012/08/24 09:45:14 | 000,000,000 | ---D | C] -- C:\ProgramData\PC-Doctor for Windows
========== Files - Modified Within 30 Days ==========
[2012/09/06 23:22:00 | 000,000,392 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{482C88B6-77D7-485C-AA97-80C9C2BCAB5A}.job
[2012/09/06 23:16:10 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/06 23:15:59 | 000,000,276 | ---- | M] () -- C:\Windows\tasks\RtlNICDiagVistaStart.job
[2012/09/06 23:13:59 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/06 23:13:59 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/06 23:13:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/06 23:05:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/09/06 22:43:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/06 21:17:34 | 000,000,511 | ---- | M] () -- C:\Users\Davie\Desktop\OTL - Shortcut.lnk
[2012/09/06 20:27:16 | 000,511,265 | ---- | M] () -- C:\Users\Davie\Desktop\adwcleaner.exe
[2012/09/06 12:56:54 | 000,104,025 | ---- | M] () -- C:\Windows\unins000.dat
[2012/09/06 12:56:43 | 000,723,294 | ---- | M] () -- C:\Windows\unins000.exe
[2012/09/05 17:11:29 | 000,001,503 | ---- | M] () -- C:\Users\Davie\AppData\Local\recently-used.xbel
[2012/09/05 11:50:21 | 000,039,424 | ---- | M] () -- C:\Users\Davie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/09/03 14:30:56 | 000,001,704 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2012/08/28 09:43:03 | 000,986,149 | ---- | M] () -- C:\Users\Davie\Documents\Alinta Aug 12.PDF
[2012/08/26 20:43:27 | 000,313,720 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
========== Files Created - No Company Name ==========
[2012/09/06 21:17:34 | 000,000,511 | ---- | C] () -- C:\Users\Davie\Desktop\OTL - Shortcut.lnk
[2012/09/06 20:27:11 | 000,511,265 | ---- | C] () -- C:\Users\Davie\Desktop\adwcleaner.exe
[2012/09/06 12:56:53 | 000,723,294 | ---- | C] () -- C:\Windows\unins000.exe
[2012/09/06 12:56:53 | 000,104,025 | ---- | C] () -- C:\Windows\unins000.dat
[2012/09/05 17:11:29 | 000,001,503 | ---- | C] () -- C:\Users\Davie\AppData\Local\recently-used.xbel
[2012/09/05 16:34:34 | 000,000,882 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
[2012/08/28 09:39:21 | 000,986,149 | ---- | C] () -- C:\Users\Davie\Documents\Alinta Aug 12.PDF
[2012/04/18 13:56:30 | 000,000,552 | ---- | C] () -- C:\Users\Davie\AppData\Local\d3d8caps.dat
[2011/06/18 11:49:28 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2011/03/01 11:33:56 | 000,044,598 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2011/03/01 11:33:56 | 000,029,114 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2011/03/01 11:33:56 | 000,021,021 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2011/03/01 11:33:56 | 000,013,280 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2011/03/01 11:33:56 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2010/02/10 17:23:08 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/09/24 16:17:41 | 000,000,000 | ---- | C] () -- C:\Users\Davie\AppData\Roaming\wklnhst.dat
[2009/06/07 14:46:06 | 000,008,248 | ---- | C] () -- C:\Users\Davie\AppData\Local\en.ini
[2008/10/15 16:08:07 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2008/10/12 13:48:59 | 000,026,340 | ---- | C] () -- C:\Users\Davie\AppData\Roaming\UserTile.png
[2008/09/26 11:56:49 | 000,006,836 | ---- | C] () -- C:\Users\Davie\AppData\Local\d3d9caps.dat
[2008/09/25 20:09:50 | 000,039,424 | ---- | C] () -- C:\Users\Davie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
========== LOP Check ==========
[2011/07/04 17:32:35 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\20000Leagues
[2011/06/18 11:57:06 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Absolutist
[2012/01/25 14:57:10 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Apowersoft
[2010/11/15 15:16:05 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Artogon
[2012/01/25 09:17:55 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Azureus
[2010/10/02 12:53:20 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Clickteam
[2010/09/08 16:52:19 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\EleFun Games
[2011/01/07 15:30:36 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\ElementalsTheMagicKey
[2011/04/09 13:01:44 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Eluvo
[2008/09/29 12:23:10 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Eyeblaster
[2010/09/27 16:17:52 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\FreeBurner
[2009/03/04 15:19:22 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\GameHouse
[2010/12/28 12:55:48 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\HitPoint Studios
[2008/09/29 11:45:38 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\iWin
[2011/04/18 20:14:46 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Meridian93
[2011/04/09 09:40:54 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Myme
[2010/04/01 20:33:44 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\MysteryStudio
[2012/03/08 17:19:19 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Natural Threat.Ominous Shores
[2010/12/22 18:49:40 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\NCH Swift Sound
[2009/08/18 14:39:19 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\OpenOffice.org
[2010/12/10 18:39:59 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\PCDr
[2008/10/12 13:48:59 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\PeerNetworking
[2011/07/04 09:36:17 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\PlayFirst
[2011/01/15 20:30:29 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Raptr
[2010/07/07 16:53:01 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\RobinsonCrusoeOM
[2010/10/27 18:19:35 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Samsung
[2011/06/18 10:30:34 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Silverback Productions
[2008/10/18 19:57:10 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\SpinTop
[2012/01/26 15:13:02 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\SpinTop Games
[2011/01/11 16:16:48 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Template
[2012/02/28 15:06:46 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\TOMI3
[2009/10/26 14:23:51 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Uniblue
[2010/12/27 18:23:20 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Watchtower
[2008/09/28 21:14:20 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Webshots
[2011/11/25 15:20:03 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Windows Live Writer
[2012/09/06 23:15:59 | 000,000,276 | ---- | M] () -- C:\Windows\Tasks\RtlNICDiagVistaStart.job
[2012/09/06 23:13:00 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/09/06 23:22:00 | 000,000,392 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{482C88B6-77D7-485C-AA97-80C9C2BCAB5A}.job
========== Purity Check ==========
========== Custom Scans ==========
========== Base Services ==========
SRV - [2006/11/02 17:46:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\aelupsvc.dll -- (AeLookupSvc)
SRV - [2008/01/21 10:24:17 | 000,033,280 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\appinfo.dll -- (Appinfo)
SRV - [2008/01/21 10:24:14 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\alg.exe -- (ALG)
SRV - [2009/04/11 14:28:23 | 000,758,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\qmgr.dll -- (BITS)
SRV - [2009/04/11 14:28:18 | 000,334,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\BFE.DLL -- (BFE)
SRV - [2011/11/16 22:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (KeyIso)
SRV - [2009/04/11 14:28:19 | 000,268,800 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\es.dll -- (EventSystem)
SRV - [2008/01/21 10:24:36 | 000,081,920 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\browser.dll -- (Browser)
SRV - [2012/04/24 00:00:53 | 000,133,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\cryptsvc.dll -- (CryptSvc)
SRV - [2009/04/11 14:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (DcomLaunch)
SRV - [2009/04/11 14:28:18 | 000,204,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcsvc.dll -- (Dhcp)
SRV - [2011/03/02 23:44:27 | 000,086,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dnsrslvr.dll -- (Dnscache)
SRV - [2008/01/21 10:25:01 | 000,057,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\eapsvc.dll -- (EapHost)
SRV - [2009/04/11 14:28:19 | 000,026,112 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\hidserv.dll -- (hidserv)
SRV - [2008/01/21 10:24:09 | 000,288,256 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess)
SRV - [2009/04/11 14:28:20 | 000,364,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\IPSECSVC.DLL -- (PolicyAgent)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2009/04/11 14:28:24 | 000,311,808 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\swprv.dll -- (swprv)
SRV - [2008/01/21 10:24:54 | 000,045,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\mmcss.dll -- (MMCSS)
SRV - [2008/01/21 10:24:11 | 000,274,432 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netman.dll -- (Netman)
SRV - [2008/01/21 10:24:23 | 000,237,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\netprofm.dll -- (netprofm)
SRV - [2008/01/21 10:23:44 | 000,168,448 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nlasvc.dll -- (NlaSvc)
SRV - [2008/01/21 10:24:47 | 000,018,432 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nsisvc.dll -- (nsi)
SRV - [2009/04/11 14:28:25 | 000,222,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpnpmgr.dll -- (PlugPlay)
SRV - [2010/08/17 22:11:37 | 000,128,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\spoolsv.exe -- (Spooler)
SRV - [2011/11/16 22:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (ProtectedStorage)
SRV - [2009/04/11 14:28:19 | 000,564,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\emdmgmt.dll -- (EMDMgmt)
SRV - [2008/01/21 10:24:19 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasauto.dll -- (RasAuto)
SRV - [2009/04/11 14:28:24 | 000,262,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\rasmans.dll -- (RasMan)
SRV - [2009/04/11 14:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (RpcSs)
SRV - [2008/01/21 10:24:35 | 000,019,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\seclogon.dll -- (seclogon)
SRV - [2011/11/16 22:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsass.exe -- (SamSs)
SRV - [2009/04/11 14:28:26 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wscsvc.dll -- (wscsvc)
SRV - [2010/09/07 00:20:29 | 000,125,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\srvsvc.dll -- (LanmanServer)
SRV - [2009/07/10 19:47:42 | 000,247,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (ShellHWDetection)
SRV - [2009/04/11 14:27:49 | 003,408,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\SLsvc.exe -- (slsvc)
SRV - [2010/11/05 02:55:12 | 000,601,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\schedsvc.dll -- (Schedule)
SRV - [2009/04/11 14:28:24 | 000,242,688 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\tapisrv.dll -- (TapiSrv)
SRV - [2009/07/10 19:47:42 | 000,247,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (Themes)
SRV - [2009/04/11 14:28:23 | 000,153,088 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\profsvc.dll -- (ProfSvc)
SRV - [2009/04/11 14:28:10 | 001,055,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\VSSVC.exe -- (VSS)
SRV - [2009/04/11 14:28:18 | 000,315,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (Audiosrv)
SRV - [2009/04/11 14:28:18 | 000,315,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (AudioEndpointBuilder)
SRV - [2008/01/21 10:23:27 | 000,104,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sdrsvc.dll -- (SDRSVC)
SRV - [2008/01/21 10:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/04/11 14:28:25 | 001,017,856 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wevtsvc.dll -- (Eventlog)
SRV - [2009/04/11 14:28:20 | 000,407,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\MPSSVC.dll -- (MpsSvc)
SRV - [2009/04/11 14:28:25 | 000,453,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wiaservc.dll -- (stisvc)
SRV - [2009/04/11 14:27:45 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\msiexec.exe -- (msiserver)
SRV - [2009/04/11 14:28:25 | 000,162,304 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wbem\WMIsvc.dll -- (Winmgmt)
SRV - [2012/06/03 06:19:17 | 001,933,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wuaueng.dll -- (wuauserv)
SRV - [2009/04/11 14:28:18 | 000,175,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dot3svc.dll -- (dot3svc)
SRV - [2009/07/12 03:01:42 | 000,513,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wlansvc.dll -- (Wlansvc)
SRV - [2009/06/10 19:42:23 | 000,160,256 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wkssvc.dll -- (LanmanWorkstation)
< %SYSTEMDRIVE%\*.exe >
[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
< MD5 for: EXPLORER.EXE >
[2008/10/29 14:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 14:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/30 11:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 14:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 14:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/28 10:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/21 10:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
< MD5 for: QMGR.DLL >
[2008/01/21 10:25:00 | 000,758,272 | ---- | M] (Microsoft Corporation) MD5=02ED7B4DBC2A3232A389106DA7515C3D -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6001.18000_none_2390c4ecf9720b8c\qmgr.dll
[2009/04/11 14:28:23 | 000,758,784 | ---- | M] (Microsoft Corporation) MD5=93952506C6D67330367F7E7934B6A02F -- C:\Windows\System32\qmgr.dll
[2009/04/11 14:28:23 | 000,758,784 | ---- | M] (Microsoft Corporation) MD5=93952506C6D67330367F7E7934B6A02F -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6002.18005_none_257c3df8f693d6d8\qmgr.dll
< MD5 for: SERVICES >
[2006/09/19 05:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\System32\drivers\etc\services
[2006/09/19 05:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6000.16386_none_024e4071fa6fea95\services
< MD5 for: SERVICES.CFG >
[2012/07/28 04:51:34 | 000,586,083 | ---- | M] () MD5=6DE4EA437EC1FE6DB27CADB0A7EA8DC2 -- C:\Program Files\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011/06/06 12:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg
< MD5 for: SERVICES.EXE >
[2008/01/21 10:24:48 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2009/04/11 14:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\System32\services.exe
[2009/04/11 14:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
< MD5 for: SERVICES.EXE.MUI >
[2006/11/02 20:40:53 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\System32\en-US\services.exe.mui
[2006/11/02 20:40:53 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.0.6000.16386_en-us_67c6851b290a1ced\services.exe.mui
< MD5 for: SERVICES.LNK >
[2008/01/21 10:42:58 | 000,001,688 | ---- | M] () MD5=C50AE46E57C3F3FB61A3B3A1E5D9C412 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/21 10:42:58 | 000,001,688 | ---- | M] () MD5=C50AE46E57C3F3FB61A3B3A1E5D9C412 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
< MD5 for: SERVICES.MOF >
[2006/09/19 05:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2006/09/19 05:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.mof
[2006/09/19 05:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.mof
< MD5 for: SERVICES.MSC >
[2006/11/02 20:41:29 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\en-US\services.msc
[2006/09/19 05:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2006/11/02 20:41:29 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.0.6000.16386_en-us_a2085506ff73b6e0\services.msc
[2006/09/19 05:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6001.18000_none_cf63e2a445bae4e3\services.msc
< MD5 for: SERVICES.PNG >
[2012/08/18 05:27:50 | 000,001,509 | ---- | M] () MD5=F4EC3ABEAE15FA9BB42D721E9D543F44 -- C:\Program Files\Dell Support Center\Images\icons\png\24_24\services.png
< MD5 for: SERVICES.RDB >
[2011/01/17 19:14:32 | 000,237,568 | ---- | M] () MD5=507957679AE4579C15D57FA741EA6FFA -- C:\Program Files\OpenOffice.org 3\URE\misc\services.rdb
[2011/01/17 19:14:04 | 005,539,328 | ---- | M] () MD5=F2B666905F7FDAA80C86A101A7DE62F9 -- C:\Program Files\OpenOffice.org 3\Basis\program\services.rdb
< MD5 for: SERVICES.XML >
[2008/09/26 17:29:27 | 000,000,747 | ---- | M] () MD5=02A6C165D6B7F2D7614F5819A4BFA7B2 -- C:\Users\Davie\AppData\Local\VirtualStore\Program Files\Telstra\BigPond Assist\services.xml
< MD5 for: SVCHOST.EXE >
[2008/01/21 10:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/21 10:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
< MD5 for: USERINIT.EXE >
[2008/01/21 10:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/21 10:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
< MD5 for: WINLOGON.EXE >
[2009/04/11 14:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 14:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/01/21 10:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
< %systemdrive%\$Recycle.Bin|@;true;true;true >
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS /s >
"DisplayName" = @%SystemRoot%\system32\qmgr.dll,-1000
"ImagePath" = %SystemRoot%\System32\svchost.exe -k netsvcs -- [2008/01/21 10:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation)
"Description" = @%SystemRoot%\system32\qmgr.dll,-1001
"ObjectName" = LocalSystem
"ErrorControl" = 1
"Start" = 2
"DelayedAutoStart" = 1
"Type" = 32
"DependOnService" = RpcSsEventSystem [binary data]
"ServiceSidType" = 1
"RequiredPrivileges" = [Binary data over 100 bytes]
"FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 60 EA 00 00 01 00 00 00 C0 D4 01 00 00 00 00 00 00 00 00 00 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Parameters]
"ServiceDll" = %SystemRoot%\System32\qmgr.dll -- [2009/04/11 14:28:23 | 000,758,784 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Performance]
"Library" = bitsperf.dll -- [2006/11/02 17:46:02 | 000,017,920 | ---- | M] (Microsoft Corporation)
"Open" = PerfMon_Open
"Collect" = PerfMon_Collect
"Close" = PerfMon_Close
"InstallType" = 1
"PerfIniFile" = bitsctrs.ini
"First Counter" = 1908
"Last Counter" = 1924
"First Help" = 1909
"Last Help" = 1925
"Object List" = 1908
"1008" = Reg Error: Unknown registry data type -- File not found
"PerfMMFileName" = Global\MMF_BITS_s
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Security]
"Security" = [Binary data over 100 bytes]
========== Alternate Data Streams ==========
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:621BEE66
@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:5A9AF3C7
@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:57DC3B52
@Alternate Data Stream - 249 bytes -> C:\ProgramData\TEMP:4D8FCBEF
@Alternate Data Stream - 220 bytes -> C:\ProgramData\TEMP:89A5891E
@Alternate Data Stream - 194 bytes -> C:\ProgramData\TEMP:C0A1A8AA
@Alternate Data Stream - 176 bytes -> C:\ProgramData\TEMP:55422315
@Alternate Data Stream - 162 bytes -> C:\ProgramData\TEMP:ABE30DDB
@Alternate Data Stream - 156 bytes -> C:\ProgramData\TEMP:77A023CE
@Alternate Data Stream - 154 bytes -> C:\ProgramData\TEMP:EF1813D7
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:D751C674
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:A53FFC56
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:0441DB7A
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:6C1A9365
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:D5BF78B4
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:157D4840
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:83E716F0
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:872B86AD
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:2F4A0A6B
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:F216755A
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:5311B0B8
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:C7F04040
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:0D31DA45
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:B6C77675
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:8DFE5191
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:444169A0
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:FFFCB9A9
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:8668AB36
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:3E69E337
< End of report >
# Updated 30/08/2012 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# User : Davie - DAVIE-PC
# Boot Mode : Normal
# Running from : C:\Users\Davie\Desktop\adwcleaner.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
Deleted on reboot : C:\ProgramData\Browser Manager
***** [Registry] *****
Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~2\browse~1\22630~1.40\{16cdf~1\browse~1.dll
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKU\S-1-5-21-30905629-1660685971-3630012643-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Registry is clean.
-\\ Mozilla Firefox v15.0 (en-US)
Profile name : default
File : C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\huvoosx4.default\prefs.js
Deleted : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
Deleted : user_pref("browser.search.order.1", "Search the web (Babylon)");
Deleted : user_pref("browser.search.selectedEngine", "Search the web (Babylon)");
Deleted : user_pref("browser.startup.homepage", "hxxp://search.babylon.com/?affID=44444&tt=3612_6&babsrc=HP_ss[...]
-\\ Google Chrome v [Unable to get version]
File : C:\Users\Davie\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [37318 octets] - [06/09/2012 20:28:58]
AdwCleaner[R2].txt - [37379 octets] - [06/09/2012 20:35:04]
AdwCleaner[S1].txt - [38612 octets] - [06/09/2012 20:37:31]
AdwCleaner[S2].txt - [1909 octets] - [06/09/2012 23:12:36]
########## EOF - C:\AdwCleaner[S2].txt - [1969 octets] ##########
OTL logfile created on: 6/09/2012 11:22:23 PM - Run 2
OTL by OldTimer - Version 3.2.61.0 Folder = C:\Users\Davie\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy
3.25 Gb Total Physical Memory | 2.04 Gb Available Physical Memory | 62.81% Memory free
6.72 Gb Paging File | 5.51 Gb Available in Paging File | 81.95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 450.68 Gb Total Space | 382.05 Gb Free Space | 84.77% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 8.61 Gb Free Space | 57.41% Space Free | Partition Type: NTFS
Computer Name: DAVIE-PC | User Name: Davie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/09/06 21:16:08 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\Davie\Downloads\OTL.exe
PRC - [2012/09/05 15:54:43 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/07/28 04:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2011/09/07 01:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011/08/18 23:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2011/08/18 23:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files\Dell DataSafe Local Backup\SftService.exe
PRC - [2011/08/02 01:56:48 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2010/05/20 15:27:24 | 000,762,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\vVX1000.exe
PRC - [2010/05/20 15:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2009/04/11 14:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/05/13 16:33:10 | 001,058,088 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DellDock.exe
PRC - [2008/04/28 16:56:28 | 000,161,048 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/03/06 19:52:56 | 004,706,304 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/11/21 10:11:05 | 003,289,088 | ---- | M] (Google) -- C:\Program Files\Google\Google Talk\googletalk.exe
PRC - [2006/01/25 16:14:44 | 001,646,592 | ---- | M] (Webshots.com) -- C:\Program Files\Webshots\webshots.scr
========== Modules (No Company Name) ==========
MOD - [2012/09/06 12:57:08 | 002,073,112 | ---- | M] () -- c:\ProgramData\Browser Manager\2.2.630.40\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll
MOD - [2012/09/05 15:54:28 | 002,242,528 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/06/14 11:17:43 | 001,523,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\DellDock\cbaab9a3d542f178ef9f4ed2998b6347\DellDock.ni.exe
MOD - [2012/06/14 11:17:43 | 000,223,744 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\VistaBridgeLibrary\09921757c265f71e2458696d7f64cc5e\VistaBridgeLibrary.ni.dll
MOD - [2012/06/14 11:17:42 | 000,061,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MyDock.Util\7c673f0e46d9d52167ee9ae5d1e73a7a\MyDock.Util.ni.dll
MOD - [2012/06/14 10:31:02 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
MOD - [2012/06/14 10:30:54 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
MOD - [2012/06/14 10:30:33 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7343fbab1ba137db2f8b284047ef3f3c\PresentationFramework.ni.dll
MOD - [2012/06/14 10:29:55 | 012,219,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7b6293b0c23321c255c2530aea8e32bb\PresentationCore.ni.dll
MOD - [2012/05/10 13:29:12 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3d4d5fe5ab848fbfcf91a49960dc8ae\System.Management.ni.dll
MOD - [2012/05/10 13:29:07 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll
MOD - [2012/05/10 12:28:39 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012/05/10 12:28:03 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\0f2b877ed16daa577f95be735a63d19c\System.Core.ni.dll
MOD - [2012/05/10 12:28:00 | 000,224,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d81872939252c65b6f1127f331b84de0\PresentationFramework.Classic.ni.dll
MOD - [2012/05/10 12:27:26 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\54426ee1881b42af5b090e223f43823c\WindowsBase.ni.dll
MOD - [2012/05/10 12:27:23 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012/05/10 12:27:16 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2011/08/18 23:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
MOD - [2008/06/13 19:34:14 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
========== Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- -- (sprtsvc_dellsupportcenter)
SRV - [2012/09/05 15:54:43 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/03 14:38:39 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/28 04:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/08/18 23:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2010/05/20 15:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2008/08/01 17:29:11 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/04/28 16:56:28 | 000,161,048 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/01/21 10:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\sscdmdm.sys -- (sscdmdm)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\sscdmdfl.sys -- (sscdmdfl)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\sscdbus.sys -- (sscdbus)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\BCEB.tmp -- (MEMSWEEP2)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\massfilter.sys -- (massfilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/10/27 18:38:21 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2010/07/21 16:52:14 | 000,044,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
DRV - [2010/05/21 15:03:18 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2010/05/20 15:27:26 | 001,961,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VX1000.sys -- (VX1000)
DRV - [2008/06/13 19:34:12 | 003,592,704 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2008/06/13 19:34:12 | 003,592,704 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/03/06 19:47:34 | 000,106,496 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/03/06 19:44:48 | 000,027,648 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\RtNdPt60.sys -- (RtNdPt60)
DRV - [2008/01/21 10:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2006/11/01 18:50:00 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2006/10/19 02:08:18 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2006/08/05 08:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...ie7&rlz=1I7DAAU
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-30905629-1660685971-3630012643-1000\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = http://google/
IE - HKU\S-1-5-21-30905629-1660685971-3630012643-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=au&ibd=1080802
IE - HKU\S-1-5-21-30905629-1660685971-3630012643-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-30905629-1660685971-3630012643-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-30905629-1660685971-3630012643-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-30905629-1660685971-3630012643-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=au&ibd=1080802
IE - HKU\S-1-5-21-30905629-1660685971-3630012643-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-30905629-1660685971-3630012643-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-30905629-1660685971-3630012643-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-30905629-1660685971-3630012643-1000\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
IE - HKU\S-1-5-21-30905629-1660685971-3630012643-1000\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-30905629-1660685971-3630012643-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-30905629-1660685971-3630012643-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-30905629-1660685971-3630012643-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...00000219b028d60
IE - HKU\S-1-5-21-30905629-1660685971-3630012643-1000\..\SearchScopes\{1A32E4AF-245D-4132-B773-163AC7DE962A}: "URL" = http://websearch.ask...C3-882B2ED3DD41
IE - HKU\S-1-5-21-30905629-1660685971-3630012643-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7GPEA_en
IE - HKU\S-1-5-21-30905629-1660685971-3630012643-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaultthis.engineName: "Google Powered Search"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://search.babylo...0000219b028d60"
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.9
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}:6.0.33
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: {3EC9C995-8072-4fc0-953E-4F30620D17F3}:2.0.0.4
FF - prefs.js..extensions.enabledItems: {ba14329e-9550-4989-b3f2-9732e92d17cc}:2.7.2.0
FF - prefs.js..extensions.enabledItems: [email protected]:3.12.2.16749
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/06 20:37:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/24 08:42:17 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/06 20:37:35 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/24 08:42:17 | 000,000,000 | ---D | M]
[2010/02/08 23:09:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Davie\AppData\Roaming\Mozilla\Extensions
[2010/02/08 23:09:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Davie\AppData\Roaming\Mozilla\Extensions\[email protected]
[2012/09/06 20:37:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\huvoosx4.default\extensions
[2010/04/28 11:53:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\huvoosx4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/12/23 11:07:44 | 000,000,000 | ---D | M] (WeatherBug) -- C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\huvoosx4.default\extensions\{3EC9C995-8072-4fc0-953E-4F30620D17F3}
[2012/03/31 08:09:53 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\huvoosx4.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/12/15 12:19:53 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\huvoosx4.default\extensions\engine@conduit(72).com
[2012/08/31 18:22:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/07/01 18:33:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/08/31 18:22:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/09/05 15:54:43 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/09/05 15:54:27 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
O1 HOSTS File: ([2006/09/19 05:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O3 - HKU\S-1-5-21-30905629-1660685971-3630012643-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-30905629-1660685971-3630012643-1000\..\Toolbar\WebBrowser: (no name) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-30905629-1660685971-3630012643-1000..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - Startup: C:\Users\Davie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Davie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Webshots.lnk = C:\Program Files\Webshots\Launcher.exe ()
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C310A4B4-D2D0-4B83-B141-9D0887C7C045}: DhcpNameServer = 192.168.0.1
O20 - AppInit_DLLs: (c:\progra~2\browse~1\22630~1.40\{16cdf~1\browse~1.dll) - c:\ProgramData\Browser Manager\2.2.630.40\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Users\Davie\AppData\Roaming\Webshots\The Webshots Desktop\Webshots Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Users\Davie\AppData\Roaming\Webshots\The Webshots Desktop\Webshots Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 05:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004/04/30 17:01:00 | 000,000,053 | -HS- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2012/09/06 12:57:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager
[2012/09/05 16:38:17 | 000,000,000 | ---D | C] -- C:\Users\Davie\.thumbnails
[2012/09/05 16:36:14 | 000,000,000 | ---D | C] -- C:\Users\Davie\AppData\Local\fontconfig
[2012/09/05 16:36:13 | 000,000,000 | ---D | C] -- C:\Users\Davie\.gimp-2.8
[2012/09/05 16:36:12 | 000,000,000 | ---D | C] -- C:\Users\Davie\AppData\Local\gegl-0.2
[2012/09/05 16:32:21 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2
[2012/09/05 11:48:37 | 000,000,000 | ---D | C] -- C:\Users\Davie\AppData\Local\{E6B1822A-87DA-4FD6-AE5A-E5727E5E6E6D}
[2012/08/24 09:45:15 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Support Center
[2012/08/24 09:45:14 | 000,000,000 | ---D | C] -- C:\ProgramData\PC-Doctor for Windows
========== Files - Modified Within 30 Days ==========
[2012/09/06 23:22:00 | 000,000,392 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{482C88B6-77D7-485C-AA97-80C9C2BCAB5A}.job
[2012/09/06 23:16:10 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/06 23:15:59 | 000,000,276 | ---- | M] () -- C:\Windows\tasks\RtlNICDiagVistaStart.job
[2012/09/06 23:13:59 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/06 23:13:59 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/06 23:13:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/06 23:05:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/09/06 22:43:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/06 21:17:34 | 000,000,511 | ---- | M] () -- C:\Users\Davie\Desktop\OTL - Shortcut.lnk
[2012/09/06 20:27:16 | 000,511,265 | ---- | M] () -- C:\Users\Davie\Desktop\adwcleaner.exe
[2012/09/06 12:56:54 | 000,104,025 | ---- | M] () -- C:\Windows\unins000.dat
[2012/09/06 12:56:43 | 000,723,294 | ---- | M] () -- C:\Windows\unins000.exe
[2012/09/05 17:11:29 | 000,001,503 | ---- | M] () -- C:\Users\Davie\AppData\Local\recently-used.xbel
[2012/09/05 11:50:21 | 000,039,424 | ---- | M] () -- C:\Users\Davie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/09/03 14:30:56 | 000,001,704 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2012/08/28 09:43:03 | 000,986,149 | ---- | M] () -- C:\Users\Davie\Documents\Alinta Aug 12.PDF
[2012/08/26 20:43:27 | 000,313,720 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
========== Files Created - No Company Name ==========
[2012/09/06 21:17:34 | 000,000,511 | ---- | C] () -- C:\Users\Davie\Desktop\OTL - Shortcut.lnk
[2012/09/06 20:27:11 | 000,511,265 | ---- | C] () -- C:\Users\Davie\Desktop\adwcleaner.exe
[2012/09/06 12:56:53 | 000,723,294 | ---- | C] () -- C:\Windows\unins000.exe
[2012/09/06 12:56:53 | 000,104,025 | ---- | C] () -- C:\Windows\unins000.dat
[2012/09/05 17:11:29 | 000,001,503 | ---- | C] () -- C:\Users\Davie\AppData\Local\recently-used.xbel
[2012/09/05 16:34:34 | 000,000,882 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
[2012/08/28 09:39:21 | 000,986,149 | ---- | C] () -- C:\Users\Davie\Documents\Alinta Aug 12.PDF
[2012/04/18 13:56:30 | 000,000,552 | ---- | C] () -- C:\Users\Davie\AppData\Local\d3d8caps.dat
[2011/06/18 11:49:28 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2011/03/01 11:33:56 | 000,044,598 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2011/03/01 11:33:56 | 000,029,114 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2011/03/01 11:33:56 | 000,021,021 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2011/03/01 11:33:56 | 000,013,280 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2011/03/01 11:33:56 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2010/02/10 17:23:08 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/09/24 16:17:41 | 000,000,000 | ---- | C] () -- C:\Users\Davie\AppData\Roaming\wklnhst.dat
[2009/06/07 14:46:06 | 000,008,248 | ---- | C] () -- C:\Users\Davie\AppData\Local\en.ini
[2008/10/15 16:08:07 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2008/10/12 13:48:59 | 000,026,340 | ---- | C] () -- C:\Users\Davie\AppData\Roaming\UserTile.png
[2008/09/26 11:56:49 | 000,006,836 | ---- | C] () -- C:\Users\Davie\AppData\Local\d3d9caps.dat
[2008/09/25 20:09:50 | 000,039,424 | ---- | C] () -- C:\Users\Davie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
========== LOP Check ==========
[2011/07/04 17:32:35 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\20000Leagues
[2011/06/18 11:57:06 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Absolutist
[2012/01/25 14:57:10 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Apowersoft
[2010/11/15 15:16:05 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Artogon
[2012/01/25 09:17:55 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Azureus
[2010/10/02 12:53:20 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Clickteam
[2010/09/08 16:52:19 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\EleFun Games
[2011/01/07 15:30:36 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\ElementalsTheMagicKey
[2011/04/09 13:01:44 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Eluvo
[2008/09/29 12:23:10 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Eyeblaster
[2010/09/27 16:17:52 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\FreeBurner
[2009/03/04 15:19:22 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\GameHouse
[2010/12/28 12:55:48 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\HitPoint Studios
[2008/09/29 11:45:38 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\iWin
[2011/04/18 20:14:46 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Meridian93
[2011/04/09 09:40:54 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Myme
[2010/04/01 20:33:44 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\MysteryStudio
[2012/03/08 17:19:19 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Natural Threat.Ominous Shores
[2010/12/22 18:49:40 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\NCH Swift Sound
[2009/08/18 14:39:19 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\OpenOffice.org
[2010/12/10 18:39:59 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\PCDr
[2008/10/12 13:48:59 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\PeerNetworking
[2011/07/04 09:36:17 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\PlayFirst
[2011/01/15 20:30:29 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Raptr
[2010/07/07 16:53:01 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\RobinsonCrusoeOM
[2010/10/27 18:19:35 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Samsung
[2011/06/18 10:30:34 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Silverback Productions
[2008/10/18 19:57:10 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\SpinTop
[2012/01/26 15:13:02 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\SpinTop Games
[2011/01/11 16:16:48 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Template
[2012/02/28 15:06:46 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\TOMI3
[2009/10/26 14:23:51 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Uniblue
[2010/12/27 18:23:20 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Watchtower
[2008/09/28 21:14:20 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Webshots
[2011/11/25 15:20:03 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Windows Live Writer
[2012/09/06 23:15:59 | 000,000,276 | ---- | M] () -- C:\Windows\Tasks\RtlNICDiagVistaStart.job
[2012/09/06 23:13:00 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/09/06 23:22:00 | 000,000,392 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{482C88B6-77D7-485C-AA97-80C9C2BCAB5A}.job
========== Purity Check ==========
========== Custom Scans ==========
========== Base Services ==========
SRV - [2006/11/02 17:46:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\aelupsvc.dll -- (AeLookupSvc)
SRV - [2008/01/21 10:24:17 | 000,033,280 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\appinfo.dll -- (Appinfo)
SRV - [2008/01/21 10:24:14 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\alg.exe -- (ALG)
SRV - [2009/04/11 14:28:23 | 000,758,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\qmgr.dll -- (BITS)
SRV - [2009/04/11 14:28:18 | 000,334,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\BFE.DLL -- (BFE)
SRV - [2011/11/16 22:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (KeyIso)
SRV - [2009/04/11 14:28:19 | 000,268,800 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\es.dll -- (EventSystem)
SRV - [2008/01/21 10:24:36 | 000,081,920 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\browser.dll -- (Browser)
SRV - [2012/04/24 00:00:53 | 000,133,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\cryptsvc.dll -- (CryptSvc)
SRV - [2009/04/11 14:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (DcomLaunch)
SRV - [2009/04/11 14:28:18 | 000,204,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcsvc.dll -- (Dhcp)
SRV - [2011/03/02 23:44:27 | 000,086,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dnsrslvr.dll -- (Dnscache)
SRV - [2008/01/21 10:25:01 | 000,057,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\eapsvc.dll -- (EapHost)
SRV - [2009/04/11 14:28:19 | 000,026,112 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\hidserv.dll -- (hidserv)
SRV - [2008/01/21 10:24:09 | 000,288,256 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess)
SRV - [2009/04/11 14:28:20 | 000,364,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\IPSECSVC.DLL -- (PolicyAgent)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2009/04/11 14:28:24 | 000,311,808 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\swprv.dll -- (swprv)
SRV - [2008/01/21 10:24:54 | 000,045,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\mmcss.dll -- (MMCSS)
SRV - [2008/01/21 10:24:11 | 000,274,432 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netman.dll -- (Netman)
SRV - [2008/01/21 10:24:23 | 000,237,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\netprofm.dll -- (netprofm)
SRV - [2008/01/21 10:23:44 | 000,168,448 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nlasvc.dll -- (NlaSvc)
SRV - [2008/01/21 10:24:47 | 000,018,432 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nsisvc.dll -- (nsi)
SRV - [2009/04/11 14:28:25 | 000,222,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpnpmgr.dll -- (PlugPlay)
SRV - [2010/08/17 22:11:37 | 000,128,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\spoolsv.exe -- (Spooler)
SRV - [2011/11/16 22:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (ProtectedStorage)
SRV - [2009/04/11 14:28:19 | 000,564,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\emdmgmt.dll -- (EMDMgmt)
SRV - [2008/01/21 10:24:19 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasauto.dll -- (RasAuto)
SRV - [2009/04/11 14:28:24 | 000,262,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\rasmans.dll -- (RasMan)
SRV - [2009/04/11 14:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (RpcSs)
SRV - [2008/01/21 10:24:35 | 000,019,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\seclogon.dll -- (seclogon)
SRV - [2011/11/16 22:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsass.exe -- (SamSs)
SRV - [2009/04/11 14:28:26 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wscsvc.dll -- (wscsvc)
SRV - [2010/09/07 00:20:29 | 000,125,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\srvsvc.dll -- (LanmanServer)
SRV - [2009/07/10 19:47:42 | 000,247,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (ShellHWDetection)
SRV - [2009/04/11 14:27:49 | 003,408,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\SLsvc.exe -- (slsvc)
SRV - [2010/11/05 02:55:12 | 000,601,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\schedsvc.dll -- (Schedule)
SRV - [2009/04/11 14:28:24 | 000,242,688 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\tapisrv.dll -- (TapiSrv)
SRV - [2009/07/10 19:47:42 | 000,247,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (Themes)
SRV - [2009/04/11 14:28:23 | 000,153,088 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\profsvc.dll -- (ProfSvc)
SRV - [2009/04/11 14:28:10 | 001,055,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\VSSVC.exe -- (VSS)
SRV - [2009/04/11 14:28:18 | 000,315,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (Audiosrv)
SRV - [2009/04/11 14:28:18 | 000,315,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (AudioEndpointBuilder)
SRV - [2008/01/21 10:23:27 | 000,104,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sdrsvc.dll -- (SDRSVC)
SRV - [2008/01/21 10:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/04/11 14:28:25 | 001,017,856 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wevtsvc.dll -- (Eventlog)
SRV - [2009/04/11 14:28:20 | 000,407,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\MPSSVC.dll -- (MpsSvc)
SRV - [2009/04/11 14:28:25 | 000,453,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wiaservc.dll -- (stisvc)
SRV - [2009/04/11 14:27:45 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\msiexec.exe -- (msiserver)
SRV - [2009/04/11 14:28:25 | 000,162,304 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wbem\WMIsvc.dll -- (Winmgmt)
SRV - [2012/06/03 06:19:17 | 001,933,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wuaueng.dll -- (wuauserv)
SRV - [2009/04/11 14:28:18 | 000,175,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dot3svc.dll -- (dot3svc)
SRV - [2009/07/12 03:01:42 | 000,513,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wlansvc.dll -- (Wlansvc)
SRV - [2009/06/10 19:42:23 | 000,160,256 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wkssvc.dll -- (LanmanWorkstation)
< %SYSTEMDRIVE%\*.exe >
[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
< MD5 for: EXPLORER.EXE >
[2008/10/29 14:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 14:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/30 11:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 14:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 14:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/28 10:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/21 10:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
< MD5 for: QMGR.DLL >
[2008/01/21 10:25:00 | 000,758,272 | ---- | M] (Microsoft Corporation) MD5=02ED7B4DBC2A3232A389106DA7515C3D -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6001.18000_none_2390c4ecf9720b8c\qmgr.dll
[2009/04/11 14:28:23 | 000,758,784 | ---- | M] (Microsoft Corporation) MD5=93952506C6D67330367F7E7934B6A02F -- C:\Windows\System32\qmgr.dll
[2009/04/11 14:28:23 | 000,758,784 | ---- | M] (Microsoft Corporation) MD5=93952506C6D67330367F7E7934B6A02F -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6002.18005_none_257c3df8f693d6d8\qmgr.dll
< MD5 for: SERVICES >
[2006/09/19 05:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\System32\drivers\etc\services
[2006/09/19 05:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6000.16386_none_024e4071fa6fea95\services
< MD5 for: SERVICES.CFG >
[2012/07/28 04:51:34 | 000,586,083 | ---- | M] () MD5=6DE4EA437EC1FE6DB27CADB0A7EA8DC2 -- C:\Program Files\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011/06/06 12:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg
< MD5 for: SERVICES.EXE >
[2008/01/21 10:24:48 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2009/04/11 14:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\System32\services.exe
[2009/04/11 14:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
< MD5 for: SERVICES.EXE.MUI >
[2006/11/02 20:40:53 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\System32\en-US\services.exe.mui
[2006/11/02 20:40:53 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.0.6000.16386_en-us_67c6851b290a1ced\services.exe.mui
< MD5 for: SERVICES.LNK >
[2008/01/21 10:42:58 | 000,001,688 | ---- | M] () MD5=C50AE46E57C3F3FB61A3B3A1E5D9C412 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/21 10:42:58 | 000,001,688 | ---- | M] () MD5=C50AE46E57C3F3FB61A3B3A1E5D9C412 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
< MD5 for: SERVICES.MOF >
[2006/09/19 05:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2006/09/19 05:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.mof
[2006/09/19 05:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.mof
< MD5 for: SERVICES.MSC >
[2006/11/02 20:41:29 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\en-US\services.msc
[2006/09/19 05:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2006/11/02 20:41:29 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.0.6000.16386_en-us_a2085506ff73b6e0\services.msc
[2006/09/19 05:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6001.18000_none_cf63e2a445bae4e3\services.msc
< MD5 for: SERVICES.PNG >
[2012/08/18 05:27:50 | 000,001,509 | ---- | M] () MD5=F4EC3ABEAE15FA9BB42D721E9D543F44 -- C:\Program Files\Dell Support Center\Images\icons\png\24_24\services.png
< MD5 for: SERVICES.RDB >
[2011/01/17 19:14:32 | 000,237,568 | ---- | M] () MD5=507957679AE4579C15D57FA741EA6FFA -- C:\Program Files\OpenOffice.org 3\URE\misc\services.rdb
[2011/01/17 19:14:04 | 005,539,328 | ---- | M] () MD5=F2B666905F7FDAA80C86A101A7DE62F9 -- C:\Program Files\OpenOffice.org 3\Basis\program\services.rdb
< MD5 for: SERVICES.XML >
[2008/09/26 17:29:27 | 000,000,747 | ---- | M] () MD5=02A6C165D6B7F2D7614F5819A4BFA7B2 -- C:\Users\Davie\AppData\Local\VirtualStore\Program Files\Telstra\BigPond Assist\services.xml
< MD5 for: SVCHOST.EXE >
[2008/01/21 10:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/21 10:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
< MD5 for: USERINIT.EXE >
[2008/01/21 10:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/21 10:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
< MD5 for: WINLOGON.EXE >
[2009/04/11 14:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 14:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/01/21 10:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
< %systemdrive%\$Recycle.Bin|@;true;true;true >
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS /s >
"DisplayName" = @%SystemRoot%\system32\qmgr.dll,-1000
"ImagePath" = %SystemRoot%\System32\svchost.exe -k netsvcs -- [2008/01/21 10:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation)
"Description" = @%SystemRoot%\system32\qmgr.dll,-1001
"ObjectName" = LocalSystem
"ErrorControl" = 1
"Start" = 2
"DelayedAutoStart" = 1
"Type" = 32
"DependOnService" = RpcSsEventSystem [binary data]
"ServiceSidType" = 1
"RequiredPrivileges" = [Binary data over 100 bytes]
"FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 60 EA 00 00 01 00 00 00 C0 D4 01 00 00 00 00 00 00 00 00 00 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Parameters]
"ServiceDll" = %SystemRoot%\System32\qmgr.dll -- [2009/04/11 14:28:23 | 000,758,784 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Performance]
"Library" = bitsperf.dll -- [2006/11/02 17:46:02 | 000,017,920 | ---- | M] (Microsoft Corporation)
"Open" = PerfMon_Open
"Collect" = PerfMon_Collect
"Close" = PerfMon_Close
"InstallType" = 1
"PerfIniFile" = bitsctrs.ini
"First Counter" = 1908
"Last Counter" = 1924
"First Help" = 1909
"Last Help" = 1925
"Object List" = 1908
"1008" = Reg Error: Unknown registry data type -- File not found
"PerfMMFileName" = Global\MMF_BITS_s
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Security]
"Security" = [Binary data over 100 bytes]
========== Alternate Data Streams ==========
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:621BEE66
@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:5A9AF3C7
@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:57DC3B52
@Alternate Data Stream - 249 bytes -> C:\ProgramData\TEMP:4D8FCBEF
@Alternate Data Stream - 220 bytes -> C:\ProgramData\TEMP:89A5891E
@Alternate Data Stream - 194 bytes -> C:\ProgramData\TEMP:C0A1A8AA
@Alternate Data Stream - 176 bytes -> C:\ProgramData\TEMP:55422315
@Alternate Data Stream - 162 bytes -> C:\ProgramData\TEMP:ABE30DDB
@Alternate Data Stream - 156 bytes -> C:\ProgramData\TEMP:77A023CE
@Alternate Data Stream - 154 bytes -> C:\ProgramData\TEMP:EF1813D7
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:D751C674
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:A53FFC56
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:0441DB7A
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:6C1A9365
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:D5BF78B4
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:157D4840
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:83E716F0
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:872B86AD
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:2F4A0A6B
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:F216755A
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:5311B0B8
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:C7F04040
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:0D31DA45
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:B6C77675
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:8DFE5191
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:444169A0
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:FFFCB9A9
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:8668AB36
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:3E69E337
< End of report >
OTL logfile created on: 6/09/2012 11:22:23 PM - Run 2
OTL by OldTimer - Version 3.2.61.0 Folder = C:\Users\Davie\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy
3.25 Gb Total Physical Memory | 2.04 Gb Available Physical Memory | 62.81% Memory free
6.72 Gb Paging File | 5.51 Gb Available in Paging File | 81.95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 450.68 Gb Total Space | 382.05 Gb Free Space | 84.77% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 8.61 Gb Free Space | 57.41% Space Free | Partition Type: NTFS
Computer Name: DAVIE-PC | User Name: Davie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/09/06 21:16:08 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\Davie\Downloads\OTL.exe
PRC - [2012/09/05 15:54:43 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/07/28 04:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2011/09/07 01:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011/08/18 23:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2011/08/18 23:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files\Dell DataSafe Local Backup\SftService.exe
PRC - [2011/08/02 01:56:48 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2010/05/20 15:27:24 | 000,762,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\vVX1000.exe
PRC - [2010/05/20 15:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2009/04/11 14:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/05/13 16:33:10 | 001,058,088 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DellDock.exe
PRC - [2008/04/28 16:56:28 | 000,161,048 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/03/06 19:52:56 | 004,706,304 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/11/21 10:11:05 | 003,289,088 | ---- | M] (Google) -- C:\Program Files\Google\Google Talk\googletalk.exe
PRC - [2006/01/25 16:14:44 | 001,646,592 | ---- | M] (Webshots.com) -- C:\Program Files\Webshots\webshots.scr
========== Modules (No Company Name) ==========
MOD - [2012/09/06 12:57:08 | 002,073,112 | ---- | M] () -- c:\ProgramData\Browser Manager\2.2.630.40\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll
MOD - [2012/09/05 15:54:28 | 002,242,528 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/06/14 11:17:43 | 001,523,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\DellDock\cbaab9a3d542f178ef9f4ed2998b6347\DellDock.ni.exe
MOD - [2012/06/14 11:17:43 | 000,223,744 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\VistaBridgeLibrary\09921757c265f71e2458696d7f64cc5e\VistaBridgeLibrary.ni.dll
MOD - [2012/06/14 11:17:42 | 000,061,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MyDock.Util\7c673f0e46d9d52167ee9ae5d1e73a7a\MyDock.Util.ni.dll
MOD - [2012/06/14 10:31:02 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
MOD - [2012/06/14 10:30:54 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
MOD - [2012/06/14 10:30:33 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7343fbab1ba137db2f8b284047ef3f3c\PresentationFramework.ni.dll
MOD - [2012/06/14 10:29:55 | 012,219,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7b6293b0c23321c255c2530aea8e32bb\PresentationCore.ni.dll
MOD - [2012/05/10 13:29:12 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3d4d5fe5ab848fbfcf91a49960dc8ae\System.Management.ni.dll
MOD - [2012/05/10 13:29:07 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll
MOD - [2012/05/10 12:28:39 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012/05/10 12:28:03 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\0f2b877ed16daa577f95be735a63d19c\System.Core.ni.dll
MOD - [2012/05/10 12:28:00 | 000,224,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d81872939252c65b6f1127f331b84de0\PresentationFramework.Classic.ni.dll
MOD - [2012/05/10 12:27:26 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\54426ee1881b42af5b090e223f43823c\WindowsBase.ni.dll
MOD - [2012/05/10 12:27:23 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012/05/10 12:27:16 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2011/08/18 23:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
MOD - [2008/06/13 19:34:14 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
========== Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- -- (sprtsvc_dellsupportcenter)
SRV - [2012/09/05 15:54:43 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/03 14:38:39 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/28 04:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/08/18 23:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2010/05/20 15:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2008/08/01 17:29:11 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/04/28 16:56:28 | 000,161,048 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/01/21 10:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\sscdmdm.sys -- (sscdmdm)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\sscdmdfl.sys -- (sscdmdfl)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\sscdbus.sys -- (sscdbus)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\BCEB.tmp -- (MEMSWEEP2)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\massfilter.sys -- (massfilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/10/27 18:38:21 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2010/07/21 16:52:14 | 000,044,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
DRV - [2010/05/21 15:03:18 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2010/05/20 15:27:26 | 001,961,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VX1000.sys -- (VX1000)
DRV - [2008/06/13 19:34:12 | 003,592,704 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2008/06/13 19:34:12 | 003,592,704 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/03/06 19:47:34 | 000,106,496 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/03/06 19:44:48 | 000,027,648 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\RtNdPt60.sys -- (RtNdPt60)
DRV - [2008/01/21 10:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2006/11/01 18:50:00 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2006/10/19 02:08:18 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2006/08/05 08:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...ie7&rlz=1I7DAAU
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-30905629-1660685971-3630012643-1000\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = http://google/
IE - HKU\S-1-5-21-30905629-1660685971-3630012643-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=au&ibd=1080802
IE - HKU\S-1-5-21-30905629-1660685971-3630012643-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-30905629-1660685971-3630012643-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-30905629-1660685971-3630012643-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-30905629-1660685971-3630012643-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=au&ibd=1080802
IE - HKU\S-1-5-21-30905629-1660685971-3630012643-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-30905629-1660685971-3630012643-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-30905629-1660685971-3630012643-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-30905629-1660685971-3630012643-1000\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
IE - HKU\S-1-5-21-30905629-1660685971-3630012643-1000\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-30905629-1660685971-3630012643-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-30905629-1660685971-3630012643-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-30905629-1660685971-3630012643-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...00000219b028d60
IE - HKU\S-1-5-21-30905629-1660685971-3630012643-1000\..\SearchScopes\{1A32E4AF-245D-4132-B773-163AC7DE962A}: "URL" = http://websearch.ask...C3-882B2ED3DD41
IE - HKU\S-1-5-21-30905629-1660685971-3630012643-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7GPEA_en
IE - HKU\S-1-5-21-30905629-1660685971-3630012643-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaultthis.engineName: "Google Powered Search"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://search.babylo...0000219b028d60"
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.9
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}:6.0.33
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: {3EC9C995-8072-4fc0-953E-4F30620D17F3}:2.0.0.4
FF - prefs.js..extensions.enabledItems: {ba14329e-9550-4989-b3f2-9732e92d17cc}:2.7.2.0
FF - prefs.js..extensions.enabledItems: [email protected]:3.12.2.16749
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/06 20:37:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/24 08:42:17 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/06 20:37:35 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/24 08:42:17 | 000,000,000 | ---D | M]
[2010/02/08 23:09:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Davie\AppData\Roaming\Mozilla\Extensions
[2010/02/08 23:09:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Davie\AppData\Roaming\Mozilla\Extensions\[email protected]
[2012/09/06 20:37:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\huvoosx4.default\extensions
[2010/04/28 11:53:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\huvoosx4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/12/23 11:07:44 | 000,000,000 | ---D | M] (WeatherBug) -- C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\huvoosx4.default\extensions\{3EC9C995-8072-4fc0-953E-4F30620D17F3}
[2012/03/31 08:09:53 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\huvoosx4.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/12/15 12:19:53 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\huvoosx4.default\extensions\engine@conduit(72).com
[2012/08/31 18:22:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/07/01 18:33:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/08/31 18:22:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/09/05 15:54:43 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/09/05 15:54:27 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
O1 HOSTS File: ([2006/09/19 05:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O3 - HKU\S-1-5-21-30905629-1660685971-3630012643-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-30905629-1660685971-3630012643-1000\..\Toolbar\WebBrowser: (no name) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-30905629-1660685971-3630012643-1000..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - Startup: C:\Users\Davie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Davie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Webshots.lnk = C:\Program Files\Webshots\Launcher.exe ()
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C310A4B4-D2D0-4B83-B141-9D0887C7C045}: DhcpNameServer = 192.168.0.1
O20 - AppInit_DLLs: (c:\progra~2\browse~1\22630~1.40\{16cdf~1\browse~1.dll) - c:\ProgramData\Browser Manager\2.2.630.40\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Users\Davie\AppData\Roaming\Webshots\The Webshots Desktop\Webshots Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Users\Davie\AppData\Roaming\Webshots\The Webshots Desktop\Webshots Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 05:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004/04/30 17:01:00 | 000,000,053 | -HS- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2012/09/06 12:57:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager
[2012/09/05 16:38:17 | 000,000,000 | ---D | C] -- C:\Users\Davie\.thumbnails
[2012/09/05 16:36:14 | 000,000,000 | ---D | C] -- C:\Users\Davie\AppData\Local\fontconfig
[2012/09/05 16:36:13 | 000,000,000 | ---D | C] -- C:\Users\Davie\.gimp-2.8
[2012/09/05 16:36:12 | 000,000,000 | ---D | C] -- C:\Users\Davie\AppData\Local\gegl-0.2
[2012/09/05 16:32:21 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2
[2012/09/05 11:48:37 | 000,000,000 | ---D | C] -- C:\Users\Davie\AppData\Local\{E6B1822A-87DA-4FD6-AE5A-E5727E5E6E6D}
[2012/08/24 09:45:15 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Support Center
[2012/08/24 09:45:14 | 000,000,000 | ---D | C] -- C:\ProgramData\PC-Doctor for Windows
========== Files - Modified Within 30 Days ==========
[2012/09/06 23:22:00 | 000,000,392 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{482C88B6-77D7-485C-AA97-80C9C2BCAB5A}.job
[2012/09/06 23:16:10 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/06 23:15:59 | 000,000,276 | ---- | M] () -- C:\Windows\tasks\RtlNICDiagVistaStart.job
[2012/09/06 23:13:59 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/06 23:13:59 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/06 23:13:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/06 23:05:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/09/06 22:43:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/06 21:17:34 | 000,000,511 | ---- | M] () -- C:\Users\Davie\Desktop\OTL - Shortcut.lnk
[2012/09/06 20:27:16 | 000,511,265 | ---- | M] () -- C:\Users\Davie\Desktop\adwcleaner.exe
[2012/09/06 12:56:54 | 000,104,025 | ---- | M] () -- C:\Windows\unins000.dat
[2012/09/06 12:56:43 | 000,723,294 | ---- | M] () -- C:\Windows\unins000.exe
[2012/09/05 17:11:29 | 000,001,503 | ---- | M] () -- C:\Users\Davie\AppData\Local\recently-used.xbel
[2012/09/05 11:50:21 | 000,039,424 | ---- | M] () -- C:\Users\Davie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/09/03 14:30:56 | 000,001,704 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2012/08/28 09:43:03 | 000,986,149 | ---- | M] () -- C:\Users\Davie\Documents\Alinta Aug 12.PDF
[2012/08/26 20:43:27 | 000,313,720 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
========== Files Created - No Company Name ==========
[2012/09/06 21:17:34 | 000,000,511 | ---- | C] () -- C:\Users\Davie\Desktop\OTL - Shortcut.lnk
[2012/09/06 20:27:11 | 000,511,265 | ---- | C] () -- C:\Users\Davie\Desktop\adwcleaner.exe
[2012/09/06 12:56:53 | 000,723,294 | ---- | C] () -- C:\Windows\unins000.exe
[2012/09/06 12:56:53 | 000,104,025 | ---- | C] () -- C:\Windows\unins000.dat
[2012/09/05 17:11:29 | 000,001,503 | ---- | C] () -- C:\Users\Davie\AppData\Local\recently-used.xbel
[2012/09/05 16:34:34 | 000,000,882 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
[2012/08/28 09:39:21 | 000,986,149 | ---- | C] () -- C:\Users\Davie\Documents\Alinta Aug 12.PDF
[2012/04/18 13:56:30 | 000,000,552 | ---- | C] () -- C:\Users\Davie\AppData\Local\d3d8caps.dat
[2011/06/18 11:49:28 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2011/03/01 11:33:56 | 000,044,598 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2011/03/01 11:33:56 | 000,029,114 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2011/03/01 11:33:56 | 000,021,021 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2011/03/01 11:33:56 | 000,013,280 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2011/03/01 11:33:56 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2010/02/10 17:23:08 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/09/24 16:17:41 | 000,000,000 | ---- | C] () -- C:\Users\Davie\AppData\Roaming\wklnhst.dat
[2009/06/07 14:46:06 | 000,008,248 | ---- | C] () -- C:\Users\Davie\AppData\Local\en.ini
[2008/10/15 16:08:07 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2008/10/12 13:48:59 | 000,026,340 | ---- | C] () -- C:\Users\Davie\AppData\Roaming\UserTile.png
[2008/09/26 11:56:49 | 000,006,836 | ---- | C] () -- C:\Users\Davie\AppData\Local\d3d9caps.dat
[2008/09/25 20:09:50 | 000,039,424 | ---- | C] () -- C:\Users\Davie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
========== LOP Check ==========
[2011/07/04 17:32:35 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\20000Leagues
[2011/06/18 11:57:06 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Absolutist
[2012/01/25 14:57:10 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Apowersoft
[2010/11/15 15:16:05 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Artogon
[2012/01/25 09:17:55 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Azureus
[2010/10/02 12:53:20 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Clickteam
[2010/09/08 16:52:19 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\EleFun Games
[2011/01/07 15:30:36 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\ElementalsTheMagicKey
[2011/04/09 13:01:44 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Eluvo
[2008/09/29 12:23:10 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Eyeblaster
[2010/09/27 16:17:52 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\FreeBurner
[2009/03/04 15:19:22 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\GameHouse
[2010/12/28 12:55:48 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\HitPoint Studios
[2008/09/29 11:45:38 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\iWin
[2011/04/18 20:14:46 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Meridian93
[2011/04/09 09:40:54 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Myme
[2010/04/01 20:33:44 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\MysteryStudio
[2012/03/08 17:19:19 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Natural Threat.Ominous Shores
[2010/12/22 18:49:40 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\NCH Swift Sound
[2009/08/18 14:39:19 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\OpenOffice.org
[2010/12/10 18:39:59 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\PCDr
[2008/10/12 13:48:59 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\PeerNetworking
[2011/07/04 09:36:17 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\PlayFirst
[2011/01/15 20:30:29 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Raptr
[2010/07/07 16:53:01 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\RobinsonCrusoeOM
[2010/10/27 18:19:35 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Samsung
[2011/06/18 10:30:34 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Silverback Productions
[2008/10/18 19:57:10 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\SpinTop
[2012/01/26 15:13:02 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\SpinTop Games
[2011/01/11 16:16:48 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Template
[2012/02/28 15:06:46 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\TOMI3
[2009/10/26 14:23:51 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Uniblue
[2010/12/27 18:23:20 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Watchtower
[2008/09/28 21:14:20 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Webshots
[2011/11/25 15:20:03 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Windows Live Writer
[2012/09/06 23:15:59 | 000,000,276 | ---- | M] () -- C:\Windows\Tasks\RtlNICDiagVistaStart.job
[2012/09/06 23:13:00 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/09/06 23:22:00 | 000,000,392 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{482C88B6-77D7-485C-AA97-80C9C2BCAB5A}.job
========== Purity Check ==========
========== Custom Scans ==========
========== Base Services ==========
SRV - [2006/11/02 17:46:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\aelupsvc.dll -- (AeLookupSvc)
SRV - [2008/01/21 10:24:17 | 000,033,280 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\appinfo.dll -- (Appinfo)
SRV - [2008/01/21 10:24:14 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\alg.exe -- (ALG)
SRV - [2009/04/11 14:28:23 | 000,758,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\qmgr.dll -- (BITS)
SRV - [2009/04/11 14:28:18 | 000,334,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\BFE.DLL -- (BFE)
SRV - [2011/11/16 22:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (KeyIso)
SRV - [2009/04/11 14:28:19 | 000,268,800 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\es.dll -- (EventSystem)
SRV - [2008/01/21 10:24:36 | 000,081,920 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\browser.dll -- (Browser)
SRV - [2012/04/24 00:00:53 | 000,133,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\cryptsvc.dll -- (CryptSvc)
SRV - [2009/04/11 14:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (DcomLaunch)
SRV - [2009/04/11 14:28:18 | 000,204,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcsvc.dll -- (Dhcp)
SRV - [2011/03/02 23:44:27 | 000,086,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dnsrslvr.dll -- (Dnscache)
SRV - [2008/01/21 10:25:01 | 000,057,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\eapsvc.dll -- (EapHost)
SRV - [2009/04/11 14:28:19 | 000,026,112 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\hidserv.dll -- (hidserv)
SRV - [2008/01/21 10:24:09 | 000,288,256 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess)
SRV - [2009/04/11 14:28:20 | 000,364,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\IPSECSVC.DLL -- (PolicyAgent)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2009/04/11 14:28:24 | 000,311,808 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\swprv.dll -- (swprv)
SRV - [2008/01/21 10:24:54 | 000,045,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\mmcss.dll -- (MMCSS)
SRV - [2008/01/21 10:24:11 | 000,274,432 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netman.dll -- (Netman)
SRV - [2008/01/21 10:24:23 | 000,237,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\netprofm.dll -- (netprofm)
SRV - [2008/01/21 10:23:44 | 000,168,448 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nlasvc.dll -- (NlaSvc)
SRV - [2008/01/21 10:24:47 | 000,018,432 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nsisvc.dll -- (nsi)
SRV - [2009/04/11 14:28:25 | 000,222,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpnpmgr.dll -- (PlugPlay)
SRV - [2010/08/17 22:11:37 | 000,128,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\spoolsv.exe -- (Spooler)
SRV - [2011/11/16 22:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (ProtectedStorage)
SRV - [2009/04/11 14:28:19 | 000,564,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\emdmgmt.dll -- (EMDMgmt)
SRV - [2008/01/21 10:24:19 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasauto.dll -- (RasAuto)
SRV - [2009/04/11 14:28:24 | 000,262,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\rasmans.dll -- (RasMan)
SRV - [2009/04/11 14:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (RpcSs)
SRV - [2008/01/21 10:24:35 | 000,019,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\seclogon.dll -- (seclogon)
SRV - [2011/11/16 22:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsass.exe -- (SamSs)
SRV - [2009/04/11 14:28:26 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wscsvc.dll -- (wscsvc)
SRV - [2010/09/07 00:20:29 | 000,125,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\srvsvc.dll -- (LanmanServer)
SRV - [2009/07/10 19:47:42 | 000,247,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (ShellHWDetection)
SRV - [2009/04/11 14:27:49 | 003,408,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\SLsvc.exe -- (slsvc)
SRV - [2010/11/05 02:55:12 | 000,601,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\schedsvc.dll -- (Schedule)
SRV - [2009/04/11 14:28:24 | 000,242,688 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\tapisrv.dll -- (TapiSrv)
SRV - [2009/07/10 19:47:42 | 000,247,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (Themes)
SRV - [2009/04/11 14:28:23 | 000,153,088 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\profsvc.dll -- (ProfSvc)
SRV - [2009/04/11 14:28:10 | 001,055,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\VSSVC.exe -- (VSS)
SRV - [2009/04/11 14:28:18 | 000,315,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (Audiosrv)
SRV - [2009/04/11 14:28:18 | 000,315,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (AudioEndpointBuilder)
SRV - [2008/01/21 10:23:27 | 000,104,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sdrsvc.dll -- (SDRSVC)
SRV - [2008/01/21 10:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/04/11 14:28:25 | 001,017,856 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wevtsvc.dll -- (Eventlog)
SRV - [2009/04/11 14:28:20 | 000,407,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\MPSSVC.dll -- (MpsSvc)
SRV - [2009/04/11 14:28:25 | 000,453,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wiaservc.dll -- (stisvc)
SRV - [2009/04/11 14:27:45 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\msiexec.exe -- (msiserver)
SRV - [2009/04/11 14:28:25 | 000,162,304 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wbem\WMIsvc.dll -- (Winmgmt)
SRV - [2012/06/03 06:19:17 | 001,933,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wuaueng.dll -- (wuauserv)
SRV - [2009/04/11 14:28:18 | 000,175,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dot3svc.dll -- (dot3svc)
SRV - [2009/07/12 03:01:42 | 000,513,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wlansvc.dll -- (Wlansvc)
SRV - [2009/06/10 19:42:23 | 000,160,256 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wkssvc.dll -- (LanmanWorkstation)
< %SYSTEMDRIVE%\*.exe >
[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
< MD5 for: EXPLORER.EXE >
[2008/10/29 14:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 14:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/30 11:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 14:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 14:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/28 10:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/21 10:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
< MD5 for: QMGR.DLL >
[2008/01/21 10:25:00 | 000,758,272 | ---- | M] (Microsoft Corporation) MD5=02ED7B4DBC2A3232A389106DA7515C3D -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6001.18000_none_2390c4ecf9720b8c\qmgr.dll
[2009/04/11 14:28:23 | 000,758,784 | ---- | M] (Microsoft Corporation) MD5=93952506C6D67330367F7E7934B6A02F -- C:\Windows\System32\qmgr.dll
[2009/04/11 14:28:23 | 000,758,784 | ---- | M] (Microsoft Corporation) MD5=93952506C6D67330367F7E7934B6A02F -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6002.18005_none_257c3df8f693d6d8\qmgr.dll
< MD5 for: SERVICES >
[2006/09/19 05:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\System32\drivers\etc\services
[2006/09/19 05:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6000.16386_none_024e4071fa6fea95\services
< MD5 for: SERVICES.CFG >
[2012/07/28 04:51:34 | 000,586,083 | ---- | M] () MD5=6DE4EA437EC1FE6DB27CADB0A7EA8DC2 -- C:\Program Files\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011/06/06 12:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg
< MD5 for: SERVICES.EXE >
[2008/01/21 10:24:48 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2009/04/11 14:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\System32\services.exe
[2009/04/11 14:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
< MD5 for: SERVICES.EXE.MUI >
[2006/11/02 20:40:53 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\System32\en-US\services.exe.mui
[2006/11/02 20:40:53 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.0.6000.16386_en-us_67c6851b290a1ced\services.exe.mui
< MD5 for: SERVICES.LNK >
[2008/01/21 10:42:58 | 000,001,688 | ---- | M] () MD5=C50AE46E57C3F3FB61A3B3A1E5D9C412 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/21 10:42:58 | 000,001,688 | ---- | M] () MD5=C50AE46E57C3F3FB61A3B3A1E5D9C412 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
< MD5 for: SERVICES.MOF >
[2006/09/19 05:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2006/09/19 05:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.mof
[2006/09/19 05:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.mof
< MD5 for: SERVICES.MSC >
[2006/11/02 20:41:29 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\en-US\services.msc
[2006/09/19 05:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2006/11/02 20:41:29 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.0.6000.16386_en-us_a2085506ff73b6e0\services.msc
[2006/09/19 05:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6001.18000_none_cf63e2a445bae4e3\services.msc
< MD5 for: SERVICES.PNG >
[2012/08/18 05:27:50 | 000,001,509 | ---- | M] () MD5=F4EC3ABEAE15FA9BB42D721E9D543F44 -- C:\Program Files\Dell Support Center\Images\icons\png\24_24\services.png
< MD5 for: SERVICES.RDB >
[2011/01/17 19:14:32 | 000,237,568 | ---- | M] () MD5=507957679AE4579C15D57FA741EA6FFA -- C:\Program Files\OpenOffice.org 3\URE\misc\services.rdb
[2011/01/17 19:14:04 | 005,539,328 | ---- | M] () MD5=F2B666905F7FDAA80C86A101A7DE62F9 -- C:\Program Files\OpenOffice.org 3\Basis\program\services.rdb
< MD5 for: SERVICES.XML >
[2008/09/26 17:29:27 | 000,000,747 | ---- | M] () MD5=02A6C165D6B7F2D7614F5819A4BFA7B2 -- C:\Users\Davie\AppData\Local\VirtualStore\Program Files\Telstra\BigPond Assist\services.xml
< MD5 for: SVCHOST.EXE >
[2008/01/21 10:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/21 10:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
< MD5 for: USERINIT.EXE >
[2008/01/21 10:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/21 10:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
< MD5 for: WINLOGON.EXE >
[2009/04/11 14:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 14:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/01/21 10:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
< %systemdrive%\$Recycle.Bin|@;true;true;true >
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS /s >
"DisplayName" = @%SystemRoot%\system32\qmgr.dll,-1000
"ImagePath" = %SystemRoot%\System32\svchost.exe -k netsvcs -- [2008/01/21 10:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation)
"Description" = @%SystemRoot%\system32\qmgr.dll,-1001
"ObjectName" = LocalSystem
"ErrorControl" = 1
"Start" = 2
"DelayedAutoStart" = 1
"Type" = 32
"DependOnService" = RpcSsEventSystem [binary data]
"ServiceSidType" = 1
"RequiredPrivileges" = [Binary data over 100 bytes]
"FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 60 EA 00 00 01 00 00 00 C0 D4 01 00 00 00 00 00 00 00 00 00 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Parameters]
"ServiceDll" = %SystemRoot%\System32\qmgr.dll -- [2009/04/11 14:28:23 | 000,758,784 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Performance]
"Library" = bitsperf.dll -- [2006/11/02 17:46:02 | 000,017,920 | ---- | M] (Microsoft Corporation)
"Open" = PerfMon_Open
"Collect" = PerfMon_Collect
"Close" = PerfMon_Close
"InstallType" = 1
"PerfIniFile" = bitsctrs.ini
"First Counter" = 1908
"Last Counter" = 1924
"First Help" = 1909
"Last Help" = 1925
"Object List" = 1908
"1008" = Reg Error: Unknown registry data type -- File not found
"PerfMMFileName" = Global\MMF_BITS_s
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Security]
"Security" = [Binary data over 100 bytes]
========== Alternate Data Streams ==========
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:621BEE66
@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:5A9AF3C7
@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:57DC3B52
@Alternate Data Stream - 249 bytes -> C:\ProgramData\TEMP:4D8FCBEF
@Alternate Data Stream - 220 bytes -> C:\ProgramData\TEMP:89A5891E
@Alternate Data Stream - 194 bytes -> C:\ProgramData\TEMP:C0A1A8AA
@Alternate Data Stream - 176 bytes -> C:\ProgramData\TEMP:55422315
@Alternate Data Stream - 162 bytes -> C:\ProgramData\TEMP:ABE30DDB
@Alternate Data Stream - 156 bytes -> C:\ProgramData\TEMP:77A023CE
@Alternate Data Stream - 154 bytes -> C:\ProgramData\TEMP:EF1813D7
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:D751C674
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:A53FFC56
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:0441DB7A
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:6C1A9365
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:D5BF78B4
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:157D4840
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:83E716F0
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:872B86AD
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:2F4A0A6B
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:F216755A
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:5311B0B8
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:C7F04040
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:0D31DA45
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:B6C77675
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:8DFE5191
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:444169A0
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:FFFCB9A9
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:8668AB36
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:3E69E337
< End of report >
#4
Posted 06 September 2012 - 11:23 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Could you confirm that it is now history ?
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL IE - HKU\S-1-5-21-30905629-1660685971-3630012643-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...00000219b028d60 FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)" FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)" FF - prefs.js..browser.startup.homepage: "http://search.babylon.com/?affID=44444&tt=3612_6&babsrc=HP_ss&mntrId=cc479e9f00000000000000219b028d60" FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}:6.0.33 FF - prefs.js..extensions.enabledItems: {ba14329e-9550-4989-b3f2-9732e92d17cc}:2.7.2.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 [2012/07/01 18:33:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} O3 - HKU\S-1-5-21-30905629-1660685971-3630012643-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\S-1-5-21-30905629-1660685971-3630012643-1000\..\Toolbar\WebBrowser: (no name) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - No CLSID value found. O4 - HKLM..\Run: [] File not found O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05) :Files c:\ProgramData\Browser Manager :Commands [purity] [resethosts] [emptytemp] [CREATERESTOREPOINT] [Reboot] - Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
#5
Posted 06 September 2012 - 08:54 PM
Zambian
- Topic Starter
-
- Member
-
- 66 posts
Member
Hello, thanks for that but Babylon is still my search engine. strange things are happening, I can't find the log from OTL to post, the browser seems to acting up. When i read the log it said all threats were removed and gave a list of files that were removed or just moved. One thing i noticed was on the OTL program i have there is no Include 64 bit scan provision could this be the problem? I only downloaded the program yesterday so it should be up to date.
#6
Posted 07 September 2012 - 06:40 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
64 bit will not show as your system is 32 bit
Could you run a fresh OTL scan please and let me know which browser has the search engine still
Could you run a fresh OTL scan please and let me know which browser has the search engine still
#7
Posted 07 September 2012 - 07:14 AM
Zambian
- Topic Starter
-
- Member
-
- 66 posts
Member
Hello again, i was worried earlier because i was unable to access Geeks to go site but it must have been busy. Babylon seems to be only in Firefox but internet explorer seems to be using a different search engine although it says Google, but i'm not sure because i never use it Here are logs,OTL logfile created on: 7/09/2012 8:55:56 PM - Run 3
OTL by OldTimer - Version 3.2.61.0 Folder = C:\Users\Davie\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy
3.25 Gb Total Physical Memory | 2.11 Gb Available Physical Memory | 64.97% Memory free
6.71 Gb Paging File | 5.57 Gb Available in Paging File | 82.99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 450.68 Gb Total Space | 379.89 Gb Free Space | 84.29% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 8.61 Gb Free Space | 57.41% Space Free | Partition Type: NTFS
Computer Name: DAVIE-PC | User Name: Davie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/09/06 21:16:08 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\Davie\Downloads\OTL.exe
PRC - [2012/07/28 04:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2011/09/07 01:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011/08/18 23:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2011/08/18 23:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files\Dell DataSafe Local Backup\SftService.exe
PRC - [2011/08/02 01:56:48 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2010/05/20 15:27:24 | 000,762,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\vVX1000.exe
PRC - [2010/05/20 15:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2009/04/11 14:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/05/13 16:33:10 | 001,058,088 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DellDock.exe
PRC - [2008/04/28 16:56:28 | 000,161,048 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/03/06 19:52:56 | 004,706,304 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/11/21 10:11:05 | 003,289,088 | ---- | M] (Google) -- C:\Program Files\Google\Google Talk\googletalk.exe
PRC - [2006/01/25 16:14:44 | 001,646,592 | ---- | M] (Webshots.com) -- C:\Program Files\Webshots\webshots.scr
========== Modules (No Company Name) ==========
MOD - [2012/09/06 12:57:08 | 002,073,112 | ---- | M] () -- c:\ProgramData\Browser Manager\2.2.630.40\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll
MOD - [2012/06/14 11:17:43 | 001,523,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\DellDock\cbaab9a3d542f178ef9f4ed2998b6347\DellDock.ni.exe
MOD - [2012/06/14 11:17:43 | 000,223,744 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\VistaBridgeLibrary\09921757c265f71e2458696d7f64cc5e\VistaBridgeLibrary.ni.dll
MOD - [2012/06/14 11:17:42 | 000,061,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MyDock.Util\7c673f0e46d9d52167ee9ae5d1e73a7a\MyDock.Util.ni.dll
MOD - [2012/06/14 10:31:02 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
MOD - [2012/06/14 10:30:54 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
MOD - [2012/06/14 10:30:33 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7343fbab1ba137db2f8b284047ef3f3c\PresentationFramework.ni.dll
MOD - [2012/06/14 10:29:55 | 012,219,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7b6293b0c23321c255c2530aea8e32bb\PresentationCore.ni.dll
MOD - [2012/05/10 13:29:12 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3d4d5fe5ab848fbfcf91a49960dc8ae\System.Management.ni.dll
MOD - [2012/05/10 13:29:07 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll
MOD - [2012/05/10 12:28:39 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012/05/10 12:28:03 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\0f2b877ed16daa577f95be735a63d19c\System.Core.ni.dll
MOD - [2012/05/10 12:28:00 | 000,224,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d81872939252c65b6f1127f331b84de0\PresentationFramework.Classic.ni.dll
MOD - [2012/05/10 12:27:26 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\54426ee1881b42af5b090e223f43823c\WindowsBase.ni.dll
MOD - [2012/05/10 12:27:23 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012/05/10 12:27:16 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2011/08/18 23:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
MOD - [2008/06/13 19:34:14 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
MOD - [2008/02/12 12:50:40 | 000,688,128 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
========== Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- -- (sprtsvc_dellsupportcenter)
SRV - [2012/09/05 15:54:43 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/03 14:38:39 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/28 04:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/08/18 23:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2010/05/20 15:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2008/08/01 17:29:11 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/04/28 16:56:28 | 000,161,048 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/01/21 10:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\sscdmdm.sys -- (sscdmdm)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\sscdmdfl.sys -- (sscdmdfl)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\sscdbus.sys -- (sscdbus)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\BCEB.tmp -- (MEMSWEEP2)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\massfilter.sys -- (massfilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/10/27 18:38:21 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2010/07/21 16:52:14 | 000,044,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
DRV - [2010/05/21 15:03:18 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2010/05/20 15:27:26 | 001,961,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VX1000.sys -- (VX1000)
DRV - [2008/06/13 19:34:12 | 003,592,704 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2008/06/13 19:34:12 | 003,592,704 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/03/06 19:47:34 | 000,106,496 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/03/06 19:44:48 | 000,027,648 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\RtNdPt60.sys -- (RtNdPt60)
DRV - [2008/01/21 10:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2006/11/01 18:50:00 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2006/10/19 02:08:18 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2006/08/05 08:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...ie7&rlz=1I7DAAU
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = http://www.google.co...=au&ibd=1080802
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=au&ibd=1080802
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=au&ibd=1080802
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
IE - HKCU\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...00000219b028d60
IE - HKCU\..\SearchScopes\{1A32E4AF-245D-4132-B773-163AC7DE962A}: "URL" = http://websearch.ask...C3-882B2ED3DD41
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7GPEA_en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaultthis.engineName: "Google Powered Search"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://search.babylo...0000219b028d60"
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.9
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/06 20:37:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/24 08:42:17 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/06 20:37:35 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/24 08:42:17 | 000,000,000 | ---D | M]
[2010/02/08 23:09:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Davie\AppData\Roaming\Mozilla\Extensions
[2010/02/08 23:09:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Davie\AppData\Roaming\Mozilla\Extensions\[email protected]
[2012/09/07 19:58:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\huvoosx4.default\extensions
[2010/04/28 11:53:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\huvoosx4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/12/23 11:07:44 | 000,000,000 | ---D | M] (WeatherBug) -- C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\huvoosx4.default\extensions\{3EC9C995-8072-4fc0-953E-4F30620D17F3}
[2012/03/31 08:09:53 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\huvoosx4.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/12/15 12:19:53 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\huvoosx4.default\extensions\engine@conduit(72).com
[2012/09/07 10:17:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/08/31 18:22:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/09/05 15:54:43 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/09/05 15:54:27 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
O1 HOSTS File: ([2012/09/07 10:17:02 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - Startup: C:\Users\Davie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Davie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Webshots.lnk = C:\Program Files\Webshots\Launcher.exe ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C310A4B4-D2D0-4B83-B141-9D0887C7C045}: DhcpNameServer = 192.168.0.1
O20 - AppInit_DLLs: (c:\progra~2\browse~1\22630~1.40\{16cdf~1\browse~1.dll) - c:\ProgramData\Browser Manager\2.2.630.40\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Users\Davie\AppData\Roaming\Webshots\The Webshots Desktop\Webshots Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Users\Davie\AppData\Roaming\Webshots\The Webshots Desktop\Webshots Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 05:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004/04/30 17:01:00 | 000,000,053 | -HS- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012/09/07 10:16:58 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/09/06 12:57:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager
[2012/09/05 16:38:17 | 000,000,000 | ---D | C] -- C:\Users\Davie\.thumbnails
[2012/09/05 16:36:14 | 000,000,000 | ---D | C] -- C:\Users\Davie\AppData\Local\fontconfig
[2012/09/05 16:36:13 | 000,000,000 | ---D | C] -- C:\Users\Davie\.gimp-2.8
[2012/09/05 16:36:12 | 000,000,000 | ---D | C] -- C:\Users\Davie\AppData\Local\gegl-0.2
[2012/09/05 16:32:21 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2
[2012/09/05 11:48:37 | 000,000,000 | ---D | C] -- C:\Users\Davie\AppData\Local\{E6B1822A-87DA-4FD6-AE5A-E5727E5E6E6D}
[2012/08/31 18:22:53 | 000,157,680 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012/08/31 18:22:53 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012/08/31 18:22:53 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012/08/24 20:07:25 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/08/24 20:07:24 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/08/24 20:07:23 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/08/24 20:07:23 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/08/24 20:07:22 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/08/24 20:07:22 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/08/24 20:07:21 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/08/24 20:06:47 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/08/24 09:45:15 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Support Center
[2012/08/24 09:45:14 | 000,000,000 | ---D | C] -- C:\ProgramData\PC-Doctor for Windows
========== Files - Modified Within 30 Days ==========
[2012/09/07 20:57:00 | 000,000,392 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{482C88B6-77D7-485C-AA97-80C9C2BCAB5A}.job
[2012/09/07 20:43:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/07 20:21:35 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/07 20:21:35 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/07 20:05:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/09/07 18:21:47 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/07 18:21:44 | 000,000,276 | ---- | M] () -- C:\Windows\tasks\RtlNICDiagVistaStart.job
[2012/09/07 18:21:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/07 10:17:02 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012/09/06 21:17:34 | 000,000,511 | ---- | M] () -- C:\Users\Davie\Desktop\OTL - Shortcut.lnk
[2012/09/06 20:27:16 | 000,511,265 | ---- | M] () -- C:\Users\Davie\Desktop\adwcleaner.exe
[2012/09/06 12:56:54 | 000,104,025 | ---- | M] () -- C:\Windows\unins000.dat
[2012/09/06 12:56:43 | 000,723,294 | ---- | M] () -- C:\Windows\unins000.exe
[2012/09/05 17:11:29 | 000,001,503 | ---- | M] () -- C:\Users\Davie\AppData\Local\recently-used.xbel
[2012/09/05 11:50:21 | 000,039,424 | ---- | M] () -- C:\Users\Davie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/09/03 14:38:38 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/09/03 14:38:38 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/09/03 14:30:56 | 000,001,704 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2012/08/28 20:24:56 | 000,477,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\npdeployJava1.dll
[2012/08/28 20:24:53 | 000,473,072 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2012/08/28 20:10:12 | 000,157,680 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012/08/28 20:10:07 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012/08/28 20:09:57 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012/08/28 09:43:03 | 000,986,149 | ---- | M] () -- C:\Users\Davie\Documents\Alinta Aug 12.PDF
[2012/08/26 20:43:27 | 000,313,720 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
========== Files Created - No Company Name ==========
[2012/09/06 21:17:34 | 000,000,511 | ---- | C] () -- C:\Users\Davie\Desktop\OTL - Shortcut.lnk
[2012/09/06 20:27:11 | 000,511,265 | ---- | C] () -- C:\Users\Davie\Desktop\adwcleaner.exe
[2012/09/06 12:56:53 | 000,723,294 | ---- | C] () -- C:\Windows\unins000.exe
[2012/09/06 12:56:53 | 000,104,025 | ---- | C] () -- C:\Windows\unins000.dat
[2012/09/05 17:11:29 | 000,001,503 | ---- | C] () -- C:\Users\Davie\AppData\Local\recently-used.xbel
[2012/09/05 16:34:34 | 000,000,882 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
[2012/08/28 09:39:21 | 000,986,149 | ---- | C] () -- C:\Users\Davie\Documents\Alinta Aug 12.PDF
[2012/04/18 13:56:30 | 000,000,552 | ---- | C] () -- C:\Users\Davie\AppData\Local\d3d8caps.dat
[2011/06/18 11:49:28 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2011/03/01 11:33:56 | 000,044,598 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2011/03/01 11:33:56 | 000,029,114 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2011/03/01 11:33:56 | 000,021,021 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2011/03/01 11:33:56 | 000,013,280 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2011/03/01 11:33:56 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2010/02/10 17:23:08 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/09/24 16:17:41 | 000,000,000 | ---- | C] () -- C:\Users\Davie\AppData\Roaming\wklnhst.dat
[2009/06/07 14:46:06 | 000,008,248 | ---- | C] () -- C:\Users\Davie\AppData\Local\en.ini
[2008/10/15 16:08:07 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2008/10/12 13:48:59 | 000,026,340 | ---- | C] () -- C:\Users\Davie\AppData\Roaming\UserTile.png
[2008/09/26 11:56:49 | 000,006,836 | ---- | C] () -- C:\Users\Davie\AppData\Local\d3d9caps.dat
[2008/09/25 20:09:50 | 000,039,424 | ---- | C] () -- C:\Users\Davie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
========== Alternate Data Streams ==========
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:621BEE66
@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:5A9AF3C7
@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:57DC3B52
@Alternate Data Stream - 249 bytes -> C:\ProgramData\TEMP:4D8FCBEF
@Alternate Data Stream - 220 bytes -> C:\ProgramData\TEMP:89A5891E
@Alternate Data Stream - 194 bytes -> C:\ProgramData\TEMP:C0A1A8AA
@Alternate Data Stream - 176 bytes -> C:\ProgramData\TEMP:55422315
@Alternate Data Stream - 162 bytes -> C:\ProgramData\TEMP:ABE30DDB
@Alternate Data Stream - 156 bytes -> C:\ProgramData\TEMP:77A023CE
@Alternate Data Stream - 154 bytes -> C:\ProgramData\TEMP:EF1813D7
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:D751C674
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:A53FFC56
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:0441DB7A
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:6C1A9365
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:D5BF78B4
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:157D4840
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:83E716F0
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:872B86AD
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:2F4A0A6B
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:F216755A
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:5311B0B8
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:C7F04040
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:0D31DA45OTL logfile created on: 7/09/2012 8:55:56 PM - Run 3
OTL by OldTimer - Version 3.2.61.0 Folder = C:\Users\Davie\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy
3.25 Gb Total Physical Memory | 2.11 Gb Available Physical Memory | 64.97% Memory free
6.71 Gb Paging File | 5.57 Gb Available in Paging File | 82.99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 450.68 Gb Total Space | 379.89 Gb Free Space | 84.29% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 8.61 Gb Free Space | 57.41% Space Free | Partition Type: NTFS
Computer Name: DAVIE-PC | User Name: Davie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/09/06 21:16:08 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\Davie\Downloads\OTL.exe
PRC - [2012/07/28 04:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2011/09/07 01:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011/08/18 23:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2011/08/18 23:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files\Dell DataSafe Local Backup\SftService.exe
PRC - [2011/08/02 01:56:48 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2010/05/20 15:27:24 | 000,762,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\vVX1000.exe
PRC - [2010/05/20 15:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2009/04/11 14:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/05/13 16:33:10 | 001,058,088 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DellDock.exe
PRC - [2008/04/28 16:56:28 | 000,161,048 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/03/06 19:52:56 | 004,706,304 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/11/21 10:11:05 | 003,289,088 | ---- | M] (Google) -- C:\Program Files\Google\Google Talk\googletalk.exe
PRC - [2006/01/25 16:14:44 | 001,646,592 | ---- | M] (Webshots.com) -- C:\Program Files\Webshots\webshots.scr
========== Modules (No Company Name) ==========
MOD - [2012/09/06 12:57:08 | 002,073,112 | ---- | M] () -- c:\ProgramData\Browser Manager\2.2.630.40\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll
MOD - [2012/06/14 11:17:43 | 001,523,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\DellDock\cbaab9a3d542f178ef9f4ed2998b6347\DellDock.ni.exe
MOD - [2012/06/14 11:17:43 | 000,223,744 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\VistaBridgeLibrary\09921757c265f71e2458696d7f64cc5e\VistaBridgeLibrary.ni.dll
MOD - [2012/06/14 11:17:42 | 000,061,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MyDock.Util\7c673f0e46d9d52167ee9ae5d1e73a7a\MyDock.Util.ni.dll
MOD - [2012/06/14 10:31:02 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
MOD - [2012/06/14 10:30:54 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
MOD - [2012/06/14 10:30:33 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7343fbab1ba137db2f8b284047ef3f3c\PresentationFramework.ni.dll
MOD - [2012/06/14 10:29:55 | 012,219,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7b6293b0c23321c255c2530aea8e32bb\PresentationCore.ni.dll
MOD - [2012/05/10 13:29:12 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3d4d5fe5ab848fbfcf91a49960dc8ae\System.Management.ni.dll
MOD - [2012/05/10 13:29:07 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll
MOD - [2012/05/10 12:28:39 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012/05/10 12:28:03 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\0f2b877ed16daa577f95be735a63d19c\System.Core.ni.dll
MOD - [2012/05/10 12:28:00 | 000,224,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d81872939252c65b6f1127f331b84de0\PresentationFramework.Classic.ni.dll
MOD - [2012/05/10 12:27:26 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\54426ee1881b42af5b090e223f43823c\WindowsBase.ni.dll
MOD - [2012/05/10 12:27:23 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012/05/10 12:27:16 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2011/08/18 23:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
MOD - [2008/06/13 19:34:14 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
MOD - [2008/02/12 12:50:40 | 000,688,128 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
========== Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- -- (sprtsvc_dellsupportcenter)
SRV - [2012/09/05 15:54:43 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/03 14:38:39 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/28 04:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/08/18 23:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2010/05/20 15:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2008/08/01 17:29:11 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/04/28 16:56:28 | 000,161,048 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/01/21 10:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\sscdmdm.sys -- (sscdmdm)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\sscdmdfl.sys -- (sscdmdfl)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\sscdbus.sys -- (sscdbus)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\BCEB.tmp -- (MEMSWEEP2)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\massfilter.sys -- (massfilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/10/27 18:38:21 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2010/07/21 16:52:14 | 000,044,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
DRV - [2010/05/21 15:03:18 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2010/05/20 15:27:26 | 001,961,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VX1000.sys -- (VX1000)
DRV - [2008/06/13 19:34:12 | 003,592,704 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2008/06/13 19:34:12 | 003,592,704 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/03/06 19:47:34 | 000,106,496 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/03/06 19:44:48 | 000,027,648 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\RtNdPt60.sys -- (RtNdPt60)
DRV - [2008/01/21 10:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2006/11/01 18:50:00 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2006/10/19 02:08:18 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2006/08/05 08:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...ie7&rlz=1I7DAAU
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = http://www.google.co...=au&ibd=1080802
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=au&ibd=1080802
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=au&ibd=1080802
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
IE - HKCU\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...00000219b028d60
IE - HKCU\..\SearchScopes\{1A32E4AF-245D-4132-B773-163AC7DE962A}: "URL" = http://websearch.ask...C3-882B2ED3DD41
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7GPEA_en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaultthis.engineName: "Google Powered Search"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://search.babylo...0000219b028d60"
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.9
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/06 20:37:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/24 08:42:17 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/06 20:37:35 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/24 08:42:17 | 000,000,000 | ---D | M]
[2010/02/08 23:09:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Davie\AppData\Roaming\Mozilla\Extensions
[2010/02/08 23:09:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Davie\AppData\Roaming\Mozilla\Extensions\[email protected]
[2012/09/07 19:58:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\huvoosx4.default\extensions
[2010/04/28 11:53:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\huvoosx4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/12/23 11:07:44 | 000,000,000 | ---D | M] (WeatherBug) -- C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\huvoosx4.default\extensions\{3EC9C995-8072-4fc0-953E-4F30620D17F3}
[2012/03/31 08:09:53 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\huvoosx4.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/12/15 12:19:53 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\huvoosx4.default\extensions\engine@conduit(72).com
[2012/09/07 10:17:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/08/31 18:22:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/09/05 15:54:43 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/09/05 15:54:27 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
O1 HOSTS File: ([2012/09/07 10:17:02 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - Startup: C:\Users\Davie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Davie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Webshots.lnk = C:\Program Files\Webshots\Launcher.exe ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C310A4B4-D2D0-4B83-B141-9D0887C7C045}: DhcpNameServer = 192.168.0.1
O20 - AppInit_DLLs: (c:\progra~2\browse~1\22630~1.40\{16cdf~1\browse~1.dll) - c:\ProgramData\Browser Manager\2.2.630.40\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Users\Davie\AppData\Roaming\Webshots\The Webshots Desktop\Webshots Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Users\Davie\AppData\Roaming\Webshots\The Webshots Desktop\Webshots Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 05:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004/04/30 17:01:00 | 000,000,053 | -HS- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012/09/07 10:16:58 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/09/06 12:57:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager
[2012/09/05 16:38:17 | 000,000,000 | ---D | C] -- C:\Users\Davie\.thumbnails
[2012/09/05 16:36:14 | 000,000,000 | ---D | C] -- C:\Users\Davie\AppData\Local\fontconfig
[2012/09/05 16:36:13 | 000,000,000 | ---D | C] -- C:\Users\Davie\.gimp-2.8
[2012/09/05 16:36:12 | 000,000,000 | ---D | C] -- C:\Users\Davie\AppData\Local\gegl-0.2
[2012/09/05 16:32:21 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2
[2012/09/05 11:48:37 | 000,000,000 | ---D | C] -- C:\Users\Davie\AppData\Local\{E6B1822A-87DA-4FD6-AE5A-E5727E5E6E6D}
[2012/08/31 18:22:53 | 000,157,680 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012/08/31 18:22:53 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012/08/31 18:22:53 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012/08/24 20:07:25 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/08/24 20:07:24 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/08/24 20:07:23 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/08/24 20:07:23 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/08/24 20:07:22 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/08/24 20:07:22 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/08/24 20:07:21 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/08/24 20:06:47 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/08/24 09:45:15 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Support Center
[2012/08/24 09:45:14 | 000,000,000 | ---D | C] -- C:\ProgramData\PC-Doctor for Windows
========== Files - Modified Within 30 Days ==========
[2012/09/07 20:57:00 | 000,000,392 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{482C88B6-77D7-485C-AA97-80C9C2BCAB5A}.job
[2012/09/07 20:43:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/07 20:21:35 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/07 20:21:35 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/07 20:05:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/09/07 18:21:47 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/07 18:21:44 | 000,000,276 | ---- | M] () -- C:\Windows\tasks\RtlNICDiagVistaStart.job
[2012/09/07 18:21:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/07 10:17:02 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012/09/06 21:17:34 | 000,000,511 | ---- | M] () -- C:\Users\Davie\Desktop\OTL - Shortcut.lnk
[2012/09/06 20:27:16 | 000,511,265 | ---- | M] () -- C:\Users\Davie\Desktop\adwcleaner.exe
[2012/09/06 12:56:54 | 000,104,025 | ---- | M] () -- C:\Windows\unins000.dat
[2012/09/06 12:56:43 | 000,723,294 | ---- | M] () -- C:\Windows\unins000.exe
[2012/09/05 17:11:29 | 000,001,503 | ---- | M] () -- C:\Users\Davie\AppData\Local\recently-used.xbel
[2012/09/05 11:50:21 | 000,039,424 | ---- | M] () -- C:\Users\Davie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/09/03 14:38:38 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/09/03 14:38:38 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/09/03 14:30:56 | 000,001,704 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2012/08/28 20:24:56 | 000,477,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\npdeployJava1.dll
[2012/08/28 20:24:53 | 000,473,072 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2012/08/28 20:10:12 | 000,157,680 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012/08/28 20:10:07 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012/08/28 20:09:57 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012/08/28 09:43:03 | 000,986,149 | ---- | M] () -- C:\Users\Davie\Documents\Alinta Aug 12.PDF
[2012/08/26 20:43:27 | 000,313,720 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
========== Files Created - No Company Name ==========
[2012/09/06 21:17:34 | 000,000,511 | ---- | C] () -- C:\Users\Davie\Desktop\OTL - Shortcut.lnk
[2012/09/06 20:27:11 | 000,511,265 | ---- | C] () -- C:\Users\Davie\Desktop\adwcleaner.exe
[2012/09/06 12:56:53 | 000,723,294 | ---- | C] () -- C:\Windows\unins000.exe
[2012/09/06 12:56:53 | 000,104,025 | ---- | C] () -- C:\Windows\unins000.dat
[2012/09/05 17:11:29 | 000,001,503 | ---- | C] () -- C:\Users\Davie\AppData\Local\recently-used.xbel
[2012/09/05 16:34:34 | 000,000,882 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
[2012/08/28 09:39:21 | 000,986,149 | ---- | C] () -- C:\Users\Davie\Documents\Alinta Aug 12.PDF
[2012/04/18 13:56:30 | 000,000,552 | ---- | C] () -- C:\Users\Davie\AppData\Local\d3d8caps.dat
[2011/06/18 11:49:28 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2011/03/01 11:33:56 | 000,044,598 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2011/03/01 11:33:56 | 000,029,114 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2011/03/01 11:33:56 | 000,021,021 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2011/03/01 11:33:56 | 000,013,280 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2011/03/01 11:33:56 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2010/02/10 17:23:08 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/09/24 16:17:41 | 000,000,000 | ---- | C] () -- C:\Users\Davie\AppData\Roaming\wklnhst.dat
[2009/06/07 14:46:06 | 000,008,248 | ---- | C] () -- C:\Users\Davie\AppData\Local\en.ini
[2008/10/15 16:08:07 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2008/10/12 13:48:59 | 000,026,340 | ---- | C] () -- C:\Users\Davie\AppData\Roaming\UserTile.png
[2008/09/26 11:56:49 | 000,006,836 | ---- | C] () -- C:\Users\Davie\AppData\Local\d3d9caps.dat
[2008/09/25 20:09:50 | 000,039,424 | ---- | C] () -- C:\Users\Davie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
========== Alternate Data Streams ==========
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:621BEE66
@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:5A9AF3C7
@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:57DC3B52
@Alternate Data Stream - 249 bytes -> C:\ProgramData\TEMP:4D8FCBEF
@Alternate Data Stream - 220 bytes -> C:\ProgramData\TEMP:89A5891E
@Alternate Data Stream - 194 bytes -> C:\ProgramData\TEMP:C0A1A8AA
@Alternate Data Stream - 176 bytes -> C:\ProgramData\TEMP:55422315
@Alternate Data Stream - 162 bytes -> C:\ProgramData\TEMP:ABE30DDB
@Alternate Data Stream - 156 bytes -> C:\ProgramData\TEMP:77A023CE
@Alternate Data Stream - 154 bytes -> C:\ProgramData\TEMP:EF1813D7
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:D751C674
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:A53FFC56
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:0441DB7A
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:6C1A9365
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:D5BF78B4
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:157D4840
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:83E716F0
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:872B86AD
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:2F4A0A6B
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:F216755A
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:5311B0B8
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:C7F04040
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:0D31DA45
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:B6C77675
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:8DFE5191
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:444169A0
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:FFFCB9A9
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:8668AB36
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:3E69E337
< End of report >
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:B6C77675
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:8DFE5191
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:444169A0
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:FFFCB9A9
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:8668AB36
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:3E69E337
< End of report >
OTL by OldTimer - Version 3.2.61.0 Folder = C:\Users\Davie\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy
3.25 Gb Total Physical Memory | 2.11 Gb Available Physical Memory | 64.97% Memory free
6.71 Gb Paging File | 5.57 Gb Available in Paging File | 82.99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 450.68 Gb Total Space | 379.89 Gb Free Space | 84.29% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 8.61 Gb Free Space | 57.41% Space Free | Partition Type: NTFS
Computer Name: DAVIE-PC | User Name: Davie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/09/06 21:16:08 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\Davie\Downloads\OTL.exe
PRC - [2012/07/28 04:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2011/09/07 01:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011/08/18 23:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2011/08/18 23:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files\Dell DataSafe Local Backup\SftService.exe
PRC - [2011/08/02 01:56:48 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2010/05/20 15:27:24 | 000,762,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\vVX1000.exe
PRC - [2010/05/20 15:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2009/04/11 14:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/05/13 16:33:10 | 001,058,088 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DellDock.exe
PRC - [2008/04/28 16:56:28 | 000,161,048 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/03/06 19:52:56 | 004,706,304 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/11/21 10:11:05 | 003,289,088 | ---- | M] (Google) -- C:\Program Files\Google\Google Talk\googletalk.exe
PRC - [2006/01/25 16:14:44 | 001,646,592 | ---- | M] (Webshots.com) -- C:\Program Files\Webshots\webshots.scr
========== Modules (No Company Name) ==========
MOD - [2012/09/06 12:57:08 | 002,073,112 | ---- | M] () -- c:\ProgramData\Browser Manager\2.2.630.40\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll
MOD - [2012/06/14 11:17:43 | 001,523,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\DellDock\cbaab9a3d542f178ef9f4ed2998b6347\DellDock.ni.exe
MOD - [2012/06/14 11:17:43 | 000,223,744 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\VistaBridgeLibrary\09921757c265f71e2458696d7f64cc5e\VistaBridgeLibrary.ni.dll
MOD - [2012/06/14 11:17:42 | 000,061,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MyDock.Util\7c673f0e46d9d52167ee9ae5d1e73a7a\MyDock.Util.ni.dll
MOD - [2012/06/14 10:31:02 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
MOD - [2012/06/14 10:30:54 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
MOD - [2012/06/14 10:30:33 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7343fbab1ba137db2f8b284047ef3f3c\PresentationFramework.ni.dll
MOD - [2012/06/14 10:29:55 | 012,219,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7b6293b0c23321c255c2530aea8e32bb\PresentationCore.ni.dll
MOD - [2012/05/10 13:29:12 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3d4d5fe5ab848fbfcf91a49960dc8ae\System.Management.ni.dll
MOD - [2012/05/10 13:29:07 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll
MOD - [2012/05/10 12:28:39 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012/05/10 12:28:03 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\0f2b877ed16daa577f95be735a63d19c\System.Core.ni.dll
MOD - [2012/05/10 12:28:00 | 000,224,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d81872939252c65b6f1127f331b84de0\PresentationFramework.Classic.ni.dll
MOD - [2012/05/10 12:27:26 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\54426ee1881b42af5b090e223f43823c\WindowsBase.ni.dll
MOD - [2012/05/10 12:27:23 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012/05/10 12:27:16 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2011/08/18 23:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
MOD - [2008/06/13 19:34:14 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
MOD - [2008/02/12 12:50:40 | 000,688,128 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
========== Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- -- (sprtsvc_dellsupportcenter)
SRV - [2012/09/05 15:54:43 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/03 14:38:39 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/28 04:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/08/18 23:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2010/05/20 15:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2008/08/01 17:29:11 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/04/28 16:56:28 | 000,161,048 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/01/21 10:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\sscdmdm.sys -- (sscdmdm)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\sscdmdfl.sys -- (sscdmdfl)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\sscdbus.sys -- (sscdbus)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\BCEB.tmp -- (MEMSWEEP2)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\massfilter.sys -- (massfilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/10/27 18:38:21 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2010/07/21 16:52:14 | 000,044,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
DRV - [2010/05/21 15:03:18 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2010/05/20 15:27:26 | 001,961,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VX1000.sys -- (VX1000)
DRV - [2008/06/13 19:34:12 | 003,592,704 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2008/06/13 19:34:12 | 003,592,704 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/03/06 19:47:34 | 000,106,496 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/03/06 19:44:48 | 000,027,648 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\RtNdPt60.sys -- (RtNdPt60)
DRV - [2008/01/21 10:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2006/11/01 18:50:00 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2006/10/19 02:08:18 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2006/08/05 08:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...ie7&rlz=1I7DAAU
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = http://www.google.co...=au&ibd=1080802
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=au&ibd=1080802
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=au&ibd=1080802
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
IE - HKCU\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...00000219b028d60
IE - HKCU\..\SearchScopes\{1A32E4AF-245D-4132-B773-163AC7DE962A}: "URL" = http://websearch.ask...C3-882B2ED3DD41
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7GPEA_en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaultthis.engineName: "Google Powered Search"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://search.babylo...0000219b028d60"
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.9
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/06 20:37:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/24 08:42:17 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/06 20:37:35 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/24 08:42:17 | 000,000,000 | ---D | M]
[2010/02/08 23:09:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Davie\AppData\Roaming\Mozilla\Extensions
[2010/02/08 23:09:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Davie\AppData\Roaming\Mozilla\Extensions\[email protected]
[2012/09/07 19:58:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\huvoosx4.default\extensions
[2010/04/28 11:53:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\huvoosx4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/12/23 11:07:44 | 000,000,000 | ---D | M] (WeatherBug) -- C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\huvoosx4.default\extensions\{3EC9C995-8072-4fc0-953E-4F30620D17F3}
[2012/03/31 08:09:53 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\huvoosx4.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/12/15 12:19:53 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\huvoosx4.default\extensions\engine@conduit(72).com
[2012/09/07 10:17:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/08/31 18:22:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/09/05 15:54:43 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/09/05 15:54:27 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
O1 HOSTS File: ([2012/09/07 10:17:02 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - Startup: C:\Users\Davie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Davie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Webshots.lnk = C:\Program Files\Webshots\Launcher.exe ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C310A4B4-D2D0-4B83-B141-9D0887C7C045}: DhcpNameServer = 192.168.0.1
O20 - AppInit_DLLs: (c:\progra~2\browse~1\22630~1.40\{16cdf~1\browse~1.dll) - c:\ProgramData\Browser Manager\2.2.630.40\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Users\Davie\AppData\Roaming\Webshots\The Webshots Desktop\Webshots Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Users\Davie\AppData\Roaming\Webshots\The Webshots Desktop\Webshots Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 05:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004/04/30 17:01:00 | 000,000,053 | -HS- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012/09/07 10:16:58 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/09/06 12:57:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager
[2012/09/05 16:38:17 | 000,000,000 | ---D | C] -- C:\Users\Davie\.thumbnails
[2012/09/05 16:36:14 | 000,000,000 | ---D | C] -- C:\Users\Davie\AppData\Local\fontconfig
[2012/09/05 16:36:13 | 000,000,000 | ---D | C] -- C:\Users\Davie\.gimp-2.8
[2012/09/05 16:36:12 | 000,000,000 | ---D | C] -- C:\Users\Davie\AppData\Local\gegl-0.2
[2012/09/05 16:32:21 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2
[2012/09/05 11:48:37 | 000,000,000 | ---D | C] -- C:\Users\Davie\AppData\Local\{E6B1822A-87DA-4FD6-AE5A-E5727E5E6E6D}
[2012/08/31 18:22:53 | 000,157,680 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012/08/31 18:22:53 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012/08/31 18:22:53 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012/08/24 20:07:25 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/08/24 20:07:24 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/08/24 20:07:23 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/08/24 20:07:23 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/08/24 20:07:22 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/08/24 20:07:22 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/08/24 20:07:21 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/08/24 20:06:47 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/08/24 09:45:15 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Support Center
[2012/08/24 09:45:14 | 000,000,000 | ---D | C] -- C:\ProgramData\PC-Doctor for Windows
========== Files - Modified Within 30 Days ==========
[2012/09/07 20:57:00 | 000,000,392 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{482C88B6-77D7-485C-AA97-80C9C2BCAB5A}.job
[2012/09/07 20:43:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/07 20:21:35 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/07 20:21:35 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/07 20:05:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/09/07 18:21:47 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/07 18:21:44 | 000,000,276 | ---- | M] () -- C:\Windows\tasks\RtlNICDiagVistaStart.job
[2012/09/07 18:21:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/07 10:17:02 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012/09/06 21:17:34 | 000,000,511 | ---- | M] () -- C:\Users\Davie\Desktop\OTL - Shortcut.lnk
[2012/09/06 20:27:16 | 000,511,265 | ---- | M] () -- C:\Users\Davie\Desktop\adwcleaner.exe
[2012/09/06 12:56:54 | 000,104,025 | ---- | M] () -- C:\Windows\unins000.dat
[2012/09/06 12:56:43 | 000,723,294 | ---- | M] () -- C:\Windows\unins000.exe
[2012/09/05 17:11:29 | 000,001,503 | ---- | M] () -- C:\Users\Davie\AppData\Local\recently-used.xbel
[2012/09/05 11:50:21 | 000,039,424 | ---- | M] () -- C:\Users\Davie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/09/03 14:38:38 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/09/03 14:38:38 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/09/03 14:30:56 | 000,001,704 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2012/08/28 20:24:56 | 000,477,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\npdeployJava1.dll
[2012/08/28 20:24:53 | 000,473,072 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2012/08/28 20:10:12 | 000,157,680 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012/08/28 20:10:07 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012/08/28 20:09:57 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012/08/28 09:43:03 | 000,986,149 | ---- | M] () -- C:\Users\Davie\Documents\Alinta Aug 12.PDF
[2012/08/26 20:43:27 | 000,313,720 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
========== Files Created - No Company Name ==========
[2012/09/06 21:17:34 | 000,000,511 | ---- | C] () -- C:\Users\Davie\Desktop\OTL - Shortcut.lnk
[2012/09/06 20:27:11 | 000,511,265 | ---- | C] () -- C:\Users\Davie\Desktop\adwcleaner.exe
[2012/09/06 12:56:53 | 000,723,294 | ---- | C] () -- C:\Windows\unins000.exe
[2012/09/06 12:56:53 | 000,104,025 | ---- | C] () -- C:\Windows\unins000.dat
[2012/09/05 17:11:29 | 000,001,503 | ---- | C] () -- C:\Users\Davie\AppData\Local\recently-used.xbel
[2012/09/05 16:34:34 | 000,000,882 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
[2012/08/28 09:39:21 | 000,986,149 | ---- | C] () -- C:\Users\Davie\Documents\Alinta Aug 12.PDF
[2012/04/18 13:56:30 | 000,000,552 | ---- | C] () -- C:\Users\Davie\AppData\Local\d3d8caps.dat
[2011/06/18 11:49:28 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2011/03/01 11:33:56 | 000,044,598 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2011/03/01 11:33:56 | 000,029,114 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2011/03/01 11:33:56 | 000,021,021 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2011/03/01 11:33:56 | 000,013,280 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2011/03/01 11:33:56 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2010/02/10 17:23:08 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/09/24 16:17:41 | 000,000,000 | ---- | C] () -- C:\Users\Davie\AppData\Roaming\wklnhst.dat
[2009/06/07 14:46:06 | 000,008,248 | ---- | C] () -- C:\Users\Davie\AppData\Local\en.ini
[2008/10/15 16:08:07 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2008/10/12 13:48:59 | 000,026,340 | ---- | C] () -- C:\Users\Davie\AppData\Roaming\UserTile.png
[2008/09/26 11:56:49 | 000,006,836 | ---- | C] () -- C:\Users\Davie\AppData\Local\d3d9caps.dat
[2008/09/25 20:09:50 | 000,039,424 | ---- | C] () -- C:\Users\Davie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
========== Alternate Data Streams ==========
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:621BEE66
@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:5A9AF3C7
@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:57DC3B52
@Alternate Data Stream - 249 bytes -> C:\ProgramData\TEMP:4D8FCBEF
@Alternate Data Stream - 220 bytes -> C:\ProgramData\TEMP:89A5891E
@Alternate Data Stream - 194 bytes -> C:\ProgramData\TEMP:C0A1A8AA
@Alternate Data Stream - 176 bytes -> C:\ProgramData\TEMP:55422315
@Alternate Data Stream - 162 bytes -> C:\ProgramData\TEMP:ABE30DDB
@Alternate Data Stream - 156 bytes -> C:\ProgramData\TEMP:77A023CE
@Alternate Data Stream - 154 bytes -> C:\ProgramData\TEMP:EF1813D7
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:D751C674
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:A53FFC56
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:0441DB7A
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:6C1A9365
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:D5BF78B4
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:157D4840
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:83E716F0
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:872B86AD
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:2F4A0A6B
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:F216755A
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:5311B0B8
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:C7F04040
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:0D31DA45OTL logfile created on: 7/09/2012 8:55:56 PM - Run 3
OTL by OldTimer - Version 3.2.61.0 Folder = C:\Users\Davie\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy
3.25 Gb Total Physical Memory | 2.11 Gb Available Physical Memory | 64.97% Memory free
6.71 Gb Paging File | 5.57 Gb Available in Paging File | 82.99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 450.68 Gb Total Space | 379.89 Gb Free Space | 84.29% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 8.61 Gb Free Space | 57.41% Space Free | Partition Type: NTFS
Computer Name: DAVIE-PC | User Name: Davie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/09/06 21:16:08 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\Davie\Downloads\OTL.exe
PRC - [2012/07/28 04:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2011/09/07 01:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011/08/18 23:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2011/08/18 23:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files\Dell DataSafe Local Backup\SftService.exe
PRC - [2011/08/02 01:56:48 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2010/05/20 15:27:24 | 000,762,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\vVX1000.exe
PRC - [2010/05/20 15:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2009/04/11 14:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/05/13 16:33:10 | 001,058,088 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DellDock.exe
PRC - [2008/04/28 16:56:28 | 000,161,048 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/03/06 19:52:56 | 004,706,304 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/11/21 10:11:05 | 003,289,088 | ---- | M] (Google) -- C:\Program Files\Google\Google Talk\googletalk.exe
PRC - [2006/01/25 16:14:44 | 001,646,592 | ---- | M] (Webshots.com) -- C:\Program Files\Webshots\webshots.scr
========== Modules (No Company Name) ==========
MOD - [2012/09/06 12:57:08 | 002,073,112 | ---- | M] () -- c:\ProgramData\Browser Manager\2.2.630.40\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll
MOD - [2012/06/14 11:17:43 | 001,523,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\DellDock\cbaab9a3d542f178ef9f4ed2998b6347\DellDock.ni.exe
MOD - [2012/06/14 11:17:43 | 000,223,744 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\VistaBridgeLibrary\09921757c265f71e2458696d7f64cc5e\VistaBridgeLibrary.ni.dll
MOD - [2012/06/14 11:17:42 | 000,061,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MyDock.Util\7c673f0e46d9d52167ee9ae5d1e73a7a\MyDock.Util.ni.dll
MOD - [2012/06/14 10:31:02 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
MOD - [2012/06/14 10:30:54 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
MOD - [2012/06/14 10:30:33 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7343fbab1ba137db2f8b284047ef3f3c\PresentationFramework.ni.dll
MOD - [2012/06/14 10:29:55 | 012,219,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7b6293b0c23321c255c2530aea8e32bb\PresentationCore.ni.dll
MOD - [2012/05/10 13:29:12 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3d4d5fe5ab848fbfcf91a49960dc8ae\System.Management.ni.dll
MOD - [2012/05/10 13:29:07 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll
MOD - [2012/05/10 12:28:39 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012/05/10 12:28:03 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\0f2b877ed16daa577f95be735a63d19c\System.Core.ni.dll
MOD - [2012/05/10 12:28:00 | 000,224,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d81872939252c65b6f1127f331b84de0\PresentationFramework.Classic.ni.dll
MOD - [2012/05/10 12:27:26 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\54426ee1881b42af5b090e223f43823c\WindowsBase.ni.dll
MOD - [2012/05/10 12:27:23 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012/05/10 12:27:16 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2011/08/18 23:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
MOD - [2008/06/13 19:34:14 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
MOD - [2008/02/12 12:50:40 | 000,688,128 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
========== Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- -- (sprtsvc_dellsupportcenter)
SRV - [2012/09/05 15:54:43 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/03 14:38:39 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/28 04:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/08/18 23:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2010/05/20 15:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2008/08/01 17:29:11 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/04/28 16:56:28 | 000,161,048 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/01/21 10:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\sscdmdm.sys -- (sscdmdm)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\sscdmdfl.sys -- (sscdmdfl)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\sscdbus.sys -- (sscdbus)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\BCEB.tmp -- (MEMSWEEP2)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\massfilter.sys -- (massfilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/10/27 18:38:21 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2010/07/21 16:52:14 | 000,044,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
DRV - [2010/05/21 15:03:18 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2010/05/20 15:27:26 | 001,961,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VX1000.sys -- (VX1000)
DRV - [2008/06/13 19:34:12 | 003,592,704 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2008/06/13 19:34:12 | 003,592,704 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/03/06 19:47:34 | 000,106,496 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/03/06 19:44:48 | 000,027,648 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\RtNdPt60.sys -- (RtNdPt60)
DRV - [2008/01/21 10:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2006/11/01 18:50:00 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2006/10/19 02:08:18 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2006/08/05 08:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...ie7&rlz=1I7DAAU
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = http://www.google.co...=au&ibd=1080802
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=au&ibd=1080802
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=au&ibd=1080802
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
IE - HKCU\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...00000219b028d60
IE - HKCU\..\SearchScopes\{1A32E4AF-245D-4132-B773-163AC7DE962A}: "URL" = http://websearch.ask...C3-882B2ED3DD41
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7GPEA_en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaultthis.engineName: "Google Powered Search"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://search.babylo...0000219b028d60"
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.9
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/06 20:37:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/24 08:42:17 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/06 20:37:35 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/24 08:42:17 | 000,000,000 | ---D | M]
[2010/02/08 23:09:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Davie\AppData\Roaming\Mozilla\Extensions
[2010/02/08 23:09:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Davie\AppData\Roaming\Mozilla\Extensions\[email protected]
[2012/09/07 19:58:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\huvoosx4.default\extensions
[2010/04/28 11:53:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\huvoosx4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/12/23 11:07:44 | 000,000,000 | ---D | M] (WeatherBug) -- C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\huvoosx4.default\extensions\{3EC9C995-8072-4fc0-953E-4F30620D17F3}
[2012/03/31 08:09:53 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\huvoosx4.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/12/15 12:19:53 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\huvoosx4.default\extensions\engine@conduit(72).com
[2012/09/07 10:17:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/08/31 18:22:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/09/05 15:54:43 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/09/05 15:54:27 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
O1 HOSTS File: ([2012/09/07 10:17:02 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - Startup: C:\Users\Davie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Davie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Webshots.lnk = C:\Program Files\Webshots\Launcher.exe ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C310A4B4-D2D0-4B83-B141-9D0887C7C045}: DhcpNameServer = 192.168.0.1
O20 - AppInit_DLLs: (c:\progra~2\browse~1\22630~1.40\{16cdf~1\browse~1.dll) - c:\ProgramData\Browser Manager\2.2.630.40\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Users\Davie\AppData\Roaming\Webshots\The Webshots Desktop\Webshots Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Users\Davie\AppData\Roaming\Webshots\The Webshots Desktop\Webshots Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 05:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004/04/30 17:01:00 | 000,000,053 | -HS- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012/09/07 10:16:58 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/09/06 12:57:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager
[2012/09/05 16:38:17 | 000,000,000 | ---D | C] -- C:\Users\Davie\.thumbnails
[2012/09/05 16:36:14 | 000,000,000 | ---D | C] -- C:\Users\Davie\AppData\Local\fontconfig
[2012/09/05 16:36:13 | 000,000,000 | ---D | C] -- C:\Users\Davie\.gimp-2.8
[2012/09/05 16:36:12 | 000,000,000 | ---D | C] -- C:\Users\Davie\AppData\Local\gegl-0.2
[2012/09/05 16:32:21 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2
[2012/09/05 11:48:37 | 000,000,000 | ---D | C] -- C:\Users\Davie\AppData\Local\{E6B1822A-87DA-4FD6-AE5A-E5727E5E6E6D}
[2012/08/31 18:22:53 | 000,157,680 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012/08/31 18:22:53 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012/08/31 18:22:53 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012/08/24 20:07:25 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/08/24 20:07:24 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/08/24 20:07:23 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/08/24 20:07:23 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/08/24 20:07:22 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/08/24 20:07:22 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/08/24 20:07:21 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/08/24 20:06:47 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/08/24 09:45:15 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Support Center
[2012/08/24 09:45:14 | 000,000,000 | ---D | C] -- C:\ProgramData\PC-Doctor for Windows
========== Files - Modified Within 30 Days ==========
[2012/09/07 20:57:00 | 000,000,392 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{482C88B6-77D7-485C-AA97-80C9C2BCAB5A}.job
[2012/09/07 20:43:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/07 20:21:35 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/07 20:21:35 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/07 20:05:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/09/07 18:21:47 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/07 18:21:44 | 000,000,276 | ---- | M] () -- C:\Windows\tasks\RtlNICDiagVistaStart.job
[2012/09/07 18:21:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/07 10:17:02 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012/09/06 21:17:34 | 000,000,511 | ---- | M] () -- C:\Users\Davie\Desktop\OTL - Shortcut.lnk
[2012/09/06 20:27:16 | 000,511,265 | ---- | M] () -- C:\Users\Davie\Desktop\adwcleaner.exe
[2012/09/06 12:56:54 | 000,104,025 | ---- | M] () -- C:\Windows\unins000.dat
[2012/09/06 12:56:43 | 000,723,294 | ---- | M] () -- C:\Windows\unins000.exe
[2012/09/05 17:11:29 | 000,001,503 | ---- | M] () -- C:\Users\Davie\AppData\Local\recently-used.xbel
[2012/09/05 11:50:21 | 000,039,424 | ---- | M] () -- C:\Users\Davie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/09/03 14:38:38 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/09/03 14:38:38 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/09/03 14:30:56 | 000,001,704 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2012/08/28 20:24:56 | 000,477,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\npdeployJava1.dll
[2012/08/28 20:24:53 | 000,473,072 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2012/08/28 20:10:12 | 000,157,680 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012/08/28 20:10:07 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012/08/28 20:09:57 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012/08/28 09:43:03 | 000,986,149 | ---- | M] () -- C:\Users\Davie\Documents\Alinta Aug 12.PDF
[2012/08/26 20:43:27 | 000,313,720 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
========== Files Created - No Company Name ==========
[2012/09/06 21:17:34 | 000,000,511 | ---- | C] () -- C:\Users\Davie\Desktop\OTL - Shortcut.lnk
[2012/09/06 20:27:11 | 000,511,265 | ---- | C] () -- C:\Users\Davie\Desktop\adwcleaner.exe
[2012/09/06 12:56:53 | 000,723,294 | ---- | C] () -- C:\Windows\unins000.exe
[2012/09/06 12:56:53 | 000,104,025 | ---- | C] () -- C:\Windows\unins000.dat
[2012/09/05 17:11:29 | 000,001,503 | ---- | C] () -- C:\Users\Davie\AppData\Local\recently-used.xbel
[2012/09/05 16:34:34 | 000,000,882 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
[2012/08/28 09:39:21 | 000,986,149 | ---- | C] () -- C:\Users\Davie\Documents\Alinta Aug 12.PDF
[2012/04/18 13:56:30 | 000,000,552 | ---- | C] () -- C:\Users\Davie\AppData\Local\d3d8caps.dat
[2011/06/18 11:49:28 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2011/03/01 11:33:56 | 000,044,598 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2011/03/01 11:33:56 | 000,029,114 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2011/03/01 11:33:56 | 000,021,021 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2011/03/01 11:33:56 | 000,013,280 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2011/03/01 11:33:56 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2010/02/10 17:23:08 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/09/24 16:17:41 | 000,000,000 | ---- | C] () -- C:\Users\Davie\AppData\Roaming\wklnhst.dat
[2009/06/07 14:46:06 | 000,008,248 | ---- | C] () -- C:\Users\Davie\AppData\Local\en.ini
[2008/10/15 16:08:07 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2008/10/12 13:48:59 | 000,026,340 | ---- | C] () -- C:\Users\Davie\AppData\Roaming\UserTile.png
[2008/09/26 11:56:49 | 000,006,836 | ---- | C] () -- C:\Users\Davie\AppData\Local\d3d9caps.dat
[2008/09/25 20:09:50 | 000,039,424 | ---- | C] () -- C:\Users\Davie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
========== Alternate Data Streams ==========
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:621BEE66
@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:5A9AF3C7
@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:57DC3B52
@Alternate Data Stream - 249 bytes -> C:\ProgramData\TEMP:4D8FCBEF
@Alternate Data Stream - 220 bytes -> C:\ProgramData\TEMP:89A5891E
@Alternate Data Stream - 194 bytes -> C:\ProgramData\TEMP:C0A1A8AA
@Alternate Data Stream - 176 bytes -> C:\ProgramData\TEMP:55422315
@Alternate Data Stream - 162 bytes -> C:\ProgramData\TEMP:ABE30DDB
@Alternate Data Stream - 156 bytes -> C:\ProgramData\TEMP:77A023CE
@Alternate Data Stream - 154 bytes -> C:\ProgramData\TEMP:EF1813D7
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:D751C674
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:A53FFC56
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:0441DB7A
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:6C1A9365
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:D5BF78B4
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:157D4840
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:83E716F0
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:872B86AD
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:2F4A0A6B
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:F216755A
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:5311B0B8
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:C7F04040
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:0D31DA45
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:B6C77675
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:8DFE5191
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:444169A0
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:FFFCB9A9
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:8668AB36
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:3E69E337
< End of report >
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:B6C77675
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:8DFE5191
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:444169A0
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:FFFCB9A9
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:8668AB36
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:3E69E337
< End of report >
#8
Posted 07 September 2012 - 08:20 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
The search engine in IE was reset whne Babylon was removed
Something appears to be re-installing Babylon, have you downloaded any new programmes lately ?
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
Something appears to be re-installing Babylon, have you downloaded any new programmes lately ?
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...00000219b028d60 FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)" FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)" FF - prefs.js..browser.startup.homepage: "http://search.babylon.com/?affID=44444&tt=3612_6&babsrc=HP_ss&mntrId=cc479e9f00000000000000219b028d60" FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.9 :Commands [purity] [resethosts] [emptytemp] [CREATERESTOREPOINT] [Reboot] - Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
#9
Posted 07 September 2012 - 09:17 AM
Zambian
- Topic Starter
-
- Member
-
- 66 posts
Member
My but you are quick, thanks. Yes i did download a program called RAR Zip and it was after running this program that i noticed Babylon. It was a free program so i can delete it if necessary. Babylon is still there. here are the logs
OTL logfile created on: 7/09/2012 11:02:44 PM - Run 4
OTL by OldTimer - Version 3.2.61.0 Folder = C:\Users\Davie\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy
3.25 Gb Total Physical Memory | 2.33 Gb Available Physical Memory | 71.82% Memory free
6.68 Gb Paging File | 5.79 Gb Available in Paging File | 86.71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 450.68 Gb Total Space | 379.82 Gb Free Space | 84.28% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 8.61 Gb Free Space | 57.41% Space Free | Partition Type: NTFS
Computer Name: DAVIE-PC | User Name: Davie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/09/06 21:16:08 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\Davie\Downloads\OTL.exe
PRC - [2012/07/28 04:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2011/09/07 01:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011/08/18 23:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2011/08/18 23:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files\Dell DataSafe Local Backup\SftService.exe
PRC - [2011/08/02 01:56:48 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2010/05/20 15:27:24 | 000,762,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\vVX1000.exe
PRC - [2010/05/20 15:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2009/04/11 14:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/05/13 16:33:10 | 001,058,088 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DellDock.exe
PRC - [2008/04/28 16:56:28 | 000,161,048 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/03/06 19:52:56 | 004,706,304 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/01/21 10:23:32 | 000,397,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Mail\WinMail.exe
PRC - [2007/11/21 10:11:05 | 003,289,088 | ---- | M] (Google) -- C:\Program Files\Google\Google Talk\googletalk.exe
PRC - [2006/01/25 16:14:44 | 001,646,592 | ---- | M] (Webshots.com) -- C:\Program Files\Webshots\webshots.scr
========== Modules (No Company Name) ==========
MOD - [2012/09/06 12:57:08 | 002,073,112 | ---- | M] () -- c:\ProgramData\Browser Manager\2.2.630.40\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll
MOD - [2012/06/14 11:17:43 | 001,523,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\DellDock\cbaab9a3d542f178ef9f4ed2998b6347\DellDock.ni.exe
MOD - [2012/06/14 11:17:43 | 000,223,744 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\VistaBridgeLibrary\09921757c265f71e2458696d7f64cc5e\VistaBridgeLibrary.ni.dll
MOD - [2012/06/14 11:17:42 | 000,061,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MyDock.Util\7c673f0e46d9d52167ee9ae5d1e73a7a\MyDock.Util.ni.dll
MOD - [2012/06/14 10:31:02 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
MOD - [2012/06/14 10:30:54 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
MOD - [2012/06/14 10:30:33 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7343fbab1ba137db2f8b284047ef3f3c\PresentationFramework.ni.dll
MOD - [2012/06/14 10:29:55 | 012,219,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7b6293b0c23321c255c2530aea8e32bb\PresentationCore.ni.dll
MOD - [2012/05/10 13:29:12 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3d4d5fe5ab848fbfcf91a49960dc8ae\System.Management.ni.dll
MOD - [2012/05/10 13:29:07 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll
MOD - [2012/05/10 12:28:39 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012/05/10 12:28:03 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\0f2b877ed16daa577f95be735a63d19c\System.Core.ni.dll
MOD - [2012/05/10 12:28:00 | 000,224,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d81872939252c65b6f1127f331b84de0\PresentationFramework.Classic.ni.dll
MOD - [2012/05/10 12:27:26 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\54426ee1881b42af5b090e223f43823c\WindowsBase.ni.dll
MOD - [2012/05/10 12:27:23 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012/05/10 12:27:16 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2011/08/18 23:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
MOD - [2008/06/13 19:34:14 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
========== Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- -- (sprtsvc_dellsupportcenter)
SRV - [2012/09/07 21:49:31 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/03 14:38:39 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/28 04:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/08/18 23:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2010/05/20 15:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2008/08/01 17:29:11 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/04/28 16:56:28 | 000,161,048 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/01/21 10:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\sscdmdm.sys -- (sscdmdm)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\sscdmdfl.sys -- (sscdmdfl)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\sscdbus.sys -- (sscdbus)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\BCEB.tmp -- (MEMSWEEP2)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\massfilter.sys -- (massfilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/10/27 18:38:21 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2010/07/21 16:52:14 | 000,044,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
DRV - [2010/05/21 15:03:18 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2010/05/20 15:27:26 | 001,961,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VX1000.sys -- (VX1000)
DRV - [2008/06/13 19:34:12 | 003,592,704 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2008/06/13 19:34:12 | 003,592,704 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/03/06 19:47:34 | 000,106,496 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/03/06 19:44:48 | 000,027,648 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\RtNdPt60.sys -- (RtNdPt60)
DRV - [2008/01/21 10:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2006/11/01 18:50:00 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2006/10/19 02:08:18 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2006/08/05 08:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...ie7&rlz=1I7DAAU
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = http://www.google.co...=au&ibd=1080802
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=au&ibd=1080802
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=au&ibd=1080802
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
IE - HKCU\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...00000219b028d60
IE - HKCU\..\SearchScopes\{1A32E4AF-245D-4132-B773-163AC7DE962A}: "URL" = http://websearch.ask...C3-882B2ED3DD41
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7GPEA_en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaultthis.engineName: "Google Powered Search"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://search.babylo...0000219b028d60"
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/07 21:49:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/09/07 21:48:57 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/07 21:49:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/09/07 21:48:57 | 000,000,000 | ---D | M]
[2010/02/08 23:09:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Davie\AppData\Roaming\Mozilla\Extensions
[2010/02/08 23:09:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Davie\AppData\Roaming\Mozilla\Extensions\[email protected]
[2012/09/07 19:58:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\huvoosx4.default\extensions
[2010/04/28 11:53:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\huvoosx4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/12/23 11:07:44 | 000,000,000 | ---D | M] (WeatherBug) -- C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\huvoosx4.default\extensions\{3EC9C995-8072-4fc0-953E-4F30620D17F3}
[2012/03/31 08:09:53 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\huvoosx4.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/12/15 12:19:53 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\huvoosx4.default\extensions\engine@conduit(72).com
[2012/09/07 21:48:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/09/07 21:48:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/09/07 21:49:32 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/09/05 15:54:27 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
O1 HOSTS File: ([2012/09/07 22:58:11 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - Startup: C:\Users\Davie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Davie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Webshots.lnk = C:\Program Files\Webshots\Launcher.exe ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C310A4B4-D2D0-4B83-B141-9D0887C7C045}: DhcpNameServer = 192.168.0.1
O20 - AppInit_DLLs: (c:\progra~2\browse~1\22630~1.40\{16cdf~1\browse~1.dll) - c:\ProgramData\Browser Manager\2.2.630.40\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Users\Davie\AppData\Roaming\Webshots\The Webshots Desktop\Webshots Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Users\Davie\AppData\Roaming\Webshots\The Webshots Desktop\Webshots Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 05:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004/04/30 17:01:00 | 000,000,053 | -HS- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012/09/07 21:48:56 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/09/07 10:16:58 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/09/06 12:57:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager
[2012/09/05 16:38:17 | 000,000,000 | ---D | C] -- C:\Users\Davie\.thumbnails
[2012/09/05 16:36:14 | 000,000,000 | ---D | C] -- C:\Users\Davie\AppData\Local\fontconfig
[2012/09/05 16:36:13 | 000,000,000 | ---D | C] -- C:\Users\Davie\.gimp-2.8
[2012/09/05 16:36:12 | 000,000,000 | ---D | C] -- C:\Users\Davie\AppData\Local\gegl-0.2
[2012/09/05 16:32:21 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2
[2012/09/05 11:48:37 | 000,000,000 | ---D | C] -- C:\Users\Davie\AppData\Local\{E6B1822A-87DA-4FD6-AE5A-E5727E5E6E6D}
[2012/08/24 09:45:15 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Support Center
[2012/08/24 09:45:14 | 000,000,000 | ---D | C] -- C:\ProgramData\PC-Doctor for Windows
========== Files - Modified Within 30 Days ==========
[2012/09/07 23:05:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/09/07 23:02:00 | 000,000,392 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{482C88B6-77D7-485C-AA97-80C9C2BCAB5A}.job
[2012/09/07 23:00:09 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/07 23:00:07 | 000,000,276 | ---- | M] () -- C:\Windows\tasks\RtlNICDiagVistaStart.job
[2012/09/07 23:00:03 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/07 23:00:03 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/07 22:59:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/07 22:58:11 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012/09/07 22:43:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/06 21:17:34 | 000,000,511 | ---- | M] () -- C:\Users\Davie\Desktop\OTL - Shortcut.lnk
[2012/09/06 20:27:16 | 000,511,265 | ---- | M] () -- C:\Users\Davie\Desktop\adwcleaner.exe
[2012/09/06 12:56:54 | 000,104,025 | ---- | M] () -- C:\Windows\unins000.dat
[2012/09/06 12:56:43 | 000,723,294 | ---- | M] () -- C:\Windows\unins000.exe
[2012/09/05 17:11:29 | 000,001,503 | ---- | M] () -- C:\Users\Davie\AppData\Local\recently-used.xbel
[2012/09/05 11:50:21 | 000,039,424 | ---- | M] () -- C:\Users\Davie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/09/03 14:30:56 | 000,001,704 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2012/08/28 09:43:03 | 000,986,149 | ---- | M] () -- C:\Users\Davie\Documents\Alinta Aug 12.PDF
[2012/08/26 20:43:27 | 000,313,720 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
========== Files Created - No Company Name ==========
[2012/09/06 21:17:34 | 000,000,511 | ---- | C] () -- C:\Users\Davie\Desktop\OTL - Shortcut.lnk
[2012/09/06 20:27:11 | 000,511,265 | ---- | C] () -- C:\Users\Davie\Desktop\adwcleaner.exe
[2012/09/06 12:56:53 | 000,723,294 | ---- | C] () -- C:\Windows\unins000.exe
[2012/09/06 12:56:53 | 000,104,025 | ---- | C] () -- C:\Windows\unins000.dat
[2012/09/05 17:11:29 | 000,001,503 | ---- | C] () -- C:\Users\Davie\AppData\Local\recently-used.xbel
[2012/09/05 16:34:34 | 000,000,882 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
[2012/08/28 09:39:21 | 000,986,149 | ---- | C] () -- C:\Users\Davie\Documents\Alinta Aug 12.PDF
[2012/04/18 13:56:30 | 000,000,552 | ---- | C] () -- C:\Users\Davie\AppData\Local\d3d8caps.dat
[2011/06/18 11:49:28 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2011/03/01 11:33:56 | 000,044,598 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2011/03/01 11:33:56 | 000,029,114 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2011/03/01 11:33:56 | 000,021,021 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2011/03/01 11:33:56 | 000,013,280 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2011/03/01 11:33:56 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2010/02/10 17:23:08 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/09/24 16:17:41 | 000,000,000 | ---- | C] () -- C:\Users\Davie\AppData\Roaming\wklnhst.dat
[2009/06/07 14:46:06 | 000,008,248 | ---- | C] () -- C:\Users\Davie\AppData\Local\en.ini
[2008/10/15 16:08:07 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2008/10/12 13:48:59 | 000,026,340 | ---- | C] () -- C:\Users\Davie\AppData\Roaming\UserTile.png
[2008/09/26 11:56:49 | 000,006,836 | ---- | C] () -- C:\Users\Davie\AppData\Local\d3d9caps.dat
[2008/09/25 20:09:50 | 000,039,424 | ---- | C] () -- C:\Users\Davie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
========== LOP Check ==========
[2011/07/04 17:32:35 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\20000Leagues
[2011/06/18 11:57:06 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Absolutist
[2012/01/25 14:57:10 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Apowersoft
[2010/11/15 15:16:05 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Artogon
[2012/01/25 09:17:55 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Azureus
[2010/10/02 12:53:20 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Clickteam
[2010/09/08 16:52:19 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\EleFun Games
[2011/01/07 15:30:36 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\ElementalsTheMagicKey
[2011/04/09 13:01:44 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Eluvo
[2008/09/29 12:23:10 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Eyeblaster
[2010/09/27 16:17:52 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\FreeBurner
[2009/03/04 15:19:22 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\GameHouse
[2010/12/28 12:55:48 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\HitPoint Studios
[2008/09/29 11:45:38 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\iWin
[2011/04/18 20:14:46 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Meridian93
[2011/04/09 09:40:54 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Myme
[2010/04/01 20:33:44 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\MysteryStudio
[2012/03/08 17:19:19 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Natural Threat.Ominous Shores
[2010/12/22 18:49:40 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\NCH Swift Sound
[2009/08/18 14:39:19 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\OpenOffice.org
[2010/12/10 18:39:59 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\PCDr
[2008/10/12 13:48:59 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\PeerNetworking
[2011/07/04 09:36:17 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\PlayFirst
[2011/01/15 20:30:29 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Raptr
[2010/07/07 16:53:01 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\RobinsonCrusoeOM
[2010/10/27 18:19:35 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Samsung
[2011/06/18 10:30:34 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Silverback Productions
[2008/10/18 19:57:10 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\SpinTop
[2012/01/26 15:13:02 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\SpinTop Games
[2011/01/11 16:16:48 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Template
[2012/02/28 15:06:46 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\TOMI3
[2009/10/26 14:23:51 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Uniblue
[2010/12/27 18:23:20 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Watchtower
[2008/09/28 21:14:20 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Webshots
[2011/11/25 15:20:03 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Windows Live Writer
[2012/09/07 23:00:07 | 000,000,276 | ---- | M] () -- C:\Windows\Tasks\RtlNICDiagVistaStart.job
[2012/09/07 22:58:57 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/09/07 23:02:00 | 000,000,392 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{482C88B6-77D7-485C-AA97-80C9C2BCAB5A}.job
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:621BEE66
@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:5A9AF3C7
@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:57DC3B52
@Alternate Data Stream - 249 bytes -> C:\ProgramData\TEMP:4D8FCBEF
@Alternate Data Stream - 220 bytes -> C:\ProgramData\TEMP:89A5891E
@Alternate Data Stream - 194 bytes -> C:\ProgramData\TEMP:C0A1A8AA
@Alternate Data Stream - 176 bytes -> C:\ProgramData\TEMP:55422315
@Alternate Data Stream - 162 bytes -> C:\ProgramData\TEMP:ABE30DDB
@Alternate Data Stream - 156 bytes -> C:\ProgramData\TEMP:77A023CE
@Alternate Data Stream - 154 bytes -> C:\ProgramData\TEMP:EF1813D7
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:D751C674
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:A53FFC56
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:0441DB7A
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:6C1A9365
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:D5BF78B4
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:157D4840
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:83E716F0
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:872B86AD
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:2F4A0A6B
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:F216755A
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:5311B0B8
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:C7F04040
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:0D31DA45
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:B6C77675
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:8DFE5191
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:444169A0
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:FFFCB9A9
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:8668AB36
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:3E69E337
< End of report >
OTL logfile created on: 7/09/2012 11:02:44 PM - Run 4
OTL by OldTimer - Version 3.2.61.0 Folder = C:\Users\Davie\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy
3.25 Gb Total Physical Memory | 2.33 Gb Available Physical Memory | 71.82% Memory free
6.68 Gb Paging File | 5.79 Gb Available in Paging File | 86.71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 450.68 Gb Total Space | 379.82 Gb Free Space | 84.28% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 8.61 Gb Free Space | 57.41% Space Free | Partition Type: NTFS
Computer Name: DAVIE-PC | User Name: Davie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/09/06 21:16:08 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\Davie\Downloads\OTL.exe
PRC - [2012/07/28 04:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2011/09/07 01:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011/08/18 23:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2011/08/18 23:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files\Dell DataSafe Local Backup\SftService.exe
PRC - [2011/08/02 01:56:48 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2010/05/20 15:27:24 | 000,762,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\vVX1000.exe
PRC - [2010/05/20 15:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2009/04/11 14:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/05/13 16:33:10 | 001,058,088 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DellDock.exe
PRC - [2008/04/28 16:56:28 | 000,161,048 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/03/06 19:52:56 | 004,706,304 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/01/21 10:23:32 | 000,397,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Mail\WinMail.exe
PRC - [2007/11/21 10:11:05 | 003,289,088 | ---- | M] (Google) -- C:\Program Files\Google\Google Talk\googletalk.exe
PRC - [2006/01/25 16:14:44 | 001,646,592 | ---- | M] (Webshots.com) -- C:\Program Files\Webshots\webshots.scr
========== Modules (No Company Name) ==========
MOD - [2012/09/06 12:57:08 | 002,073,112 | ---- | M] () -- c:\ProgramData\Browser Manager\2.2.630.40\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll
MOD - [2012/06/14 11:17:43 | 001,523,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\DellDock\cbaab9a3d542f178ef9f4ed2998b6347\DellDock.ni.exe
MOD - [2012/06/14 11:17:43 | 000,223,744 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\VistaBridgeLibrary\09921757c265f71e2458696d7f64cc5e\VistaBridgeLibrary.ni.dll
MOD - [2012/06/14 11:17:42 | 000,061,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MyDock.Util\7c673f0e46d9d52167ee9ae5d1e73a7a\MyDock.Util.ni.dll
MOD - [2012/06/14 10:31:02 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
MOD - [2012/06/14 10:30:54 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
MOD - [2012/06/14 10:30:33 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7343fbab1ba137db2f8b284047ef3f3c\PresentationFramework.ni.dll
MOD - [2012/06/14 10:29:55 | 012,219,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7b6293b0c23321c255c2530aea8e32bb\PresentationCore.ni.dll
MOD - [2012/05/10 13:29:12 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3d4d5fe5ab848fbfcf91a49960dc8ae\System.Management.ni.dll
MOD - [2012/05/10 13:29:07 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll
MOD - [2012/05/10 12:28:39 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012/05/10 12:28:03 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\0f2b877ed16daa577f95be735a63d19c\System.Core.ni.dll
MOD - [2012/05/10 12:28:00 | 000,224,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d81872939252c65b6f1127f331b84de0\PresentationFramework.Classic.ni.dll
MOD - [2012/05/10 12:27:26 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\54426ee1881b42af5b090e223f43823c\WindowsBase.ni.dll
MOD - [2012/05/10 12:27:23 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012/05/10 12:27:16 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2011/08/18 23:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
MOD - [2008/06/13 19:34:14 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
========== Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- -- (sprtsvc_dellsupportcenter)
SRV - [2012/09/07 21:49:31 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/03 14:38:39 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/28 04:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/08/18 23:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2010/05/20 15:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2008/08/01 17:29:11 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/04/28 16:56:28 | 000,161,048 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/01/21 10:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\sscdmdm.sys -- (sscdmdm)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\sscdmdfl.sys -- (sscdmdfl)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\sscdbus.sys -- (sscdbus)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\BCEB.tmp -- (MEMSWEEP2)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\massfilter.sys -- (massfilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/10/27 18:38:21 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2010/07/21 16:52:14 | 000,044,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
DRV - [2010/05/21 15:03:18 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2010/05/20 15:27:26 | 001,961,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VX1000.sys -- (VX1000)
DRV - [2008/06/13 19:34:12 | 003,592,704 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2008/06/13 19:34:12 | 003,592,704 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/03/06 19:47:34 | 000,106,496 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/03/06 19:44:48 | 000,027,648 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\RtNdPt60.sys -- (RtNdPt60)
DRV - [2008/01/21 10:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2006/11/01 18:50:00 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2006/10/19 02:08:18 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2006/08/05 08:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...ie7&rlz=1I7DAAU
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = http://www.google.co...=au&ibd=1080802
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=au&ibd=1080802
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=au&ibd=1080802
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
IE - HKCU\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...00000219b028d60
IE - HKCU\..\SearchScopes\{1A32E4AF-245D-4132-B773-163AC7DE962A}: "URL" = http://websearch.ask...C3-882B2ED3DD41
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7GPEA_en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaultthis.engineName: "Google Powered Search"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://search.babylo...0000219b028d60"
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/07 21:49:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/09/07 21:48:57 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/07 21:49:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/09/07 21:48:57 | 000,000,000 | ---D | M]
[2010/02/08 23:09:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Davie\AppData\Roaming\Mozilla\Extensions
[2010/02/08 23:09:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Davie\AppData\Roaming\Mozilla\Extensions\[email protected]
[2012/09/07 19:58:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\huvoosx4.default\extensions
[2010/04/28 11:53:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\huvoosx4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/12/23 11:07:44 | 000,000,000 | ---D | M] (WeatherBug) -- C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\huvoosx4.default\extensions\{3EC9C995-8072-4fc0-953E-4F30620D17F3}
[2012/03/31 08:09:53 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\huvoosx4.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/12/15 12:19:53 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\huvoosx4.default\extensions\engine@conduit(72).com
[2012/09/07 21:48:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/09/07 21:48:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/09/07 21:49:32 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/09/05 15:54:27 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
O1 HOSTS File: ([2012/09/07 22:58:11 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - Startup: C:\Users\Davie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Davie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Webshots.lnk = C:\Program Files\Webshots\Launcher.exe ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C310A4B4-D2D0-4B83-B141-9D0887C7C045}: DhcpNameServer = 192.168.0.1
O20 - AppInit_DLLs: (c:\progra~2\browse~1\22630~1.40\{16cdf~1\browse~1.dll) - c:\ProgramData\Browser Manager\2.2.630.40\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Users\Davie\AppData\Roaming\Webshots\The Webshots Desktop\Webshots Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Users\Davie\AppData\Roaming\Webshots\The Webshots Desktop\Webshots Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 05:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004/04/30 17:01:00 | 000,000,053 | -HS- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012/09/07 21:48:56 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/09/07 10:16:58 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/09/06 12:57:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager
[2012/09/05 16:38:17 | 000,000,000 | ---D | C] -- C:\Users\Davie\.thumbnails
[2012/09/05 16:36:14 | 000,000,000 | ---D | C] -- C:\Users\Davie\AppData\Local\fontconfig
[2012/09/05 16:36:13 | 000,000,000 | ---D | C] -- C:\Users\Davie\.gimp-2.8
[2012/09/05 16:36:12 | 000,000,000 | ---D | C] -- C:\Users\Davie\AppData\Local\gegl-0.2
[2012/09/05 16:32:21 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2
[2012/09/05 11:48:37 | 000,000,000 | ---D | C] -- C:\Users\Davie\AppData\Local\{E6B1822A-87DA-4FD6-AE5A-E5727E5E6E6D}
[2012/08/24 09:45:15 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Support Center
[2012/08/24 09:45:14 | 000,000,000 | ---D | C] -- C:\ProgramData\PC-Doctor for Windows
========== Files - Modified Within 30 Days ==========
[2012/09/07 23:05:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/09/07 23:02:00 | 000,000,392 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{482C88B6-77D7-485C-AA97-80C9C2BCAB5A}.job
[2012/09/07 23:00:09 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/07 23:00:07 | 000,000,276 | ---- | M] () -- C:\Windows\tasks\RtlNICDiagVistaStart.job
[2012/09/07 23:00:03 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/07 23:00:03 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/07 22:59:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/07 22:58:11 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012/09/07 22:43:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/06 21:17:34 | 000,000,511 | ---- | M] () -- C:\Users\Davie\Desktop\OTL - Shortcut.lnk
[2012/09/06 20:27:16 | 000,511,265 | ---- | M] () -- C:\Users\Davie\Desktop\adwcleaner.exe
[2012/09/06 12:56:54 | 000,104,025 | ---- | M] () -- C:\Windows\unins000.dat
[2012/09/06 12:56:43 | 000,723,294 | ---- | M] () -- C:\Windows\unins000.exe
[2012/09/05 17:11:29 | 000,001,503 | ---- | M] () -- C:\Users\Davie\AppData\Local\recently-used.xbel
[2012/09/05 11:50:21 | 000,039,424 | ---- | M] () -- C:\Users\Davie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/09/03 14:30:56 | 000,001,704 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2012/08/28 09:43:03 | 000,986,149 | ---- | M] () -- C:\Users\Davie\Documents\Alinta Aug 12.PDF
[2012/08/26 20:43:27 | 000,313,720 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
========== Files Created - No Company Name ==========
[2012/09/06 21:17:34 | 000,000,511 | ---- | C] () -- C:\Users\Davie\Desktop\OTL - Shortcut.lnk
[2012/09/06 20:27:11 | 000,511,265 | ---- | C] () -- C:\Users\Davie\Desktop\adwcleaner.exe
[2012/09/06 12:56:53 | 000,723,294 | ---- | C] () -- C:\Windows\unins000.exe
[2012/09/06 12:56:53 | 000,104,025 | ---- | C] () -- C:\Windows\unins000.dat
[2012/09/05 17:11:29 | 000,001,503 | ---- | C] () -- C:\Users\Davie\AppData\Local\recently-used.xbel
[2012/09/05 16:34:34 | 000,000,882 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
[2012/08/28 09:39:21 | 000,986,149 | ---- | C] () -- C:\Users\Davie\Documents\Alinta Aug 12.PDF
[2012/04/18 13:56:30 | 000,000,552 | ---- | C] () -- C:\Users\Davie\AppData\Local\d3d8caps.dat
[2011/06/18 11:49:28 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2011/03/01 11:33:56 | 000,044,598 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2011/03/01 11:33:56 | 000,029,114 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2011/03/01 11:33:56 | 000,021,021 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2011/03/01 11:33:56 | 000,013,280 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2011/03/01 11:33:56 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2010/02/10 17:23:08 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/09/24 16:17:41 | 000,000,000 | ---- | C] () -- C:\Users\Davie\AppData\Roaming\wklnhst.dat
[2009/06/07 14:46:06 | 000,008,248 | ---- | C] () -- C:\Users\Davie\AppData\Local\en.ini
[2008/10/15 16:08:07 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2008/10/12 13:48:59 | 000,026,340 | ---- | C] () -- C:\Users\Davie\AppData\Roaming\UserTile.png
[2008/09/26 11:56:49 | 000,006,836 | ---- | C] () -- C:\Users\Davie\AppData\Local\d3d9caps.dat
[2008/09/25 20:09:50 | 000,039,424 | ---- | C] () -- C:\Users\Davie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
========== LOP Check ==========
[2011/07/04 17:32:35 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\20000Leagues
[2011/06/18 11:57:06 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Absolutist
[2012/01/25 14:57:10 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Apowersoft
[2010/11/15 15:16:05 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Artogon
[2012/01/25 09:17:55 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Azureus
[2010/10/02 12:53:20 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Clickteam
[2010/09/08 16:52:19 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\EleFun Games
[2011/01/07 15:30:36 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\ElementalsTheMagicKey
[2011/04/09 13:01:44 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Eluvo
[2008/09/29 12:23:10 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Eyeblaster
[2010/09/27 16:17:52 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\FreeBurner
[2009/03/04 15:19:22 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\GameHouse
[2010/12/28 12:55:48 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\HitPoint Studios
[2008/09/29 11:45:38 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\iWin
[2011/04/18 20:14:46 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Meridian93
[2011/04/09 09:40:54 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Myme
[2010/04/01 20:33:44 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\MysteryStudio
[2012/03/08 17:19:19 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Natural Threat.Ominous Shores
[2010/12/22 18:49:40 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\NCH Swift Sound
[2009/08/18 14:39:19 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\OpenOffice.org
[2010/12/10 18:39:59 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\PCDr
[2008/10/12 13:48:59 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\PeerNetworking
[2011/07/04 09:36:17 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\PlayFirst
[2011/01/15 20:30:29 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Raptr
[2010/07/07 16:53:01 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\RobinsonCrusoeOM
[2010/10/27 18:19:35 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Samsung
[2011/06/18 10:30:34 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Silverback Productions
[2008/10/18 19:57:10 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\SpinTop
[2012/01/26 15:13:02 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\SpinTop Games
[2011/01/11 16:16:48 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Template
[2012/02/28 15:06:46 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\TOMI3
[2009/10/26 14:23:51 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Uniblue
[2010/12/27 18:23:20 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Watchtower
[2008/09/28 21:14:20 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Webshots
[2011/11/25 15:20:03 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Windows Live Writer
[2012/09/07 23:00:07 | 000,000,276 | ---- | M] () -- C:\Windows\Tasks\RtlNICDiagVistaStart.job
[2012/09/07 22:58:57 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/09/07 23:02:00 | 000,000,392 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{482C88B6-77D7-485C-AA97-80C9C2BCAB5A}.job
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:621BEE66
@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:5A9AF3C7
@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:57DC3B52
@Alternate Data Stream - 249 bytes -> C:\ProgramData\TEMP:4D8FCBEF
@Alternate Data Stream - 220 bytes -> C:\ProgramData\TEMP:89A5891E
@Alternate Data Stream - 194 bytes -> C:\ProgramData\TEMP:C0A1A8AA
@Alternate Data Stream - 176 bytes -> C:\ProgramData\TEMP:55422315
@Alternate Data Stream - 162 bytes -> C:\ProgramData\TEMP:ABE30DDB
@Alternate Data Stream - 156 bytes -> C:\ProgramData\TEMP:77A023CE
@Alternate Data Stream - 154 bytes -> C:\ProgramData\TEMP:EF1813D7
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:D751C674
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:A53FFC56
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:0441DB7A
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:6C1A9365
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:D5BF78B4
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:157D4840
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:83E716F0
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:872B86AD
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:2F4A0A6B
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:F216755A
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:5311B0B8
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:C7F04040
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:0D31DA45
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:B6C77675
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:8DFE5191
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:444169A0
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:FFFCB9A9
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:8668AB36
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:3E69E337
< End of report >
OTL logfile created on: 7/09/2012 11:02:44 PM - Run 4
OTL by OldTimer - Version 3.2.61.0 Folder = C:\Users\Davie\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy
3.25 Gb Total Physical Memory | 2.33 Gb Available Physical Memory | 71.82% Memory free
6.68 Gb Paging File | 5.79 Gb Available in Paging File | 86.71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 450.68 Gb Total Space | 379.82 Gb Free Space | 84.28% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 8.61 Gb Free Space | 57.41% Space Free | Partition Type: NTFS
Computer Name: DAVIE-PC | User Name: Davie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/09/06 21:16:08 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\Davie\Downloads\OTL.exe
PRC - [2012/07/28 04:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2011/09/07 01:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011/08/18 23:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2011/08/18 23:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files\Dell DataSafe Local Backup\SftService.exe
PRC - [2011/08/02 01:56:48 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2010/05/20 15:27:24 | 000,762,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\vVX1000.exe
PRC - [2010/05/20 15:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2009/04/11 14:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/05/13 16:33:10 | 001,058,088 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DellDock.exe
PRC - [2008/04/28 16:56:28 | 000,161,048 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/03/06 19:52:56 | 004,706,304 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/01/21 10:23:32 | 000,397,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Mail\WinMail.exe
PRC - [2007/11/21 10:11:05 | 003,289,088 | ---- | M] (Google) -- C:\Program Files\Google\Google Talk\googletalk.exe
PRC - [2006/01/25 16:14:44 | 001,646,592 | ---- | M] (Webshots.com) -- C:\Program Files\Webshots\webshots.scr
========== Modules (No Company Name) ==========
MOD - [2012/09/06 12:57:08 | 002,073,112 | ---- | M] () -- c:\ProgramData\Browser Manager\2.2.630.40\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll
MOD - [2012/06/14 11:17:43 | 001,523,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\DellDock\cbaab9a3d542f178ef9f4ed2998b6347\DellDock.ni.exe
MOD - [2012/06/14 11:17:43 | 000,223,744 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\VistaBridgeLibrary\09921757c265f71e2458696d7f64cc5e\VistaBridgeLibrary.ni.dll
MOD - [2012/06/14 11:17:42 | 000,061,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MyDock.Util\7c673f0e46d9d52167ee9ae5d1e73a7a\MyDock.Util.ni.dll
MOD - [2012/06/14 10:31:02 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
MOD - [2012/06/14 10:30:54 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
MOD - [2012/06/14 10:30:33 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7343fbab1ba137db2f8b284047ef3f3c\PresentationFramework.ni.dll
MOD - [2012/06/14 10:29:55 | 012,219,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7b6293b0c23321c255c2530aea8e32bb\PresentationCore.ni.dll
MOD - [2012/05/10 13:29:12 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3d4d5fe5ab848fbfcf91a49960dc8ae\System.Management.ni.dll
MOD - [2012/05/10 13:29:07 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll
MOD - [2012/05/10 12:28:39 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012/05/10 12:28:03 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\0f2b877ed16daa577f95be735a63d19c\System.Core.ni.dll
MOD - [2012/05/10 12:28:00 | 000,224,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d81872939252c65b6f1127f331b84de0\PresentationFramework.Classic.ni.dll
MOD - [2012/05/10 12:27:26 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\54426ee1881b42af5b090e223f43823c\WindowsBase.ni.dll
MOD - [2012/05/10 12:27:23 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012/05/10 12:27:16 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2011/08/18 23:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
MOD - [2008/06/13 19:34:14 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
========== Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- -- (sprtsvc_dellsupportcenter)
SRV - [2012/09/07 21:49:31 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/03 14:38:39 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/28 04:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/08/18 23:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2010/05/20 15:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2008/08/01 17:29:11 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/04/28 16:56:28 | 000,161,048 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/01/21 10:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\sscdmdm.sys -- (sscdmdm)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\sscdmdfl.sys -- (sscdmdfl)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\sscdbus.sys -- (sscdbus)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\BCEB.tmp -- (MEMSWEEP2)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\massfilter.sys -- (massfilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/10/27 18:38:21 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2010/07/21 16:52:14 | 000,044,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
DRV - [2010/05/21 15:03:18 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2010/05/20 15:27:26 | 001,961,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VX1000.sys -- (VX1000)
DRV - [2008/06/13 19:34:12 | 003,592,704 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2008/06/13 19:34:12 | 003,592,704 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/03/06 19:47:34 | 000,106,496 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/03/06 19:44:48 | 000,027,648 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\RtNdPt60.sys -- (RtNdPt60)
DRV - [2008/01/21 10:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2006/11/01 18:50:00 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2006/10/19 02:08:18 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2006/08/05 08:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...ie7&rlz=1I7DAAU
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = http://www.google.co...=au&ibd=1080802
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=au&ibd=1080802
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=au&ibd=1080802
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
IE - HKCU\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...00000219b028d60
IE - HKCU\..\SearchScopes\{1A32E4AF-245D-4132-B773-163AC7DE962A}: "URL" = http://websearch.ask...C3-882B2ED3DD41
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7GPEA_en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaultthis.engineName: "Google Powered Search"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://search.babylo...0000219b028d60"
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/07 21:49:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/09/07 21:48:57 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/07 21:49:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/09/07 21:48:57 | 000,000,000 | ---D | M]
[2010/02/08 23:09:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Davie\AppData\Roaming\Mozilla\Extensions
[2010/02/08 23:09:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Davie\AppData\Roaming\Mozilla\Extensions\[email protected]
[2012/09/07 19:58:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\huvoosx4.default\extensions
[2010/04/28 11:53:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\huvoosx4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/12/23 11:07:44 | 000,000,000 | ---D | M] (WeatherBug) -- C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\huvoosx4.default\extensions\{3EC9C995-8072-4fc0-953E-4F30620D17F3}
[2012/03/31 08:09:53 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\huvoosx4.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/12/15 12:19:53 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\huvoosx4.default\extensions\engine@conduit(72).com
[2012/09/07 21:48:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/09/07 21:48:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/09/07 21:49:32 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/09/05 15:54:27 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
O1 HOSTS File: ([2012/09/07 22:58:11 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - Startup: C:\Users\Davie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Davie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Webshots.lnk = C:\Program Files\Webshots\Launcher.exe ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C310A4B4-D2D0-4B83-B141-9D0887C7C045}: DhcpNameServer = 192.168.0.1
O20 - AppInit_DLLs: (c:\progra~2\browse~1\22630~1.40\{16cdf~1\browse~1.dll) - c:\ProgramData\Browser Manager\2.2.630.40\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Users\Davie\AppData\Roaming\Webshots\The Webshots Desktop\Webshots Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Users\Davie\AppData\Roaming\Webshots\The Webshots Desktop\Webshots Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 05:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004/04/30 17:01:00 | 000,000,053 | -HS- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012/09/07 21:48:56 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/09/07 10:16:58 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/09/06 12:57:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager
[2012/09/05 16:38:17 | 000,000,000 | ---D | C] -- C:\Users\Davie\.thumbnails
[2012/09/05 16:36:14 | 000,000,000 | ---D | C] -- C:\Users\Davie\AppData\Local\fontconfig
[2012/09/05 16:36:13 | 000,000,000 | ---D | C] -- C:\Users\Davie\.gimp-2.8
[2012/09/05 16:36:12 | 000,000,000 | ---D | C] -- C:\Users\Davie\AppData\Local\gegl-0.2
[2012/09/05 16:32:21 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2
[2012/09/05 11:48:37 | 000,000,000 | ---D | C] -- C:\Users\Davie\AppData\Local\{E6B1822A-87DA-4FD6-AE5A-E5727E5E6E6D}
[2012/08/24 09:45:15 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Support Center
[2012/08/24 09:45:14 | 000,000,000 | ---D | C] -- C:\ProgramData\PC-Doctor for Windows
========== Files - Modified Within 30 Days ==========
[2012/09/07 23:05:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/09/07 23:02:00 | 000,000,392 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{482C88B6-77D7-485C-AA97-80C9C2BCAB5A}.job
[2012/09/07 23:00:09 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/07 23:00:07 | 000,000,276 | ---- | M] () -- C:\Windows\tasks\RtlNICDiagVistaStart.job
[2012/09/07 23:00:03 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/07 23:00:03 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/07 22:59:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/07 22:58:11 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012/09/07 22:43:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/06 21:17:34 | 000,000,511 | ---- | M] () -- C:\Users\Davie\Desktop\OTL - Shortcut.lnk
[2012/09/06 20:27:16 | 000,511,265 | ---- | M] () -- C:\Users\Davie\Desktop\adwcleaner.exe
[2012/09/06 12:56:54 | 000,104,025 | ---- | M] () -- C:\Windows\unins000.dat
[2012/09/06 12:56:43 | 000,723,294 | ---- | M] () -- C:\Windows\unins000.exe
[2012/09/05 17:11:29 | 000,001,503 | ---- | M] () -- C:\Users\Davie\AppData\Local\recently-used.xbel
[2012/09/05 11:50:21 | 000,039,424 | ---- | M] () -- C:\Users\Davie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/09/03 14:30:56 | 000,001,704 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2012/08/28 09:43:03 | 000,986,149 | ---- | M] () -- C:\Users\Davie\Documents\Alinta Aug 12.PDF
[2012/08/26 20:43:27 | 000,313,720 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
========== Files Created - No Company Name ==========
[2012/09/06 21:17:34 | 000,000,511 | ---- | C] () -- C:\Users\Davie\Desktop\OTL - Shortcut.lnk
[2012/09/06 20:27:11 | 000,511,265 | ---- | C] () -- C:\Users\Davie\Desktop\adwcleaner.exe
[2012/09/06 12:56:53 | 000,723,294 | ---- | C] () -- C:\Windows\unins000.exe
[2012/09/06 12:56:53 | 000,104,025 | ---- | C] () -- C:\Windows\unins000.dat
[2012/09/05 17:11:29 | 000,001,503 | ---- | C] () -- C:\Users\Davie\AppData\Local\recently-used.xbel
[2012/09/05 16:34:34 | 000,000,882 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
[2012/08/28 09:39:21 | 000,986,149 | ---- | C] () -- C:\Users\Davie\Documents\Alinta Aug 12.PDF
[2012/04/18 13:56:30 | 000,000,552 | ---- | C] () -- C:\Users\Davie\AppData\Local\d3d8caps.dat
[2011/06/18 11:49:28 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2011/03/01 11:33:56 | 000,044,598 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2011/03/01 11:33:56 | 000,029,114 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2011/03/01 11:33:56 | 000,021,021 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2011/03/01 11:33:56 | 000,013,280 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2011/03/01 11:33:56 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2010/02/10 17:23:08 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/09/24 16:17:41 | 000,000,000 | ---- | C] () -- C:\Users\Davie\AppData\Roaming\wklnhst.dat
[2009/06/07 14:46:06 | 000,008,248 | ---- | C] () -- C:\Users\Davie\AppData\Local\en.ini
[2008/10/15 16:08:07 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2008/10/12 13:48:59 | 000,026,340 | ---- | C] () -- C:\Users\Davie\AppData\Roaming\UserTile.png
[2008/09/26 11:56:49 | 000,006,836 | ---- | C] () -- C:\Users\Davie\AppData\Local\d3d9caps.dat
[2008/09/25 20:09:50 | 000,039,424 | ---- | C] () -- C:\Users\Davie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
========== LOP Check ==========
[2011/07/04 17:32:35 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\20000Leagues
[2011/06/18 11:57:06 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Absolutist
[2012/01/25 14:57:10 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Apowersoft
[2010/11/15 15:16:05 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Artogon
[2012/01/25 09:17:55 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Azureus
[2010/10/02 12:53:20 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Clickteam
[2010/09/08 16:52:19 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\EleFun Games
[2011/01/07 15:30:36 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\ElementalsTheMagicKey
[2011/04/09 13:01:44 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Eluvo
[2008/09/29 12:23:10 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Eyeblaster
[2010/09/27 16:17:52 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\FreeBurner
[2009/03/04 15:19:22 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\GameHouse
[2010/12/28 12:55:48 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\HitPoint Studios
[2008/09/29 11:45:38 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\iWin
[2011/04/18 20:14:46 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Meridian93
[2011/04/09 09:40:54 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Myme
[2010/04/01 20:33:44 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\MysteryStudio
[2012/03/08 17:19:19 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Natural Threat.Ominous Shores
[2010/12/22 18:49:40 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\NCH Swift Sound
[2009/08/18 14:39:19 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\OpenOffice.org
[2010/12/10 18:39:59 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\PCDr
[2008/10/12 13:48:59 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\PeerNetworking
[2011/07/04 09:36:17 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\PlayFirst
[2011/01/15 20:30:29 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Raptr
[2010/07/07 16:53:01 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\RobinsonCrusoeOM
[2010/10/27 18:19:35 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Samsung
[2011/06/18 10:30:34 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Silverback Productions
[2008/10/18 19:57:10 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\SpinTop
[2012/01/26 15:13:02 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\SpinTop Games
[2011/01/11 16:16:48 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Template
[2012/02/28 15:06:46 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\TOMI3
[2009/10/26 14:23:51 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Uniblue
[2010/12/27 18:23:20 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Watchtower
[2008/09/28 21:14:20 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Webshots
[2011/11/25 15:20:03 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Windows Live Writer
[2012/09/07 23:00:07 | 000,000,276 | ---- | M] () -- C:\Windows\Tasks\RtlNICDiagVistaStart.job
[2012/09/07 22:58:57 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/09/07 23:02:00 | 000,000,392 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{482C88B6-77D7-485C-AA97-80C9C2BCAB5A}.job
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:621BEE66
@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:5A9AF3C7
@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:57DC3B52
@Alternate Data Stream - 249 bytes -> C:\ProgramData\TEMP:4D8FCBEF
@Alternate Data Stream - 220 bytes -> C:\ProgramData\TEMP:89A5891E
@Alternate Data Stream - 194 bytes -> C:\ProgramData\TEMP:C0A1A8AA
@Alternate Data Stream - 176 bytes -> C:\ProgramData\TEMP:55422315
@Alternate Data Stream - 162 bytes -> C:\ProgramData\TEMP:ABE30DDB
@Alternate Data Stream - 156 bytes -> C:\ProgramData\TEMP:77A023CE
@Alternate Data Stream - 154 bytes -> C:\ProgramData\TEMP:EF1813D7
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:D751C674
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:A53FFC56
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:0441DB7A
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:6C1A9365
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:D5BF78B4
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:157D4840
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:83E716F0
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:872B86AD
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:2F4A0A6B
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:F216755A
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:5311B0B8
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:C7F04040
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:0D31DA45
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:B6C77675
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:8DFE5191
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:444169A0
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:FFFCB9A9
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:8668AB36
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:3E69E337
< End of report >
OTL logfile created on: 7/09/2012 11:02:44 PM - Run 4
OTL by OldTimer - Version 3.2.61.0 Folder = C:\Users\Davie\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy
3.25 Gb Total Physical Memory | 2.33 Gb Available Physical Memory | 71.82% Memory free
6.68 Gb Paging File | 5.79 Gb Available in Paging File | 86.71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 450.68 Gb Total Space | 379.82 Gb Free Space | 84.28% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 8.61 Gb Free Space | 57.41% Space Free | Partition Type: NTFS
Computer Name: DAVIE-PC | User Name: Davie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/09/06 21:16:08 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\Davie\Downloads\OTL.exe
PRC - [2012/07/28 04:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2011/09/07 01:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011/08/18 23:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2011/08/18 23:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files\Dell DataSafe Local Backup\SftService.exe
PRC - [2011/08/02 01:56:48 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2010/05/20 15:27:24 | 000,762,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\vVX1000.exe
PRC - [2010/05/20 15:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2009/04/11 14:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/05/13 16:33:10 | 001,058,088 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DellDock.exe
PRC - [2008/04/28 16:56:28 | 000,161,048 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/03/06 19:52:56 | 004,706,304 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/01/21 10:23:32 | 000,397,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Mail\WinMail.exe
PRC - [2007/11/21 10:11:05 | 003,289,088 | ---- | M] (Google) -- C:\Program Files\Google\Google Talk\googletalk.exe
PRC - [2006/01/25 16:14:44 | 001,646,592 | ---- | M] (Webshots.com) -- C:\Program Files\Webshots\webshots.scr
========== Modules (No Company Name) ==========
MOD - [2012/09/06 12:57:08 | 002,073,112 | ---- | M] () -- c:\ProgramData\Browser Manager\2.2.630.40\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll
MOD - [2012/06/14 11:17:43 | 001,523,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\DellDock\cbaab9a3d542f178ef9f4ed2998b6347\DellDock.ni.exe
MOD - [2012/06/14 11:17:43 | 000,223,744 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\VistaBridgeLibrary\09921757c265f71e2458696d7f64cc5e\VistaBridgeLibrary.ni.dll
MOD - [2012/06/14 11:17:42 | 000,061,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MyDock.Util\7c673f0e46d9d52167ee9ae5d1e73a7a\MyDock.Util.ni.dll
MOD - [2012/06/14 10:31:02 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
MOD - [2012/06/14 10:30:54 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
MOD - [2012/06/14 10:30:33 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7343fbab1ba137db2f8b284047ef3f3c\PresentationFramework.ni.dll
MOD - [2012/06/14 10:29:55 | 012,219,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7b6293b0c23321c255c2530aea8e32bb\PresentationCore.ni.dll
MOD - [2012/05/10 13:29:12 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3d4d5fe5ab848fbfcf91a49960dc8ae\System.Management.ni.dll
MOD - [2012/05/10 13:29:07 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll
MOD - [2012/05/10 12:28:39 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012/05/10 12:28:03 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\0f2b877ed16daa577f95be735a63d19c\System.Core.ni.dll
MOD - [2012/05/10 12:28:00 | 000,224,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d81872939252c65b6f1127f331b84de0\PresentationFramework.Classic.ni.dll
MOD - [2012/05/10 12:27:26 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\54426ee1881b42af5b090e223f43823c\WindowsBase.ni.dll
MOD - [2012/05/10 12:27:23 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012/05/10 12:27:16 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2011/08/18 23:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
MOD - [2008/06/13 19:34:14 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
========== Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- -- (sprtsvc_dellsupportcenter)
SRV - [2012/09/07 21:49:31 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/03 14:38:39 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/28 04:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/08/18 23:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2010/05/20 15:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2008/08/01 17:29:11 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/04/28 16:56:28 | 000,161,048 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/01/21 10:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\sscdmdm.sys -- (sscdmdm)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\sscdmdfl.sys -- (sscdmdfl)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\sscdbus.sys -- (sscdbus)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\BCEB.tmp -- (MEMSWEEP2)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\massfilter.sys -- (massfilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/10/27 18:38:21 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2010/07/21 16:52:14 | 000,044,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
DRV - [2010/05/21 15:03:18 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2010/05/20 15:27:26 | 001,961,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VX1000.sys -- (VX1000)
DRV - [2008/06/13 19:34:12 | 003,592,704 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2008/06/13 19:34:12 | 003,592,704 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/03/06 19:47:34 | 000,106,496 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/03/06 19:44:48 | 000,027,648 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\RtNdPt60.sys -- (RtNdPt60)
DRV - [2008/01/21 10:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2006/11/01 18:50:00 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2006/10/19 02:08:18 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2006/08/05 08:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...ie7&rlz=1I7DAAU
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = http://www.google.co...=au&ibd=1080802
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=au&ibd=1080802
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=au&ibd=1080802
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
IE - HKCU\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...00000219b028d60
IE - HKCU\..\SearchScopes\{1A32E4AF-245D-4132-B773-163AC7DE962A}: "URL" = http://websearch.ask...C3-882B2ED3DD41
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7GPEA_en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaultthis.engineName: "Google Powered Search"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://search.babylo...0000219b028d60"
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/07 21:49:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/09/07 21:48:57 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/07 21:49:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/09/07 21:48:57 | 000,000,000 | ---D | M]
[2010/02/08 23:09:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Davie\AppData\Roaming\Mozilla\Extensions
[2010/02/08 23:09:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Davie\AppData\Roaming\Mozilla\Extensions\[email protected]
[2012/09/07 19:58:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\huvoosx4.default\extensions
[2010/04/28 11:53:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\huvoosx4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/12/23 11:07:44 | 000,000,000 | ---D | M] (WeatherBug) -- C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\huvoosx4.default\extensions\{3EC9C995-8072-4fc0-953E-4F30620D17F3}
[2012/03/31 08:09:53 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\huvoosx4.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/12/15 12:19:53 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\huvoosx4.default\extensions\engine@conduit(72).com
[2012/09/07 21:48:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/09/07 21:48:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/09/07 21:49:32 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/09/05 15:54:27 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
O1 HOSTS File: ([2012/09/07 22:58:11 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - Startup: C:\Users\Davie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Davie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Webshots.lnk = C:\Program Files\Webshots\Launcher.exe ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C310A4B4-D2D0-4B83-B141-9D0887C7C045}: DhcpNameServer = 192.168.0.1
O20 - AppInit_DLLs: (c:\progra~2\browse~1\22630~1.40\{16cdf~1\browse~1.dll) - c:\ProgramData\Browser Manager\2.2.630.40\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Users\Davie\AppData\Roaming\Webshots\The Webshots Desktop\Webshots Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Users\Davie\AppData\Roaming\Webshots\The Webshots Desktop\Webshots Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 05:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004/04/30 17:01:00 | 000,000,053 | -HS- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012/09/07 21:48:56 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/09/07 10:16:58 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/09/06 12:57:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager
[2012/09/05 16:38:17 | 000,000,000 | ---D | C] -- C:\Users\Davie\.thumbnails
[2012/09/05 16:36:14 | 000,000,000 | ---D | C] -- C:\Users\Davie\AppData\Local\fontconfig
[2012/09/05 16:36:13 | 000,000,000 | ---D | C] -- C:\Users\Davie\.gimp-2.8
[2012/09/05 16:36:12 | 000,000,000 | ---D | C] -- C:\Users\Davie\AppData\Local\gegl-0.2
[2012/09/05 16:32:21 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2
[2012/09/05 11:48:37 | 000,000,000 | ---D | C] -- C:\Users\Davie\AppData\Local\{E6B1822A-87DA-4FD6-AE5A-E5727E5E6E6D}
[2012/08/24 09:45:15 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Support Center
[2012/08/24 09:45:14 | 000,000,000 | ---D | C] -- C:\ProgramData\PC-Doctor for Windows
========== Files - Modified Within 30 Days ==========
[2012/09/07 23:05:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/09/07 23:02:00 | 000,000,392 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{482C88B6-77D7-485C-AA97-80C9C2BCAB5A}.job
[2012/09/07 23:00:09 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/07 23:00:07 | 000,000,276 | ---- | M] () -- C:\Windows\tasks\RtlNICDiagVistaStart.job
[2012/09/07 23:00:03 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/07 23:00:03 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/07 22:59:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/07 22:58:11 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012/09/07 22:43:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/06 21:17:34 | 000,000,511 | ---- | M] () -- C:\Users\Davie\Desktop\OTL - Shortcut.lnk
[2012/09/06 20:27:16 | 000,511,265 | ---- | M] () -- C:\Users\Davie\Desktop\adwcleaner.exe
[2012/09/06 12:56:54 | 000,104,025 | ---- | M] () -- C:\Windows\unins000.dat
[2012/09/06 12:56:43 | 000,723,294 | ---- | M] () -- C:\Windows\unins000.exe
[2012/09/05 17:11:29 | 000,001,503 | ---- | M] () -- C:\Users\Davie\AppData\Local\recently-used.xbel
[2012/09/05 11:50:21 | 000,039,424 | ---- | M] () -- C:\Users\Davie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/09/03 14:30:56 | 000,001,704 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2012/08/28 09:43:03 | 000,986,149 | ---- | M] () -- C:\Users\Davie\Documents\Alinta Aug 12.PDF
[2012/08/26 20:43:27 | 000,313,720 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
========== Files Created - No Company Name ==========
[2012/09/06 21:17:34 | 000,000,511 | ---- | C] () -- C:\Users\Davie\Desktop\OTL - Shortcut.lnk
[2012/09/06 20:27:11 | 000,511,265 | ---- | C] () -- C:\Users\Davie\Desktop\adwcleaner.exe
[2012/09/06 12:56:53 | 000,723,294 | ---- | C] () -- C:\Windows\unins000.exe
[2012/09/06 12:56:53 | 000,104,025 | ---- | C] () -- C:\Windows\unins000.dat
[2012/09/05 17:11:29 | 000,001,503 | ---- | C] () -- C:\Users\Davie\AppData\Local\recently-used.xbel
[2012/09/05 16:34:34 | 000,000,882 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
[2012/08/28 09:39:21 | 000,986,149 | ---- | C] () -- C:\Users\Davie\Documents\Alinta Aug 12.PDF
[2012/04/18 13:56:30 | 000,000,552 | ---- | C] () -- C:\Users\Davie\AppData\Local\d3d8caps.dat
[2011/06/18 11:49:28 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2011/03/01 11:33:56 | 000,044,598 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2011/03/01 11:33:56 | 000,029,114 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2011/03/01 11:33:56 | 000,021,021 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2011/03/01 11:33:56 | 000,013,280 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2011/03/01 11:33:56 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2010/02/10 17:23:08 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/09/24 16:17:41 | 000,000,000 | ---- | C] () -- C:\Users\Davie\AppData\Roaming\wklnhst.dat
[2009/06/07 14:46:06 | 000,008,248 | ---- | C] () -- C:\Users\Davie\AppData\Local\en.ini
[2008/10/15 16:08:07 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2008/10/12 13:48:59 | 000,026,340 | ---- | C] () -- C:\Users\Davie\AppData\Roaming\UserTile.png
[2008/09/26 11:56:49 | 000,006,836 | ---- | C] () -- C:\Users\Davie\AppData\Local\d3d9caps.dat
[2008/09/25 20:09:50 | 000,039,424 | ---- | C] () -- C:\Users\Davie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
========== LOP Check ==========
[2011/07/04 17:32:35 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\20000Leagues
[2011/06/18 11:57:06 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Absolutist
[2012/01/25 14:57:10 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Apowersoft
[2010/11/15 15:16:05 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Artogon
[2012/01/25 09:17:55 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Azureus
[2010/10/02 12:53:20 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Clickteam
[2010/09/08 16:52:19 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\EleFun Games
[2011/01/07 15:30:36 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\ElementalsTheMagicKey
[2011/04/09 13:01:44 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Eluvo
[2008/09/29 12:23:10 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Eyeblaster
[2010/09/27 16:17:52 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\FreeBurner
[2009/03/04 15:19:22 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\GameHouse
[2010/12/28 12:55:48 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\HitPoint Studios
[2008/09/29 11:45:38 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\iWin
[2011/04/18 20:14:46 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Meridian93
[2011/04/09 09:40:54 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Myme
[2010/04/01 20:33:44 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\MysteryStudio
[2012/03/08 17:19:19 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Natural Threat.Ominous Shores
[2010/12/22 18:49:40 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\NCH Swift Sound
[2009/08/18 14:39:19 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\OpenOffice.org
[2010/12/10 18:39:59 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\PCDr
[2008/10/12 13:48:59 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\PeerNetworking
[2011/07/04 09:36:17 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\PlayFirst
[2011/01/15 20:30:29 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Raptr
[2010/07/07 16:53:01 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\RobinsonCrusoeOM
[2010/10/27 18:19:35 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Samsung
[2011/06/18 10:30:34 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Silverback Productions
[2008/10/18 19:57:10 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\SpinTop
[2012/01/26 15:13:02 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\SpinTop Games
[2011/01/11 16:16:48 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Template
[2012/02/28 15:06:46 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\TOMI3
[2009/10/26 14:23:51 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Uniblue
[2010/12/27 18:23:20 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Watchtower
[2008/09/28 21:14:20 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Webshots
[2011/11/25 15:20:03 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Windows Live Writer
[2012/09/07 23:00:07 | 000,000,276 | ---- | M] () -- C:\Windows\Tasks\RtlNICDiagVistaStart.job
[2012/09/07 22:58:57 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/09/07 23:02:00 | 000,000,392 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{482C88B6-77D7-485C-AA97-80C9C2BCAB5A}.job
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:621BEE66
@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:5A9AF3C7
@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:57DC3B52
@Alternate Data Stream - 249 bytes -> C:\ProgramData\TEMP:4D8FCBEF
@Alternate Data Stream - 220 bytes -> C:\ProgramData\TEMP:89A5891E
@Alternate Data Stream - 194 bytes -> C:\ProgramData\TEMP:C0A1A8AA
@Alternate Data Stream - 176 bytes -> C:\ProgramData\TEMP:55422315
@Alternate Data Stream - 162 bytes -> C:\ProgramData\TEMP:ABE30DDB
@Alternate Data Stream - 156 bytes -> C:\ProgramData\TEMP:77A023CE
@Alternate Data Stream - 154 bytes -> C:\ProgramData\TEMP:EF1813D7
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:D751C674
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:A53FFC56
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:0441DB7A
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:6C1A9365
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:D5BF78B4
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:157D4840
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:83E716F0
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:872B86AD
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:2F4A0A6B
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:F216755A
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:5311B0B8
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:C7F04040
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:0D31DA45
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:B6C77675
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:8DFE5191
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:444169A0
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:FFFCB9A9
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:8668AB36
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:3E69E337
< End of report >
#10
Posted 07 September 2012 - 11:26 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Could you confirm that it is just in Firefox
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...00000219b028d60 FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)" FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)" FF - prefs.js..browser.startup.homepage: "http://search.babylon.com/?affID=44444&tt=3612_6&babsrc=HP_ss&mntrId=cc479e9f00000000000000219b028d60" [2010/12/15 12:19:53 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\huvoosx4.default\extensions\engine@conduit(72).com O4 - Startup: C:\Users\Davie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Webshots.lnk = C:\Program Files\Webshots\Launcher.exe () :Commands [purity] [resethosts] [emptytemp] [CREATERESTOREPOINT] [Reboot] - Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
#11
Posted 07 September 2012 - 08:24 PM
Zambian
- Topic Starter
-
- Member
-
- 66 posts
Member
Good morning to you,Yes only Firefox has Babylon,When i run OTL on fix i get a warning label popping up in the right hand bottom corner, it has a red border and that's all i can see because it only appears for a split second. I deleted 2 programs that i have recently downloaded Rar zip and Gimp2 before i ran the fix. Babylon is still my search engine in firefox. Here are the logs
OTL logfile created on: 8/09/2012 9:59:12 AM - Run 5
OTL by OldTimer - Version 3.2.61.0 Folder = C:\Users\Davie\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy
3.25 Gb Total Physical Memory | 2.38 Gb Available Physical Memory | 73.39% Memory free
6.68 Gb Paging File | 5.85 Gb Available in Paging File | 87.57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 450.68 Gb Total Space | 413.56 Gb Free Space | 91.76% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 8.61 Gb Free Space | 57.41% Space Free | Partition Type: NTFS
Computer Name: DAVIE-PC | User Name: Davie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/09/06 21:16:08 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\Davie\Downloads\OTL.exe
PRC - [2012/07/28 04:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2011/09/07 01:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011/08/18 23:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2011/08/18 23:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files\Dell DataSafe Local Backup\SftService.exe
PRC - [2011/08/02 01:56:48 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2010/05/20 15:27:24 | 000,762,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\vVX1000.exe
PRC - [2010/05/20 15:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2009/04/11 14:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/05/13 16:33:10 | 001,058,088 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DellDock.exe
PRC - [2008/04/28 16:56:28 | 000,161,048 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/03/06 19:52:56 | 004,706,304 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/11/21 10:11:05 | 003,289,088 | ---- | M] (Google) -- C:\Program Files\Google\Google Talk\googletalk.exe
========== Modules (No Company Name) ==========
MOD - [2012/09/06 12:57:08 | 002,073,112 | ---- | M] () -- c:\ProgramData\Browser Manager\2.2.630.40\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll
MOD - [2012/06/14 11:17:43 | 001,523,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\DellDock\cbaab9a3d542f178ef9f4ed2998b6347\DellDock.ni.exe
MOD - [2012/06/14 11:17:43 | 000,223,744 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\VistaBridgeLibrary\09921757c265f71e2458696d7f64cc5e\VistaBridgeLibrary.ni.dll
MOD - [2012/06/14 11:17:42 | 000,061,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MyDock.Util\7c673f0e46d9d52167ee9ae5d1e73a7a\MyDock.Util.ni.dll
MOD - [2012/06/14 10:31:02 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
MOD - [2012/06/14 10:30:54 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
MOD - [2012/06/14 10:30:33 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7343fbab1ba137db2f8b284047ef3f3c\PresentationFramework.ni.dll
MOD - [2012/06/14 10:29:55 | 012,219,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7b6293b0c23321c255c2530aea8e32bb\PresentationCore.ni.dll
MOD - [2012/05/10 13:29:12 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3d4d5fe5ab848fbfcf91a49960dc8ae\System.Management.ni.dll
MOD - [2012/05/10 13:29:07 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll
MOD - [2012/05/10 12:28:39 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012/05/10 12:28:03 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\0f2b877ed16daa577f95be735a63d19c\System.Core.ni.dll
MOD - [2012/05/10 12:28:00 | 000,224,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d81872939252c65b6f1127f331b84de0\PresentationFramework.Classic.ni.dll
MOD - [2012/05/10 12:27:26 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\54426ee1881b42af5b090e223f43823c\WindowsBase.ni.dll
MOD - [2012/05/10 12:27:23 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012/05/10 12:27:16 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2011/08/18 23:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
MOD - [2008/06/13 19:34:14 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
========== Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- -- (sprtsvc_dellsupportcenter)
SRV - [2012/09/07 21:49:31 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/03 14:38:39 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/28 04:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/08/18 23:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2010/05/20 15:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2008/08/01 17:29:11 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/04/28 16:56:28 | 000,161,048 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/01/21 10:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\sscdmdm.sys -- (sscdmdm)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\sscdmdfl.sys -- (sscdmdfl)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\sscdbus.sys -- (sscdbus)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\BCEB.tmp -- (MEMSWEEP2)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\massfilter.sys -- (massfilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/10/27 18:38:21 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2010/07/21 16:52:14 | 000,044,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
DRV - [2010/05/21 15:03:18 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2010/05/20 15:27:26 | 001,961,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VX1000.sys -- (VX1000)
DRV - [2008/06/13 19:34:12 | 003,592,704 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2008/06/13 19:34:12 | 003,592,704 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/03/06 19:47:34 | 000,106,496 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/03/06 19:44:48 | 000,027,648 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\RtNdPt60.sys -- (RtNdPt60)
DRV - [2008/01/21 10:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2006/11/01 18:50:00 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2006/10/19 02:08:18 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2006/08/05 08:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...ie7&rlz=1I7DAAU
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = http://www.google.co...=au&ibd=1080802
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=au&ibd=1080802
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=au&ibd=1080802
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
IE - HKCU\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...00000219b028d60
IE - HKCU\..\SearchScopes\{1A32E4AF-245D-4132-B773-163AC7DE962A}: "URL" = http://websearch.ask...C3-882B2ED3DD41
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7GPEA_en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultthis.engineName: "Google Powered Search"
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: ""
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/07 21:49:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/09/07 21:48:57 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/07 21:49:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/09/07 21:48:57 | 000,000,000 | ---D | M]
[2010/02/08 23:09:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Davie\AppData\Roaming\Mozilla\Extensions
[2010/02/08 23:09:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Davie\AppData\Roaming\Mozilla\Extensions\[email protected]
[2012/09/08 09:54:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\huvoosx4.default\extensions
[2010/04/28 11:53:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\huvoosx4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/12/23 11:07:44 | 000,000,000 | ---D | M] (WeatherBug) -- C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\huvoosx4.default\extensions\{3EC9C995-8072-4fc0-953E-4F30620D17F3}
[2012/03/31 08:09:53 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\huvoosx4.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/09/07 21:48:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/09/07 21:48:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/09/07 21:49:32 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/09/05 15:54:27 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
O1 HOSTS File: ([2012/09/08 09:54:53 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - Startup: C:\Users\Davie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C310A4B4-D2D0-4B83-B141-9D0887C7C045}: DhcpNameServer = 192.168.0.1
O20 - AppInit_DLLs: (c:\progra~2\browse~1\22630~1.40\{16cdf~1\browse~1.dll) - c:\ProgramData\Browser Manager\2.2.630.40\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Users\Davie\AppData\Roaming\Webshots\The Webshots Desktop\Webshots Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Users\Davie\AppData\Roaming\Webshots\The Webshots Desktop\Webshots Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 05:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004/04/30 17:01:00 | 000,000,053 | -HS- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012/09/07 21:48:56 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/09/07 10:16:58 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/09/06 12:57:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager
[2012/09/05 16:38:17 | 000,000,000 | ---D | C] -- C:\Users\Davie\.thumbnails
[2012/09/05 16:36:14 | 000,000,000 | ---D | C] -- C:\Users\Davie\AppData\Local\fontconfig
[2012/09/05 16:36:12 | 000,000,000 | ---D | C] -- C:\Users\Davie\AppData\Local\gegl-0.2
[2012/09/05 11:48:37 | 000,000,000 | ---D | C] -- C:\Users\Davie\AppData\Local\{E6B1822A-87DA-4FD6-AE5A-E5727E5E6E6D}
[2012/08/24 09:45:15 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Support Center
[2012/08/24 09:45:14 | 000,000,000 | ---D | C] -- C:\ProgramData\PC-Doctor for Windows
========== Files - Modified Within 30 Days ==========
[2012/09/08 10:02:00 | 000,000,392 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{482C88B6-77D7-485C-AA97-80C9C2BCAB5A}.job
[2012/09/08 09:57:31 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/08 09:57:29 | 000,000,276 | ---- | M] () -- C:\Windows\tasks\RtlNICDiagVistaStart.job
[2012/09/08 09:57:23 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/08 09:57:23 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/08 09:57:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/08 09:54:53 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012/09/08 00:05:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/09/07 23:43:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/06 21:17:34 | 000,000,511 | ---- | M] () -- C:\Users\Davie\Desktop\OTL - Shortcut.lnk
[2012/09/06 20:27:16 | 000,511,265 | ---- | M] () -- C:\Users\Davie\Desktop\adwcleaner.exe
[2012/09/06 12:56:54 | 000,104,025 | ---- | M] () -- C:\Windows\unins000.dat
[2012/09/06 12:56:43 | 000,723,294 | ---- | M] () -- C:\Windows\unins000.exe
[2012/09/05 17:11:29 | 000,001,503 | ---- | M] () -- C:\Users\Davie\AppData\Local\recently-used.xbel
[2012/09/05 11:50:21 | 000,039,424 | ---- | M] () -- C:\Users\Davie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/09/03 14:30:56 | 000,001,704 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2012/08/28 09:43:03 | 000,986,149 | ---- | M] () -- C:\Users\Davie\Documents\Alinta Aug 12.PDF
[2012/08/26 20:43:27 | 000,313,720 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
========== Files Created - No Company Name ==========
[2012/09/06 21:17:34 | 000,000,511 | ---- | C] () -- C:\Users\Davie\Desktop\OTL - Shortcut.lnk
[2012/09/06 20:27:11 | 000,511,265 | ---- | C] () -- C:\Users\Davie\Desktop\adwcleaner.exe
[2012/09/06 12:56:53 | 000,723,294 | ---- | C] () -- C:\Windows\unins000.exe
[2012/09/06 12:56:53 | 000,104,025 | ---- | C] () -- C:\Windows\unins000.dat
[2012/09/05 17:11:29 | 000,001,503 | ---- | C] () -- C:\Users\Davie\AppData\Local\recently-used.xbel
[2012/08/28 09:39:21 | 000,986,149 | ---- | C] () -- C:\Users\Davie\Documents\Alinta Aug 12.PDF
[2012/04/18 13:56:30 | 000,000,552 | ---- | C] () -- C:\Users\Davie\AppData\Local\d3d8caps.dat
[2011/06/18 11:49:28 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2011/03/01 11:33:56 | 000,044,598 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2011/03/01 11:33:56 | 000,029,114 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2011/03/01 11:33:56 | 000,021,021 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2011/03/01 11:33:56 | 000,013,280 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2011/03/01 11:33:56 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2010/02/10 17:23:08 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/09/24 16:17:41 | 000,000,000 | ---- | C] () -- C:\Users\Davie\AppData\Roaming\wklnhst.dat
[2009/06/07 14:46:06 | 000,008,248 | ---- | C] () -- C:\Users\Davie\AppData\Local\en.ini
[2008/10/15 16:08:07 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2008/10/12 13:48:59 | 000,026,340 | ---- | C] () -- C:\Users\Davie\AppData\Roaming\UserTile.png
[2008/09/26 11:56:49 | 000,006,836 | ---- | C] () -- C:\Users\Davie\AppData\Local\d3d9caps.dat
[2008/09/25 20:09:50 | 000,039,424 | ---- | C] () -- C:\Users\Davie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
========== LOP Check ==========
[2011/07/04 17:32:35 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\20000Leagues
[2011/06/18 11:57:06 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Absolutist
[2012/01/25 14:57:10 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Apowersoft
[2010/11/15 15:16:05 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Artogon
[2012/01/25 09:17:55 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Azureus
[2010/10/02 12:53:20 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Clickteam
[2010/09/08 16:52:19 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\EleFun Games
[2011/01/07 15:30:36 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\ElementalsTheMagicKey
[2011/04/09 13:01:44 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Eluvo
[2008/09/29 12:23:10 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Eyeblaster
[2010/09/27 16:17:52 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\FreeBurner
[2009/03/04 15:19:22 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\GameHouse
[2010/12/28 12:55:48 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\HitPoint Studios
[2008/09/29 11:45:38 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\iWin
[2011/04/18 20:14:46 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Meridian93
[2011/04/09 09:40:54 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Myme
[2010/04/01 20:33:44 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\MysteryStudio
[2012/03/08 17:19:19 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Natural Threat.Ominous Shores
[2010/12/22 18:49:40 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\NCH Swift Sound
[2009/08/18 14:39:19 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\OpenOffice.org
[2010/12/10 18:39:59 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\PCDr
[2008/10/12 13:48:59 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\PeerNetworking
[2011/07/04 09:36:17 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\PlayFirst
[2011/01/15 20:30:29 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Raptr
[2010/07/07 16:53:01 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\RobinsonCrusoeOM
[2010/10/27 18:19:35 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Samsung
[2011/06/18 10:30:34 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Silverback Productions
[2008/10/18 19:57:10 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\SpinTop
[2012/01/26 15:13:02 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\SpinTop Games
[2011/01/11 16:16:48 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Template
[2012/02/28 15:06:46 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\TOMI3
[2009/10/26 14:23:51 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Uniblue
[2010/12/27 18:23:20 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Watchtower
[2008/09/28 21:14:20 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Webshots
[2011/11/25 15:20:03 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Windows Live Writer
[2012/09/08 09:57:29 | 000,000,276 | ---- | M] () -- C:\Windows\Tasks\RtlNICDiagVistaStart.job
[2012/09/08 09:56:14 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/09/08 10:02:00 | 000,000,392 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{482C88B6-77D7-485C-AA97-80C9C2BCAB5A}.job
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:621BEE66
@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:5A9AF3C7
@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:57DC3B52
@Alternate Data Stream - 249 bytes -> C:\ProgramData\TEMP:4D8FCBEF
@Alternate Data Stream - 220 bytes -> C:\ProgramData\TEMP:89A5891E
@Alternate Data Stream - 194 bytes -> C:\ProgramData\TEMP:C0A1A8AA
@Alternate Data Stream - 176 bytes -> C:\ProgramData\TEMP:55422315
@Alternate Data Stream - 162 bytes -> C:\ProgramData\TEMP:ABE30DDB
@Alternate Data Stream - 156 bytes -> C:\ProgramData\TEMP:77A023CE
@Alternate Data Stream - 154 bytes -> C:\ProgramData\TEMP:EF1813D7
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:D751C674
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:A53FFC56
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:0441DB7A
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:6C1A9365
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:D5BF78B4
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:157D4840
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:83E716F0
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:872B86AD
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:2F4A0A6B
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:F216755A
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:5311B0B8
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:C7F04040
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:0D31DA45
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:B6C77675
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:8DFE5191
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:444169A0
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:FFFCB9A9
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:8668AB36
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:3E69E337
< End of report >
OTL logfile created on: 8/09/2012 9:59:12 AM - Run 5
OTL by OldTimer - Version 3.2.61.0 Folder = C:\Users\Davie\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy
3.25 Gb Total Physical Memory | 2.38 Gb Available Physical Memory | 73.39% Memory free
6.68 Gb Paging File | 5.85 Gb Available in Paging File | 87.57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 450.68 Gb Total Space | 413.56 Gb Free Space | 91.76% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 8.61 Gb Free Space | 57.41% Space Free | Partition Type: NTFS
Computer Name: DAVIE-PC | User Name: Davie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/09/06 21:16:08 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\Davie\Downloads\OTL.exe
PRC - [2012/07/28 04:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2011/09/07 01:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011/08/18 23:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2011/08/18 23:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files\Dell DataSafe Local Backup\SftService.exe
PRC - [2011/08/02 01:56:48 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2010/05/20 15:27:24 | 000,762,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\vVX1000.exe
PRC - [2010/05/20 15:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2009/04/11 14:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/05/13 16:33:10 | 001,058,088 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DellDock.exe
PRC - [2008/04/28 16:56:28 | 000,161,048 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/03/06 19:52:56 | 004,706,304 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/11/21 10:11:05 | 003,289,088 | ---- | M] (Google) -- C:\Program Files\Google\Google Talk\googletalk.exe
========== Modules (No Company Name) ==========
MOD - [2012/09/06 12:57:08 | 002,073,112 | ---- | M] () -- c:\ProgramData\Browser Manager\2.2.630.40\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll
MOD - [2012/06/14 11:17:43 | 001,523,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\DellDock\cbaab9a3d542f178ef9f4ed2998b6347\DellDock.ni.exe
MOD - [2012/06/14 11:17:43 | 000,223,744 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\VistaBridgeLibrary\09921757c265f71e2458696d7f64cc5e\VistaBridgeLibrary.ni.dll
MOD - [2012/06/14 11:17:42 | 000,061,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MyDock.Util\7c673f0e46d9d52167ee9ae5d1e73a7a\MyDock.Util.ni.dll
MOD - [2012/06/14 10:31:02 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
MOD - [2012/06/14 10:30:54 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
MOD - [2012/06/14 10:30:33 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7343fbab1ba137db2f8b284047ef3f3c\PresentationFramework.ni.dll
MOD - [2012/06/14 10:29:55 | 012,219,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7b6293b0c23321c255c2530aea8e32bb\PresentationCore.ni.dll
MOD - [2012/05/10 13:29:12 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3d4d5fe5ab848fbfcf91a49960dc8ae\System.Management.ni.dll
MOD - [2012/05/10 13:29:07 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll
MOD - [2012/05/10 12:28:39 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012/05/10 12:28:03 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\0f2b877ed16daa577f95be735a63d19c\System.Core.ni.dll
MOD - [2012/05/10 12:28:00 | 000,224,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d81872939252c65b6f1127f331b84de0\PresentationFramework.Classic.ni.dll
MOD - [2012/05/10 12:27:26 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\54426ee1881b42af5b090e223f43823c\WindowsBase.ni.dll
MOD - [2012/05/10 12:27:23 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012/05/10 12:27:16 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2011/08/18 23:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
MOD - [2008/06/13 19:34:14 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
========== Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- -- (sprtsvc_dellsupportcenter)
SRV - [2012/09/07 21:49:31 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/03 14:38:39 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/28 04:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/08/18 23:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2010/05/20 15:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2008/08/01 17:29:11 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/04/28 16:56:28 | 000,161,048 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/01/21 10:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\sscdmdm.sys -- (sscdmdm)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\sscdmdfl.sys -- (sscdmdfl)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\sscdbus.sys -- (sscdbus)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\BCEB.tmp -- (MEMSWEEP2)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\massfilter.sys -- (massfilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/10/27 18:38:21 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2010/07/21 16:52:14 | 000,044,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
DRV - [2010/05/21 15:03:18 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2010/05/20 15:27:26 | 001,961,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VX1000.sys -- (VX1000)
DRV - [2008/06/13 19:34:12 | 003,592,704 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2008/06/13 19:34:12 | 003,592,704 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/03/06 19:47:34 | 000,106,496 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/03/06 19:44:48 | 000,027,648 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\RtNdPt60.sys -- (RtNdPt60)
DRV - [2008/01/21 10:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2006/11/01 18:50:00 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2006/10/19 02:08:18 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2006/08/05 08:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...ie7&rlz=1I7DAAU
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = http://www.google.co...=au&ibd=1080802
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=au&ibd=1080802
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=au&ibd=1080802
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
IE - HKCU\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...00000219b028d60
IE - HKCU\..\SearchScopes\{1A32E4AF-245D-4132-B773-163AC7DE962A}: "URL" = http://websearch.ask...C3-882B2ED3DD41
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7GPEA_en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultthis.engineName: "Google Powered Search"
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: ""
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/07 21:49:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/09/07 21:48:57 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/07 21:49:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/09/07 21:48:57 | 000,000,000 | ---D | M]
[2010/02/08 23:09:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Davie\AppData\Roaming\Mozilla\Extensions
[2010/02/08 23:09:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Davie\AppData\Roaming\Mozilla\Extensions\[email protected]
[2012/09/08 09:54:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\huvoosx4.default\extensions
[2010/04/28 11:53:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\huvoosx4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/12/23 11:07:44 | 000,000,000 | ---D | M] (WeatherBug) -- C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\huvoosx4.default\extensions\{3EC9C995-8072-4fc0-953E-4F30620D17F3}
[2012/03/31 08:09:53 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\huvoosx4.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/09/07 21:48:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/09/07 21:48:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/09/07 21:49:32 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/09/05 15:54:27 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
O1 HOSTS File: ([2012/09/08 09:54:53 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - Startup: C:\Users\Davie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C310A4B4-D2D0-4B83-B141-9D0887C7C045}: DhcpNameServer = 192.168.0.1
O20 - AppInit_DLLs: (c:\progra~2\browse~1\22630~1.40\{16cdf~1\browse~1.dll) - c:\ProgramData\Browser Manager\2.2.630.40\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Users\Davie\AppData\Roaming\Webshots\The Webshots Desktop\Webshots Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Users\Davie\AppData\Roaming\Webshots\The Webshots Desktop\Webshots Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 05:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004/04/30 17:01:00 | 000,000,053 | -HS- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012/09/07 21:48:56 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/09/07 10:16:58 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/09/06 12:57:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager
[2012/09/05 16:38:17 | 000,000,000 | ---D | C] -- C:\Users\Davie\.thumbnails
[2012/09/05 16:36:14 | 000,000,000 | ---D | C] -- C:\Users\Davie\AppData\Local\fontconfig
[2012/09/05 16:36:12 | 000,000,000 | ---D | C] -- C:\Users\Davie\AppData\Local\gegl-0.2
[2012/09/05 11:48:37 | 000,000,000 | ---D | C] -- C:\Users\Davie\AppData\Local\{E6B1822A-87DA-4FD6-AE5A-E5727E5E6E6D}
[2012/08/24 09:45:15 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Support Center
[2012/08/24 09:45:14 | 000,000,000 | ---D | C] -- C:\ProgramData\PC-Doctor for Windows
========== Files - Modified Within 30 Days ==========
[2012/09/08 10:02:00 | 000,000,392 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{482C88B6-77D7-485C-AA97-80C9C2BCAB5A}.job
[2012/09/08 09:57:31 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/08 09:57:29 | 000,000,276 | ---- | M] () -- C:\Windows\tasks\RtlNICDiagVistaStart.job
[2012/09/08 09:57:23 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/08 09:57:23 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/08 09:57:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/08 09:54:53 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012/09/08 00:05:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/09/07 23:43:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/06 21:17:34 | 000,000,511 | ---- | M] () -- C:\Users\Davie\Desktop\OTL - Shortcut.lnk
[2012/09/06 20:27:16 | 000,511,265 | ---- | M] () -- C:\Users\Davie\Desktop\adwcleaner.exe
[2012/09/06 12:56:54 | 000,104,025 | ---- | M] () -- C:\Windows\unins000.dat
[2012/09/06 12:56:43 | 000,723,294 | ---- | M] () -- C:\Windows\unins000.exe
[2012/09/05 17:11:29 | 000,001,503 | ---- | M] () -- C:\Users\Davie\AppData\Local\recently-used.xbel
[2012/09/05 11:50:21 | 000,039,424 | ---- | M] () -- C:\Users\Davie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/09/03 14:30:56 | 000,001,704 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2012/08/28 09:43:03 | 000,986,149 | ---- | M] () -- C:\Users\Davie\Documents\Alinta Aug 12.PDF
[2012/08/26 20:43:27 | 000,313,720 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
========== Files Created - No Company Name ==========
[2012/09/06 21:17:34 | 000,000,511 | ---- | C] () -- C:\Users\Davie\Desktop\OTL - Shortcut.lnk
[2012/09/06 20:27:11 | 000,511,265 | ---- | C] () -- C:\Users\Davie\Desktop\adwcleaner.exe
[2012/09/06 12:56:53 | 000,723,294 | ---- | C] () -- C:\Windows\unins000.exe
[2012/09/06 12:56:53 | 000,104,025 | ---- | C] () -- C:\Windows\unins000.dat
[2012/09/05 17:11:29 | 000,001,503 | ---- | C] () -- C:\Users\Davie\AppData\Local\recently-used.xbel
[2012/08/28 09:39:21 | 000,986,149 | ---- | C] () -- C:\Users\Davie\Documents\Alinta Aug 12.PDF
[2012/04/18 13:56:30 | 000,000,552 | ---- | C] () -- C:\Users\Davie\AppData\Local\d3d8caps.dat
[2011/06/18 11:49:28 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2011/03/01 11:33:56 | 000,044,598 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2011/03/01 11:33:56 | 000,029,114 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2011/03/01 11:33:56 | 000,021,021 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2011/03/01 11:33:56 | 000,013,280 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2011/03/01 11:33:56 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2010/02/10 17:23:08 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/09/24 16:17:41 | 000,000,000 | ---- | C] () -- C:\Users\Davie\AppData\Roaming\wklnhst.dat
[2009/06/07 14:46:06 | 000,008,248 | ---- | C] () -- C:\Users\Davie\AppData\Local\en.ini
[2008/10/15 16:08:07 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2008/10/12 13:48:59 | 000,026,340 | ---- | C] () -- C:\Users\Davie\AppData\Roaming\UserTile.png
[2008/09/26 11:56:49 | 000,006,836 | ---- | C] () -- C:\Users\Davie\AppData\Local\d3d9caps.dat
[2008/09/25 20:09:50 | 000,039,424 | ---- | C] () -- C:\Users\Davie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
========== LOP Check ==========
[2011/07/04 17:32:35 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\20000Leagues
[2011/06/18 11:57:06 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Absolutist
[2012/01/25 14:57:10 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Apowersoft
[2010/11/15 15:16:05 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Artogon
[2012/01/25 09:17:55 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Azureus
[2010/10/02 12:53:20 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Clickteam
[2010/09/08 16:52:19 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\EleFun Games
[2011/01/07 15:30:36 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\ElementalsTheMagicKey
[2011/04/09 13:01:44 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Eluvo
[2008/09/29 12:23:10 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Eyeblaster
[2010/09/27 16:17:52 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\FreeBurner
[2009/03/04 15:19:22 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\GameHouse
[2010/12/28 12:55:48 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\HitPoint Studios
[2008/09/29 11:45:38 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\iWin
[2011/04/18 20:14:46 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Meridian93
[2011/04/09 09:40:54 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Myme
[2010/04/01 20:33:44 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\MysteryStudio
[2012/03/08 17:19:19 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Natural Threat.Ominous Shores
[2010/12/22 18:49:40 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\NCH Swift Sound
[2009/08/18 14:39:19 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\OpenOffice.org
[2010/12/10 18:39:59 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\PCDr
[2008/10/12 13:48:59 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\PeerNetworking
[2011/07/04 09:36:17 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\PlayFirst
[2011/01/15 20:30:29 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Raptr
[2010/07/07 16:53:01 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\RobinsonCrusoeOM
[2010/10/27 18:19:35 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Samsung
[2011/06/18 10:30:34 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Silverback Productions
[2008/10/18 19:57:10 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\SpinTop
[2012/01/26 15:13:02 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\SpinTop Games
[2011/01/11 16:16:48 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Template
[2012/02/28 15:06:46 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\TOMI3
[2009/10/26 14:23:51 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Uniblue
[2010/12/27 18:23:20 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Watchtower
[2008/09/28 21:14:20 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Webshots
[2011/11/25 15:20:03 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Windows Live Writer
[2012/09/08 09:57:29 | 000,000,276 | ---- | M] () -- C:\Windows\Tasks\RtlNICDiagVistaStart.job
[2012/09/08 09:56:14 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/09/08 10:02:00 | 000,000,392 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{482C88B6-77D7-485C-AA97-80C9C2BCAB5A}.job
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:621BEE66
@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:5A9AF3C7
@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:57DC3B52
@Alternate Data Stream - 249 bytes -> C:\ProgramData\TEMP:4D8FCBEF
@Alternate Data Stream - 220 bytes -> C:\ProgramData\TEMP:89A5891E
@Alternate Data Stream - 194 bytes -> C:\ProgramData\TEMP:C0A1A8AA
@Alternate Data Stream - 176 bytes -> C:\ProgramData\TEMP:55422315
@Alternate Data Stream - 162 bytes -> C:\ProgramData\TEMP:ABE30DDB
@Alternate Data Stream - 156 bytes -> C:\ProgramData\TEMP:77A023CE
@Alternate Data Stream - 154 bytes -> C:\ProgramData\TEMP:EF1813D7
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:D751C674
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:A53FFC56
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:0441DB7A
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:6C1A9365
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:D5BF78B4
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:157D4840
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:83E716F0
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:872B86AD
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:2F4A0A6B
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:F216755A
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:5311B0B8
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:C7F04040
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:0D31DA45
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:B6C77675
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:8DFE5191
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:444169A0
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:FFFCB9A9
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:8668AB36
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:3E69E337
< End of report >
#12
Posted 08 September 2012 - 05:50 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Enter "about:config" into location bar (where you enter internet addresses otherwise) in firefox
Then scroll down to "browser.search.defaultengine"
Change it to "Google.com"
Restart firefox.. Is it now gone ?
Then scroll down to "browser.search.defaultengine"
Change it to "Google.com"
Restart firefox.. Is it now gone ?
#13
Posted 08 September 2012 - 06:52 AM
Zambian
- Topic Starter
-
- Member
-
- 66 posts
Member
Morning, I changed four settings where i saw Babylon restarted my computer and Babylon was back, It had reset the settings to Babylon. This baby just doesn't want to die. The settings i changed were, Browser search order1, selected engine,browser search default engine name, and browser search default engine this name.
Edited by Zambian, 08 September 2012 - 08:20 AM.
#14
Posted 08 September 2012 - 09:09 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
HI it has just beeen pointed out to me that I was getting a tad fixated on the browser and the obvious culprit passed me by
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...00000219b028d60 O20 - AppInit_DLLs: (c:\progra~2\browse~1\22630~1.40\{16cdf~1\browse~1.dll) - c:\ProgramData\Browser Manager\2.2.630.40\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll () :Files c:\ProgramData\Browser Manager :Commands [resethosts] [emptytemp] [CREATERESTOREPOINT] [Reboot] - Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
#15
Posted 08 September 2012 - 07:06 PM
Zambian
- Topic Starter
-
- Member
-
- 66 posts
Member
Hello again,here are the logs,i also went into about:config,replaced babylon with google and now it is gone
OTL logfile created on: 9/09/2012 8:58:51 AM - Run 6
OTL by OldTimer - Version 3.2.61.0 Folder = C:\Users\Davie\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy
3.25 Gb Total Physical Memory | 2.39 Gb Available Physical Memory | 73.54% Memory free
6.68 Gb Paging File | 5.89 Gb Available in Paging File | 88.16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 450.68 Gb Total Space | 413.28 Gb Free Space | 91.70% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 8.61 Gb Free Space | 57.41% Space Free | Partition Type: NTFS
Computer Name: DAVIE-PC | User Name: Davie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/09/06 21:16:08 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\Davie\Downloads\OTL.exe
PRC - [2012/07/28 04:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2011/09/07 01:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011/08/18 23:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2011/08/18 23:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files\Dell DataSafe Local Backup\SftService.exe
PRC - [2011/08/02 01:56:48 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2010/05/20 15:27:24 | 000,762,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\vVX1000.exe
PRC - [2010/05/20 15:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2009/04/11 14:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/05/13 16:33:10 | 001,058,088 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DellDock.exe
PRC - [2008/04/28 16:56:28 | 000,161,048 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/03/06 19:52:56 | 004,706,304 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/01/21 10:23:32 | 000,397,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Mail\WinMail.exe
PRC - [2007/11/21 10:11:05 | 003,289,088 | ---- | M] (Google) -- C:\Program Files\Google\Google Talk\googletalk.exe
========== Modules (No Company Name) ==========
MOD - [2012/06/14 11:17:43 | 001,523,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\DellDock\cbaab9a3d542f178ef9f4ed2998b6347\DellDock.ni.exe
MOD - [2012/06/14 11:17:43 | 000,223,744 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\VistaBridgeLibrary\09921757c265f71e2458696d7f64cc5e\VistaBridgeLibrary.ni.dll
MOD - [2012/06/14 11:17:42 | 000,061,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MyDock.Util\7c673f0e46d9d52167ee9ae5d1e73a7a\MyDock.Util.ni.dll
MOD - [2012/06/14 10:31:02 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
MOD - [2012/06/14 10:30:54 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
MOD - [2012/06/14 10:30:33 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7343fbab1ba137db2f8b284047ef3f3c\PresentationFramework.ni.dll
MOD - [2012/06/14 10:29:55 | 012,219,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7b6293b0c23321c255c2530aea8e32bb\PresentationCore.ni.dll
MOD - [2012/05/10 13:29:12 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3d4d5fe5ab848fbfcf91a49960dc8ae\System.Management.ni.dll
MOD - [2012/05/10 13:29:07 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll
MOD - [2012/05/10 12:28:39 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012/05/10 12:28:03 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\0f2b877ed16daa577f95be735a63d19c\System.Core.ni.dll
MOD - [2012/05/10 12:28:00 | 000,224,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d81872939252c65b6f1127f331b84de0\PresentationFramework.Classic.ni.dll
MOD - [2012/05/10 12:27:26 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\54426ee1881b42af5b090e223f43823c\WindowsBase.ni.dll
MOD - [2012/05/10 12:27:23 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012/05/10 12:27:16 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2011/08/18 23:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
MOD - [2008/06/13 19:34:14 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
========== Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- -- (sprtsvc_dellsupportcenter)
SRV - [2012/09/07 21:49:31 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/03 14:38:39 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/28 04:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/08/18 23:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2010/05/20 15:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2008/08/01 17:29:11 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/04/28 16:56:28 | 000,161,048 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/01/21 10:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\sscdmdm.sys -- (sscdmdm)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\sscdmdfl.sys -- (sscdmdfl)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\sscdbus.sys -- (sscdbus)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\BCEB.tmp -- (MEMSWEEP2)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\massfilter.sys -- (massfilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/10/27 18:38:21 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2010/07/21 16:52:14 | 000,044,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
DRV - [2010/05/21 15:03:18 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2010/05/20 15:27:26 | 001,961,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VX1000.sys -- (VX1000)
DRV - [2008/06/13 19:34:12 | 003,592,704 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2008/06/13 19:34:12 | 003,592,704 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/03/06 19:47:34 | 000,106,496 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/03/06 19:44:48 | 000,027,648 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\RtNdPt60.sys -- (RtNdPt60)
DRV - [2008/01/21 10:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2006/11/01 18:50:00 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2006/10/19 02:08:18 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2006/08/05 08:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...ie7&rlz=1I7DAAU
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = http://www.google.co...=au&ibd=1080802
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=au&ibd=1080802
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=au&ibd=1080802
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
IE - HKCU\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...00000219b028d60
IE - HKCU\..\SearchScopes\{1A32E4AF-245D-4132-B773-163AC7DE962A}: "URL" = http://websearch.ask...C3-882B2ED3DD41
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7GPEA_en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaultthis.engineName: "Google Powered Search"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://search.babylo...0000219b028d60"
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/07 21:49:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/09/07 21:48:57 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/07 21:49:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/09/07 21:48:57 | 000,000,000 | ---D | M]
[2010/02/08 23:09:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Davie\AppData\Roaming\Mozilla\Extensions
[2010/02/08 23:09:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Davie\AppData\Roaming\Mozilla\Extensions\[email protected]
[2012/09/08 20:32:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\huvoosx4.default\extensions
[2010/04/28 11:53:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\huvoosx4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/12/23 11:07:44 | 000,000,000 | ---D | M] (WeatherBug) -- C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\huvoosx4.default\extensions\{3EC9C995-8072-4fc0-953E-4F30620D17F3}
[2012/03/31 08:09:53 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\huvoosx4.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/09/07 21:48:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/09/07 21:48:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/09/07 21:49:32 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/09/05 15:54:27 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
O1 HOSTS File: ([2012/09/09 08:55:25 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - Startup: C:\Users\Davie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C310A4B4-D2D0-4B83-B141-9D0887C7C045}: DhcpNameServer = 192.168.0.1
O20 - AppInit_DLLs: (c:\progra~2\browse~1\22630~1.40\{16cdf~1\browse~1.dll) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Users\Davie\AppData\Roaming\Webshots\The Webshots Desktop\Webshots Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Users\Davie\AppData\Roaming\Webshots\The Webshots Desktop\Webshots Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 05:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004/04/30 17:01:00 | 000,000,053 | -HS- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012/09/07 21:48:56 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/09/07 10:16:58 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/09/05 16:38:17 | 000,000,000 | ---D | C] -- C:\Users\Davie\.thumbnails
[2012/09/05 16:36:14 | 000,000,000 | ---D | C] -- C:\Users\Davie\AppData\Local\fontconfig
[2012/09/05 16:36:12 | 000,000,000 | ---D | C] -- C:\Users\Davie\AppData\Local\gegl-0.2
[2012/09/05 11:48:37 | 000,000,000 | ---D | C] -- C:\Users\Davie\AppData\Local\{E6B1822A-87DA-4FD6-AE5A-E5727E5E6E6D}
[2012/08/24 09:45:15 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Support Center
[2012/08/24 09:45:14 | 000,000,000 | ---D | C] -- C:\ProgramData\PC-Doctor for Windows
========== Files - Modified Within 30 Days ==========
[2012/09/09 09:02:00 | 000,000,392 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{482C88B6-77D7-485C-AA97-80C9C2BCAB5A}.job
[2012/09/09 08:56:36 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/09 08:56:36 | 000,000,276 | ---- | M] () -- C:\Windows\tasks\RtlNICDiagVistaStart.job
[2012/09/09 08:56:32 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/09 08:56:32 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/09 08:56:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/09 08:55:25 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012/09/08 22:43:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/08 22:05:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/09/06 21:17:34 | 000,000,511 | ---- | M] () -- C:\Users\Davie\Desktop\OTL - Shortcut.lnk
[2012/09/06 20:27:16 | 000,511,265 | ---- | M] () -- C:\Users\Davie\Desktop\adwcleaner.exe
[2012/09/06 12:56:54 | 000,104,025 | ---- | M] () -- C:\Windows\unins000.dat
[2012/09/06 12:56:43 | 000,723,294 | ---- | M] () -- C:\Windows\unins000.exe
[2012/09/05 17:11:29 | 000,001,503 | ---- | M] () -- C:\Users\Davie\AppData\Local\recently-used.xbel
[2012/09/05 11:50:21 | 000,039,424 | ---- | M] () -- C:\Users\Davie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/09/03 14:30:56 | 000,001,704 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2012/08/28 09:43:03 | 000,986,149 | ---- | M] () -- C:\Users\Davie\Documents\Alinta Aug 12.PDF
[2012/08/26 20:43:27 | 000,313,720 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
========== Files Created - No Company Name ==========
[2012/09/08 15:21:02 | 000,144,571 | ---- | C] () -- C:\Users\Davie\Documents\Synergy Aug 2012.pdf
[2012/09/06 21:17:34 | 000,000,511 | ---- | C] () -- C:\Users\Davie\Desktop\OTL - Shortcut.lnk
[2012/09/06 20:27:11 | 000,511,265 | ---- | C] () -- C:\Users\Davie\Desktop\adwcleaner.exe
[2012/09/06 12:56:53 | 000,723,294 | ---- | C] () -- C:\Windows\unins000.exe
[2012/09/06 12:56:53 | 000,104,025 | ---- | C] () -- C:\Windows\unins000.dat
[2012/09/05 17:11:29 | 000,001,503 | ---- | C] () -- C:\Users\Davie\AppData\Local\recently-used.xbel
[2012/08/28 09:39:21 | 000,986,149 | ---- | C] () -- C:\Users\Davie\Documents\Alinta Aug 12.PDF
[2012/04/18 13:56:30 | 000,000,552 | ---- | C] () -- C:\Users\Davie\AppData\Local\d3d8caps.dat
[2011/06/18 11:49:28 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2011/03/01 11:33:56 | 000,044,598 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2011/03/01 11:33:56 | 000,029,114 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2011/03/01 11:33:56 | 000,021,021 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2011/03/01 11:33:56 | 000,013,280 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2011/03/01 11:33:56 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2010/02/10 17:23:08 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/09/24 16:17:41 | 000,000,000 | ---- | C] () -- C:\Users\Davie\AppData\Roaming\wklnhst.dat
[2009/06/07 14:46:06 | 000,008,248 | ---- | C] () -- C:\Users\Davie\AppData\Local\en.ini
[2008/10/15 16:08:07 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2008/10/12 13:48:59 | 000,026,340 | ---- | C] () -- C:\Users\Davie\AppData\Roaming\UserTile.png
[2008/09/26 11:56:49 | 000,006,836 | ---- | C] () -- C:\Users\Davie\AppData\Local\d3d9caps.dat
[2008/09/25 20:09:50 | 000,039,424 | ---- | C] () -- C:\Users\Davie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
========== LOP Check ==========
[2011/07/04 17:32:35 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\20000Leagues
[2011/06/18 11:57:06 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Absolutist
[2012/01/25 14:57:10 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Apowersoft
[2010/11/15 15:16:05 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Artogon
[2012/01/25 09:17:55 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Azureus
[2010/10/02 12:53:20 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Clickteam
[2010/09/08 16:52:19 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\EleFun Games
[2011/01/07 15:30:36 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\ElementalsTheMagicKey
[2011/04/09 13:01:44 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Eluvo
[2008/09/29 12:23:10 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Eyeblaster
[2010/09/27 16:17:52 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\FreeBurner
[2009/03/04 15:19:22 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\GameHouse
[2010/12/28 12:55:48 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\HitPoint Studios
[2008/09/29 11:45:38 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\iWin
[2011/04/18 20:14:46 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Meridian93
[2011/04/09 09:40:54 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Myme
[2010/04/01 20:33:44 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\MysteryStudio
[2012/03/08 17:19:19 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Natural Threat.Ominous Shores
[2010/12/22 18:49:40 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\NCH Swift Sound
[2009/08/18 14:39:19 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\OpenOffice.org
[2010/12/10 18:39:59 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\PCDr
[2008/10/12 13:48:59 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\PeerNetworking
[2011/07/04 09:36:17 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\PlayFirst
[2011/01/15 20:30:29 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Raptr
[2010/07/07 16:53:01 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\RobinsonCrusoeOM
[2010/10/27 18:19:35 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Samsung
[2011/06/18 10:30:34 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Silverback Productions
[2008/10/18 19:57:10 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\SpinTop
[2012/01/26 15:13:02 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\SpinTop Games
[2011/01/11 16:16:48 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Template
[2012/02/28 15:06:46 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\TOMI3
[2009/10/26 14:23:51 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Uniblue
[2010/12/27 18:23:20 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Watchtower
[2008/09/28 21:14:20 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Webshots
[2011/11/25 15:20:03 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Windows Live Writer
[2012/09/09 08:56:36 | 000,000,276 | ---- | M] () -- C:\Windows\Tasks\RtlNICDiagVistaStart.job
[2012/09/09 08:55:37 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/09/09 09:02:00 | 000,000,392 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{482C88B6-77D7-485C-AA97-80C9C2BCAB5A}.job
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:621BEE66
@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:5A9AF3C7
@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:57DC3B52
@Alternate Data Stream - 249 bytes -> C:\ProgramData\TEMP:4D8FCBEF
@Alternate Data Stream - 220 bytes -> C:\ProgramData\TEMP:89A5891E
@Alternate Data Stream - 194 bytes -> C:\ProgramData\TEMP:C0A1A8AA
@Alternate Data Stream - 176 bytes -> C:\ProgramData\TEMP:55422315
@Alternate Data Stream - 162 bytes -> C:\ProgramData\TEMP:ABE30DDB
@Alternate Data Stream - 156 bytes -> C:\ProgramData\TEMP:77A023CE
@Alternate Data Stream - 154 bytes -> C:\ProgramData\TEMP:EF1813D7
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:D751C674
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:A53FFC56
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:0441DB7A
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:6C1A9365
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:D5BF78B4
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:157D4840
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:83E716F0
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:872B86AD
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:2F4A0A6B
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:F216755A
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:5311B0B8
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:C7F04040
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:0D31DA45
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:B6C77675
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:8DFE5191
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:444169A0
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:FFFCB9A9
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:8668AB36
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:3E69E337
< End of report >
OTL logfile created on: 9/09/2012 8:58:51 AM - Run 6
OTL by OldTimer - Version 3.2.61.0 Folder = C:\Users\Davie\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy
3.25 Gb Total Physical Memory | 2.39 Gb Available Physical Memory | 73.54% Memory free
6.68 Gb Paging File | 5.89 Gb Available in Paging File | 88.16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 450.68 Gb Total Space | 413.28 Gb Free Space | 91.70% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 8.61 Gb Free Space | 57.41% Space Free | Partition Type: NTFS
Computer Name: DAVIE-PC | User Name: Davie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/09/06 21:16:08 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\Davie\Downloads\OTL.exe
PRC - [2012/07/28 04:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2011/09/07 01:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011/08/18 23:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2011/08/18 23:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files\Dell DataSafe Local Backup\SftService.exe
PRC - [2011/08/02 01:56:48 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2010/05/20 15:27:24 | 000,762,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\vVX1000.exe
PRC - [2010/05/20 15:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2009/04/11 14:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/05/13 16:33:10 | 001,058,088 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DellDock.exe
PRC - [2008/04/28 16:56:28 | 000,161,048 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/03/06 19:52:56 | 004,706,304 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/01/21 10:23:32 | 000,397,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Mail\WinMail.exe
PRC - [2007/11/21 10:11:05 | 003,289,088 | ---- | M] (Google) -- C:\Program Files\Google\Google Talk\googletalk.exe
========== Modules (No Company Name) ==========
MOD - [2012/06/14 11:17:43 | 001,523,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\DellDock\cbaab9a3d542f178ef9f4ed2998b6347\DellDock.ni.exe
MOD - [2012/06/14 11:17:43 | 000,223,744 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\VistaBridgeLibrary\09921757c265f71e2458696d7f64cc5e\VistaBridgeLibrary.ni.dll
MOD - [2012/06/14 11:17:42 | 000,061,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MyDock.Util\7c673f0e46d9d52167ee9ae5d1e73a7a\MyDock.Util.ni.dll
MOD - [2012/06/14 10:31:02 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
MOD - [2012/06/14 10:30:54 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
MOD - [2012/06/14 10:30:33 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7343fbab1ba137db2f8b284047ef3f3c\PresentationFramework.ni.dll
MOD - [2012/06/14 10:29:55 | 012,219,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7b6293b0c23321c255c2530aea8e32bb\PresentationCore.ni.dll
MOD - [2012/05/10 13:29:12 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3d4d5fe5ab848fbfcf91a49960dc8ae\System.Management.ni.dll
MOD - [2012/05/10 13:29:07 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll
MOD - [2012/05/10 12:28:39 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012/05/10 12:28:03 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\0f2b877ed16daa577f95be735a63d19c\System.Core.ni.dll
MOD - [2012/05/10 12:28:00 | 000,224,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d81872939252c65b6f1127f331b84de0\PresentationFramework.Classic.ni.dll
MOD - [2012/05/10 12:27:26 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\54426ee1881b42af5b090e223f43823c\WindowsBase.ni.dll
MOD - [2012/05/10 12:27:23 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012/05/10 12:27:16 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2011/08/18 23:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
MOD - [2008/06/13 19:34:14 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
========== Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- -- (sprtsvc_dellsupportcenter)
SRV - [2012/09/07 21:49:31 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/03 14:38:39 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/28 04:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/08/18 23:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2010/05/20 15:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2008/08/01 17:29:11 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/04/28 16:56:28 | 000,161,048 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/01/21 10:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\sscdmdm.sys -- (sscdmdm)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\sscdmdfl.sys -- (sscdmdfl)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\sscdbus.sys -- (sscdbus)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\BCEB.tmp -- (MEMSWEEP2)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\massfilter.sys -- (massfilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/10/27 18:38:21 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2010/07/21 16:52:14 | 000,044,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
DRV - [2010/05/21 15:03:18 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2010/05/20 15:27:26 | 001,961,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VX1000.sys -- (VX1000)
DRV - [2008/06/13 19:34:12 | 003,592,704 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2008/06/13 19:34:12 | 003,592,704 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/03/06 19:47:34 | 000,106,496 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/03/06 19:44:48 | 000,027,648 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\RtNdPt60.sys -- (RtNdPt60)
DRV - [2008/01/21 10:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2006/11/01 18:50:00 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2006/10/19 02:08:18 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2006/08/05 08:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...ie7&rlz=1I7DAAU
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = http://www.google.co...=au&ibd=1080802
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=au&ibd=1080802
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=au&ibd=1080802
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
IE - HKCU\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...00000219b028d60
IE - HKCU\..\SearchScopes\{1A32E4AF-245D-4132-B773-163AC7DE962A}: "URL" = http://websearch.ask...C3-882B2ED3DD41
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7GPEA_en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaultthis.engineName: "Google Powered Search"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://search.babylo...0000219b028d60"
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/07 21:49:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/09/07 21:48:57 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/07 21:49:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/09/07 21:48:57 | 000,000,000 | ---D | M]
[2010/02/08 23:09:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Davie\AppData\Roaming\Mozilla\Extensions
[2010/02/08 23:09:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Davie\AppData\Roaming\Mozilla\Extensions\[email protected]
[2012/09/08 20:32:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\huvoosx4.default\extensions
[2010/04/28 11:53:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\huvoosx4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/12/23 11:07:44 | 000,000,000 | ---D | M] (WeatherBug) -- C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\huvoosx4.default\extensions\{3EC9C995-8072-4fc0-953E-4F30620D17F3}
[2012/03/31 08:09:53 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\huvoosx4.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/09/07 21:48:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/09/07 21:48:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/09/07 21:49:32 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/09/05 15:54:27 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
O1 HOSTS File: ([2012/09/09 08:55:25 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - Startup: C:\Users\Davie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C310A4B4-D2D0-4B83-B141-9D0887C7C045}: DhcpNameServer = 192.168.0.1
O20 - AppInit_DLLs: (c:\progra~2\browse~1\22630~1.40\{16cdf~1\browse~1.dll) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Users\Davie\AppData\Roaming\Webshots\The Webshots Desktop\Webshots Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Users\Davie\AppData\Roaming\Webshots\The Webshots Desktop\Webshots Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 05:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004/04/30 17:01:00 | 000,000,053 | -HS- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012/09/07 21:48:56 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/09/07 10:16:58 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/09/05 16:38:17 | 000,000,000 | ---D | C] -- C:\Users\Davie\.thumbnails
[2012/09/05 16:36:14 | 000,000,000 | ---D | C] -- C:\Users\Davie\AppData\Local\fontconfig
[2012/09/05 16:36:12 | 000,000,000 | ---D | C] -- C:\Users\Davie\AppData\Local\gegl-0.2
[2012/09/05 11:48:37 | 000,000,000 | ---D | C] -- C:\Users\Davie\AppData\Local\{E6B1822A-87DA-4FD6-AE5A-E5727E5E6E6D}
[2012/08/24 09:45:15 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Support Center
[2012/08/24 09:45:14 | 000,000,000 | ---D | C] -- C:\ProgramData\PC-Doctor for Windows
========== Files - Modified Within 30 Days ==========
[2012/09/09 09:02:00 | 000,000,392 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{482C88B6-77D7-485C-AA97-80C9C2BCAB5A}.job
[2012/09/09 08:56:36 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/09 08:56:36 | 000,000,276 | ---- | M] () -- C:\Windows\tasks\RtlNICDiagVistaStart.job
[2012/09/09 08:56:32 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/09 08:56:32 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/09 08:56:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/09 08:55:25 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012/09/08 22:43:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/08 22:05:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/09/06 21:17:34 | 000,000,511 | ---- | M] () -- C:\Users\Davie\Desktop\OTL - Shortcut.lnk
[2012/09/06 20:27:16 | 000,511,265 | ---- | M] () -- C:\Users\Davie\Desktop\adwcleaner.exe
[2012/09/06 12:56:54 | 000,104,025 | ---- | M] () -- C:\Windows\unins000.dat
[2012/09/06 12:56:43 | 000,723,294 | ---- | M] () -- C:\Windows\unins000.exe
[2012/09/05 17:11:29 | 000,001,503 | ---- | M] () -- C:\Users\Davie\AppData\Local\recently-used.xbel
[2012/09/05 11:50:21 | 000,039,424 | ---- | M] () -- C:\Users\Davie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/09/03 14:30:56 | 000,001,704 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2012/08/28 09:43:03 | 000,986,149 | ---- | M] () -- C:\Users\Davie\Documents\Alinta Aug 12.PDF
[2012/08/26 20:43:27 | 000,313,720 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
========== Files Created - No Company Name ==========
[2012/09/08 15:21:02 | 000,144,571 | ---- | C] () -- C:\Users\Davie\Documents\Synergy Aug 2012.pdf
[2012/09/06 21:17:34 | 000,000,511 | ---- | C] () -- C:\Users\Davie\Desktop\OTL - Shortcut.lnk
[2012/09/06 20:27:11 | 000,511,265 | ---- | C] () -- C:\Users\Davie\Desktop\adwcleaner.exe
[2012/09/06 12:56:53 | 000,723,294 | ---- | C] () -- C:\Windows\unins000.exe
[2012/09/06 12:56:53 | 000,104,025 | ---- | C] () -- C:\Windows\unins000.dat
[2012/09/05 17:11:29 | 000,001,503 | ---- | C] () -- C:\Users\Davie\AppData\Local\recently-used.xbel
[2012/08/28 09:39:21 | 000,986,149 | ---- | C] () -- C:\Users\Davie\Documents\Alinta Aug 12.PDF
[2012/04/18 13:56:30 | 000,000,552 | ---- | C] () -- C:\Users\Davie\AppData\Local\d3d8caps.dat
[2011/06/18 11:49:28 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2011/03/01 11:33:56 | 000,044,598 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2011/03/01 11:33:56 | 000,029,114 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2011/03/01 11:33:56 | 000,021,021 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2011/03/01 11:33:56 | 000,013,280 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2011/03/01 11:33:56 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2010/02/10 17:23:08 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/09/24 16:17:41 | 000,000,000 | ---- | C] () -- C:\Users\Davie\AppData\Roaming\wklnhst.dat
[2009/06/07 14:46:06 | 000,008,248 | ---- | C] () -- C:\Users\Davie\AppData\Local\en.ini
[2008/10/15 16:08:07 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2008/10/12 13:48:59 | 000,026,340 | ---- | C] () -- C:\Users\Davie\AppData\Roaming\UserTile.png
[2008/09/26 11:56:49 | 000,006,836 | ---- | C] () -- C:\Users\Davie\AppData\Local\d3d9caps.dat
[2008/09/25 20:09:50 | 000,039,424 | ---- | C] () -- C:\Users\Davie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
========== LOP Check ==========
[2011/07/04 17:32:35 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\20000Leagues
[2011/06/18 11:57:06 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Absolutist
[2012/01/25 14:57:10 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Apowersoft
[2010/11/15 15:16:05 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Artogon
[2012/01/25 09:17:55 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Azureus
[2010/10/02 12:53:20 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Clickteam
[2010/09/08 16:52:19 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\EleFun Games
[2011/01/07 15:30:36 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\ElementalsTheMagicKey
[2011/04/09 13:01:44 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Eluvo
[2008/09/29 12:23:10 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Eyeblaster
[2010/09/27 16:17:52 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\FreeBurner
[2009/03/04 15:19:22 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\GameHouse
[2010/12/28 12:55:48 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\HitPoint Studios
[2008/09/29 11:45:38 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\iWin
[2011/04/18 20:14:46 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Meridian93
[2011/04/09 09:40:54 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Myme
[2010/04/01 20:33:44 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\MysteryStudio
[2012/03/08 17:19:19 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Natural Threat.Ominous Shores
[2010/12/22 18:49:40 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\NCH Swift Sound
[2009/08/18 14:39:19 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\OpenOffice.org
[2010/12/10 18:39:59 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\PCDr
[2008/10/12 13:48:59 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\PeerNetworking
[2011/07/04 09:36:17 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\PlayFirst
[2011/01/15 20:30:29 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Raptr
[2010/07/07 16:53:01 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\RobinsonCrusoeOM
[2010/10/27 18:19:35 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Samsung
[2011/06/18 10:30:34 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Silverback Productions
[2008/10/18 19:57:10 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\SpinTop
[2012/01/26 15:13:02 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\SpinTop Games
[2011/01/11 16:16:48 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Template
[2012/02/28 15:06:46 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\TOMI3
[2009/10/26 14:23:51 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Uniblue
[2010/12/27 18:23:20 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Watchtower
[2008/09/28 21:14:20 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Webshots
[2011/11/25 15:20:03 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Windows Live Writer
[2012/09/09 08:56:36 | 000,000,276 | ---- | M] () -- C:\Windows\Tasks\RtlNICDiagVistaStart.job
[2012/09/09 08:55:37 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/09/09 09:02:00 | 000,000,392 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{482C88B6-77D7-485C-AA97-80C9C2BCAB5A}.job
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:621BEE66
@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:5A9AF3C7
@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:57DC3B52
@Alternate Data Stream - 249 bytes -> C:\ProgramData\TEMP:4D8FCBEF
@Alternate Data Stream - 220 bytes -> C:\ProgramData\TEMP:89A5891E
@Alternate Data Stream - 194 bytes -> C:\ProgramData\TEMP:C0A1A8AA
@Alternate Data Stream - 176 bytes -> C:\ProgramData\TEMP:55422315
@Alternate Data Stream - 162 bytes -> C:\ProgramData\TEMP:ABE30DDB
@Alternate Data Stream - 156 bytes -> C:\ProgramData\TEMP:77A023CE
@Alternate Data Stream - 154 bytes -> C:\ProgramData\TEMP:EF1813D7
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:D751C674
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:A53FFC56
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:0441DB7A
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:6C1A9365
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:D5BF78B4
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:157D4840
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:83E716F0
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:872B86AD
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:2F4A0A6B
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:F216755A
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:5311B0B8
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:C7F04040
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:0D31DA45
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:B6C77675
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:8DFE5191
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:444169A0
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:FFFCB9A9
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:8668AB36
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:3E69E337
< End of report >
OTL logfile created on: 9/09/2012 8:58:51 AM - Run 6
OTL by OldTimer - Version 3.2.61.0 Folder = C:\Users\Davie\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy
3.25 Gb Total Physical Memory | 2.39 Gb Available Physical Memory | 73.54% Memory free
6.68 Gb Paging File | 5.89 Gb Available in Paging File | 88.16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 450.68 Gb Total Space | 413.28 Gb Free Space | 91.70% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 8.61 Gb Free Space | 57.41% Space Free | Partition Type: NTFS
Computer Name: DAVIE-PC | User Name: Davie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/09/06 21:16:08 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\Davie\Downloads\OTL.exe
PRC - [2012/07/28 04:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2011/09/07 01:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011/08/18 23:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2011/08/18 23:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files\Dell DataSafe Local Backup\SftService.exe
PRC - [2011/08/02 01:56:48 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2010/05/20 15:27:24 | 000,762,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\vVX1000.exe
PRC - [2010/05/20 15:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2009/04/11 14:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/05/13 16:33:10 | 001,058,088 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DellDock.exe
PRC - [2008/04/28 16:56:28 | 000,161,048 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/03/06 19:52:56 | 004,706,304 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/01/21 10:23:32 | 000,397,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Mail\WinMail.exe
PRC - [2007/11/21 10:11:05 | 003,289,088 | ---- | M] (Google) -- C:\Program Files\Google\Google Talk\googletalk.exe
========== Modules (No Company Name) ==========
MOD - [2012/06/14 11:17:43 | 001,523,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\DellDock\cbaab9a3d542f178ef9f4ed2998b6347\DellDock.ni.exe
MOD - [2012/06/14 11:17:43 | 000,223,744 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\VistaBridgeLibrary\09921757c265f71e2458696d7f64cc5e\VistaBridgeLibrary.ni.dll
MOD - [2012/06/14 11:17:42 | 000,061,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MyDock.Util\7c673f0e46d9d52167ee9ae5d1e73a7a\MyDock.Util.ni.dll
MOD - [2012/06/14 10:31:02 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
MOD - [2012/06/14 10:30:54 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
MOD - [2012/06/14 10:30:33 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7343fbab1ba137db2f8b284047ef3f3c\PresentationFramework.ni.dll
MOD - [2012/06/14 10:29:55 | 012,219,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7b6293b0c23321c255c2530aea8e32bb\PresentationCore.ni.dll
MOD - [2012/05/10 13:29:12 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3d4d5fe5ab848fbfcf91a49960dc8ae\System.Management.ni.dll
MOD - [2012/05/10 13:29:07 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll
MOD - [2012/05/10 12:28:39 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012/05/10 12:28:03 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\0f2b877ed16daa577f95be735a63d19c\System.Core.ni.dll
MOD - [2012/05/10 12:28:00 | 000,224,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d81872939252c65b6f1127f331b84de0\PresentationFramework.Classic.ni.dll
MOD - [2012/05/10 12:27:26 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\54426ee1881b42af5b090e223f43823c\WindowsBase.ni.dll
MOD - [2012/05/10 12:27:23 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012/05/10 12:27:16 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2011/08/18 23:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
MOD - [2008/06/13 19:34:14 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
========== Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- -- (sprtsvc_dellsupportcenter)
SRV - [2012/09/07 21:49:31 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/03 14:38:39 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/28 04:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/08/18 23:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2010/05/20 15:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2008/08/01 17:29:11 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/04/28 16:56:28 | 000,161,048 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/01/21 10:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\sscdmdm.sys -- (sscdmdm)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\sscdmdfl.sys -- (sscdmdfl)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\sscdbus.sys -- (sscdbus)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\BCEB.tmp -- (MEMSWEEP2)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\massfilter.sys -- (massfilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/10/27 18:38:21 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2010/07/21 16:52:14 | 000,044,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
DRV - [2010/05/21 15:03:18 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2010/05/20 15:27:26 | 001,961,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VX1000.sys -- (VX1000)
DRV - [2008/06/13 19:34:12 | 003,592,704 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2008/06/13 19:34:12 | 003,592,704 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/03/06 19:47:34 | 000,106,496 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/03/06 19:44:48 | 000,027,648 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\RtNdPt60.sys -- (RtNdPt60)
DRV - [2008/01/21 10:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2006/11/01 18:50:00 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2006/10/19 02:08:18 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2006/08/05 08:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...ie7&rlz=1I7DAAU
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = http://www.google.co...=au&ibd=1080802
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=au&ibd=1080802
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=au&ibd=1080802
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
IE - HKCU\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...00000219b028d60
IE - HKCU\..\SearchScopes\{1A32E4AF-245D-4132-B773-163AC7DE962A}: "URL" = http://websearch.ask...C3-882B2ED3DD41
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7GPEA_en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaultthis.engineName: "Google Powered Search"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://search.babylo...0000219b028d60"
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/07 21:49:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/09/07 21:48:57 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/07 21:49:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/09/07 21:48:57 | 000,000,000 | ---D | M]
[2010/02/08 23:09:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Davie\AppData\Roaming\Mozilla\Extensions
[2010/02/08 23:09:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Davie\AppData\Roaming\Mozilla\Extensions\[email protected]
[2012/09/08 20:32:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\huvoosx4.default\extensions
[2010/04/28 11:53:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\huvoosx4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/12/23 11:07:44 | 000,000,000 | ---D | M] (WeatherBug) -- C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\huvoosx4.default\extensions\{3EC9C995-8072-4fc0-953E-4F30620D17F3}
[2012/03/31 08:09:53 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\huvoosx4.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/09/07 21:48:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/09/07 21:48:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/09/07 21:49:32 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/09/05 15:54:27 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
O1 HOSTS File: ([2012/09/09 08:55:25 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - Startup: C:\Users\Davie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C310A4B4-D2D0-4B83-B141-9D0887C7C045}: DhcpNameServer = 192.168.0.1
O20 - AppInit_DLLs: (c:\progra~2\browse~1\22630~1.40\{16cdf~1\browse~1.dll) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Users\Davie\AppData\Roaming\Webshots\The Webshots Desktop\Webshots Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Users\Davie\AppData\Roaming\Webshots\The Webshots Desktop\Webshots Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 05:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004/04/30 17:01:00 | 000,000,053 | -HS- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012/09/07 21:48:56 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/09/07 10:16:58 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/09/05 16:38:17 | 000,000,000 | ---D | C] -- C:\Users\Davie\.thumbnails
[2012/09/05 16:36:14 | 000,000,000 | ---D | C] -- C:\Users\Davie\AppData\Local\fontconfig
[2012/09/05 16:36:12 | 000,000,000 | ---D | C] -- C:\Users\Davie\AppData\Local\gegl-0.2
[2012/09/05 11:48:37 | 000,000,000 | ---D | C] -- C:\Users\Davie\AppData\Local\{E6B1822A-87DA-4FD6-AE5A-E5727E5E6E6D}
[2012/08/24 09:45:15 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Support Center
[2012/08/24 09:45:14 | 000,000,000 | ---D | C] -- C:\ProgramData\PC-Doctor for Windows
========== Files - Modified Within 30 Days ==========
[2012/09/09 09:02:00 | 000,000,392 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{482C88B6-77D7-485C-AA97-80C9C2BCAB5A}.job
[2012/09/09 08:56:36 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/09 08:56:36 | 000,000,276 | ---- | M] () -- C:\Windows\tasks\RtlNICDiagVistaStart.job
[2012/09/09 08:56:32 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/09 08:56:32 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/09 08:56:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/09 08:55:25 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012/09/08 22:43:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/08 22:05:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/09/06 21:17:34 | 000,000,511 | ---- | M] () -- C:\Users\Davie\Desktop\OTL - Shortcut.lnk
[2012/09/06 20:27:16 | 000,511,265 | ---- | M] () -- C:\Users\Davie\Desktop\adwcleaner.exe
[2012/09/06 12:56:54 | 000,104,025 | ---- | M] () -- C:\Windows\unins000.dat
[2012/09/06 12:56:43 | 000,723,294 | ---- | M] () -- C:\Windows\unins000.exe
[2012/09/05 17:11:29 | 000,001,503 | ---- | M] () -- C:\Users\Davie\AppData\Local\recently-used.xbel
[2012/09/05 11:50:21 | 000,039,424 | ---- | M] () -- C:\Users\Davie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/09/03 14:30:56 | 000,001,704 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2012/08/28 09:43:03 | 000,986,149 | ---- | M] () -- C:\Users\Davie\Documents\Alinta Aug 12.PDF
[2012/08/26 20:43:27 | 000,313,720 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
========== Files Created - No Company Name ==========
[2012/09/08 15:21:02 | 000,144,571 | ---- | C] () -- C:\Users\Davie\Documents\Synergy Aug 2012.pdf
[2012/09/06 21:17:34 | 000,000,511 | ---- | C] () -- C:\Users\Davie\Desktop\OTL - Shortcut.lnk
[2012/09/06 20:27:11 | 000,511,265 | ---- | C] () -- C:\Users\Davie\Desktop\adwcleaner.exe
[2012/09/06 12:56:53 | 000,723,294 | ---- | C] () -- C:\Windows\unins000.exe
[2012/09/06 12:56:53 | 000,104,025 | ---- | C] () -- C:\Windows\unins000.dat
[2012/09/05 17:11:29 | 000,001,503 | ---- | C] () -- C:\Users\Davie\AppData\Local\recently-used.xbel
[2012/08/28 09:39:21 | 000,986,149 | ---- | C] () -- C:\Users\Davie\Documents\Alinta Aug 12.PDF
[2012/04/18 13:56:30 | 000,000,552 | ---- | C] () -- C:\Users\Davie\AppData\Local\d3d8caps.dat
[2011/06/18 11:49:28 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2011/03/01 11:33:56 | 000,044,598 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2011/03/01 11:33:56 | 000,029,114 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2011/03/01 11:33:56 | 000,021,021 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2011/03/01 11:33:56 | 000,013,280 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2011/03/01 11:33:56 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2010/02/10 17:23:08 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/09/24 16:17:41 | 000,000,000 | ---- | C] () -- C:\Users\Davie\AppData\Roaming\wklnhst.dat
[2009/06/07 14:46:06 | 000,008,248 | ---- | C] () -- C:\Users\Davie\AppData\Local\en.ini
[2008/10/15 16:08:07 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2008/10/12 13:48:59 | 000,026,340 | ---- | C] () -- C:\Users\Davie\AppData\Roaming\UserTile.png
[2008/09/26 11:56:49 | 000,006,836 | ---- | C] () -- C:\Users\Davie\AppData\Local\d3d9caps.dat
[2008/09/25 20:09:50 | 000,039,424 | ---- | C] () -- C:\Users\Davie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
========== LOP Check ==========
[2011/07/04 17:32:35 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\20000Leagues
[2011/06/18 11:57:06 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Absolutist
[2012/01/25 14:57:10 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Apowersoft
[2010/11/15 15:16:05 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Artogon
[2012/01/25 09:17:55 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Azureus
[2010/10/02 12:53:20 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Clickteam
[2010/09/08 16:52:19 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\EleFun Games
[2011/01/07 15:30:36 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\ElementalsTheMagicKey
[2011/04/09 13:01:44 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Eluvo
[2008/09/29 12:23:10 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Eyeblaster
[2010/09/27 16:17:52 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\FreeBurner
[2009/03/04 15:19:22 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\GameHouse
[2010/12/28 12:55:48 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\HitPoint Studios
[2008/09/29 11:45:38 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\iWin
[2011/04/18 20:14:46 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Meridian93
[2011/04/09 09:40:54 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Myme
[2010/04/01 20:33:44 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\MysteryStudio
[2012/03/08 17:19:19 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Natural Threat.Ominous Shores
[2010/12/22 18:49:40 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\NCH Swift Sound
[2009/08/18 14:39:19 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\OpenOffice.org
[2010/12/10 18:39:59 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\PCDr
[2008/10/12 13:48:59 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\PeerNetworking
[2011/07/04 09:36:17 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\PlayFirst
[2011/01/15 20:30:29 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Raptr
[2010/07/07 16:53:01 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\RobinsonCrusoeOM
[2010/10/27 18:19:35 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Samsung
[2011/06/18 10:30:34 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Silverback Productions
[2008/10/18 19:57:10 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\SpinTop
[2012/01/26 15:13:02 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\SpinTop Games
[2011/01/11 16:16:48 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Template
[2012/02/28 15:06:46 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\TOMI3
[2009/10/26 14:23:51 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Uniblue
[2010/12/27 18:23:20 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Watchtower
[2008/09/28 21:14:20 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Webshots
[2011/11/25 15:20:03 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Windows Live Writer
[2012/09/09 08:56:36 | 000,000,276 | ---- | M] () -- C:\Windows\Tasks\RtlNICDiagVistaStart.job
[2012/09/09 08:55:37 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/09/09 09:02:00 | 000,000,392 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{482C88B6-77D7-485C-AA97-80C9C2BCAB5A}.job
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:621BEE66
@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:5A9AF3C7
@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:57DC3B52
@Alternate Data Stream - 249 bytes -> C:\ProgramData\TEMP:4D8FCBEF
@Alternate Data Stream - 220 bytes -> C:\ProgramData\TEMP:89A5891E
@Alternate Data Stream - 194 bytes -> C:\ProgramData\TEMP:C0A1A8AA
@Alternate Data Stream - 176 bytes -> C:\ProgramData\TEMP:55422315
@Alternate Data Stream - 162 bytes -> C:\ProgramData\TEMP:ABE30DDB
@Alternate Data Stream - 156 bytes -> C:\ProgramData\TEMP:77A023CE
@Alternate Data Stream - 154 bytes -> C:\ProgramData\TEMP:EF1813D7
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:D751C674
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:A53FFC56
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:0441DB7A
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:6C1A9365
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:D5BF78B4
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:157D4840
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:83E716F0
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:872B86AD
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:2F4A0A6B
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:F216755A
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:5311B0B8
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:C7F04040
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:0D31DA45
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:B6C77675
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:8DFE5191
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:444169A0
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:FFFCB9A9
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:8668AB36
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:3E69E337
< End of report >
OTL logfile created on: 9/09/2012 8:58:51 AM - Run 6
OTL by OldTimer - Version 3.2.61.0 Folder = C:\Users\Davie\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy
3.25 Gb Total Physical Memory | 2.39 Gb Available Physical Memory | 73.54% Memory free
6.68 Gb Paging File | 5.89 Gb Available in Paging File | 88.16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 450.68 Gb Total Space | 413.28 Gb Free Space | 91.70% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 8.61 Gb Free Space | 57.41% Space Free | Partition Type: NTFS
Computer Name: DAVIE-PC | User Name: Davie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/09/06 21:16:08 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\Davie\Downloads\OTL.exe
PRC - [2012/07/28 04:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2011/09/07 01:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011/08/18 23:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2011/08/18 23:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files\Dell DataSafe Local Backup\SftService.exe
PRC - [2011/08/02 01:56:48 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2010/05/20 15:27:24 | 000,762,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\vVX1000.exe
PRC - [2010/05/20 15:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2009/04/11 14:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/05/13 16:33:10 | 001,058,088 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DellDock.exe
PRC - [2008/04/28 16:56:28 | 000,161,048 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/03/06 19:52:56 | 004,706,304 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/01/21 10:23:32 | 000,397,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Mail\WinMail.exe
PRC - [2007/11/21 10:11:05 | 003,289,088 | ---- | M] (Google) -- C:\Program Files\Google\Google Talk\googletalk.exe
========== Modules (No Company Name) ==========
MOD - [2012/06/14 11:17:43 | 001,523,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\DellDock\cbaab9a3d542f178ef9f4ed2998b6347\DellDock.ni.exe
MOD - [2012/06/14 11:17:43 | 000,223,744 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\VistaBridgeLibrary\09921757c265f71e2458696d7f64cc5e\VistaBridgeLibrary.ni.dll
MOD - [2012/06/14 11:17:42 | 000,061,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MyDock.Util\7c673f0e46d9d52167ee9ae5d1e73a7a\MyDock.Util.ni.dll
MOD - [2012/06/14 10:31:02 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
MOD - [2012/06/14 10:30:54 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
MOD - [2012/06/14 10:30:33 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7343fbab1ba137db2f8b284047ef3f3c\PresentationFramework.ni.dll
MOD - [2012/06/14 10:29:55 | 012,219,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7b6293b0c23321c255c2530aea8e32bb\PresentationCore.ni.dll
MOD - [2012/05/10 13:29:12 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3d4d5fe5ab848fbfcf91a49960dc8ae\System.Management.ni.dll
MOD - [2012/05/10 13:29:07 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll
MOD - [2012/05/10 12:28:39 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012/05/10 12:28:03 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\0f2b877ed16daa577f95be735a63d19c\System.Core.ni.dll
MOD - [2012/05/10 12:28:00 | 000,224,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d81872939252c65b6f1127f331b84de0\PresentationFramework.Classic.ni.dll
MOD - [2012/05/10 12:27:26 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\54426ee1881b42af5b090e223f43823c\WindowsBase.ni.dll
MOD - [2012/05/10 12:27:23 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012/05/10 12:27:16 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2011/08/18 23:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
MOD - [2008/06/13 19:34:14 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
========== Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- -- (sprtsvc_dellsupportcenter)
SRV - [2012/09/07 21:49:31 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/03 14:38:39 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/28 04:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/08/18 23:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2010/05/20 15:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2008/08/01 17:29:11 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/04/28 16:56:28 | 000,161,048 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/01/21 10:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\sscdmdm.sys -- (sscdmdm)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\sscdmdfl.sys -- (sscdmdfl)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\sscdbus.sys -- (sscdbus)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\BCEB.tmp -- (MEMSWEEP2)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\massfilter.sys -- (massfilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/10/27 18:38:21 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2010/07/21 16:52:14 | 000,044,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
DRV - [2010/05/21 15:03:18 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2010/05/20 15:27:26 | 001,961,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VX1000.sys -- (VX1000)
DRV - [2008/06/13 19:34:12 | 003,592,704 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2008/06/13 19:34:12 | 003,592,704 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/03/06 19:47:34 | 000,106,496 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/03/06 19:44:48 | 000,027,648 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\RtNdPt60.sys -- (RtNdPt60)
DRV - [2008/01/21 10:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2006/11/01 18:50:00 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2006/10/19 02:08:18 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2006/08/05 08:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...ie7&rlz=1I7DAAU
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = http://www.google.co...=au&ibd=1080802
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=au&ibd=1080802
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=au&ibd=1080802
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
IE - HKCU\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...00000219b028d60
IE - HKCU\..\SearchScopes\{1A32E4AF-245D-4132-B773-163AC7DE962A}: "URL" = http://websearch.ask...C3-882B2ED3DD41
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7GPEA_en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaultthis.engineName: "Google Powered Search"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://search.babylo...0000219b028d60"
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/07 21:49:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/09/07 21:48:57 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/07 21:49:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/09/07 21:48:57 | 000,000,000 | ---D | M]
[2010/02/08 23:09:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Davie\AppData\Roaming\Mozilla\Extensions
[2010/02/08 23:09:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Davie\AppData\Roaming\Mozilla\Extensions\[email protected]
[2012/09/08 20:32:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\huvoosx4.default\extensions
[2010/04/28 11:53:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\huvoosx4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/12/23 11:07:44 | 000,000,000 | ---D | M] (WeatherBug) -- C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\huvoosx4.default\extensions\{3EC9C995-8072-4fc0-953E-4F30620D17F3}
[2012/03/31 08:09:53 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\huvoosx4.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/09/07 21:48:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/09/07 21:48:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/09/07 21:49:32 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/09/05 15:54:27 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
O1 HOSTS File: ([2012/09/09 08:55:25 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - Startup: C:\Users\Davie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C310A4B4-D2D0-4B83-B141-9D0887C7C045}: DhcpNameServer = 192.168.0.1
O20 - AppInit_DLLs: (c:\progra~2\browse~1\22630~1.40\{16cdf~1\browse~1.dll) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Users\Davie\AppData\Roaming\Webshots\The Webshots Desktop\Webshots Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Users\Davie\AppData\Roaming\Webshots\The Webshots Desktop\Webshots Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 05:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004/04/30 17:01:00 | 000,000,053 | -HS- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012/09/07 21:48:56 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/09/07 10:16:58 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/09/05 16:38:17 | 000,000,000 | ---D | C] -- C:\Users\Davie\.thumbnails
[2012/09/05 16:36:14 | 000,000,000 | ---D | C] -- C:\Users\Davie\AppData\Local\fontconfig
[2012/09/05 16:36:12 | 000,000,000 | ---D | C] -- C:\Users\Davie\AppData\Local\gegl-0.2
[2012/09/05 11:48:37 | 000,000,000 | ---D | C] -- C:\Users\Davie\AppData\Local\{E6B1822A-87DA-4FD6-AE5A-E5727E5E6E6D}
[2012/08/24 09:45:15 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Support Center
[2012/08/24 09:45:14 | 000,000,000 | ---D | C] -- C:\ProgramData\PC-Doctor for Windows
========== Files - Modified Within 30 Days ==========
[2012/09/09 09:02:00 | 000,000,392 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{482C88B6-77D7-485C-AA97-80C9C2BCAB5A}.job
[2012/09/09 08:56:36 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/09 08:56:36 | 000,000,276 | ---- | M] () -- C:\Windows\tasks\RtlNICDiagVistaStart.job
[2012/09/09 08:56:32 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/09 08:56:32 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/09 08:56:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/09 08:55:25 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012/09/08 22:43:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/08 22:05:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/09/06 21:17:34 | 000,000,511 | ---- | M] () -- C:\Users\Davie\Desktop\OTL - Shortcut.lnk
[2012/09/06 20:27:16 | 000,511,265 | ---- | M] () -- C:\Users\Davie\Desktop\adwcleaner.exe
[2012/09/06 12:56:54 | 000,104,025 | ---- | M] () -- C:\Windows\unins000.dat
[2012/09/06 12:56:43 | 000,723,294 | ---- | M] () -- C:\Windows\unins000.exe
[2012/09/05 17:11:29 | 000,001,503 | ---- | M] () -- C:\Users\Davie\AppData\Local\recently-used.xbel
[2012/09/05 11:50:21 | 000,039,424 | ---- | M] () -- C:\Users\Davie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/09/03 14:30:56 | 000,001,704 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2012/08/28 09:43:03 | 000,986,149 | ---- | M] () -- C:\Users\Davie\Documents\Alinta Aug 12.PDF
[2012/08/26 20:43:27 | 000,313,720 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
========== Files Created - No Company Name ==========
[2012/09/08 15:21:02 | 000,144,571 | ---- | C] () -- C:\Users\Davie\Documents\Synergy Aug 2012.pdf
[2012/09/06 21:17:34 | 000,000,511 | ---- | C] () -- C:\Users\Davie\Desktop\OTL - Shortcut.lnk
[2012/09/06 20:27:11 | 000,511,265 | ---- | C] () -- C:\Users\Davie\Desktop\adwcleaner.exe
[2012/09/06 12:56:53 | 000,723,294 | ---- | C] () -- C:\Windows\unins000.exe
[2012/09/06 12:56:53 | 000,104,025 | ---- | C] () -- C:\Windows\unins000.dat
[2012/09/05 17:11:29 | 000,001,503 | ---- | C] () -- C:\Users\Davie\AppData\Local\recently-used.xbel
[2012/08/28 09:39:21 | 000,986,149 | ---- | C] () -- C:\Users\Davie\Documents\Alinta Aug 12.PDF
[2012/04/18 13:56:30 | 000,000,552 | ---- | C] () -- C:\Users\Davie\AppData\Local\d3d8caps.dat
[2011/06/18 11:49:28 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2011/03/01 11:33:56 | 000,044,598 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2011/03/01 11:33:56 | 000,029,114 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2011/03/01 11:33:56 | 000,021,021 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2011/03/01 11:33:56 | 000,013,280 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2011/03/01 11:33:56 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2010/02/10 17:23:08 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/09/24 16:17:41 | 000,000,000 | ---- | C] () -- C:\Users\Davie\AppData\Roaming\wklnhst.dat
[2009/06/07 14:46:06 | 000,008,248 | ---- | C] () -- C:\Users\Davie\AppData\Local\en.ini
[2008/10/15 16:08:07 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2008/10/12 13:48:59 | 000,026,340 | ---- | C] () -- C:\Users\Davie\AppData\Roaming\UserTile.png
[2008/09/26 11:56:49 | 000,006,836 | ---- | C] () -- C:\Users\Davie\AppData\Local\d3d9caps.dat
[2008/09/25 20:09:50 | 000,039,424 | ---- | C] () -- C:\Users\Davie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
========== LOP Check ==========
[2011/07/04 17:32:35 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\20000Leagues
[2011/06/18 11:57:06 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Absolutist
[2012/01/25 14:57:10 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Apowersoft
[2010/11/15 15:16:05 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Artogon
[2012/01/25 09:17:55 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Azureus
[2010/10/02 12:53:20 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Clickteam
[2010/09/08 16:52:19 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\EleFun Games
[2011/01/07 15:30:36 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\ElementalsTheMagicKey
[2011/04/09 13:01:44 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Eluvo
[2008/09/29 12:23:10 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Eyeblaster
[2010/09/27 16:17:52 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\FreeBurner
[2009/03/04 15:19:22 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\GameHouse
[2010/12/28 12:55:48 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\HitPoint Studios
[2008/09/29 11:45:38 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\iWin
[2011/04/18 20:14:46 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Meridian93
[2011/04/09 09:40:54 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Myme
[2010/04/01 20:33:44 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\MysteryStudio
[2012/03/08 17:19:19 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Natural Threat.Ominous Shores
[2010/12/22 18:49:40 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\NCH Swift Sound
[2009/08/18 14:39:19 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\OpenOffice.org
[2010/12/10 18:39:59 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\PCDr
[2008/10/12 13:48:59 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\PeerNetworking
[2011/07/04 09:36:17 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\PlayFirst
[2011/01/15 20:30:29 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Raptr
[2010/07/07 16:53:01 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\RobinsonCrusoeOM
[2010/10/27 18:19:35 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Samsung
[2011/06/18 10:30:34 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Silverback Productions
[2008/10/18 19:57:10 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\SpinTop
[2012/01/26 15:13:02 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\SpinTop Games
[2011/01/11 16:16:48 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Template
[2012/02/28 15:06:46 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\TOMI3
[2009/10/26 14:23:51 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Uniblue
[2010/12/27 18:23:20 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Watchtower
[2008/09/28 21:14:20 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Webshots
[2011/11/25 15:20:03 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Windows Live Writer
[2012/09/09 08:56:36 | 000,000,276 | ---- | M] () -- C:\Windows\Tasks\RtlNICDiagVistaStart.job
[2012/09/09 08:55:37 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/09/09 09:02:00 | 000,000,392 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{482C88B6-77D7-485C-AA97-80C9C2BCAB5A}.job
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:621BEE66
@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:5A9AF3C7
@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:57DC3B52
@Alternate Data Stream - 249 bytes -> C:\ProgramData\TEMP:4D8FCBEF
@Alternate Data Stream - 220 bytes -> C:\ProgramData\TEMP:89A5891E
@Alternate Data Stream - 194 bytes -> C:\ProgramData\TEMP:C0A1A8AA
@Alternate Data Stream - 176 bytes -> C:\ProgramData\TEMP:55422315
@Alternate Data Stream - 162 bytes -> C:\ProgramData\TEMP:ABE30DDB
@Alternate Data Stream - 156 bytes -> C:\ProgramData\TEMP:77A023CE
@Alternate Data Stream - 154 bytes -> C:\ProgramData\TEMP:EF1813D7
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:D751C674
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:A53FFC56
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:0441DB7A
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:6C1A9365
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:D5BF78B4
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:157D4840
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:83E716F0
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:872B86AD
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:2F4A0A6B
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:F216755A
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:5311B0B8
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:C7F04040
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:0D31DA45
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:B6C77675
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:8DFE5191
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:444169A0
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:FFFCB9A9
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:8668AB36
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:3E69E337
< End of report >
Edited by Zambian, 08 September 2012 - 10:27 PM.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
