Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

rogue.gen, backdoor.popadstop, tr/dldr.zlob.gen2, MORE!


  • This topic is locked This topic is locked
26 replies to this topic

#1 lesliewest_guitargod

lesliewest_guitargod

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:35 PM

Posted 18 July 2009 - 05:42 PM

I can ONLY access IE8 (a few times it didnt load, until I rebooted). Firefox doesnt load. Thunderbird (email) doesnt load. The game Dungeons & Dragons Online doesnt load. All security software WAS able to download most recent updates.

In the last 2 days, my software found (in this order):

Malwarebytes:
trojan.dropper

Spysweeper with Antivirus,
mal/generic-a

iobit 360:
rogue.gen
backdoor.popadstop


Avira Personal

bds/doebyt.a
tr/dldr.zlob.gen2
pck/armadillo
(2 locations)

All have supposedly been quarantined and deleted, yet I still cant access anything. HELP!!

Im brand new to HijackThis and posting logs in general, but I loaded HijackThis and heres the log it gave me:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:50:28 PM, on 7/18/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\SysWOW64\RecvMessage.exe
C:\Program Files (x86)\Turbine\Turbine Download Manager - Lamannia\TurbineDownloadManagerIcon.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files (x86)\EVGA Precision\EVGAPrecision.exe
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files (x86)\GIGABYTE\GBTUpd\RunUpd.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\SysWOW64\RecvMessage.exe
C:\Program Files (x86)\Turbine\Turbine Download Manager - Lamannia\TurbineDownloadManagerIcon.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files (x86)\EVGA Precision\EVGAPrecision.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\Windows\SysWOW64\dvmurl.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [tray3] "C:\Windows\system32\RecvMessage.exe"
O4 - HKLM\..\Run: [EVGAPrecision] "C:\Program Files (x86)\EVGA Precision\EVGAPrecisionWrapper.exe" /s
O4 - HKLM\..\Run: [Turbine Download Manager Tray Icon] "C:\Program Files (x86)\Turbine\Turbine Download Manager - Lamannia\TurbineDownloadManagerIcon.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\RunOnce: [GBTUpd] "C:\Program Files (x86)\GIGABYTE\GBTUpd\PreRun.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3093149574-739893274-3944852547-1003\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (User 'Daddy - Standard')
O4 - Global Startup: Logitech SetPoint.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O13 - Gopher Prefix:
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: COM Service - Unknown owner - C:\Program Files (x86)\GIGABYTE\G.O.M\GCSVR.EXE
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IS360service - Unknown owner - C:\Program Files (x86)\IObit\IObit Security 360\IS360srv.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Turbine Message Service - PublicPreview (PublicPreviewTurbineMessageService) - Turbine, Inc. - C:\Program Files (x86)\Turbine\Turbine Download Manager - Lamannia\TurbineMessageService.exe
O23 - Service: Turbine Network Service - PublicPreview (PublicPreviewTurbineNetworkService) - Turbine, Inc. - C:\Program Files (x86)\Turbine\Turbine Download Manager - Lamannia\TurbineNetworkService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: SmartBackup - Unknown owner - C:\Program Files (x86)\SmartBackup\XSrvSetup.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files (x86)\Webroot\WebrootSecurity\WRConsumerService.exe

--
End of file - 9122 bytes

Edited by The weatherman, 18 July 2009 - 06:30 PM.
Moved back~TW


BC AdBot (Login to Remove)

 


#2 Tokek

Tokek

    Bleepin' Gecko


  • Members
  • 1,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Jakarta, Indonesia
  • Local time:06:35 PM

Posted 28 July 2009 - 09:34 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE
If I have not replied back to your post in 3 days, please send me a PM.

Posted Image

#3 lesliewest_guitargod

lesliewest_guitargod
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:35 PM

Posted 29 July 2009 - 07:02 PM

DDS doesnt support my operating system. I have Vista 64.

Hoping you can succeed in helping me.


Just to give you a recent update, the only browser I can get to work is Explorer 8. Firefox I double click and it never loads. Thunderbird email doesnt load. DDO Dungeons and Dragons Online game can not connect. All my utility software CAN update themselves.

I have used all the virus programs listed in my 1st post. I ran them all in admin, my regular, and safe modes. Checked off complete scan on all and made sure it was checking compressed files.

Even though each program found something (as listed in 1st post), I still have the exact same problem.

Edited by lesliewest_guitargod, 29 July 2009 - 07:11 PM.


#4 lesliewest_guitargod

lesliewest_guitargod
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:35 PM

Posted 29 July 2009 - 07:09 PM

Heres my current Hijackthis report:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:14:28 PM, on 7/19/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\SysWOW64\RecvMessage.exe
C:\Program Files (x86)\Turbine\Turbine Download Manager - Lamannia\TurbineDownloadManagerIcon.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files (x86)\EVGA Precision\EVGAPrecision.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\Windows\SysWOW64\dvmurl.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [tray3] "C:\Windows\system32\RecvMessage.exe"
O4 - HKLM\..\Run: [EVGAPrecision] "C:\Program Files (x86)\EVGA Precision\EVGAPrecisionWrapper.exe" /s
O4 - HKLM\..\Run: [Turbine Download Manager Tray Icon] "C:\Program Files (x86)\Turbine\Turbine Download Manager - Lamannia\TurbineDownloadManagerIcon.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\RunOnce: [GBTUpd] "C:\Program Files (x86)\GIGABYTE\GBTUpd\PreRun.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3093149574-739893274-3944852547-1003\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (User 'Daddy - Standard')
O4 - Global Startup: Logitech SetPoint.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O13 - Gopher Prefix:
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: COM Service - Unknown owner - C:\Program Files (x86)\GIGABYTE\G.O.M\GCSVR.EXE
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IS360service - Unknown owner - C:\Program Files (x86)\IObit\IObit Security 360\IS360srv.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Turbine Message Service - PublicPreview (PublicPreviewTurbineMessageService) - Turbine, Inc. - C:\Program Files (x86)\Turbine\Turbine Download Manager - Lamannia\TurbineMessageService.exe
O23 - Service: Turbine Network Service - PublicPreview (PublicPreviewTurbineNetworkService) - Turbine, Inc. - C:\Program Files (x86)\Turbine\Turbine Download Manager - Lamannia\TurbineNetworkService.exe
O23 - Service: Rav Process Communication Center (RavCCenter) - Unknown owner - C:\Program Files (x86)\Rising\Rav\CCENTER.EXE (file missing)
O23 - Service: Rising RavTask Manager (RavTask) - Unknown owner - C:\Program Files (x86)\Rising\Rav\RavTask.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Rising RealTime Monitor (RsRavMon) - Unknown owner - C:\Program Files (x86)\Rising\Rav\RavMonD.exe (file missing)
O23 - Service: Rising Scan Service (RsScanSrv) - Unknown owner - C:\Program Files (x86)\Rising\Rav\ScanFrm.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: SmartBackup - Unknown owner - C:\Program Files (x86)\SmartBackup\XSrvSetup.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files (x86)\Webroot\WebrootSecurity\WRConsumerService.exe

--
End of file - 8924 bytes

#5 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:35 PM

Posted 31 July 2009 - 12:46 PM

Hello.

Please run OTL for me.

Download and run OTL
  • Download OTL by OldTimer and save it to your desktop.
  • Double click on the Posted Image icon on your desktop. If you are using Vista, please right-click and select run as administrator
  • Leave everything to the default but do the following:
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • It will now begin to scan, please be paitent while it scans.
  • Two reports will open once it's done.
  • Please copy and paste them in your next reply:
  • OTL.txt <-- Will be opened
  • Extras.txt <-- Will be minimized

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#6 lesliewest_guitargod

lesliewest_guitargod
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:35 PM

Posted 31 July 2009 - 02:09 PM

OTL.txt:

OTL logfile created on: 7/31/2009 3:01:29 PM - Run 1
OTL by OldTimer - Version 3.0.10.3 Folder = C:\Users\Daddy - Standard\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18783)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1862.87 Gb Total Space | 1776.43 Gb Free Space | 95.36% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DADDY-PC
Current User Name: Daddy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/07/08 06:25:46 | 01,205,760 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files (x86)\Webroot\WebrootSecurity\WRConsumerService.exe
PRC - [2009/05/13 16:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2009/05/11 10:15:50 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2005/05/25 01:14:10 | 00,016,384 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\G.O.M\GCSVR.EXE
PRC - [2009/02/11 11:06:36 | 00,210,216 | ---- | M] () -- C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
PRC - [2009/07/17 12:12:36 | 00,267,760 | ---- | M] (Turbine, Inc.) -- C:\Program Files (x86)\Turbine\Turbine Download Manager - Lamannia\TurbineMessageService.exe
PRC - [2008/09/09 05:20:36 | 00,069,632 | R--- | M] () -- C:\Program Files (x86)\SmartBackup\XSrvSetup.exe
PRC - [2008/10/06 23:46:40 | 10,762,240 | R--- | M] () -- C:\Program Files (x86)\SmartBackup\SmartBackupSetup.exe
PRC - [2009/04/11 02:28:04 | 00,047,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\syswow64\snmp.exe
PRC - [2008/07/20 17:45:06 | 00,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2008/07/20 17:45:06 | 00,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/01/10 17:23:26 | 00,196,608 | ---- | M] () -- C:\Windows\SysWOW64\RecvMessage.exe
PRC - [2009/07/17 12:12:36 | 00,472,568 | ---- | M] (Turbine, Inc.) -- C:\Program Files (x86)\Turbine\Turbine Download Manager - Lamannia\TurbineDownloadManagerIcon.exe
PRC - [2009/03/02 13:08:47 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2007/04/23 04:00:00 | 00,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
PRC - [2008/12/22 18:03:16 | 00,240,656 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision\EVGAPrecision.exe
PRC - [2009/07/17 12:12:36 | 00,218,608 | ---- | M] (Turbine, Inc.) -- C:\Program Files (x86)\Turbine\Turbine Download Manager - Lamannia\TurbineNetworkService.exe
PRC - [2009/01/26 11:26:45 | 00,198,913 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exe
PRC - [2009/03/08 07:34:00 | 00,115,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\IELowutil.exe
PRC - [2009/07/31 15:00:34 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\Daddy - Standard\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/04/11 03:10:54 | 00,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\snmp.exe -- (SNMP [Auto | Running])
SRV:64bit: - [2008/01/20 22:47:32 | 00,383,544 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Auto | Running])
SRV:64bit: - [2008/01/20 22:52:15 | 01,216,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
SRV - [2009/05/13 16:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService [Auto | Running])
SRV - [2009/05/11 10:15:50 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService [Auto | Running])
SRV - [2009/03/30 00:42:14 | 00,066,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2009/03/30 00:39:54 | 00,089,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64 [On_Demand | Stopped])
SRV - [2005/05/25 01:14:10 | 00,016,384 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\G.O.M\GCSVR.EXE -- (COM Service [Auto | Running])
SRV - [2008/01/20 22:51:36 | 00,344,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehRecvr.exe -- (ehRecvr [On_Demand | Stopped])
SRV - [2008/01/20 22:51:36 | 00,153,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
SRV - [2006/11/02 11:03:48 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart [Auto | Stopped])
SRV - [2009/02/18 14:40:04 | 00,042,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/12/08 17:15:26 | 00,068,136 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe -- (GEST Service [Auto | Stopped])
SRV - [2009/03/03 14:53:32 | 00,033,176 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files (x86)\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper [Disabled | Stopped])
SRV - [2008/11/20 15:18:52 | 00,136,120 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Disabled | Stopped])
SRV - [2008/07/20 17:45:06 | 00,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON [Auto | Running])
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2009/02/18 14:39:11 | 00,857,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/06/16 13:10:02 | 00,224,528 | ---- | M] () -- C:\Program Files (x86)\IObit\IObit Security 360\IS360srv.exe -- (IS360service [On_Demand | Stopped])
SRV - [2006/11/02 05:46:05 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\keyiso.dll -- (KeyIso [On_Demand | Stopped])
SRV - [2009/07/09 18:03:50 | 00,068,096 | ---- | M] () -- C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service [On_Demand | Stopped])
SRV - [2009/02/11 11:06:36 | 00,210,216 | ---- | M] () -- C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service [Auto | Running])
SRV - [2009/07/18 01:47:19 | 00,000,000 | ---D | M] -- C:\Windows\SysWow64\Msdtc -- (MSDTC [Unknown | Stopped])
SRV - [2009/04/11 02:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\netlogon.dll -- (Netlogon [Disabled | Stopped])
SRV - [2008/06/24 16:05:56 | 00,537,896 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Stopped])
SRV - [2007/09/04 19:31:22 | 00,180,224 | ---- | M] (NVIDIA) -- C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService [Auto | Running])
SRV - [2009/07/17 12:12:36 | 00,267,760 | ---- | M] (Turbine, Inc.) -- C:\Program Files (x86)\Turbine\Turbine Download Manager - Lamannia\TurbineMessageService.exe -- (PublicPreviewTurbineMessageService [Auto | Running])
SRV - [2009/07/17 12:12:36 | 00,218,608 | ---- | M] (Turbine, Inc.) -- C:\Program Files (x86)\Turbine\Turbine Download Manager - Lamannia\TurbineNetworkService.exe -- (PublicPreviewTurbineNetworkService [On_Demand | Running])
SRV - [2009/01/07 12:40:56 | 00,348,752 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe -- (sdAuxService [On_Demand | Stopped])
SRV - [2009/01/21 13:08:06 | 01,095,560 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe -- (sdCoreService [On_Demand | Stopped])
SRV - [2008/09/09 05:20:36 | 00,069,632 | R--- | M] () -- C:\Program Files (x86)\SmartBackup\XSrvSetup.exe -- (SmartBackup [Auto | Running])
SRV - [2009/04/11 02:28:04 | 00,047,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\snmp.exe -- (SNMP [Auto | Running])
SRV - [2006/11/02 02:35:15 | 00,060,994 | ---- | M] () -- C:\Windows\SysWow64\Wbem\vds.mof -- (vds [On_Demand | Stopped])
SRV - [2006/11/02 02:35:15 | 00,055,846 | ---- | M] () -- C:\Windows\SysWow64\Wbem\vss.mof -- (VSS [On_Demand | Stopped])
SRV - [2009/07/08 06:25:46 | 01,205,760 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files (x86)\Webroot\WebrootSecurity\WRConsumerService.exe -- (WRConsumerService [Auto | Running])

========== Driver Services (SafeList) ==========

DRV:64bit: - [2009/04/06 10:51:06 | 00,073,048 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt [Auto | Running])
DRV:64bit: - [2009/03/27 01:23:54 | 00,019,432 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysNative\drivers\cpuz132_x64.sys -- (cpuz132 [On_Demand | Stopped])
DRV:64bit: - [2009/04/11 01:39:51 | 00,275,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService [On_Demand | Stopped])
DRV:64bit: - [2009/07/19 16:37:43 | 00,019,568 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) -- C:\Windows\SysNative\drivers\HookCont.sys -- (hookcont [System | Running])
DRV:64bit: - [2009/07/19 16:37:40 | 00,036,464 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) -- C:\Windows\SysNative\drivers\HookSys.sys -- (hooksys [System | Running])
DRV:64bit: - [2008/07/20 17:44:54 | 00,402,456 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor [Boot | Running])
DRV:64bit: - [2007/04/11 15:34:58 | 00,035,600 | ---- | M] (Logitech Inc.) -- C:\Windows\SysNative\DRIVERS\L8042Kbd.sys -- (L8042Kbd [On_Demand | Running])
DRV:64bit: - [2007/04/11 15:35:06 | 00,113,424 | ---- | M] (Logitech Inc.) -- C:\Windows\SysNative\DRIVERS\L8042mou.Sys -- (L8042mou [On_Demand | Stopped])
DRV:64bit: - [2007/04/11 15:35:22 | 00,053,520 | ---- | M] (Logitech, Inc.) -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys -- (LHidFilt [On_Demand | Running])
DRV:64bit: - [2007/04/11 15:35:30 | 00,056,080 | ---- | M] (Logitech, Inc.) -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys -- (LMouFilt [On_Demand | Running])
DRV:64bit: - [2007/04/11 15:35:38 | 00,136,976 | ---- | M] (Logitech Inc.) -- C:\Windows\SysNative\DRIVERS\LMouKE.Sys -- (LMouKE [On_Demand | Stopped])
DRV:64bit: - [2007/04/11 15:35:46 | 00,040,720 | ---- | M] (Logitech, Inc.) -- C:\Windows\SysNative\Drivers\LUsbFilt.Sys -- (LUsbFilt [On_Demand | Running])
DRV:64bit: - [2008/10/16 03:08:08 | 00,183,296 | ---- | M] (Realtek Corporation ) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169 [On_Demand | Running])
DRV:64bit: - [2009/04/11 01:39:34 | 00,098,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbaudio.sys -- (usbaudio [On_Demand | Running])
DRV:64bit: - [2008/11/11 13:42:00 | 00,017,920 | ---- | M] (LG Electronics Inc.) -- C:\Windows\SysNative\DRIVERS\lgx64bus.sys -- (usbbus [On_Demand | Stopped])
DRV:64bit: - [2008/11/11 13:42:00 | 00,027,136 | ---- | M] (LG Electronics Inc.) -- C:\Windows\SysNative\DRIVERS\lgx64diag.sys -- (UsbDiag [On_Demand | Stopped])
DRV:64bit: - [2008/11/11 13:42:00 | 00,033,792 | ---- | M] (LG Electronics Inc.) -- C:\Windows\SysNative\DRIVERS\lgx64modem.sys -- (USBModem [On_Demand | Stopped])
DRV - [2008/03/19 15:14:52 | 00,015,872 | ---- | M] () -- C:\Program Files (x86)\BurnInTest\DirectIo.sys -- (DIRECTIO [On_Demand | Stopped])
DRV - [2009/07/31 14:58:30 | 00,020,544 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\Windows\gdrv.sys -- (gdrv [On_Demand | Running])
DRV - [2009/07/17 13:02:40 | 00,030,528 | ---- | M] () -- C:\Windows\GVTDrv64.sys -- (GVTDrv64 [On_Demand | Stopped])
DRV - [2006/11/02 11:03:38 | 00,021,271 | ---- | M] () -- C:\Windows\SysWow64\http.mib -- (HTTP [On_Demand | Running])
DRV - [2006/09/18 17:35:23 | 00,001,088 | ---- | M] () -- C:\Windows\SysWow64\Wbem\mpsdrv.mof -- (mpsdrv [On_Demand | Running])
DRV - [2007/09/04 19:26:38 | 00,039,968 | ---- | M] (NVidia Corp.) -- C:\Windows\nvoclk64.sys -- (NVR0Dev [On_Demand | Running])
DRV - [2008/12/22 18:03:14 | 00,014,352 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision\RTCore64.sys -- (RTCore64 [On_Demand | Running])
DRV - [2009/06/23 11:01:40 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV [System | Stopped])
DRV - [2009/06/23 11:01:42 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Stopped])
DRV - [2009/06/23 11:01:40 | 00,072,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys -- (SASKUTIL [System | Stopped])
DRV - [2007/02/07 14:27:46 | 00,014,104 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan [Boot | Running])
DRV - [2006/09/18 17:36:40 | 00,003,066 | ---- | M] () -- C:\Windows\SysWow64\Wbem\tcpip.mof -- (Tcpip [Boot | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3093149574-739893274-3944852547-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-3093149574-739893274-3944852547-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-21-3093149574-739893274-3944852547-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKU\S-1-5-21-3093149574-739893274-3944852547-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-3093149574-739893274-3944852547-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3093149574-739893274-3944852547-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 58 3B EB 88 A9 10 CA 01 [binary data]
IE - HKU\S-1-5-21-3093149574-739893274-3944852547-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - URLSearchHook: {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\Windows\SysWOW64\dvmurl.dll (DeviceVM Inc.)
IE - HKU\S-1-5-21-3093149574-739893274-3944852547-1000\S-1-5-21-3093149574-739893274-3944852547-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3093149574-739893274-3944852547-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-3093149574-739893274-3944852547-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-21-3093149574-739893274-3944852547-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKU\S-1-5-21-3093149574-739893274-3944852547-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-3093149574-739893274-3944852547-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3093149574-739893274-3944852547-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 12 44 FC 08 A7 10 CA 01 [binary data]
IE - HKU\S-1-5-21-3093149574-739893274-3944852547-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - URLSearchHook: {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\Windows\SysWOW64\dvmurl.dll (DeviceVM Inc.)
IE - HKU\S-1-5-21-3093149574-739893274-3944852547-1003\S-1-5-21-3093149574-739893274-3944852547-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:0.9.10.1
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:2.9
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.1
FF - prefs.js..extensions.enabledItems: smarterwiki@wikiatic.com:1.3.9.2
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.1


FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor [2009/06/24 19:59:21 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/12 13:32:18 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2009/07/18 17:21:57 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2009/07/17 22:25:29 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.22\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2009/06/24 06:48:00 | 00,000,000 | ---D | M]

[2009/07/06 15:56:45 | 00,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\mozilla\Extensions
[2009/07/06 15:56:45 | 00,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/07/17 12:05:58 | 00,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\mozilla\Firefox\Profiles\17zjixpk.default\extensions
[2009/07/12 18:39:21 | 00,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\mozilla\Firefox\Profiles\17zjixpk.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2009/07/12 18:39:21 | 00,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\mozilla\Firefox\Profiles\17zjixpk.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2009/07/12 13:44:40 | 00,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\mozilla\Firefox\Profiles\17zjixpk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/07/17 05:55:55 | 00,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\mozilla\Firefox\Profiles\17zjixpk.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/07/17 05:55:53 | 00,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\mozilla\Firefox\Profiles\17zjixpk.default\extensions\smarterwiki@wikiatic.com
[2009/07/17 22:25:29 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2009/07/17 22:25:29 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/05/10 16:28:03 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/07/15 16:30:53 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browserdirprovider.dll
[2009/07/15 16:30:54 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\brwsrcmp.dll
[2009/05/10 16:27:27 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeploytk.dll
[2009/07/15 16:30:55 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files (x86)\mozilla firefox\plugins\npnul32.dll
[2009/02/27 12:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll
[2009/05/09 18:47:41 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll
[2009/05/09 18:47:41 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll
[2009/05/09 18:47:41 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll
[2009/05/09 18:47:41 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll
[2009/05/09 18:47:42 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll
[2009/05/09 18:47:42 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll
[2009/05/09 18:47:42 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll
[2009/03/03 14:53:32 | 00,109,420 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files (x86)\mozilla firefox\plugins\np_gp.dll
[2009/07/15 14:10:00 | 00,001,394 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom.xml
[2009/07/15 14:10:00 | 00,002,193 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\answers.xml
[2009/07/15 14:10:00 | 00,001,534 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\creativecommons.xml
[2009/07/15 14:10:00 | 00,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay.xml
[2009/07/15 14:10:00 | 00,002,371 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google.xml
[2009/07/15 14:10:00 | 00,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia.xml
[2009/07/15 14:10:00 | 00,000,792 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll ()
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKU\S-1-5-21-3093149574-739893274-3944852547-1003\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.EXE (Logitech Inc.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [EVGAPrecision] C:\Program Files (x86)\EVGA Precision\EVGAPrecisionWrapper.exe ()
O4 - HKLM..\Run: [tray3] C:\Windows\SysWow64\RecvMessage.exe ()
O4 - HKLM..\Run: [Turbine Download Manager Tray Icon] C:\Program Files (x86)\Turbine\Turbine Download Manager - Lamannia\TurbineDownloadManagerIcon.exe (Turbine, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.DLL (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.DLL (Microsoft Corporation)
O4 - HKU\S-1-5-21-3093149574-739893274-3944852547-1003..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3093149574-739893274-3944852547-1003..\Run: [NVIDIA nTune] C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA)
O4 - HKU\S-1-5-21-3093149574-739893274-3944852547-1003..\Run: [Prime95] C:\Program Files (x86)\p95v259\prime95.exe File not found
O4 - HKU\S-1-5-21-3093149574-739893274-3944852547-1003..\Run: [Shareaza] C:\Program Files (x86)\Shareaza\Shareaza.exe File not found
O4 - HKLM..\RunOnce: [GBTUpd] C:\Program Files (x86)\GIGABYTE\GBTUpd\PreRun.exe (PreRun)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\InfoDelivery present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Security present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\ZOOM present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\InfoDelivery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Security present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\ZOOM present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\InfoDelivery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Security present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\ZOOM present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\InfoDelivery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Security present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\ZOOM present
O7 - HKU\S-1-5-21-3093149574-739893274-3944852547-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3093149574-739893274-3944852547-1000\Software\Policies\Microsoft\Internet Explorer\InfoDelivery present
O7 - HKU\S-1-5-21-3093149574-739893274-3944852547-1000\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-21-3093149574-739893274-3944852547-1000\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-3093149574-739893274-3944852547-1000\Software\Policies\Microsoft\Internet Explorer\Security present
O7 - HKU\S-1-5-21-3093149574-739893274-3944852547-1000\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing present
O7 - HKU\S-1-5-21-3093149574-739893274-3944852547-1000\Software\Policies\Microsoft\Internet Explorer\ZOOM present
O7 - HKU\S-1-5-21-3093149574-739893274-3944852547-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3093149574-739893274-3944852547-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKU\S-1-5-21-3093149574-739893274-3944852547-1000_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3093149574-739893274-3944852547-1000_Classes\Software\Policies\Microsoft\Internet Explorer\InfoDelivery present
O7 - HKU\S-1-5-21-3093149574-739893274-3944852547-1000_Classes\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-21-3093149574-739893274-3944852547-1000_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-3093149574-739893274-3944852547-1000_Classes\Software\Policies\Microsoft\Internet Explorer\Security present
O7 - HKU\S-1-5-21-3093149574-739893274-3944852547-1000_Classes\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing present
O7 - HKU\S-1-5-21-3093149574-739893274-3944852547-1000_Classes\Software\Policies\Microsoft\Internet Explorer\ZOOM present
O7 - HKU\S-1-5-21-3093149574-739893274-3944852547-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3093149574-739893274-3944852547-1003\Software\Policies\Microsoft\Internet Explorer\InfoDelivery present
O7 - HKU\S-1-5-21-3093149574-739893274-3944852547-1003\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-21-3093149574-739893274-3944852547-1003\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-3093149574-739893274-3944852547-1003\Software\Policies\Microsoft\Internet Explorer\Security present
O7 - HKU\S-1-5-21-3093149574-739893274-3944852547-1003\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing present
O7 - HKU\S-1-5-21-3093149574-739893274-3944852547-1003\Software\Policies\Microsoft\Internet Explorer\ZOOM present
O7 - HKU\S-1-5-21-3093149574-739893274-3944852547-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3093149574-739893274-3944852547-1003_Classes\Software\Policies\Microsoft\Internet Explorer\InfoDelivery present
O7 - HKU\S-1-5-21-3093149574-739893274-3944852547-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-21-3093149574-739893274-3944852547-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-3093149574-739893274-3944852547-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Security present
O7 - HKU\S-1-5-21-3093149574-739893274-3944852547-1003_Classes\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing present
O7 - HKU\S-1-5-21-3093149574-739893274-3944852547-1003_Classes\Software\Policies\Microsoft\Internet Explorer\ZOOM present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} http://download.gigabyte.com.tw/object/Dldrv.ocx (Dldrv2 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 216.144.187.37 204.186.0.201 207.44.96.129
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll ()
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll ()
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - C:\Windows\SysWOW64\guard32.dll (COMODO)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O30:64bit: - LSA: Authentication Packages - (ows\S) - File not found
O30 - LSA: Authentication Packages - (ows\S) - File not found
O30:64bit: - LSA: Security Packages - (T2㐀㠵ᘨ) - File not found
O30:64bit: - LSA: Security Packages - (協歰⹧汤l<뻯㠵ᘨ㠵ᘨ&) - File not found
O30:64bit: - LSA: Security Packages - (娆) - File not found
O30 - LSA: Security Packages - (kages) - File not found
O30 - LSA: Security Packages - (-) - File not found
O30 - LSA: Security Packages - ((娆)) - File not found
O30 - LSA: Security Packages - (-) - File not found
O30 - LSA: Security Packages - (File) - File not found
O30 - LSA: Security Packages - (not) - File not found
O30 - LSA: Security Packages - (found) - File not found
O30 - LSA: Security Packages - (not) - File not found
O30 - LSA: Security Packages - (fo) - File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\SysWow64\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/07/31 14:58:34 | 00,021,633 | ---- | C] () -- C:\Windows\SysWow64\jcsball.dat
[2009/07/31 14:58:34 | 00,004,039 | ---- | C] () -- C:\Windows\SysWow64\jcsb.new
[2009/07/31 14:58:34 | 00,000,482 | ---- | C] () -- C:\Windows\SysWow64\jerror.dat
[2009/07/29 21:57:22 | 01,650,104 | -H-- | C] () -- C:\Users\Daddy\AppData\Local\IconCache.db
[2009/07/19 18:31:04 | 00,041,728 | ---- | C] (TG Soft S.a.s.) -- C:\Windows\SysWow64\drivers\VIRAGTLT.SYS
[2009/07/19 18:30:43 | 00,000,000 | ---D | C] -- C:\VEXPLITE
[2009/07/19 17:28:54 | 00,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2009/07/19 17:28:48 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Security Task Manager
[2009/07/19 16:39:59 | 00,000,150 | RHS- | C] () -- C:\rising.ini
[2009/07/19 16:39:53 | 00,000,000 | R-SD | C] -- C:\RavBin
[2009/07/19 16:39:38 | 00,036,464 | ---- | C] (Beijing Rising Information Technology Co., Ltd.) -- C:\Windows\SysNative\drivers\HookSys.sys
[2009/07/19 16:39:38 | 00,026,736 | ---- | C] (Beijing Rising Information Technology Co., Ltd.) -- C:\Windows\SysNative\drivers\HookHelp.sys
[2009/07/19 16:39:38 | 00,019,568 | ---- | C] (Beijing Rising Information Technology Co., Ltd.) -- C:\Windows\SysNative\drivers\HookCont.sys
[2009/07/19 16:39:34 | 00,000,089 | ---- | C] () -- C:\Windows\Rav.inf
[2009/07/19 16:39:25 | 00,000,026 | ---- | C] () -- C:\Windows\Rav.ini
[2009/07/19 16:38:42 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/07/19 16:37:51 | 00,000,000 | ---D | C] -- C:\ProgramData\Rising
[2009/07/18 18:43:55 | 00,001,928 | ---- | C] () -- C:\Users\Daddy\Desktop\HijackThis.lnk
[2009/07/18 18:43:55 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2009/07/18 16:39:29 | 00,001,901 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2009/07/18 16:39:23 | 00,073,048 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2009/07/18 16:39:23 | 00,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\SysWow64\drivers\ssmdrv.sys
[2009/07/18 16:39:19 | 00,000,000 | ---D | C] -- C:\ProgramData\Avira
[2009/07/18 16:39:19 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2009/07/18 16:17:45 | 79,969,552 | ---- | C] () -- C:\Users\Daddy\Desktop\CIS_Setup_3.10.102363.531_XP_Vista_x64.exe
[2009/07/18 13:03:29 | 00,000,888 | ---- | C] () -- C:\Users\Daddy\Desktop\firefox - Shortcut.lnk
[2009/07/18 04:07:55 | 00,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2009/07/18 04:07:40 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/07/18 03:56:24 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2009/07/18 03:55:45 | 00,001,813 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2009/07/18 03:55:42 | 00,000,000 | ---D | C] -- C:\Users\Daddy\AppData\Roaming\PC Tools
[2009/07/18 03:55:42 | 00,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2009/07/18 03:55:42 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Spyware Doctor
[2009/07/18 01:09:32 | 00,000,000 | ---D | C] -- C:\Users\Daddy\AppData\Local\CrashDumps
[2009/07/17 22:23:10 | 00,000,456 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{B64C35A3-B734-46FB-AD90-9FBBA09E4405}.job
[2009/07/17 19:57:19 | 00,000,000 | ---D | C] -- C:\ProgramData\Comodo
[2009/07/17 19:57:18 | 00,240,128 | ---- | C] (COMODO) -- C:\Windows\SysNative\guard64.dll
[2009/07/17 19:57:18 | 00,179,792 | ---- | C] (COMODO) -- C:\Windows\SysWow64\guard32.dll
[2009/07/17 19:57:18 | 00,117,064 | ---- | C] (COMODO) -- C:\Windows\SysNative\drivers\cmdguard.sys
[2009/07/17 19:57:18 | 00,084,104 | ---- | C] (COMODO) -- C:\Windows\SysNative\drivers\inspect.sys
[2009/07/17 19:57:18 | 00,033,128 | ---- | C] (COMODO) -- C:\Windows\SysNative\drivers\cmdhlp.sys
[2009/07/17 14:56:59 | 00,000,883 | ---- | C] () -- C:\Users\Daddy\Desktop\RealTemp - Shortcut.lnk
[2009/07/17 14:56:02 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\RealTemp_3.00
[2009/07/17 12:40:14 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Smith Micro
[2009/07/17 12:30:26 | 00,000,000 | ---D | C] -- C:\Users\Daddy\AppData\Local\Symantec
[2009/07/17 12:29:35 | 00,000,000 | ---D | C] -- C:\Users\Daddy\AppData\Roaming\Symantec
[2009/07/17 12:19:55 | 00,000,000 | ---D | C] -- C:\ProgramData\NortonSystemWorks
[2009/07/17 12:19:14 | 00,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2009/07/17 11:59:03 | 00,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll
[2009/07/17 11:59:02 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2009/07/17 11:59:02 | 00,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2009/07/17 11:59:02 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2009/07/17 11:59:01 | 00,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2009/07/17 11:59:01 | 00,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2009/07/17 11:59:01 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dciman32.dll
[2009/07/17 11:59:01 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dciman32.dll
[2009/07/17 05:42:58 | 00,000,000 | ---D | C] -- C:\Users\Daddy\Desktop\NSWSE1200TB15
[2009/07/14 20:02:40 | 00,001,074 | ---- | C] () -- C:\Users\Daddy\Desktop\DVDVideoSoft Free Studio.lnk
[2009/07/14 20:02:39 | 00,000,000 | ---D | C] -- C:\Users\Daddy\Documents\DVDVideoSoft
[2009/07/14 20:01:26 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2009/07/14 20:01:26 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2009/07/13 19:48:56 | 00,262,144 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2009/07/13 19:48:55 | 00,086,016 | ---- | C] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2009/07/13 18:39:26 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\BitPim
[2009/07/13 18:34:07 | 00,002,081 | ---- | C] () -- C:\Users\Public\Desktop\VZAccess Manager.lnk
[2009/07/13 18:32:53 | 00,033,792 | ---- | C] (LG Electronics Inc.) -- C:\Windows\SysNative\drivers\lgx64modem.sys
[2009/07/13 18:32:53 | 00,027,136 | ---- | C] (LG Electronics Inc.) -- C:\Windows\SysNative\drivers\lgx64diag.sys
[2009/07/13 18:32:53 | 00,017,920 | ---- | C] (LG Electronics Inc.) -- C:\Windows\SysNative\drivers\lgx64bus.sys
[2009/07/13 18:32:53 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\LG Electronics
[2009/07/13 18:32:21 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Verizon Wireless
[2009/07/13 17:10:36 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Verizon sync
[2009/07/12 20:56:28 | 00,002,041 | ---- | C] () -- C:\Users\Daddy\Desktop\EasyRecovery Professional.lnk
[2009/07/12 20:56:28 | 00,001,845 | ---- | C] () -- C:\Users\Daddy\Desktop\Ontrack Crisis Center.lnk
[2009/07/12 20:55:21 | 00,000,634 | ---- | C] () -- C:\Windows\SysWow64\MAPISVC.INF
[2009/07/12 20:55:04 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Ontrack
[2009/07/12 19:53:12 | 00,000,000 | ---D | C] -- C:\Users\Daddy\Desktop\Programs
[2009/07/12 19:29:50 | 00,000,000 | ---D | C] -- C:\ProgramData\Norton Installer
[2009/07/12 18:31:41 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2009/07/12 18:21:19 | 00,000,000 | ---- | C] () -- C:\Windows\SysWow64\Performance.db
[2009/07/12 18:21:16 | 00,000,000 | ---- | C] () -- C:\Windows\SysWow64\ncwmh.db
[2009/07/12 18:21:13 | 00,000,000 | ---- | C] () -- C:\Windows\SysWow64\FOIMaster.db
[2009/07/12 18:21:11 | 00,000,000 | ---- | C] () -- C:\Windows\SysWow64\submissions.db
[2009/07/12 18:21:08 | 00,000,000 | ---- | C] () -- C:\Windows\SysWow64\Reputation.db
[2009/07/12 18:21:02 | 00,000,000 | ---- | C] () -- C:\Windows\SysWow64\MrClean.db
[2009/07/12 18:19:30 | 01,914,722 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1100000.02D\Cat.DB
[2009/07/12 18:19:05 | 00,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64\1100000.02D
[2009/07/12 18:19:05 | 00,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64
[2009/07/12 18:18:45 | 00,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2009/07/12 18:16:05 | 00,000,000 | ---D | C] -- C:\ProgramData\Norton
[2009/07/12 17:19:30 | 00,000,394 | ---- | C] () -- C:\Windows\tasks\AWC Startup.job
[2009/07/12 17:19:25 | 00,001,056 | ---- | C] () -- C:\Users\Public\Desktop\Advanced SystemCare.lnk
[2009/07/12 15:48:25 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Shareaza
[2009/07/12 15:40:02 | 00,000,000 | ---D | C] -- C:\ProgramData\eMule
[2009/07/12 13:47:23 | 00,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2009/07/12 13:47:23 | 00,000,000 | ---D | C] -- C:\Program Files\Realtek
[2009/07/12 13:45:55 | 00,513,536 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2009/07/12 13:45:55 | 00,211,376 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2009/07/12 13:45:55 | 00,193,536 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2009/07/12 13:45:55 | 00,150,528 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2009/07/12 13:45:54 | 01,277,984 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll
[2009/07/12 13:45:54 | 00,611,360 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl
[2009/07/12 13:45:53 | 01,766,944 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\drivers\RTKVHD64.sys
[2009/07/12 13:45:53 | 01,603,104 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll
[2009/07/12 13:45:53 | 01,163,296 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll
[2009/07/12 13:45:53 | 00,417,824 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll
[2009/07/12 13:45:53 | 00,332,320 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll
[2009/07/12 13:45:53 | 00,304,640 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2009/07/12 13:45:53 | 00,304,640 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2009/07/12 13:45:53 | 00,149,536 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll
[2009/07/12 13:45:53 | 00,058,400 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInst64.dll
[2009/07/12 13:45:52 | 00,311,296 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2009/07/12 13:45:51 | 00,176,640 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysNative\FMAPO64.dll
[2009/07/12 13:45:51 | 00,166,400 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll
[2009/07/12 13:45:51 | 00,108,032 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAR64.dll
[2009/07/12 13:45:47 | 00,540,672 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll
[2009/07/12 13:38:44 | 00,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2009/07/11 17:55:38 | 00,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2009/07/10 04:57:50 | 00,000,000 | ---D | C] -- C:\Program Files\Sony
[2009/07/10 04:37:29 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\StarWarsGalaxies
[2009/07/10 03:33:21 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Sony
[2009/07/09 18:07:35 | 00,000,000 | ---D | C] -- C:\ProgramData\Macrovision
[2009/07/09 18:03:50 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macromedia Shared
[2009/07/09 18:03:44 | 00,487,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp70.dll
[2009/07/09 18:03:43 | 00,974,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc70.dll
[2009/07/09 18:01:38 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macromedia
[2009/07/09 17:57:43 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Macromedia
[2009/07/09 16:05:30 | 00,000,996 | ---- | C] () -- C:\Users\Daddy\Desktop\AusLogics Registry Cleaner.lnk
[2009/07/09 13:32:43 | 00,000,972 | ---- | C] () -- C:\Users\Public\Desktop\IObit Security 360.lnk
[2009/07/09 13:32:43 | 00,000,000 | ---D | C] -- C:\ProgramData\IObit
[2009/07/09 11:45:03 | 00,000,928 | ---- | C] () -- C:\Users\Public\Desktop\GIMP 2.lnk
[2009/07/09 11:44:39 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\GIMP-2.0
[2009/07/08 14:03:56 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Flash Slideshow Maker Professional
[2009/07/08 06:25:08 | 00,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\capicom.dll
[2009/07/08 06:25:08 | 00,001,851 | ---- | C] () -- C:\Users\Public\Desktop\Webroot AntiVirus.lnk
[2009/07/08 06:24:48 | 01,563,008 | ---- | C] (Webroot Software, Inc.) -- C:\Windows\WRSetup.dll
[2009/07/08 06:24:48 | 00,000,000 | ---D | C] -- C:\Users\Daddy\AppData\Roaming\Webroot
[2009/07/08 06:24:48 | 00,000,000 | ---D | C] -- C:\ProgramData\Webroot
[2009/07/08 06:04:57 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Webroot
[2009/07/06 13:25:24 | 00,000,000 | ---D | C] -- C:\bm
[2009/07/06 12:38:49 | 00,000,000 | ---D | C] -- C:\Windows\pss
[2009/07/06 07:13:10 | 00,000,000 | ---D | C] -- C:\Users\Daddy\AppData\Roaming\Malwarebytes
[2009/07/06 07:13:09 | 00,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebyte.lnk
[2009/07/06 07:13:06 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2009/07/06 07:13:05 | 00,022,040 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2009/07/06 07:13:05 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/07/06 07:13:05 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2009/07/05 14:47:26 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Scribus 1.3.3.13
[2009/07/05 11:53:35 | 00,000,000 | ---D | C] -- C:\Users\Daddy\AppData\Roaming\WinRAR
[2009/07/05 11:52:43 | 00,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2009/07/05 11:47:16 | 00,000,000 | ---D | C] -- C:\setup
[2009/07/04 18:23:41 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\des advanced
[2009/07/01 18:53:21 | 00,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2009/07/01 18:53:16 | 00,000,944 | ---- | C] () -- C:\Users\Public\Desktop\SUPER AntiSpyware.lnk
[2009/07/01 18:53:15 | 00,000,000 | ---D | C] -- C:\Users\Daddy\AppData\Roaming\SUPERAntiSpyware.com
[2009/07/01 18:53:15 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\SUPERAntiSpyware
[2009/06/30 12:58:46 | 06,963,712 | ---- | C] () -- C:\Windows\SysWow64\videotrans.dll
[2009/06/30 12:58:46 | 00,452,608 | ---- | C] () -- C:\Windows\SysWow64\videoformat.dll
[2009/06/30 12:58:46 | 00,323,584 | ---- | C] () -- C:\Windows\SysWow64\FoxImager.dll
[2009/06/30 12:58:46 | 00,262,144 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2009/06/30 12:58:46 | 00,172,032 | ---- | C] () -- C:\Windows\SysWow64\wiscomgifenc.dll
[2009/06/30 12:58:46 | 00,159,744 | ---- | C] () -- C:\Windows\SysWow64\viscomtran.dll
[2009/06/30 12:58:46 | 00,154,624 | ---- | C] () -- C:\Windows\SysWow64\imgscaler.dll
[2009/06/30 12:58:46 | 00,028,160 | ---- | C] () -- C:\Windows\SysWow64\img_utils.dll
[2009/06/30 12:58:46 | 00,019,456 | ---- | C] () -- C:\Windows\SysWow64\videocore.dll
[2009/06/22 08:10:12 | 00,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/06/22 08:09:32 | 00,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/05/08 09:41:24 | 00,117,256 | ---- | C] () -- C:\Windows\SysWow64\ycc.dll
[2009/05/08 09:41:23 | 00,192,512 | ---- | C] () -- C:\Windows\SysWow64\FlashDLL.dll
[2009/05/08 09:41:23 | 00,166,720 | ---- | C] () -- C:\Windows\SysWow64\DrvInfo.dll
[2009/05/08 09:41:23 | 00,154,432 | ---- | C] () -- C:\Windows\SysWow64\HwInfo.dll
[2009/05/08 09:41:23 | 00,146,240 | ---- | C] () -- C:\Windows\SysWow64\DTInfo.dll
[2009/05/08 09:41:23 | 00,133,952 | ---- | C] () -- C:\Windows\SysWow64\HWM.dll
[2009/05/08 09:41:23 | 00,122,880 | ---- | C] () -- C:\Windows\SysWow64\SInfo.dll
[2009/05/08 09:41:23 | 00,122,880 | ---- | C] () -- C:\Windows\SysWow64\Rcontrolagent.dll
[2009/05/08 09:41:23 | 00,118,784 | ---- | C] () -- C:\Windows\SysWow64\CmosDLL.dll
[2009/05/08 09:41:23 | 00,114,688 | ---- | C] () -- C:\Windows\SysWow64\MarkFunDrv.dll
[2009/05/08 09:41:23 | 00,114,688 | ---- | C] () -- C:\Windows\SysWow64\Flash.dll
[2009/05/08 09:41:23 | 00,110,592 | ---- | C] () -- C:\Windows\SysWow64\GMail.dll
[2009/05/08 09:41:23 | 00,106,496 | ---- | C] () -- C:\Windows\SysWow64\RecvMsgDLL.dll
[2009/05/08 09:41:23 | 00,101,184 | ---- | C] () -- C:\Windows\SysWow64\COM_ycc.dll
[2009/05/08 09:41:23 | 00,073,728 | ---- | C] () -- C:\Windows\SysWow64\w83781d.dll
[2009/05/08 09:41:23 | 00,060,224 | ---- | C] () -- C:\Windows\SysWow64\HUADRV.DLL
[2009/05/08 09:41:23 | 00,049,152 | ---- | C] () -- C:\Windows\SysWow64\FLASHFUN.DLL
[2009/05/08 09:41:23 | 00,047,936 | ---- | C] () -- C:\Windows\SysWow64\IOInfo.dll
[2009/05/08 09:41:23 | 00,045,056 | ---- | C] () -- C:\Windows\SysWow64\GSCM2.dll
[2009/05/08 09:41:23 | 00,043,840 | ---- | C] () -- C:\Windows\SysWow64\SysConfig.dll
[2009/05/08 09:41:23 | 00,036,864 | ---- | C] () -- C:\Windows\SysWow64\DeviceID.dll
[2009/05/08 09:41:23 | 00,028,672 | ---- | C] () -- C:\Windows\SysWow64\GSCM.dll
[2009/05/08 09:41:23 | 00,024,576 | ---- | C] () -- C:\Windows\SysWow64\HWAgent.dll
[2009/05/07 23:00:42 | 00,743,720 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/05/07 19:35:59 | 00,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2009/05/07 18:23:38 | 00,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2008/10/07 09:13:30 | 00,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008/10/07 09:13:22 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008/01/20 22:50:05 | 00,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007/03/12 12:01:30 | 00,273,408 | ---- | C] () -- C:\Windows\NVGfxOgl.dll
[2006/11/02 08:34:27 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 08:34:27 | 00,000,144 | ---- | C] () -- C:\Windows\win.ini

========== Files - Modified Within 30 Days ==========

[2009/07/31 15:05:00 | 00,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{E1A0D169-DD50-4139-AEFC-A643BD7C3826}.job
[2009/07/31 15:04:55 | 00,021,589 | ---- | M] () -- C:\Windows\SysWow64\jcsball.dat
[2009/07/31 15:04:55 | 00,004,039 | ---- | M] () -- C:\Windows\SysWow64\jcsb.new
[2009/07/31 15:04:55 | 00,000,482 | ---- | M] () -- C:\Windows\SysWow64\jerror.dat
[2009/07/31 15:04:18 | 00,807,588 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2009/07/31 15:04:18 | 00,676,448 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2009/07/31 15:04:18 | 00,133,302 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2009/07/31 15:00:33 | 00,000,456 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{B64C35A3-B734-46FB-AD90-9FBBA09E4405}.job
[2009/07/31 14:58:43 | 00,117,648 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2009/07/31 14:58:40 | 00,117,307 | ---- | M] () -- C:\ProgramData\nvModes.001
[2009/07/31 14:58:30 | 00,020,544 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\Windows\gdrv.sys
[2009/07/31 14:58:30 | 00,000,394 | ---- | M] () -- C:\Windows\tasks\AWC Startup.job
[2009/07/31 14:58:13 | 00,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/07/31 14:58:13 | 00,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/07/31 14:58:03 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/07/31 14:58:01 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/07/29 21:57:22 | 01,650,104 | -H-- | M] () -- C:\Users\Daddy\AppData\Local\IconCache.db
[2009/07/19 19:31:21 | 00,000,734 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\HOSTS
[2009/07/19 16:40:00 | 00,000,089 | ---- | M] () -- C:\Windows\Rav.inf
[2009/07/19 16:39:59 | 00,000,150 | RHS- | M] () -- C:\rising.ini
[2009/07/19 16:39:25 | 00,000,026 | ---- | M] () -- C:\Windows\Rav.ini
[2009/07/19 16:37:43 | 00,019,568 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) -- C:\Windows\SysNative\drivers\HookCont.sys
[2009/07/19 16:37:40 | 00,036,464 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) -- C:\Windows\SysNative\drivers\HookSys.sys
[2009/07/19 16:37:40 | 00,026,736 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) -- C:\Windows\SysNative\drivers\HookHelp.sys
[2009/07/18 18:43:55 | 00,001,928 | ---- | M] () -- C:\Users\Daddy\Desktop\HijackThis.lnk
[2009/07/18 16:39:30 | 00,001,901 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2009/07/18 16:17:47 | 79,969,552 | ---- | M] () -- C:\Users\Daddy\Desktop\CIS_Setup_3.10.102363.531_XP_Vista_x64.exe
[2009/07/18 13:03:29 | 00,000,888 | ---- | M] () -- C:\Users\Daddy\Desktop\firefox - Shortcut.lnk
[2009/07/18 04:07:55 | 00,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2009/07/18 03:55:45 | 00,001,813 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2009/07/17 19:57:17 | 00,240,128 | ---- | M] (COMODO) -- C:\Windows\SysNative\guard64.dll
[2009/07/17 19:57:17 | 00,179,792 | ---- | M] (COMODO) -- C:\Windows\SysWow64\guard32.dll
[2009/07/17 19:57:17 | 00,117,064 | ---- | M] (COMODO) -- C:\Windows\SysNative\drivers\cmdguard.sys
[2009/07/17 19:57:17 | 00,084,104 | ---- | M] (COMODO) -- C:\Windows\SysNative\drivers\inspect.sys
[2009/07/17 19:57:17 | 00,033,128 | ---- | M] (COMODO) -- C:\Windows\SysNative\drivers\cmdhlp.sys
[2009/07/17 18:51:19 | 01,914,722 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1100000.02D\Cat.DB
[2009/07/17 14:56:59 | 00,000,883 | ---- | M] () -- C:\Users\Daddy\Desktop\RealTemp - Shortcut.lnk
[2009/07/17 13:02:40 | 00,030,528 | ---- | M] () -- C:\Windows\GVTDrv64.sys
[2009/07/17 12:11:08 | 00,246,136 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2009/07/14 20:10:00 | 00,001,074 | ---- | M] () -- C:\Users\Daddy\Desktop\DVDVideoSoft Free Studio.lnk
[2009/07/13 19:48:56 | 00,262,144 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2009/07/13 19:48:55 | 00,086,016 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2009/07/13 18:34:07 | 00,002,081 | ---- | M] () -- C:\Users\Public\Desktop\VZAccess Manager.lnk
[2009/07/13 13:36:34 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2009/07/13 13:36:14 | 00,022,040 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2009/07/12 20:56:29 | 00,001,845 | ---- | M] () -- C:\Users\Daddy\Desktop\Ontrack Crisis Center.lnk
[2009/07/12 20:56:28 | 00,002,041 | ---- | M] () -- C:\Users\Daddy\Desktop\EasyRecovery Professional.lnk
[2009/07/12 18:21:19 | 00,000,000 | ---- | M] () -- C:\Windows\SysWow64\Performance.db
[2009/07/12 18:21:16 | 00,000,000 | ---- | M] () -- C:\Windows\SysWow64\ncwmh.db
[2009/07/12 18:21:13 | 00,000,000 | ---- | M] () -- C:\Windows\SysWow64\FOIMaster.db
[2009/07/12 18:21:11 | 00,000,000 | ---- | M] () -- C:\Windows\SysWow64\submissions.db
[2009/07/12 18:21:08 | 00,000,000 | ---- | M] () -- C:\Windows\SysWow64\Reputation.db
[2009/07/12 18:21:02 | 00,000,000 | ---- | M] () -- C:\Windows\SysWow64\MrClean.db
[2009/07/12 17:19:25 | 00,001,056 | ---- | M] () -- C:\Users\Public\Desktop\Advanced SystemCare.lnk
[2009/07/12 13:45:59 | 00,525,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\DIFxAPI.dll
[2009/07/09 16:10:19 | 00,000,971 | ---- | M] () -- C:\Users\Daddy\Desktop\AusLogics Disk Defrag.lnk
[2009/07/09 16:05:30 | 00,000,996 | ---- | M] () -- C:\Users\Daddy\Desktop\AusLogics Registry Cleaner.lnk
[2009/07/09 13:32:43 | 00,000,972 | ---- | M] () -- C:\Users\Public\Desktop\IObit Security 360.lnk
[2009/07/09 11:45:03 | 00,000,928 | ---- | M] () -- C:\Users\Public\Desktop\GIMP 2.lnk
[2009/07/08 06:25:08 | 00,001,851 | ---- | M] () -- C:\Users\Public\Desktop\Webroot AntiVirus.lnk
[2009/07/08 06:21:58 | 00,000,164 | ---- | M] () -- C:\Windows\install.dat
[2009/07/07 11:43:31 | 26,410,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mrt.exe
[2009/07/06 07:13:09 | 00,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebyte.lnk
[2009/07/01 18:53:16 | 00,000,944 | ---- | M] () -- C:\Users\Public\Desktop\SUPER AntiSpyware.lnk

========== Alternate Data Streams ==========

@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:0A8E2C33
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:D287FACF
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:DFC5A2B2
< End of report >

Extras.txt:

OTL Extras logfile created on: 7/31/2009 3:01:29 PM - Run 1
OTL by OldTimer - Version 3.0.10.3 Folder = C:\Users\Daddy - Standard\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18783)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1862.87 Gb Total Space | 1776.43 Gb Free Space | 95.36% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DADDY-PC
Current User Name: Daddy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
.js[@ = JSFile] -- C:\Program Files (x86)\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe (Macromedia, Inc.)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Program Files (x86)\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe (Macromedia, Inc.)
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3093149574-739893274-3944852547-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 47 1B 75 D5 35 F3 C9 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{23B1849C-A395-49B3-915D-3DCD3DF41FAA}" = protocol=6 | dir=in | app=c:\program files (x86)\turbine\turbine download manager - lamannia\turbinemessageservice.exe |
"{8BB39DAB-19A2-4DCB-97F7-45CD5B51650F}" = protocol=17 | dir=in | app=c:\program files (x86)\turbine\turbine download manager - lamannia\turbinenetworkservice.exe |
"{98371191-D684-44E1-B59C-95241D1548F1}" = protocol=6 | dir=in | app=c:\program files (x86)\turbine\turbine download manager - lamannia\turbinenetworkservice.exe |
"{F2EA2CF2-07C5-4F85-A85F-DF5478ADCFF0}" = protocol=17 | dir=in | app=c:\program files (x86)\turbine\turbine download manager - lamannia\turbinemessageservice.exe |
"TCP Query User{05F2AEC4-38AC-4CE7-9BE5-01C9A06B6CA3}C:\program files (x86)\turbine\dungeons and dragons online - stormreach - lamannia\dndclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\turbine\dungeons and dragons online - stormreach - lamannia\dndclient.exe |
"TCP Query User{0F24C305-23B2-492B-98FD-EC6322F9F7A5}C:\windows\syswow64\recvmessage.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\recvmessage.exe |
"TCP Query User{1F735585-2657-4C09-BEB6-B648A530D1BE}C:\program files (x86)\sony\station\launchpad\launchpad.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sony\station\launchpad\launchpad.exe |
"TCP Query User{30065667-A912-4479-906D-2BE36A9F87BF}C:\program files (x86)\turbine\dungeons & dragons online - stormreach\dndclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\turbine\dungeons & dragons online - stormreach\dndclient.exe |
"TCP Query User{700FE892-503A-4245-87EA-E0EC29177893}C:\program files (x86)\gigabyte\gbtupd\runupd.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gigabyte\gbtupd\runupd.exe |
"TCP Query User{A36B1945-05F8-402A-843D-32996BFB513D}C:\windows\syswow64\recvmessage.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\recvmessage.exe |
"UDP Query User{02FB67F4-9DBD-4CDD-94F0-3465C582888B}C:\program files (x86)\sony\station\launchpad\launchpad.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sony\station\launchpad\launchpad.exe |
"UDP Query User{21303027-C6FB-48F3-9C9B-19D27CA9D414}C:\program files (x86)\turbine\dungeons & dragons online - stormreach\dndclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\turbine\dungeons & dragons online - stormreach\dndclient.exe |
"UDP Query User{2D98A48C-347E-46BE-B649-320E42749C84}C:\windows\syswow64\recvmessage.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\recvmessage.exe |
"UDP Query User{56FC46A0-2F6A-4311-91D1-37C9BE37943D}C:\program files (x86)\gigabyte\gbtupd\runupd.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gigabyte\gbtupd\runupd.exe |
"UDP Query User{EF83505F-B3B7-4B5D-9C4D-CEFC7A5FB177}C:\program files (x86)\turbine\dungeons and dragons online - stormreach - lamannia\dndclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\turbine\dungeons and dragons online - stormreach - lamannia\dndclient.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{9B1A8F3D-8059-43FB-A7AE-4F2C21F0AAF2}" = KhalInstallWrapper
"{AA18EE51-24A5-4748-A5E2-4B035C9A4AB2}" = Canon MP780
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"CANONIJINBOXADDON100" = Canon Inkjet Printer Driver Add-On Module
"COMODO Internet Security" = COMODO Internet Security
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.51
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.14
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NVIDIA Drivers" = NVIDIA Drivers
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}" = Macromedia Dreamweaver MX 2004
"{18A5DFF2-8A95-49F3-873F-743CB5549F3D}" = Canon ScanGear Starter
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{22E9CF2B-4063-4dab-A251-93FA46F7DECC}_is1" = Webroot AntiVirus with AntiSpyware
"{268723B7-A994-4286-9F85-B974D5CAFC7B}" = EasyRecovery Professional
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 13
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3DBBE5D1-AE9E-4B8B-9CD1-18740CE71033}" = Nero 8 Essentials
"{3EE1008C-11A1-4F4F-8DB7-27573924DE78}" = DMIView B8.0717.01
"{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B08.1124.1
"{4B9B1B84-FEC0-46D5-BDB9-832565779422}" = CheckIt Diagnostics
"{4E25C468-7745-4051-8B37-4A2C6635BA8B}" = Update Manager B08.0917.1
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5B257C09-6A05-4308-9A6D-E8A2CAE21EA9}" = Star Wars Galaxies: The Total Experience
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"{7ED169D4-5053-4166-93DF-53B12AE6C539}" = Energy Saver Advance B8.1208.1
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}" = CDDRV_Installer
"{8D8024F1-2945-49A5-9B78-5AB7B11D7942}_is1" = AusLogics Registry Cleaner
"{90AF0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.2
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS Ver.2.03
"{BD01E97F-2A6A-495E-BE38-22C7B80F3CD7}" = Cheetah DVD Burner
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus® for Adobe
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = AusLogics Disk Defrag
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{E8AEA11B-E60A-455E-B008-E4E763604612}" = Browser Configuration Utility
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FA61D601-A0FC-48BD-AE7A-54946BCD7FB6}_is1" = BitPim 1.0.7.20090303
"15b35190-c6f9-11d9-9669-0800200c9a66_is1" = DUNGEONS & DRAGONS ONLINE™: Stormreach™ v01.08.00.8106
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"b35d407a-d5d8-4a2e-91bf-1d95b9f3f590_is1" = Turbine Download Manager - PublicPreview
"BurnInTest_is1" = BurnInTest v6.0 Standard
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ef57af2e-47b7-4e04-8c4b-48fb10fc34f0_is1" = Dungeons and Dragons Online™ - Lamannia - PublicPreview
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.01
"Free Video Flip and Rotate_is1" = Free Video Flip and Rotate version 1.4
"Free YouTube to Mp3 Converter_is1" = Free YouTube to Mp3 Converter version 3.1
"G.O.M" = G.O.M
"Game Booster_is1" = Game Booster
"GOM Player" = GOM Player
"HijackThis" = HijackThis 2.0.2
"InstallShield_{268723B7-A994-4286-9F85-B974D5CAFC7B}" = EasyRecovery Professional
"InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B08.1124.1
"InstallShield_{4E25C468-7745-4051-8B37-4A2C6635BA8B}" = Update Manager B08.0917.1
"IObit Security 360_is1" = IObit Security 360 Beta 1.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.5.1)" = Mozilla Firefox (3.5.1)
"Mozilla Thunderbird (2.0.0.22)" = Mozilla Thunderbird (2.0.0.22)
"PC Wizard 2008_is1" = PC Wizard 2008.1.871
"PhotoScape" = PhotoScape
"Picasa 3" = Picasa 3
"Precision" = EVGA Precision 1.4.0
"Rav" = Rising Antivirus
"Scribus 1.3.3.13" = Scribus 1.3.3.13
"Security Task Manager" = Security Task Manager 1.7h
"SmartBackup" = Smart Backup
"SpeedFan" = SpeedFan (remove only)
"Spyware Doctor" = Spyware Doctor 6.0
"Uninstall_is1" = Uninstall 1.0.0.1
"VZAccess Manager" = VZAccess Manager
"WinGimp-2.0_is1" = GIMP 2.6.6

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/19/2009 6:12:27 PM | Computer Name = Daddy-PC | Source = WinMgmt | ID = 10
Description =

Error - 7/29/2009 7:39:35 PM | Computer Name = Daddy-PC | Source = WinMgmt | ID = 10
Description =

Error - 7/29/2009 7:53:03 PM | Computer Name = Daddy-PC | Source = Application Error | ID = 1000
Description = Faulting application SmartBackupSetup.exe, version 0.0.0.0, time stamp
0x48eadba0, faulting module mingwm10.dll, version 0.0.0.0, time stamp 0x41e6d69f,
exception code 0xc0000005, fault offset 0x00001870, process id 0xc50, application
start time 0x01ca10a7b5e78988.

Error - 7/29/2009 7:53:04 PM | Computer Name = Daddy-PC | Source = WinMgmt | ID = 10
Description =

Error - 7/29/2009 8:04:46 PM | Computer Name = Daddy-PC | Source = SideBySide | ID = 16842830
Description = Activation context generation failed for "C:\Program Files (x86)\Nero\Nero8\Nero
Toolkit\DiscSpeed.exe".Error in manifest or policy file "" on line . A component
version required by the application conflicts with another component version already
active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest.

Error - 7/29/2009 8:04:46 PM | Computer Name = Daddy-PC | Source = SideBySide | ID = 16842830
Description = Activation context generation failed for "C:\Program Files (x86)\Nero\Nero8\Nero
Toolkit\DiscSpeed.exe".Error in manifest or policy file "" on line . A component
version required by the application conflicts with another component version already
active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest.

Error - 7/29/2009 8:36:50 PM | Computer Name = Daddy-PC | Source = Application Error | ID = 1000
Description = Faulting application GSvr.exe, version 0.0.0.0, time stamp 0x493ce573,
faulting module GSvr.exe, version 0.0.0.0, time stamp 0x493ce573, exception code
0xc0000005, fault offset 0x00004122, process id 0xa5c, application start time 0x01ca10a7b5a74468.

Error - 7/29/2009 9:57:13 PM | Computer Name = Daddy-PC | Source = EventSystem | ID = 4622
Description =

Error - 7/31/2009 2:58:14 PM | Computer Name = Daddy-PC | Source = WinMgmt | ID = 10
Description =

Error - 7/31/2009 2:59:25 PM | Computer Name = Daddy-PC | Source = Application Error | ID = 1000
Description = Faulting application GSvr.exe, version 0.0.0.0, time stamp 0x493ce573,
faulting module GSvr.exe, version 0.0.0.0, time stamp 0x493ce573, exception code
0xc0000005, fault offset 0x00004122, process id 0x85c, application start time 0x01ca1210dac42ecb.

[ System Events ]
Error - 7/6/2009 6:43:03 PM | Computer Name = Daddy-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 7/6/2009 6:43:14 PM | Computer Name = Daddy-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys has been
blocked from loading due to incompatibility with this system. Please contact your
software vendor for a compatible version of the driver.

Error - 7/6/2009 6:43:14 PM | Computer Name = Daddy-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS has been
blocked from loading due to incompatibility with this system. Please contact your
software vendor for a compatible version of the driver.

Error - 7/6/2009 6:43:15 PM | Computer Name = Daddy-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 7/6/2009 6:44:10 PM | Computer Name = Daddy-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 7/7/2009 1:42:16 PM | Computer Name = Daddy-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 7/7/2009 1:42:31 PM | Computer Name = Daddy-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys has been
blocked from loading due to incompatibility with this system. Please contact your
software vendor for a compatible version of the driver.

Error - 7/7/2009 1:42:31 PM | Computer Name = Daddy-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS has been
blocked from loading due to incompatibility with this system. Please contact your
software vendor for a compatible version of the driver.

Error - 7/7/2009 1:42:32 PM | Computer Name = Daddy-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 7/7/2009 1:43:54 PM | Computer Name = Daddy-PC | Source = Service Control Manager | ID = 7026
Description =

[ TuneUp Events ]
Error - 7/6/2009 7:13:17 AM | Computer Name = Daddy-PC | Source = TuneUp Program Statistics | ID = 131840
Description =

Error - 7/6/2009 7:13:22 AM | Computer Name = Daddy-PC | Source = TuneUp Program Statistics | ID = 131840
Description =

Error - 7/6/2009 7:23:38 AM | Computer Name = Daddy-PC | Source = TuneUp Program Statistics | ID = 131840
Description =

Error - 7/6/2009 8:01:51 AM | Computer Name = Daddy-PC | Source = TuneUp Program Statistics | ID = 131840
Description =

Error - 7/6/2009 8:41:11 AM | Computer Name = Daddy-PC | Source = TuneUp Program Statistics | ID = 131840
Description =


< End of report >

#7 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:35 PM

Posted 31 July 2009 - 03:38 PM

Hello.

Please let me know what problems/issues you still have.

May I see the previous Malwarebytes log, Spysweeper with Antivirus, iobit 360 and Avira Personal log, so I can see which things it detected and quarantined?

Please run a new Malwarebytes scan for me.

Update and Scan with MalwareBytes Anti-Malware
  • Launch Malwarebytes' Anti-Malware
  • Go to the Update tab
  • Select Check for Update and let MBAM download and install any available updates.
  • After the update is complete go to the Scanner tab.
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

With Regards.
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#8 lesliewest_guitargod

lesliewest_guitargod
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:35 PM

Posted 31 July 2009 - 03:51 PM

I have the exact problems I had when I posted. Even with the removal of all the spyware it found, my problems persist exactly as before.

I can ONLY access IE8. Firefox doesnt load. Thunderbird (email) doesnt load. The game Dungeons & Dragons Online doesnt load. All security software WAS able to download most recent updates.

Im going to search for those logs now, and then run another Malwarebytes check.

Thank you for your help!

#9 lesliewest_guitargod

lesliewest_guitargod
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:35 PM

Posted 31 July 2009 - 03:56 PM

IObit Security 360

OS:Windows Vista
Version:0.1.1.8
Time:7/18/2009 12:58:05 PM

|Name|Type|Description|
Tracking Cookies - Removed, Cookies, Cookie:daddy@quantserve.com/
Tracking Cookies - Removed, Cookies, Cookie:daddy@apmebf.com/
Tracking Cookies - Removed, Cookies, Cookie:daddy@ign.com/
Tracking Cookies - Removed, Cookies, Cookie:daddy@m.webtrends.com/
Tracking Cookies - Removed, Cookies, Cookie:daddy@microsoftwindows.112.2o7.net/
Tracking Cookies - Removed, Cookies, Cookie:daddy@mybloglog.com/
Tracking Cookies - Removed, Cookies, Cookie:daddy@com.com/
Tracking Cookies - Removed, Cookies, Cookie:daddy@msnportal.112.2o7.net/
Tracking Cookies - Removed, Cookies, Cookie:daddy@faqs.ign.com/
Tracking Cookies - Removed, Cookies, Cookie:daddy@ubt.ign.com/
Rogue.Gen - Quarantined, File, C:\Program Files (x86)\Webroot\WebrootSecurity\Backup\COMDLG32.OCX
Backdoor.PopAdStop - Quarantined, File, C:\Program Files (x86)\OpenOffice.org 3\share\uno_packages\cache\stamp.sys
Backdoor.PopAdStop - Quarantined, File, C:\Users\Daddy - Standard\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
--------------------------------

Avira AntiVir Personal
Report file date: Saturday, July 18, 2009 16:43

Scanning for 1548239 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows Vista 64 Bit
Windows version : (Service Pack 2) [6.0.6002]
Boot mode : Normally booted
Username : SYSTEM
Computer name : DADDY-PC

Version information:
BUILD.DAT : 9.0.0.403 17961 Bytes 6/3/2009 17:05:00
AVSCAN.EXE : 9.0.3.6 466689 Bytes 5/11/2009 14:14:47
AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/2009 15:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 16:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/2009 15:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 17:30:36
ANTIVIR1.VDF : 7.1.4.132 5707264 Bytes 6/24/2009 20:40:27
ANTIVIR2.VDF : 7.1.4.221 1273856 Bytes 7/12/2009 20:40:31
ANTIVIR3.VDF : 7.1.4.252 445440 Bytes 7/17/2009 20:40:33
Engineversion : 8.2.0.222
AEVDF.DLL : 8.1.1.1 106868 Bytes 4/30/2009 16:52:04
AESCRIPT.DLL : 8.1.2.18 442746 Bytes 7/18/2009 20:40:38
AESCN.DLL : 8.1.2.3 127347 Bytes 5/14/2009 16:02:01
AERDL.DLL : 8.1.2.4 430452 Bytes 7/18/2009 20:40:38
AEPACK.DLL : 8.1.3.18 401783 Bytes 5/27/2009 21:07:20
AEOFFICE.DLL : 8.1.0.38 196987 Bytes 7/18/2009 20:40:36
AEHEUR.DLL : 8.1.0.143 1864055 Bytes 7/18/2009 20:40:36
AEHELP.DLL : 8.1.4.5 229748 Bytes 7/18/2009 20:40:34
AEGEN.DLL : 8.1.1.48 348532 Bytes 7/18/2009 20:40:34
AEEMU.DLL : 8.1.0.9 393588 Bytes 10/9/2008 19:32:40
AECORE.DLL : 8.1.7.5 180597 Bytes 7/18/2009 20:40:33
AEBB.DLL : 8.1.0.3 53618 Bytes 10/9/2008 19:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 13:47:59
AVPREF.DLL : 9.0.0.1 43777 Bytes 12/5/2008 15:32:15
AVREP.DLL : 8.0.0.3 155905 Bytes 1/20/2009 19:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/2008 15:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 3/24/2009 20:05:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/2009 15:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/2009 20:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 13:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/2008 15:32:10
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 5/15/2009 20:39:58
RCTEXT.DLL : 9.0.37.0 86785 Bytes 4/17/2009 15:19:48

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Program Files (x86)\Avira\AntiVir Desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Deviating risk categories...........: +APPL,+GAME,+PCK,+SPR,

Start of the scan: Saturday, July 18, 2009 16:43

Starting search for hidden objects.
The driver could not be initialized.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'notepad.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'TrustedInstaller.exe' - '0' Module(s) have been scanned
Scan process 'msiexec.exe' - '0' Module(s) have been scanned
Scan process 'taskeng.exe' - '0' Module(s) have been scanned
Scan process 'SearchProtocolHost.exe' - '0' Module(s) have been scanned
Scan process 'CIS_Setup_3.10.102363.531_XP_Vista_x64[' - '0' Module(s) have been scanned
Scan process 'notepad.exe' - '0' Module(s) have been scanned
Scan process 'IS360srv.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '0' Module(s) have been scanned
Scan process 'KHALMNPR.exe' - '0' Module(s) have been scanned
Scan process 'EVGAPrecision.exe' - '1' Module(s) have been scanned
Scan process 'SetPoint32.exe' - '1' Module(s) have been scanned
Scan process 'WmiPrvSE.exe' - '0' Module(s) have been scanned
Scan process 'unsecapp.exe' - '0' Module(s) have been scanned
Scan process 'RecvMessage.exe' - '1' Module(s) have been scanned
Scan process 'SetPoint.exe' - '0' Module(s) have been scanned
Scan process 'RAVCpl64.exe' - '0' Module(s) have been scanned
Scan process 'IAAnotif.exe' - '1' Module(s) have been scanned
Scan process 'MSASCui.exe' - '0' Module(s) have been scanned
Scan process 'RunUpd.exe' - '1' Module(s) have been scanned
Scan process 'AWC.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '0' Module(s) have been scanned
Scan process 'dwm.exe' - '0' Module(s) have been scanned
Scan process 'taskeng.exe' - '0' Module(s) have been scanned
Scan process 'IAANTmon.exe' - '1' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'SpySweeper.exe' - '1' Module(s) have been scanned
Scan process 'snmp.exe' - '1' Module(s) have been scanned
Scan process 'SmartBackupSetup.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'snmp.exe' - '0' Module(s) have been scanned
Scan process 'XSrvSetup.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'nTuneService.exe' - '0' Module(s) have been scanned
Scan process 'McSACore.exe' - '1' Module(s) have been scanned
Scan process 'GSvr.exe' - '1' Module(s) have been scanned
Scan process 'GCSVR.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'spoolsv.exe' - '0' Module(s) have been scanned
Scan process 'nvvsvc.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'SLsvc.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'audiodg.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'nvvsvc.exe' - '0' Module(s) have been scanned
Scan process 'winlogon.exe' - '0' Module(s) have been scanned
Scan process 'WRConsumerService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'lsm.exe' - '0' Module(s) have been scanned
Scan process 'lsass.exe' - '0' Module(s) have been scanned
Scan process 'services.exe' - '0' Module(s) have been scanned
Scan process 'csrss.exe' - '0' Module(s) have been scanned
Scan process 'wininit.exe' - '0' Module(s) have been scanned
Scan process 'csrss.exe' - '0' Module(s) have been scanned
Scan process 'smss.exe' - '0' Module(s) have been scanned
25 processes with 25 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '30' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\Program Files (x86)\Flash Slideshow Maker Professional\fssmdrm_pro.dll
[DETECTION] This file has been compressed using unusual runtime compression (PCK/Armadillo). Please verify the origin of this file.
C:\Program Files (x86)\Mozilla Firefox\components\cesbhycltgtj.dll
[DETECTION] Is the TR/Dldr.Zlob.Gen2 Trojan
C:\System Volume Information\SystemRestore\FRStaging\Windows\SysWOW64\CML.exe
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Doebyt.A back-door program
C:\Users\Daddy - Standard\Downloads\setup_flash_slideshow_maker.exe
[0] Archive type: NSIS
--> ProgramFilesDir/fssmdrm_pro.dll
[DETECTION] This file has been compressed using unusual runtime compression (PCK/Armadillo). Please verify the origin of this file.
C:\Windows\System32\SsiEfr.exe
[WARNING] The file could not be opened!
C:\Windows\SysWOW64\wrLZMA.dll
[WARNING] The file could not be opened!

Beginning disinfection:
C:\Program Files (x86)\Flash Slideshow Maker Professional\fssmdrm_pro.dll
[DETECTION] This file has been compressed using unusual runtime compression (PCK/Armadillo). Please verify the origin of this file.
[NOTE] The file was moved to '4ad53d68.qua'!
C:\Program Files (x86)\Mozilla Firefox\components\cesbhycltgtj.dll
[DETECTION] Is the TR/Dldr.Zlob.Gen2 Trojan
[NOTE] The file was moved to '4ad53d5a.qua'!
C:\System Volume Information\SystemRestore\FRStaging\Windows\SysWOW64\CML.exe
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Doebyt.A back-door program
[NOTE] The file was moved to '4aae3d42.qua'!
C:\Users\Daddy - Standard\Downloads\setup_flash_slideshow_maker.exe
[NOTE] The file was moved to '4ad63d5a.qua'!


End of the scan: Saturday, July 18, 2009 17:21
Used time: 38:25 Minute(s)

The scan has been done completely.

25498 Scanned directories
315108 Files were scanned
4 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
4 Files were moved to quarantine
0 Files were renamed
3 Files cannot be scanned
315101 Files not concerned
2379 Archives were scanned
3 Warnings
5 Notes

-----------------------


I think one of my disk cleaner software programs deleted the other logs... :thumbup2:

Edited by lesliewest_guitargod, 31 July 2009 - 03:58 PM.


#10 lesliewest_guitargod

lesliewest_guitargod
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:35 PM

Posted 31 July 2009 - 03:59 PM

ok going to run the malwarebytes scan now...

#11 lesliewest_guitargod

lesliewest_guitargod
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:35 PM

Posted 31 July 2009 - 04:12 PM

Ok done! But it didnt find anything.

Malwarebytes' Anti-Malware 1.39
Database version: 2537
Windows 6.0.6002 Service Pack 2

7/31/2009 5:10:43 PM
mbam-log-2009-07-31 (17-10-43).txt

Scan type: Quick Scan
Objects scanned: 83724
Time elapsed: 3 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#12 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:35 PM

Posted 02 August 2009 - 08:49 AM

Hello.

Don't worry about the other logs then.

You may wish to re-install some of those programs including FireFox and ThunderBird. Backup any of the information in those programs you may still need such as bookmarks, favourites, mails etc...

Please run an online scan for me.

Run Scan with Kaspersky

Please do a scan with Kaspersky Online Scanner. Please note: Kaspersky requires Java Runtime Environment (JRE) be installed before scanning for malware, as ActiveX is no longer being used.)

If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Open the Kaspersky WebScanner
    page.
  • Click on the Posted Image button on the main page.
  • The program will launch and fill in the Information section on the left.
  • Read the "Requirements and Limitations" then press the Posted Image button.
  • The program will begin downloading the latest program and definition files. It may take a while so please be patient and let it finish.
  • Once the files have been downloaded, click on the Posted Image ...button.
    In the scan settings make sure the following are selected:
    • Detect malicious programs of the following categories:
      Viruses, Worms, Trojan Horses, Rootkits
      Spyware, Adware, Dialers and other potentially dangerous programs
    • Scan compound files (doesn't apply to the File scan area):
      Archives
      Mail databases
      By default the above items should already be checked.
    • Click the Posted Image button, if you made any changes.
  • Now under the Scan section on the left:

    Select My Computer
  • The program will now start and scan your system. This will run for a while, be patient and let it finish.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis if needed.

Once it's complete, please run a new OTL scan for me and post back with the logs for my review.

Thanks.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#13 lesliewest_guitargod

lesliewest_guitargod
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:35 PM

Posted 02 August 2009 - 10:36 AM

Hey Extremeboy,

Kaspersky WebScanner only works in 32 bit version of Vista. Gotta love Vista....

:thumbup2: :) :)

#14 lesliewest_guitargod

lesliewest_guitargod
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:35 PM

Posted 02 August 2009 - 10:40 AM

reinstalled Firefox.

still cannot open it.

Whatever I have, is hiding well. :thumbup2:

#15 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:35 PM

Posted 02 August 2009 - 10:45 AM

Kaspersky WebScanner only works in 32 bit version of Vista. Gotta love Vista....

Hmm... I remembered that it works on 64bit versions as well.

still cannot open it.

What do you mean exactly. Does FireFox not open or does it not load?

Once you double-click on the FireFox, see if the Firefox process is running in task manager.

Open Task Manager by pressing Ctrl + Shift + Esc one at a time, holding each one.

See if the firefox.exe is running. Let me know.

Run this scanner instead then, this one works with 64bit machines.

Run ESET Online Scan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
You can refer to this animation by neomage if needed.

I need to go, but will be back to check for the logs and further updates.

-Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users