Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Total Security 2009 - New Variant? What to do


  • This topic is locked This topic is locked
6 replies to this topic

#1 Blue Gascon

Blue Gascon

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:38 AM

Posted 29 September 2009 - 12:23 PM

I have two users that have managed to get infected with Total Security 2009 ransomware. This appears to be a new variant, as it does not follow the patterns indicated by removal guides posted here and on other forums.

Differences -
1. There is no TSC folder or files created under Program Files.
2. This version blocks pretty much any application from running.
3. Removal can be accomplished with MalwareBytes, but this malware reinstalls itself on reboot.
4. There are no signs of either tsc.exe or winsource.dll

Similarities-
1. This variant does create a random named folder under C:\Documents and Settings\All Users\Application Data (i.e. 1878374). 2. This folder contains files with random alphabetic names (i.e. yoguyutu.exe).
3. Similarly named DLLs are created in \Windows\System32 (i.e. yoguyutu.).
4. These DLLS are called by a new registry line under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows in the AppInit_DLLs line.

Booting to safemode has allowed me to use several tools so far:
Spybot S&D detects and cleans some elements
Hijackthis allows cleaning of some elements
CCleaner has been run.
Scanning with Sophos AntiRootkit has not shown anything out of the ordinary.
Running ComboFix shows nothing abnormal in the rootkit area.
My only attempt to run RootRepeal resulted in a machine crash shortly after execution started.
MalwareBytes has been most successful and appears to clean up all elements. This allows me to get the machine running in a usable state, but there is apparently some new twist in this variant. It is as though a new service has been added that runs on a schedule and recreates a new random named folder under C:\Documents and Settings\All Users\Application Data, new DLLs in \Windows\System32, and a new entry under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows in the AppInit_DLLs line.

In fact after messing with a machine for a bit with MalwareBytes in safe mode I can get it to run for some time, but eventually the malware reinstalls. I have even gone so far as to set a value in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\LoadAppInit_DLLs to 0, then alter permissions to the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows key in the registry so that my regular users only have read access. Whatever mechanism is being used to reinstall is getting around this approach. As I said above, it acts like a service that runs on a schedule that is accomplishing the reinfection.

I usually have pretty good results in cleaning up crapware like this, but this one has me yanking out what little of my hair is left. Cleaning is working OK, but it continues to reinstall on both machines.

Just as a note, and this could be coincidence, both users have admitted to visiting slacker.com on the morning this first manifested on both machines.

I really want to get these machines properly cleaned, as I do not look forward to the prospect of rebuilding them both. I welcome your help and hope a solution will help others seeing this new variant.

BC AdBot (Login to Remove)

 


#2 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:01:38 AM

Posted 29 September 2009 - 08:36 PM

Please download Win32kDiag.exe by AD and save it to your desktop.
alternate download 1
alternate download 2
  • This tool will create a diagnostic report for me to review.
  • Double-click on Win32kDiag.exe to run and let it finish.
  • When it states Finished! Press any key to exit..., press any key on your keyboard to close the program.
  • A file called Win32kDiag.txt should be created on your Desktop.
  • Open that file in Notepad and copy/paste the entire contents (from Starting up... to Finished! Press any key to exit...) in your next reply.

    --------------------------------------
Go to Posted Image > Run..., then copy and paste this command into the open box: cmd
Click OK.
At the command prompt C:\>, copy and paste the following command and press Enter:
DIR /a/s %windir%\scecli.dll %windir%\netlogon.dll %windir%\eventlog.dll >Log.txt & START notepad Log.txt
A file called log.txt should be created on your Desktop.
Open that file and copy/paste the contents in your next reply.
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#3 Blue Gascon

Blue Gascon
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:38 AM

Posted 01 October 2009 - 10:30 AM

First - thank you so much for your help. I would have replied to you sooner but I was indisposed yesterday for medical reasons. In any event, this morning I tried logging on to the local machine as local administrator (rather than the domain) and running Win32kDiag.exe. While the process seemed to complete, there isn't much output in the log. Here's the log:
"Running from: win32kdiag

Log file at : C:\Documents and Settings\Administrator\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...





Finished!"

Creating Log.txt from the command line resulted in the following output:

" Volume in drive C is Disk 1
Volume Serial Number is 90A0-7C93

Directory of C:\WINDOWS\system32

08/04/2004 08:00 AM 180,224 scecli.dll

Directory of C:\WINDOWS\system32

08/04/2004 08:00 AM 407,040 netlogon.dll

Directory of C:\WINDOWS\system32

08/04/2004 08:00 AM 55,808 eventlog.dll
3 File(s) 643,072 bytes

Directory of C:\WINDOWS\system32\dllcache

08/04/2004 08:00 AM 180,224 scecli.dll

Directory of C:\WINDOWS\system32\dllcache

08/04/2004 08:00 AM 407,040 netlogon.dll

Directory of C:\WINDOWS\system32\dllcache

08/04/2004 08:00 AM 55,808 eventlog.dll
3 File(s) 643,072 bytes

Total Files Listed:
6 File(s) 1,286,144 bytes
0 Dir(s) 5,723,021,312 bytes free"

As I mentioned originally, I am able to clean this up using MalwareBytes and can get the machine to a usable state, but reinfection occurs at reboot. On both machines, logging on as local admin and running MalwareBytes cleans up enough so that I can log off and then log on as the regular user. Once logged on as the regular user I can run MalwareBytes under the users account and clean up enough so that the machine is usable for the day. The second machine has been running fine with no sign of reinfection for two days now, but it has not been rebooted. The worse of the two affected machines has been rebooting itself overnight and consequently becoming infected again. The user on the machine showing the worst symptoms had somewhat higher privileges than the user on the second machine at the time both were infected. The piece that Malware Bytes is missing is the mechanism that creates reinfection.

#4 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:01:38 AM

Posted 01 October 2009 - 05:34 PM

Once a rootkit gets its hooks into things it won't let go



We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#5 Blue Gascon

Blue Gascon
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:38 AM

Posted 02 October 2009 - 09:05 AM

OK- I'm still able to get the machine functioning by cleaning each morning, so I was able to produce the requested OTL files. Here they are:

OTL.txt:
OTL logfile created on: 10/2/2009 9:08:52 AM - Run 1
OTL by OldTimer - Version 3.0.17.0 Folder = \\PDC\Homes$\RobinR\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.31 Gb Available Physical Memory | 65.82% Memory free
4.00 Gb Paging File | 3.49 Gb Available in Paging File | 87.27% Paging File free
Paging file location(s): C:\pagefile.sys 2304 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 5.71 Gb Free Space | 15.32% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 205.07 Gb Total Space | 37.44 Gb Free Space | 18.26% Space Free | Partition Type: NTFS
Drive I: | 205.07 Gb Total Space | 37.44 Gb Free Space | 18.26% Space Free | Partition Type: NTFS
Drive L: | 32.59 Gb Total Space | 16.46 Gb Free Space | 50.52% Space Free | Partition Type: NTFS
Drive M: | 205.07 Gb Total Space | 37.44 Gb Free Space | 18.26% Space Free | Partition Type: NTFS
Drive N: | 205.07 Gb Total Space | 37.44 Gb Free Space | 18.26% Space Free | Partition Type: NTFS
Drive R: | 205.07 Gb Total Space | 37.44 Gb Free Space | 18.26% Space Free | Partition Type: NTFS
Drive S: | 205.07 Gb Total Space | 37.44 Gb Free Space | 18.26% Space Free | Partition Type: NTFS
Drive T: | 205.07 Gb Total Space | 37.44 Gb Free Space | 18.26% Space Free | Partition Type: NTFS
Drive U: | 205.07 Gb Total Space | 37.44 Gb Free Space | 18.26% Space Free | Partition Type: NTFS
Drive V: | 15.75 Gb Total Space | 9.56 Gb Free Space | 60.67% Space Free | Partition Type: NTFS
Drive W: | 205.07 Gb Total Space | 37.44 Gb Free Space | 18.26% Space Free | Partition Type: NTFS
Drive X: | 205.07 Gb Total Space | 37.44 Gb Free Space | 18.26% Space Free | Partition Type: NTFS

Computer Name: WEBMASTER
Current User Name: RobinR
NOT logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2007/06/13 06:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2004/10/14 14:42:54 | 01,404,928 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2000/02/14 17:36:22 | 00,043,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wfxsnt40.exe
PRC - [2002/06/03 12:38:12 | 00,049,152 | ---- | M] (ScanSoft, Inc) -- C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
PRC - [2005/10/14 15:46:34 | 00,077,824 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\hkcmd.exe
PRC - [2005/10/14 15:50:30 | 00,114,688 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxpers.exe
PRC - [2006/04/06 08:59:34 | 00,638,976 | ---- | M] (Sage Software SB, Inc) -- C:\Program Files\ACT\ACT for Windows\Act.Scheduler.UI.exe
PRC - [2006/02/18 13:55:52 | 01,015,808 | ---- | M] (Sage Software SB, Inc) -- C:\Program Files\ACT\ACT for Windows\Act8.exe
PRC - [2006/06/15 08:43:20 | 00,049,152 | ---- | M] (HP) -- C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe
PRC - [2005/02/16 23:11:42 | 00,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
PRC - [2005/10/27 17:01:16 | 00,139,264 | ---- | M] (Alcor Micro, Corp.) -- C:\Program Files\Multimedia Card Reader\shwicon2k.exe
PRC - [2009/05/12 08:37:47 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswDisp.exe
PRC - [2009/09/08 21:09:42 | 00,305,440 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2004/10/17 20:53:08 | 01,051,136 | ---- | M] () -- C:\Program Files\Winpopup LAN Messenger\WinPopup.exe
PRC - [2009/06/22 15:23:42 | 00,031,552 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMeeting\366\g2mstart.exe
PRC - [2003/10/24 00:37:56 | 00,217,194 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
PRC - [2009/06/22 15:23:42 | 00,031,552 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMeeting\366\g2mcomm.exe
PRC - [2009/06/22 15:23:42 | 00,031,552 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMeeting\366\g2mlauncher.exe
PRC - [2004/08/04 08:00:00 | 00,060,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Outlook Express\MSIMN.EXE
PRC - [2004/08/04 08:00:00 | 00,060,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Outlook Express\MSIMN.EXE
PRC - [2004/08/04 08:00:00 | 00,060,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Outlook Express\MSIMN.EXE
PRC - [2002/08/21 05:13:12 | 00,189,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\WISPTIS.EXE
PRC - [2009/09/17 09:10:43 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - File not found --

========== Win32 Services (SafeList) ==========


========== Driver Services (SafeList) ==========


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1597796046-2899545957-4185577106-1153\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-1597796046-2899545957-4185577106-1153\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-1597796046-2899545957-4185577106-1153\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\S-1-5-21-1597796046-2899545957-4185577106-1153\S-1-5-21-1597796046-2899545957-4185577106-1153\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1597796046-2899545957-4185577106-1153\S-1-5-21-1597796046-2899545957-4185577106-1153\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}:6.0.01
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.07076007
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.14

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/02/01 17:53:12 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/09/17 09:10:59 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/09/17 09:10:59 | 00,000,000 | ---D | M]

[2008/09/05 11:18:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\RobinR\Application Data\mozilla\Extensions
[2008/09/05 11:18:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\RobinR\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/10/01 11:07:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\RobinR\Application Data\mozilla\Firefox\Profiles\recao07v.default\extensions
[2008/05/30 12:24:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\RobinR\Application Data\mozilla\Firefox\Profiles\recao07v.default\extensions\moveplayer@movenetworks.com
[2009/10/01 11:07:28 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/09/17 09:10:59 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/04/26 23:37:11 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
[2007/08/23 22:37:57 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
[2007/11/26 23:25:31 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2009/09/17 09:10:39 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/09/17 09:10:39 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/02/25 12:01:06 | 00,027,976 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\mozilla firefox\plugins\atgpcdec.dll
[2008/02/25 12:01:06 | 00,125,848 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\mozilla firefox\plugins\atgpcext.dll
[2008/02/25 12:01:37 | 00,098,712 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\mozilla firefox\plugins\ieatgpc.dll
[2006/09/03 14:12:48 | 00,049,152 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll
[2008/02/25 12:01:04 | 00,060,824 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\mozilla firefox\plugins\npatgpc.dll
[2009/03/27 11:30:34 | 00,155,648 | ---- | M] (Dassault Systèmes SolidWorks Corp.) -- C:\Program Files\mozilla firefox\plugins\npEModelPlugin.dll
[2009/09/17 09:10:45 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2007/03/22 20:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL
[2007/05/10 23:52:34 | 00,095,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/09/10 08:43:06 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/09/10 08:43:06 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/09/10 08:43:06 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/09/10 08:43:06 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/09/10 08:43:07 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/09/10 08:43:07 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/09/10 08:43:07 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2006/01/18 13:50:00 | 00,319,488 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npsnapfish.dll
[2004/01/13 22:09:25 | 00,176,176 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
[2009/09/17 09:10:50 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/09/17 09:10:50 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/09/17 09:10:50 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/09/17 09:10:50 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/09/17 09:10:50 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/09/17 09:10:50 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/09/17 09:10:50 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (335291 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 11490 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O4 - HKLM..\Run: [Act! Preloader] C:\Program Files\ACT\ACT for Windows\Act8.exe (Sage Software SB, Inc)
O4 - HKLM..\Run: [ACTSchedulerUI] C:\Program Files\ACT\ACT for Windows\Act.Sch File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\aswDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [hpbdfawep] C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe ()
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\runthis.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe (ScanSoft, Inc)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime Alternative\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [rasufakeh] C:\WINDOWS\System32\japidahu.DLL ()
O4 - HKLM..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE (FUJI PHOTO FILM CO., LTD.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe (Alcor Micro, Corp.)
O4 - HKLM..\Run: [Synchronization Manager] C:\WINDOWS\System32\mobsync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ToolBoxFX] C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe (HP)
O4 - HKLM..\Run: [WinFaxAppPortStarter] C:\WINDOWS\System32\wfxsnt40.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WinVNC] C:\Program Files\UltraVNC\WinVNC.exe (UltraVNC)
O4 - HKU\S-1-5-21-1597796046-2899545957-4185577106-1153..\Run: [GoToMeeting] C:\Program Files\Citrix\GoToMeeting\366\g2mstart.exe (Citrix Online, a division of Citrix Systems, Inc.)
O4 - HKU\S-1-5-21-1597796046-2899545957-4185577106-1153..\Run: [LDM] File not found
O4 - HKU\S-1-5-21-1597796046-2899545957-4185577106-1153..\Run: [rasufakeh] C:\WINDOWS\System32\japidahu.DLL ()
O4 - HKU\S-1-5-21-1597796046-2899545957-4185577106-1153..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-1597796046-2899545957-4185577106-1153..\Run: [Winpopup LAN Messenger] C:\Program Files\Winpopup LAN Messenger\WinPopup.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1597796046-2899545957-4185577106-1153\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-1597796046-2899545957-4185577106-1153\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisablePersonalDirChange = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 59 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 59 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1597796046-2899545957-4185577106-1153\..Trusted Domains: 59 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft.com/fwlink/?linkid=58813 (Office Genuine Advantage Validation Tool)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdat...b?1233518332100 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1233518299053 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_04)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.7.11 204.213.176.3
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = InCord.local
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\windows\system32\japidahu.dll) - C:\WINDOWS\System32\japidahu.dll ()
O20 - AppInit_DLLs: (lamujafi.dll) - C:\WINDOWS\System32\lamujafi.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: yisofalih - {4c0378b1-1a15-473b-bb07-59e8356f56be} - C:\WINDOWS\System32\japidahu.dll ()
O22 - SharedTaskScheduler: {4c0378b1-1a15-473b-bb07-59e8356f56be} - gahurihor - C:\WINDOWS\System32\japidahu.dll ()
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {A213B520-C6C2-11d0-AF9D-008029E1027E} - C:\Program Files\Symantec\WinFax\WfxSeh32.Dll (Symantec Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/10/26 11:50:18 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[3 C:\WINDOWS\*.tmp files]
[2009/10/02 09:08:42 | 00,519,168 | ---- | C] (OldTimer Tools) -- \\PDC\Homes$\RobinR\Desktop\OTL.exe
[2009/09/28 18:28:43 | 00,000,000 | ---D | C] -- C:\Program Files\Sophos
[2009/09/28 14:18:32 | 00,159,600 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2009/09/28 14:18:22 | 00,206,256 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2009/09/28 14:18:22 | 00,086,888 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2009/09/28 14:18:22 | 00,007,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2009/09/28 14:18:13 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2009/09/28 14:18:12 | 00,064,392 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2009/09/28 14:18:04 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2009/09/28 14:18:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2009/09/28 14:11:31 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2009/09/28 14:09:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/09/25 16:38:36 | 00,991,941 | ---- | C] () -- \\PDC\Homes$\RobinR\My Documents\2009_MFIP_website.pdf
[2009/09/25 12:28:26 | 00,000,032 | ---- | C] () -- C:\WINDOWS\System32\thxcfg.ini
[2009/09/25 12:24:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\RobinR\Application Data\Malwarebytes
[2009/09/25 11:48:58 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/09/25 11:08:56 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/09/25 11:08:54 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/09/25 11:08:54 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/09/25 11:08:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/09/25 08:52:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2009/09/18 16:47:13 | 00,033,280 | ---- | C] () -- \\PDC\Homes$\RobinR\My Documents\SAFETY NETTING SOLUTIONS FOR HOME AND GARDEN.doc
[2009/09/16 16:43:06 | 00,026,196 | ---- | C] () -- \\PDC\Homes$\RobinR\Desktop\nobrain.jpg
[2009/09/11 16:50:36 | 00,030,208 | ---- | C] () -- \\PDC\Homes$\RobinR\My Documents\best of parks.doc
[2009/09/11 16:47:54 | 03,225,969 | ---- | C] () -- \\PDC\Homes$\RobinR\My Documents\2009 MFRG.pdf
[2009/09/10 16:47:57 | 02,826,520 | ---- | C] () -- \\PDC\Homes$\RobinR\My Documents\2009 MFIP.pdf
[2009/09/10 16:47:12 | 03,127,808 | ---- | C] () -- \\PDC\Homes$\RobinR\My Documents\2009 MFIP.pub
[2009/09/10 08:48:49 | 00,000,000 | ---D | C] -- C:\Program Files\iPhone Configuration Utility
[2009/09/10 08:47:47 | 00,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/09/10 08:46:16 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/09/10 08:45:54 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/09/10 08:45:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/09/10 08:42:49 | 00,001,670 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2009/09/05 01:54:48 | 00,094,208 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2009/09/05 01:54:48 | 00,069,632 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts
[2009/07/02 08:30:59 | 00,050,176 | -HS- | C] () -- C:\WINDOWS\System32\tuzoyono.dll
[2009/07/02 08:30:59 | 00,050,176 | -HS- | C] () -- C:\WINDOWS\System32\lamujafi.dll
[2009/07/02 08:30:59 | 00,050,176 | -HS- | C] () -- C:\WINDOWS\System32\buyoziyi.dll
[2009/07/02 08:30:16 | 00,090,624 | -HS- | C] () -- C:\WINDOWS\System32\japidahu.dll
[2009/07/02 08:30:16 | 00,050,176 | -HS- | C] () -- C:\WINDOWS\System32\wifufulu.dll
[2009/07/02 08:30:16 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\pidokobo.dll
[2009/07/01 08:49:07 | 00,051,200 | -HS- | C] () -- C:\WINDOWS\System32\mikasova.dll
[2009/06/29 22:22:52 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\tihobaha.dll
[2009/05/20 08:25:10 | 00,000,083 | ---- | C] () -- C:\WINDOWS\TBPlugin.INI
[2009/05/20 08:25:10 | 00,000,059 | ---- | C] () -- C:\WINDOWS\avconfig.ini
[2009/05/06 12:48:44 | 00,000,019 | ---- | C] () -- C:\WINDOWS\PavRet.ini
[2009/02/16 12:51:11 | 00,000,038 | ---- | C] () -- C:\WINDOWS\PVX.INI
[2008/09/11 14:03:58 | 00,000,000 | ---- | C] () -- C:\WINDOWS\eDrawingOfficeAutomator.INI
[2007/12/26 14:22:50 | 01,302,528 | ---- | C] () -- C:\WINDOWS\System32\90wres32.dll
[2007/06/04 22:07:19 | 00,000,462 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2007/06/04 22:07:00 | 00,001,343 | ---- | C] () -- C:\WINDOWS\hpbvnstp.ini
[2007/05/15 01:17:34 | 00,059,392 | R--- | C] () -- C:\WINDOWS\System32\streamhlp.dll
[2007/03/05 13:34:28 | 00,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/01/16 23:19:37 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\FlpGrfADO.dll
[2007/01/09 12:49:56 | 00,000,036 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2007/01/09 12:49:54 | 00,000,056 | ---- | C] () -- C:\WINDOWS\Addrfixr.ini
[2007/01/09 12:49:49 | 00,009,391 | ---- | C] () -- C:\WINDOWS\System32\dymourl.ini
[2007/01/09 12:48:06 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\DYMOCFG.DLL
[2007/01/09 12:48:06 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\lmmonres.dll
[2006/11/06 15:51:55 | 00,000,101 | ---- | C] () -- C:\WINDOWS\bi_group.ini
[2006/11/06 15:44:33 | 00,257,536 | ---- | C] () -- C:\WINDOWS\System32\biImg.dll
[2006/11/06 15:44:33 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\bimresNT.dll
[2006/11/06 15:44:32 | 00,282,715 | ---- | C] () -- C:\WINDOWS\System32\UMTransportSvr.dll
[2006/11/06 15:44:32 | 00,211,968 | ---- | C] () -- C:\WINDOWS\System32\Bitmani.dll
[2006/11/06 15:44:32 | 00,073,813 | ---- | C] () -- C:\WINDOWS\System32\CtsCP32.dll
[2006/11/06 15:44:31 | 00,102,489 | ---- | C] () -- C:\WINDOWS\System32\TiffUtil.dll
[2006/11/06 15:44:31 | 00,077,911 | ---- | C] () -- C:\WINDOWS\System32\Volume.dll
[2006/11/06 15:44:31 | 00,073,827 | ---- | C] () -- C:\WINDOWS\System32\UMFaxSettings.dll
[2006/09/18 14:37:50 | 00,000,530 | ---- | C] () -- C:\WINDOWS\System32\tx12_ic.ini
[2006/09/18 14:37:48 | 00,667,280 | ---- | C] () -- C:\WINDOWS\System32\tx12.dll
[2006/06/22 09:38:35 | 00,000,040 | ---- | C] () -- C:\WINDOWS\opt_1440.ini
[2006/06/12 06:36:30 | 00,241,664 | ---- | C] () -- C:\WINDOWS\System32\hppapr04.DLL
[2006/04/11 15:21:51 | 00,025,601 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2006/04/06 09:03:09 | 00,001,682 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/04/06 09:03:09 | 00,000,056 | RHS- | C] () -- C:\WINDOWS\System32\5659C9F67D.sys
[2006/03/31 12:56:12 | 00,000,230 | ---- | C] () -- C:\WINDOWS\ActiveActG.INI
[2006/03/30 15:12:02 | 00,000,230 | ---- | C] () -- C:\WINDOWS\ActiveAct.INI
[2006/01/27 09:29:19 | 00,000,239 | ---- | C] () -- C:\WINDOWS\prestopm.INI
[2006/01/27 09:25:27 | 00,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2006/01/27 09:25:04 | 00,000,166 | -H-- | C] () -- C:\WINDOWS\NsNetScan.ini
[2006/01/09 12:01:12 | 00,000,092 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2005/12/07 17:02:36 | 00,000,410 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2005/11/22 13:48:03 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\APCSnmp.dll
[2005/11/18 15:16:31 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL
[2005/11/18 15:16:31 | 00,000,105 | ---- | C] () -- C:\WINDOWS\UMXADDIN.INI
[2005/11/18 15:16:31 | 00,000,081 | ---- | C] () -- C:\WINDOWS\PM20.INI
[2005/11/18 15:16:14 | 00,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2005/11/18 15:15:24 | 00,000,074 | ---- | C] () -- C:\WINDOWS\PMINI.ini
[2005/11/18 15:14:36 | 00,000,525 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2005/11/14 16:32:01 | 00,000,022 | ---- | C] () -- C:\WINDOWS\LoadConfig.ini
[2005/11/14 16:29:07 | 00,507,904 | ---- | C] () -- C:\WINDOWS\System32\libxml2.dll
[2005/11/14 12:32:02 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\libpq.dll
[2005/10/27 10:21:03 | 00,000,000 | ---- | C] () -- C:\WINDOWS\WTNSETUP.INI
[2005/10/27 10:11:59 | 00,037,888 | ---- | C] () -- C:\WINDOWS\System32\DCCWFP32.DLL
[2005/10/27 10:11:58 | 00,000,250 | ---- | C] () -- C:\WINDOWS\WINFAX.INI
[2005/10/27 10:11:56 | 00,017,920 | ---- | C] () -- C:\WINDOWS\System32\IMPLODE.DLL
[2005/10/27 01:26:20 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\EmailShared.dll
[2005/10/27 00:58:20 | 00,000,516 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/06/11 12:47:00 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\fpprintmon.dll
[2004/08/04 08:00:00 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/08/04 08:00:00 | 00,000,993 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/04 08:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/07/13 16:35:48 | 00,001,590 | ---- | C] () -- C:\WINDOWS\PCW130.ini
[2003/06/12 13:00:56 | 00,040,448 | ---- | C] () -- C:\WINDOWS\System32\regobj.dll
[2003/06/04 17:10:48 | 00,000,332 | ---- | C] () -- C:\WINDOWS\ActiveSkin.ini
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/02/27 10:41:28 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\nsldappr32v50.dll
[2002/02/27 10:41:26 | 00,139,264 | ---- | C] () -- C:\WINDOWS\System32\nsldap32v50.dll
[2002/02/27 10:41:26 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\nsldapssl32v50.dll
[2001/07/06 16:30:00 | 00,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2000/02/08 03:05:36 | 00,110,080 | R--- | C] () -- C:\WINDOWS\System32\W32MKRC.DLL
[2000/02/08 03:05:34 | 00,038,576 | ---- | C] () -- C:\WINDOWS\System32\NWLOCALE.DLL
[1999/03/30 10:53:50 | 00,000,793 | ---- | C] () -- C:\WINDOWS\BTI.INI

========== Files - Modified Within 30 Days ==========

[3 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2009/10/02 09:04:35 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\fumudumi
[2009/10/02 08:33:50 | 00,001,682 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2009/10/02 08:30:47 | 00,050,176 | -HS- | M] () -- C:\WINDOWS\System32\wifufulu.dll
[2009/10/02 08:30:17 | 00,090,624 | -HS- | M] () -- C:\WINDOWS\System32\japidahu.dll
[2009/10/02 08:30:17 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\pidokobo.dll
[2009/10/02 08:29:38 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/01 20:31:00 | 00,519,168 | ---- | M] (OldTimer Tools) -- \\PDC\Homes$\RobinR\Desktop\OTL.exe
[2009/10/01 16:49:31 | 00,199,680 | ---- | M] () -- \\PDC\Homes$\RobinR\My Documents\Sales Log 2009.xls
[2009/10/01 10:11:02 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/10/01 09:43:30 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/09/29 22:22:53 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\tihobaha.dll
[2009/09/29 19:24:24 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/09/29 18:56:13 | 00,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009/09/29 16:58:02 | 00,004,096 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\ScheduledItems
[2009/09/29 16:09:08 | 00,033,280 | ---- | M] () -- \\PDC\Homes$\RobinR\My Documents\SAFETY NETTING SOLUTIONS FOR HOME AND GARDEN.doc
[2009/09/29 11:31:45 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/09/28 14:44:29 | 00,000,993 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/09/28 14:44:29 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/09/28 14:44:29 | 00,000,211 | -H-- | M] () -- C:\boot.ini
[2009/09/28 14:29:49 | 00,335,291 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/09/25 16:38:37 | 00,991,941 | ---- | M] () -- \\PDC\Homes$\RobinR\My Documents\2009_MFIP_website.pdf
[2009/09/25 12:37:13 | 00,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2009/09/25 12:32:19 | 00,335,291 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090928-142949.backup
[2009/09/25 12:28:26 | 00,000,032 | ---- | M] () -- C:\WINDOWS\System32\thxcfg.ini
[2009/09/25 12:08:17 | 00,335,291 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090925-123219.backup
[2009/09/25 12:07:11 | 00,335,291 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090925-120817.backup
[2009/09/25 11:43:23 | 00,000,410 | ---- | M] () -- C:\WINDOWS\brwmark.ini
[2009/09/24 15:38:59 | 00,136,704 | ---- | M] () -- \\PDC\Homes$\RobinR\Desktop\CurrentPPI-M1250MC.xls
[2009/09/24 09:15:38 | 03,186,090 | -H-- | M] () -- C:\Documents and Settings\RobinR\Local Settings\Application Data\IconCache.db
[2009/09/24 08:54:11 | 00,026,624 | ---- | M] () -- \\PDC\Homes$\RobinR\Desktop\TO DO LIST.doc
[2009/09/23 09:50:48 | 00,000,036 | ---- | M] () -- C:\WINDOWS\iltwain.ini
[2009/09/19 22:56:48 | 00,001,819 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2009/09/18 23:58:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/09/16 16:43:00 | 00,026,196 | ---- | M] () -- \\PDC\Homes$\RobinR\Desktop\nobrain.jpg
[2009/09/11 16:50:37 | 00,030,208 | ---- | M] () -- \\PDC\Homes$\RobinR\My Documents\best of parks.doc
[2009/09/11 16:48:00 | 03,225,969 | ---- | M] () -- \\PDC\Homes$\RobinR\My Documents\2009 MFRG.pdf
[2009/09/10 16:55:09 | 00,418,459 | ---- | M] () -- C:\WINDOWS\System32\DllHost.htm
[2009/09/10 16:47:57 | 02,826,520 | ---- | M] () -- \\PDC\Homes$\RobinR\My Documents\2009 MFIP.pdf
[2009/09/10 16:47:13 | 03,127,808 | ---- | M] () -- \\PDC\Homes$\RobinR\My Documents\2009 MFIP.pub
[2009/09/10 14:54:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/09/10 14:53:50 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/09/10 08:47:47 | 00,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/09/10 08:42:50 | 00,001,670 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2009/09/05 01:54:48 | 00,094,208 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2009/09/05 01:54:48 | 00,069,632 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts
[2009/09/03 12:51:44 | 00,024,576 | ---- | M] () -- \\PDC\Homes$\RobinR\My Documents\Wiring Instructions for InCord.doc

========== Alternate Data Streams ==========

@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >


Extras.txt:

OTL Extras logfile created on: 10/2/2009 9:08:53 AM - Run 1
OTL by OldTimer - Version 3.0.17.0 Folder = \\PDC\Homes$\RobinR\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.31 Gb Available Physical Memory | 65.82% Memory free
4.00 Gb Paging File | 3.49 Gb Available in Paging File | 87.27% Paging File free
Paging file location(s): C:\pagefile.sys 2304 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 5.71 Gb Free Space | 15.32% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 205.07 Gb Total Space | 37.44 Gb Free Space | 18.26% Space Free | Partition Type: NTFS
Drive I: | 205.07 Gb Total Space | 37.44 Gb Free Space | 18.26% Space Free | Partition Type: NTFS
Drive L: | 32.59 Gb Total Space | 16.46 Gb Free Space | 50.52% Space Free | Partition Type: NTFS
Drive M: | 205.07 Gb Total Space | 37.44 Gb Free Space | 18.26% Space Free | Partition Type: NTFS
Drive N: | 205.07 Gb Total Space | 37.44 Gb Free Space | 18.26% Space Free | Partition Type: NTFS
Drive R: | 205.07 Gb Total Space | 37.44 Gb Free Space | 18.26% Space Free | Partition Type: NTFS
Drive S: | 205.07 Gb Total Space | 37.44 Gb Free Space | 18.26% Space Free | Partition Type: NTFS
Drive T: | 205.07 Gb Total Space | 37.44 Gb Free Space | 18.26% Space Free | Partition Type: NTFS
Drive U: | 205.07 Gb Total Space | 37.44 Gb Free Space | 18.26% Space Free | Partition Type: NTFS
Drive V: | 15.75 Gb Total Space | 9.56 Gb Free Space | 60.67% Space Free | Partition Type: NTFS
Drive W: | 205.07 Gb Total Space | 37.44 Gb Free Space | 18.26% Space Free | Partition Type: NTFS
Drive X: | 205.07 Gb Total Space | 37.44 Gb Free Space | 18.26% Space Free | Partition Type: NTFS

Computer Name: WEBMASTER
Current User Name: RobinR
NOT logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.js [@ = JSFile] -- C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe (Macromedia, Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
jsfile [edit] -- "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
jsfile [open] -- "C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [FinePix] -- "C:\Program Files\FinePixViewer\FinePixViewer.exe" "%1" (FUJI PHOTO FILM CO.,LTD.)
Directory [FinePixPrint] -- "C:\Program Files\FinePixViewer\FinePixViewer.exe" /p "%1" (FUJI PHOTO FILM CO.,LTD.)
Directory [Print_Directory_Listing] -- printdir.bat "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"5226:TCP" = 5226:TCP:*:Enabled:UltraVNC

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Panda Software\Panda Administrator 3\Pav_Agent\Pagent.exe" = C:\Program Files\Panda Software\Panda Administrator 3\Pav_Agent\Pagent.exe -- File not found
"C:\Program Files\APC\PowerChute Business Edition\agent\pbeagent.exe" = C:\Program Files\APC\PowerChute Business Edition\agent\pbeagent.exe:*:Enabled:PowerChute Business Edition Agent -- (APC)
"C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe" = C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe:*:Disabled:Dreamweaver MX -- (Macromedia, Inc.)
"C:\Program Files\ACT\ACT for Windows\Act8.exe" = C:\Program Files\ACT\ACT for Windows\Act8.exe:*:Enabled:ACT! 8.x/2006 Workgroup -- (Sage Software SB, Inc)
"C:\Program Files\Intuit\QuickBooks 2007\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2007\QBDBMgrN.exe:*:Enabled:QuickBooks 2007 Data Manager -- (iAnywhere Solutions, Inc.)
"C:\Program Files\Macromedia\Dreamweaver 8\Dreamweaver.exe" = C:\Program Files\Macromedia\Dreamweaver 8\Dreamweaver.exe:*:Enabled:Dreamweaver 8 -- (Macromedia, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Panda Software\Panda Administrator 3\Pav_Agent\Pagent.exe" = C:\Program Files\Panda Software\Panda Administrator 3\Pav_Agent\Pagent.exe -- File not found
"C:\Program Files\ACT\ACT for Windows\Act8.exe" = C:\Program Files\ACT\ACT for Windows\Act8.exe:*:Enabled:ACT! 8.x/2006 Workgroup -- (Sage Software SB, Inc)
"C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe" = C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe:*:Enabled:Dreamweaver MX -- (Macromedia, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03F1CC67-5BD8-4C36-8394-76311B2AE69A}" = ArcSoft PhotoStudio 5
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{07B02BD4-E799-4945-B240-166CA9A9BE2D}" = Multimedia Card Reader
"{0837A661-FEC3-48B3-876C-91E7D32048A9}" = Macromedia Dreamweaver 8
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{135BA9A6-495A-4FE9-B1A1-AB4DA449CAB1}" = hppLJP2015
"{1F73D672-6175-4A1D-B3C1-420439D03D0F}" = Product_SF_Full_QFolder
"{2323F08B-C4B3-46A3-B602-9A5AB1A1E525}" = Azalea Software Barcode UFL
"{24ED4D80-8294-11D5-96CD-0040266301AD}" = FinePixViewer Ver.4.3
"{268D8766-8280-4BE5-9680-2BC769E5855A}" = ACT! Premium 2006
"{2BD5C305-1B27-4D41-B690-7A61172D2FEB}" = Macromedia Flash 8
"{30960DCB-603B-4969-8387-4E869D199600}" = Sage MAS 200 Workstation (C:\Program Files\Sage Software\MAS 200 Client\Version4\MAS90\)
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3BC341BD-3736-45F0-B0E0-5664792AC528}" = HP Care Pack Core
"{414C803A-6115-4DB6-BD4E-FD81EA6BC71C}" = Product_SF_Min_QFolder
"{4712DD15-D681-4BDF-B623-9D4F33550F44}" = Peachtree Complete Accounting 2006
"{4B9535BF-CC90-4158-AF32-CAF57A8820CA}" = Macromedia Contribute 3.11
"{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}" = Macromedia Fireworks 8
"{4C7E5204-EE48-4F10-BC65-04FA36713B6D}" = Manual CanoScan 5000,5000F,8000F
"{5490882C-6961-11D5-BAE5-00E0188E010B}" = FUJIFILM USB Driver
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{561D20B1-766E-4EA5-8A1D-B7357D903673}" = hppIOFiles
"{580183A6-FF92-11D5-9294-0050BA073EEC}" = Presto! PageManager 6
"{5864B49E-03FC-481E-89B7-A6664CC2ACB4}" = eDrawings 2008
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5E55F3F1-2210-4CC9-A761-9E4B818D9FA7}" = HP Care Pack Products
"{6249C22D-E6A8-407B-BA8B-40298848ED94}" = OmniPage SE
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6441FECE-0E73-4326-81BF-68503E897820}" = CorePLS_Min_QFolder
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69E6C13B-CF6B-47A6-B7A5-77FE82B2CB40}" = hppFonts
"{6D4111AC-12C2-4169-87B2-6D9FFF4FD9A4}" = ACT!
"{6FFDFDB6-A660-41A3-997A-EB061C5F6C60}" = HP Marketing Assistant
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{761F472B-ABCE-4F20-B070-6C014E6B6CE3}" = JobOps MAS90 Workstation Help
"{7A178F2E-92F6-437C-A709-69685D1C0F2B}" = hppTLBXFXP2015
"{7E545666-F436-45FD-B3DF-C0B99A1A579F}" = QuickBooks Premier: Mfg and Whsle Edition 2007
"{885A63EA-382B-4DD4-A755-14809B8557D6}" = Macromedia Flash Player 8
"{8A4E54C8-90D5-474E-BBBF-5DD43A5A507C}" = Sage MAS 200 Workstation (C:\Program Files\Sage SoftwareV4.2\MAS 200 Client\Version4\MAS90\)
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8B4AB829-DFD3-436D-B808-D9733D76C590}" = Macromedia Dreamweaver MX
"{8BCB844B-0814-4354-A413-1063DB4618E9}" = PeachTree Signature Ready Forms
"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
"{8C0118CC-F720-45FF-A4DA-44AD77B2E73C}" = CorePLS_Full_QFolder
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91057632-CA70-413C-B628-2D3CDBBB906B}" = Macromedia Flash Player 8 Plugin
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{91208A47-5D08-4C79-986F-1931940F51BB}" = QuickBooks Product Listing Service
"{93C069D4-2F86-4570-A6DF-BFABBA1E4AFD}" = hpzTLBXFX
"{A0DB4D2C-E85B-4C23-A4F2-F1B95D3C3BE8}" = Crystal Reports 10 for Sage
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A8AD990E-355A-4413-8647-A9B168978423}_is1" = UltraVNC v1.0.2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-0000-0000-0000-6028747ADE01}" = Adobe Acrobat - Reader 6.0.2 Update
"{AC76BA86-0000-7EC8-7489-000000000603}" = Adobe Acrobat and Reader 6.0.3 Update
"{AC76BA86-0000-7EC8-7489-000000000604}" = Adobe Acrobat and Reader 6.0.4 Update
"{AC76BA86-0000-7EC8-7489-000000000605}" = Adobe Acrobat and Reader 6.0.5 Update
"{AC76BA86-0000-7EC8-7489-000000000606}" = Adobe Acrobat and Reader 6.0.6 Update
"{AC76BA86-1033-0000-BA7E-000000000001}" = Adobe Acrobat 6.0.1 Standard
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B29F049B-5776-4A62-9651-CD0CFBEA4DFD}" = JobOps MAS200 Workstation Extras
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7F54262-AB66-44B3-88BF-9FC69941B643}" = Broadcom Gigabit Integrated Controller
"{B8B4D43C-EAA0-4EEC-B93E-D4D012316286}" = Free DWG Viewer 5.4
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BCE46757-7674-4416-BEDB-68205A60409E}" = Canon CanoScan Toolbox 4.1
"{BCE9F441-9027-4911-82E0-5FB28057897D}" = APC PowerChute Business Edition Agent
"{BD868C41-BB9B-4AA7-A3F1-DB1FA1A02610}" = psqlODBC
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1B160F0-8BA8-408A-8407-5198F3B0B529}" = Sage Components
"{C1D14C0D-FDAA-4DF2-8441-A902805CCE8C}" = ArcSoft PhotoBase 3
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC016F21-3970-11DE-B878-005056806466}" = Google Earth
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D90AFDE3-3E67-407A-ACA8-F0BAAD012F08}" = Safari
"{E5F343DE-F5ED-4582-BAE2-C8ED548DFA46}" = Google SketchUp Viewer
"{EA528B2C-DF8F-45BB-BFDB-B588536992EB}" = SolidWorks eDrawings 2009
"{EC2A8F27-4FBF-4E41-B27B-FE822511B761}" = iTunes
"{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}" = HP Software Update
"{EDAE4F43-833C-443B-8DB5-129F897DF3E8}" = hppWebRegMM
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F38D0F99-1BFC-47AB-AC36-8D9D43700CFB}" = hppManualsP2015
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"ActiveTouchMeetingClient" = WebEx
"Adobe Atmosphere Player" = Adobe Atmosphere Player for Acrobat and Adobe Reader
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"avast!NET" = avast! Antivirus (managed)
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"DYMO Label Software" = DYMO Label Software
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"HP LaserJet P2015" = HP LaserJet P2015 Series 1.0
"InstallShield_{07B02BD4-E799-4945-B240-166CA9A9BE2D}" = Multimedia Card Reader
"InstallShield_{268D8766-8280-4BE5-9680-2BC769E5855A}" = ACT! Premium 2006
"InstallShield_{4712DD15-D681-4BDF-B623-9D4F33550F44}" = Peachtree Complete Accounting 2006
"Inter-Tel Unified Messaging" = Inter-Tel Unified Messaging
"LiveAdvisor" = LiveAdvisor (Symantec Corporation)
"LiveUpdate" = LiveUpdate
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.14)" = Mozilla Firefox (3.0.14)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Peachtree Complete Accounting" = Peachtree Complete Accounting 2006
"PocketSOAP" = PocketSOAP 1.5.4 (remove only)
"QuicktimeAlt_is1" = QuickTime Alternative 2.5.0
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.0
"Spyware Doctor" = Spyware Doctor 6.1
"ST6UNST #1" = IPA
"Vim 7.0" = Vim 7.0 (self-installing)
"WebPosition 4" = WebPosition 4
"WIC" = Windows Imaging Component
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinFax" = Symantec WinFax PRO 10.0
"Winpopup LAN Messenger_is1" = Winpopup LAN Messenger 3.9
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1597796046-2899545957-4185577106-1153\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 4.1.0.366
"InstallShield_{6FFDFDB6-A660-41A3-997A-EB061C5F6C60}" = HP Marketing Assistant

< End of report >


Thanks again for your assistance. Hopefully there are clues here to determine the next step..

#6 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:01:38 AM

Posted 02 October 2009 - 07:56 PM

I'm sorry but this is not going to be a quick process


Now that you were successful in creating an OTL log you need to post it in our HJT forum:
First, try to run a DDS / HJT log as outlined in our preparation guide:
http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/
If it won't run, don't worry, just give a brief description and tell them that the OTL log was all you could get to run successfully
Post them here:
http://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/

The HJT team is extremely busy, so be patient and good luck
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#7 Blue Gascon

Blue Gascon
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:38 AM

Posted 05 October 2009 - 03:05 PM

Thanks for your advice. I started a new topic at Total Security 2009 - New Variant? and posted the logs as you directed. I also seem to have been able to defeat this for the moment, but I hope the advice from the new post can help me clean up any loose ends.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users