Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer sabotage by rootkit and unknown programs


  • This topic is locked This topic is locked
27 replies to this topic

#1 Befuddle

Befuddle

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:05 AM

Posted 15 December 2009 - 02:33 PM

I followed the instructions but received no help after posting a few days agoi. I notice a lot of views but no response so I don't know what I am doing wrong in posting and not receiving any help. I have serious issues on my computer and believe I have been hijacked by backdoor, keyloger, rootkit as hijack this shows ads streams and unusual programs being loaded on startup. I have a lot of disk activity and in internal process 64 I see a lot of activity on scvhost and netstat shows that I being invaded by a large number of ips with foreign destinations.

Can anyone help or direct me to some site that can help me, if you cannot? I attach DDs file but cannot attach

I cannot run Rootreveal since I am running on Vista 64bit operating system. Is there a rootkit program for 64bit operating systems? I also have startup files and hijack files that I created that I can post if you want them.

Thanks


DDS (Ver_09-12-01.01) - NTFSX64
Run by GeorgeS at 11:19:52.97 on Tue 12/15/2009
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_13
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.4029.1846 [GMT -8:00]

SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\a-squared Free\a2service.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Program Files (x86)\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\SysWOW64\PSIService.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\STacSV64.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Pen_Tablet.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\ehome\ehsched.exe
C:\Windows\ehome\ehRecvr.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\Pen_Tablet.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray64.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\SysWOW64\CtHelper.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\a-squared Free\a2free.exe
C:\Windows\System32\mobsync.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\GeorgeS\Desktop\VIRUS SCAN PROCEDURES &PROGRAMS\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Wisdom-soft toolbar: {6dfc55bb-bfff-485a-9709-90c3fdf6db58} - c:\program files (x86)\wisdom-soft\tbWis0.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~2\spybot~1\SDHelper.dll
BHO: Wisdom-soft toolbar: {6dfc55bb-bfff-485a-9709-90c3fdf6db58} - c:\program files (x86)\wisdom-soft\tbWis0.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll
BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - c:\program files (x86)\wot\WOT.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files (x86)\wot\WOT.dll
TB: Hotmail Spam Filter: {58a83e4f-477a-4a3f-bf9b-b65bc2bd5598} - c:\program files (x86)\sunbelt software\ihatespam\siClientUIHotmail.dll
TB: Wisdom-soft toolbar: {6dfc55bb-bfff-485a-9709-90c3fdf6db58} - c:\program files (x86)\wisdom-soft\tbWis0.dll
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [SpybotSD TeaTimer] c:\program files (x86)\spybot - search & destroy\TeaTimer.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Speech Recognition] "c:\windows\speech\common\sapisvr.exe" -SpeechUX -Startup
uRun: [SUPERAntiSpyware] c:\program files (x86)\superantispyware\SUPERAntiSpyware.exe
uRun: [SetDefaultMIDI] MIDIDef.exe
mRun: [GrooveMonitor] "c:\program files (x86)\microsoft office\office12\GrooveMonitor.exe"
mRun: [WinPatrol] "c:\program files (x86)\billp studios\winpatrol\winpatrol.exe" -expressboot
mRun: [avgnt] "c:\program files (x86)\avira\antivir desktop\avgnt.exe" /min
mRun: [LifeCam] "c:\program files (x86)\microsoft lifecam\LifeExp.exe"
mRun: [AsioReg] REGSVR32 /S CTASIO.DLL
mRun: [AsioThk32Reg] REGSVR32.EXE /S CTASIO.DLL
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [WINDVDPatch] CTHELPER.EXE
mRun: [Jet Detection] "c:\program files (x86)\creative\sblive\program\ADGJDet.exe"
dRun: [DevconDefaultDB] c:\windows\system32\READREG /SILENT /FAIL=1
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~2\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~2\spybot~1\SDHelper.dll
Trusted Zone: bing.com
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1C855A0E-34AF-4660-A2FD-66A82A57D14B} - hxxp://auctions.liveauctioneers.com/container_files/lgbexec.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} - hxxp://support.microsoft.com/mats/DiagWebControl.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files (x86)\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~2\common~1\skype\SKYPE4~1.DLL
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files (x86)\wot\WOT.dll
Notify: !SASWinLogon - c:\program files (x86)\superantispyware\SASWINLO.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files (x86)\superantispyware\SASSEH.DLL
TB-X64: WOT: {71576546-354D-41C9-AAE8-31F2EC22BF0D} -
TB-X64: {58A83E4F-477A-4A3F-BF9B-B65BC2BD5598} - No File
TB-X64: {6DFC55BB-BFFF-485A-9709-90C3FDF6DB58} - No File
TB-X64: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun-x64: [CanonSolutionMenu] "c:\program files (x86)\canon\solutionmenu\CNSLMAIN.exe" /logon
mRun-x64: [WrtMon.exe] c:\windows\system32\spool\drivers\x64\3\WrtMon.exe
mRun-x64: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun-x64: [SigmatelSysTrayApp] c:\program files\sigmatel\c-major audio\wdm\sttray64.exe
mRun-x64: [AsioReg] REGSVR32 /S CTASIO.DLL
mRun-x64: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun-x64: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
STS-X64: Windows DreamScene: {E31004D1-A431-41B8-826F-E902F9D95C81} - %SystemRoot%\System32\DreamScene.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\users\georges\appdata\roaming\mozilla\firefox\profiles\3xiujakb.testing new profile\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - component: c:\users\georges\appdata\roaming\mozilla\firefox\profiles\3xiujakb.testing new profile\extensions\prifoxy@prifoxy.org\components\prifoxy.dll
FF - plugin: c:\program files (x86)\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files (x86)\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files (x86)\virtual earth 3d\npVE3D.dll
FF - plugin: c:\users\georges\appdata\roaming\mozilla\firefox\profiles\3xiujakb.testing new profile\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\users\georges\appdata\roaming\mozilla\plugins\npcoolirisplugin.dll
FF - plugin: c:\windows\system32\c2mp\npdivx32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files (x86)\mozilla firefox 3.5.5\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 PxHlpa64;PxHlpa64;c:\windows\system32\drivers\PxHlpa64.sys [2009-10-5 52856]
R1 nm3;Microsoft Network Monitor 3 Driver;c:\windows\system32\drivers\nm3.sys [2009-4-14 39240]
R2 a2free;a-squared Free Service;c:\program files (x86)\a-squared free\a2service.exe [2009-7-25 1858144]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\avira\antivir desktop\sched.exe [2009-6-13 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files (x86)\avira\antivir desktop\avguard.exe [2009-6-13 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-6-13 73048]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 47632]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\spybot - search & destroy\SDWinSec.exe [2009-3-25 1153368]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2009-10-5 3644200]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2009-7-24 36208]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\drivers\point64k.sys [2008-12-19 33160]
S1 SASDIFSV;SASDIFSV;c:\program files (x86)\superantispyware\sasdifsv.sys [2009-3-23 9968]
S1 SASKUTIL;SASKUTIL;c:\program files (x86)\superantispyware\SASKUTIL.SYS [2009-3-23 74480]
S2 gupdate;Google Update Service (gupdate);c:\program files (x86)\google\update\GoogleUpdate.exe [2009-8-18 133104]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe [2009-6-14 89920]
S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2008-6-27 158744]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2008-6-27 158744]
S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2008-6-27 706584]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2008-6-27 706584]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2008-6-27 141848]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2008-6-27 141848]
S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2008-6-27 680984]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2008-6-27 680984]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
S3 PerfHost;Performance Counter DLL Host;c:\windows\syswow64\perfhost.exe [2008-1-20 19968]
S3 SASENUM;SASENUM;c:\program files (x86)\superantispyware\SASENUM.SYS [2009-3-23 7408]
S3 Webcam Corp. Service Starter;Webcam Corp. Service Starter;c:\program files (x86)\webcam\watchdog\dogsvc.exe [2004-3-15 91648]

============== File Associations ===============

JSEFile=%SystemRoot%\SysWow64\CScript.exe "%1" %*
VBEFile=%SystemRoot%\SysWow64\CScript.exe "%1" %*
VBSFile=%SystemRoot%\SysWow64\CScript.exe "%1" %*

=============== Created Last 30 ================

2009-12-14 23:31:58 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2009-12-14 23:30:35 65536 --sha-w- c:\users\georges\ntuser.dat{e77d16b4-e8fa-11de-aecd-001bdc00031b}.TM.blf
2009-12-14 23:30:35 524288 --sha-w- c:\users\georges\ntuser.dat{e77d16b4-e8fa-11de-aecd-001bdc00031b}.TMContainer00000000000000000002.regtrans-ms
2009-12-14 23:30:35 524288 --sha-w- c:\users\georges\ntuser.dat{e77d16b4-e8fa-11de-aecd-001bdc00031b}.TMContainer00000000000000000001.regtrans-ms
2009-12-13 01:39:45 0 d-----w- c:\programdata\WindowsSearch
2009-12-10 21:43:38 0 d-----w- c:\users\georges\appdata\roaming\Auslogics
2009-12-10 20:08:49 0 d-----w- c:\program files (x86)\Auslogics
2009-12-10 00:15:38 0 d-----w- c:\users\georges\appdata\roaming\Wireshark
2009-12-09 23:58:59 0 d-----w- c:\program files\Wireshark
2009-12-09 20:56:50 32768 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-09 20:56:50 24064 ----a-w- c:\windows\syswow64\nshhttp.dll
2009-12-09 20:56:49 620032 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-09 20:56:49 33792 ----a-w- c:\windows\system32\httpapi.dll
2009-12-09 20:56:49 30720 ----a-w- c:\windows\syswow64\httpapi.dll
2009-12-09 07:42:09 0 d-----w- c:\program files\Silicondust
2009-11-29 21:48:42 880640 ----a-w- c:\windows\system32\timedate.cpl
2009-11-29 21:48:42 714240 ----a-w- c:\windows\syswow64\timedate.cpl
2009-11-29 21:33:02 2048 ----a-w- c:\windows\syswow64\tzres.dll
2009-11-29 21:33:02 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-29 21:32:08 1869824 ----a-w- c:\windows\system32\msxml3.dll
2009-11-29 21:32:08 1797120 ----a-w- c:\windows\system32\msxml6.dll
2009-11-29 21:32:07 1401856 ----a-w- c:\windows\syswow64\msxml6.dll
2009-11-29 21:32:07 1248768 ----a-w- c:\windows\syswow64\msxml3.dll
2009-11-29 07:38:41 0 d-----w- c:\program files (x86)\Virtual Earth 3D
2009-11-19 09:49:58 65536 --sha-w- c:\users\georges\ntuser.dat{89c06175-d4ef-11de-8c23-001bdc00031b}.TM.blf
2009-11-19 09:49:58 524288 --sha-w- c:\users\georges\ntuser.dat{89c06175-d4ef-11de-8c23-001bdc00031b}.TMContainer00000000000000000002.regtrans-ms
2009-11-19 09:49:58 524288 --sha-w- c:\users\georges\ntuser.dat{89c06175-d4ef-11de-8c23-001bdc00031b}.TMContainer00000000000000000001.regtrans-ms
2009-11-17 00:05:23 0 d-----w- c:\program files (x86)\Microsoft Easy Assist
2009-11-17 00:04:43 0 d-----w- c:\programdata\Applications
2009-11-16 07:51:29 0 d-----w- c:\program files (x86)\MOZILLA FIREFOX 3.5.5

==================== Find3M ====================

2009-12-15 18:50:50 271288 ----a-w- c:\programdata\nvModes.dat
2009-12-04 00:13:58 22104 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-12 03:22:58 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2009-11-03 04:42:06 226688 ------w- c:\windows\system32\MpSigStub.exe
2009-10-31 22:45:14 86016 ----a-w- c:\windows\inf\infstor.dat
2009-10-31 22:45:14 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-10-31 22:45:14 51200 ----a-w- c:\windows\inf\infpub.dat
2009-10-31 22:45:14 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-10-31 22:45:09 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-10-31 22:45:00 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-10-30 06:20:54 4207104 ----a-w- c:\windows\syswow64\vbsgf.dll
2009-10-27 14:25:02 1032192 ----a-w- c:\windows\system32\wininet.dll
2009-10-27 14:11:14 834048 ----a-w- c:\windows\syswow64\wininet.dll
2009-10-27 14:11:02 1176064 ----a-w- c:\windows\syswow64\urlmon.dll
2009-10-27 14:09:22 3599872 ----a-w- c:\windows\syswow64\mshtml.dll
2009-10-27 14:08:37 6079488 ----a-w- c:\windows\syswow64\ieframe.dll
2009-10-27 14:08:37 180736 ----a-w- c:\windows\syswow64\ieui.dll
2009-10-27 14:08:36 380928 ----a-w- c:\windows\syswow64\ieapfltr.dll
2009-10-27 13:41:03 86528 ----a-w- c:\windows\system32\ieencode.dll
2009-10-27 13:16:28 78336 ----a-w- c:\windows\syswow64\ieencode.dll
2009-10-22 23:22:17 42416 ----a-w- c:\windows\syswow64\unins000.dat
2009-10-22 23:22:14 691717 ----a-w- c:\windows\syswow64\unins000.exe
2009-10-20 18:20:12 105488 ----a-w- c:\windows\system32\Packet.dll
2009-10-20 18:20:06 96784 ----a-w- c:\windows\syswow64\Packet.dll
2009-10-20 18:19:58 369168 ----a-w- c:\windows\system32\wpcap.dll
2009-10-20 18:19:54 47632 ----a-w- c:\windows\system32\drivers\npf.sys
2009-10-20 18:19:54 281104 ----a-w- c:\windows\syswow64\wpcap.dll
2009-10-20 18:19:30 53299 ----a-w- c:\windows\syswow64\pthreadVC.dll
2009-10-08 21:08:04 736256 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-10-08 21:08:01 555520 ----a-w- c:\windows\syswow64\UIAutomationCore.dll
2009-10-08 21:08:01 234496 ----a-w- c:\windows\syswow64\oleacc.dll
2009-10-08 21:07:59 4096 ----a-w- c:\windows\syswow64\oleaccrc.dll
2009-10-08 21:07:58 315904 ----a-w- c:\windows\system32\oleacc.dll
2009-10-08 21:07:54 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-10-08 07:02:19 323584 ----a-w- c:\windows\syswow64\AUDIOGENIE2.DLL
2009-10-07 12:20:17 280576 ----a-w- c:\windows\system32\rastls.dll
2009-10-07 11:36:36 243712 ----a-w- c:\windows\syswow64\rastls.dll
2009-10-05 17:32:39 72440 ------w- c:\windows\syswow64\pxhpinst.exe
2009-10-05 17:32:39 64760 ------w- c:\windows\syswow64\pxinsa64.exe
2009-10-05 17:32:39 64760 ------w- c:\windows\syswow64\pxcpya64.exe
2009-10-05 17:32:39 510712 ------w- c:\windows\syswow64\pxdrv.dll
2009-10-05 17:32:39 129784 ------w- c:\windows\syswow64\pxafs.dll
2009-10-05 17:32:39 116472 ------w- c:\windows\syswow64\pxcpyi64.exe
2009-10-05 17:32:38 379640 ------w- c:\windows\syswow64\pxwave.dll
2009-10-05 17:32:38 187128 ------w- c:\windows\syswow64\pxmas.dll
2009-10-05 17:32:38 1628920 ------w- c:\windows\syswow64\pxsfs.dll
2009-10-05 17:32:38 118520 ------w- c:\windows\syswow64\pxinsi64.exe
2009-10-05 17:32:36 547576 ------w- c:\windows\syswow64\px.dll
2009-10-01 01:02:17 2537472 ----a-w- c:\windows\syswow64\wpdshext.dll
2009-10-01 01:02:05 30208 ----a-w- c:\windows\syswow64\WPDShextAutoplay.exe
2009-10-01 01:02:04 334848 ----a-w- c:\windows\syswow64\PortableDeviceApi.dll
2009-10-01 01:02:02 87552 ----a-w- c:\windows\syswow64\WPDShServiceObj.dll
2009-10-01 01:01:59 160256 ----a-w- c:\windows\syswow64\PortableDeviceTypes.dll
2009-10-01 01:01:56 60928 ----a-w- c:\windows\syswow64\PortableDeviceConnectApi.dll
2009-10-01 01:01:56 350208 ----a-w- c:\windows\syswow64\WPDSp.dll
2009-10-01 01:01:56 196608 ----a-w- c:\windows\syswow64\PortableDeviceWMDRM.dll
2009-10-01 01:01:56 100864 ----a-w- c:\windows\syswow64\PortableDeviceClassExtension.dll
2009-10-01 00:52:29 2727936 ----a-w- c:\windows\system32\wpdshext.dll
2009-10-01 00:52:10 453120 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-10-01 00:52:02 34816 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-10-01 00:51:59 110080 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-10-01 00:51:56 37888 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-10-01 00:51:54 573440 ----a-w- c:\windows\system32\wpd_ci.dll
2009-10-01 00:51:50 433152 ----a-w- c:\windows\system32\WPDSp.dll
2009-10-01 00:51:46 218624 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-10-01 00:51:45 77824 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-10-01 00:51:45 113152 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-10-01 00:51:40 295936 ----a-w- c:\windows\system32\WpdMtp.dll
2009-10-01 00:51:40 107008 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-10-01 00:51:34 214528 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-10-01 00:51:33 75264 ----a-w- c:\windows\system32\WpdMtpUS.dll
2009-10-01 00:51:32 37376 ----a-w- c:\windows\system32\WpdConns.dll
2009-09-28 01:24:22 3778664 ----a-w- c:\windows\system32\nvcplui.exe
2009-09-28 01:23:00 4546152 ----a-w- c:\windows\system32\nvvitvs.dll
2009-09-28 01:23:00 3746920 ----a-w- c:\windows\system32\nvwss.dll
2009-09-28 01:23:00 289896 ----a-w- c:\windows\system32\nvmccss.dll
2009-09-28 01:23:00 1647720 ----a-w- c:\windows\system32\nvmobls.dll
2009-09-28 01:23:00 1646696 ----a-w- c:\windows\system32\nvsvs.dll
2009-09-28 01:22:00 991848 ----a-w- c:\windows\system32\nvsvc64.dll
2009-09-28 01:22:00 82536 ----a-w- c:\windows\system32\nvmctray.dll
2009-09-28 01:22:00 5426792 ----a-w- c:\windows\system32\nvdisps.dll
2009-09-28 01:22:00 5208168 ----a-w- c:\windows\system32\nvgames.dll
2009-09-28 01:22:00 383592 ----a-w- c:\windows\system32\nvvsvc.exe
2009-09-28 01:22:00 16666728 ----a-w- c:\windows\system32\nvcpl.dll
2009-09-25 02:27:43 1209856 ----a-w- c:\windows\system32\WindowsCodecs.dll
2009-09-25 02:10:10 974848 ----a-w- c:\windows\syswow64\WindowsCodecs.dll
2009-09-25 02:10:01 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2009-09-25 02:09:10 411648 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2009-09-25 02:07:08 189440 ----a-w- c:\windows\syswow64\WindowsCodecsExt.dll
2009-09-25 02:04:32 321024 ----a-w- c:\windows\syswow64\PhotoMetadataHandler.dll
2009-09-25 02:00:39 3068416 ----a-w- c:\windows\system32\xpsservices.dll
2009-09-25 01:56:42 643072 ----a-w- c:\windows\system32\XpsPrint.dll
2009-09-25 01:49:22 1554432 ----a-w- c:\windows\syswow64\xpsservices.dll
2009-09-25 01:48:08 351232 ----a-w- c:\windows\syswow64\XpsPrint.dll
2009-09-25 01:40:43 1461760 ----a-w- c:\windows\system32\OpcServices.dll
2009-09-25 01:40:07 470016 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2009-09-25 01:39:09 231936 ----a-w- c:\windows\system32\XpsRasterService.dll
2009-09-25 01:38:29 847360 ----a-w- c:\windows\syswow64\OpcServices.dll
2009-09-25 01:36:16 262656 ----a-w- c:\windows\system32\dxdiagn.dll
2009-09-25 01:36:13 280064 ----a-w- c:\windows\syswow64\XpsGdiConverter.dll

============= FINISH: 11:21:15.75 ===============

Attached Files


Edited by Befuddle, 16 December 2009 - 11:09 AM.


BC AdBot (Login to Remove)

 


#2 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:08:05 AM

Posted 28 December 2009 - 12:13 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE
Shannon

#3 Befuddle

Befuddle
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:05 AM

Posted 29 December 2009 - 12:15 AM

Ah, The files were attach in the original post???
Confused on your reply?

Thx

#4 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:01:05 PM

Posted 29 December 2009 - 11:59 AM

Hello, Befuddle
Welcome to the Bleeping Computer Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.

If you do not make a reply in 5 days, we will have to close your topic.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.
  • Please set your system to show all files.
    Click Start, open My Computer, select the Tools menu and click Folder Options.
    Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
    Uncheck: Hide file extensions for known file types
    Uncheck the Hide protected operating system files (recommended) option.
    Click Yes to confirm.



Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#5 Befuddle

Befuddle
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:05 AM

Posted 30 December 2009 - 02:51 AM

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2009-12-29 22:46:04
Windows 6.0.6002 Service Pack 2
Running: gmaxr.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001bdc00031b
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001bdc00031b@0013c20418be 0x70 0x90 0xD7 0xA0 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\001bdc00031b (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\001bdc00031b@0013c20418be 0x70 0x90 0xD7 0xA0 ...

---- Files - GMER 1.0.15 ----

File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.ci 4096 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.dir 4096 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.wid 65536 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010004.ci 4096 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010004.dir 4096 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010004.wid 65536 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010005.ci 4096 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010005.dir 4096 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010005.wid 65536 bytes

---- EOF - GMER 1.0.15 ----

This is a 64 bit operating system. I was reading about conflicker can remain hidden and undetectable.
I had sql problems a year ago. Also, I was wondering if I have a program that can change services, policies or permissions as I have strange SID with question mark on some threads under TCP/IP and I am denied access to change policies or access services or denied changing the UAC. When I start up Firefox I have 45 svchost.exe files with various threads accessing a large number of ports not the usual port 80 etc. which seems strange. I wonder if there is software on this program that is controlling this computer remotely? Also I am unable to download the latest updates from MS SQL 2005 service pack 3. Could I have conflicker on 64bit machine. It is almost impossible to detect.

Thanks Tom!

Thanks for your help Tom!

#6 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:01:05 PM

Posted 30 December 2009 - 12:07 PM

Could be, hard to say.
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
  • Push the Quick Scan button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#7 Befuddle

Befuddle
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:05 AM

Posted 30 December 2009 - 02:25 PM

OTL logfile created on: 12/30/2009 11:06:35 AM - Run 1
OTL by OldTimer - Version 3.1.15.1 Folder = C:\Users\GeorgeS\Desktop\VIRUS SCAN PROCEDURES &PROGRAMS\VIRUS SCAN PROCEDURES &PROGRAMS
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.93 Gb Total Physical Memory | 2.11 Gb Available Physical Memory | 53.66% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 384.86 Gb Total Space | 290.27 Gb Free Space | 75.42% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 546.65 Gb Total Space | 116.33 Gb Free Space | 21.28% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 501.40 Gb Total Space | 68.09 Gb Free Space | 13.58% Space Free | Partition Type: NTFS
Drive I: | 430.11 Gb Total Space | 165.94 Gb Free Space | 38.58% Space Free | Partition Type: NTFS
Drive M: | 952.19 Mb Total Space | 907.42 Mb Free Space | 95.30% Space Free | Partition Type: FAT
Drive N: | 15.05 Gb Total Space | 0.99 Gb Free Space | 6.58% Space Free | Partition Type: FAT32

Computer Name: VISTA64MAIN
Current User Name: GeorgeS
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - File not found -- C:\Windows\SysWow64\spool\drivers\x64\3\WrtProc.exe
PRC - File not found -- C:\Windows\SysWow64\spool\drivers\x64\3\WrtMon.exe
PRC - [2009/12/17 21:17:09 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\MOZILLA FIREFOX 3.5.5\firefox.exe
PRC - [2009/12/10 20:38:22 | 00,537,600 | ---- | M] (OldTimer Tools) -- C:\Users\GeorgeS\Desktop\VIRUS SCAN PROCEDURES &PROGRAMS\VIRUS SCAN PROCEDURES &PROGRAMS\OTL.exe
PRC - [2009/10/10 13:07:08 | 00,320,832 | ---- | M] (BillP Studios) -- C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2009/10/02 18:48:05 | 01,858,144 | ---- | M] (Emsi Software GmbH) -- C:\Program Files (x86)\a-squared Free\a2service.exe
PRC - [2009/09/10 06:58:25 | 00,168,960 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2009/08/18 16:41:52 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PRC - [2009/06/14 22:38:07 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/06/14 22:38:07 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2009/03/05 15:07:20 | 02,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/03/02 12:08:47 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009/02/06 16:02:14 | 00,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/01/26 14:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/11/07 13:31:40 | 00,076,744 | R--- | M] (Skype Technologies) -- C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
PRC - [2008/11/07 13:31:38 | 21,633,320 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe
PRC - [2007/09/10 23:45:04 | 00,124,832 | ---- | M] () -- C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
PRC - [2007/06/05 12:20:32 | 00,177,704 | ---- | M] () -- C:\Windows\SysWOW64\PSIService.exe
PRC - [2007/04/09 11:32:32 | 00,019,456 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CtHelper.exe
PRC - [2006/11/02 07:03:35 | 00,010,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\microsoft shared\ink\TabTip32.exe
PRC - [2002/12/17 16:26:22 | 07,520,337 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe


========== Modules (SafeList) ==========

MOD - [2009/12/10 20:38:22 | 00,537,600 | ---- | M] (OldTimer Tools) -- C:\Users\GeorgeS\Desktop\VIRUS SCAN PROCEDURES &PROGRAMS\VIRUS SCAN PROCEDURES &PROGRAMS\OTL.exe
MOD - [2009/04/10 22:28:24 | 00,380,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\microsoft shared\ink\tiptsf.dll
MOD - [2009/03/08 05:50:00 | 00,062,776 | ---- | M] (BillP Studios) -- C:\Program Files (x86)\BillP Studios\WinPatrol\patrolpro.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/09/24 17:26:26 | 01,142,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FntCache.dll -- (FontCache)
SRV:64bit: - [2009/07/24 14:04:54 | 00,199,008 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV:64bit: - [2009/04/10 23:11:27 | 00,252,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2009/04/10 23:11:14 | 00,604,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2009/04/10 23:11:13 | 00,053,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bthserv.dll -- (BthServ)
SRV:64bit: - [2009/04/10 23:11:04 | 01,149,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbengine.exe -- (wbengine)
SRV:64bit: - [2009/01/19 10:56:50 | 03,644,200 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Windows\SysNative\Pen_Tablet.exe -- (TabletServicePen)
SRV:64bit: - [2008/01/20 18:50:23 | 00,195,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2008/01/20 18:47:07 | 00,689,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fxssvc.exe -- (Fax)
SRV:64bit: - [2008/01/20 18:46:39 | 00,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/05/06 16:11:38 | 00,112,128 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\Windows\SysNative\STacSV64.exe -- (STacSV)
SRV - [2009/11/06 09:20:16 | 00,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2009/10/20 10:19:48 | 00,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2009/10/05 09:37:17 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/10/02 18:48:05 | 01,858,144 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files (x86)\a-squared Free\a2service.exe -- (a2free)
SRV - [2009/08/18 16:41:52 | 00,133,104 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate)
SRV - [2009/06/14 22:38:07 | 00,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/06/14 22:38:07 | 00,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/03/29 20:39:54 | 00,089,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2009/02/06 16:02:14 | 00,109,056 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/01/26 14:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/10/25 10:44:08 | 00,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008/01/11 16:50:16 | 00,030,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/09/10 23:45:04 | 00,124,832 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
SRV - [2007/06/05 12:20:32 | 00,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PSIService.exe -- (ProtexisLicensing)
SRV - [2006/11/02 05:34:14 | 00,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2006/11/01 22:35:15 | 00,060,994 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2006/11/01 22:35:15 | 00,055,846 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vss.mof -- (VSS)
SRV - [2004/03/15 12:09:44 | 00,091,648 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Webcam\Watchdog\dogsvc.exe -- (Webcam Corp. Service Starter)
SRV - [2002/12/17 16:26:22 | 07,520,337 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -- (MSSQL$SONY_MEDIAMGR)
SRV - [2002/12/17 16:23:30 | 00,311,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -- (SQLAgent$SONY_MEDIAMGR)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
FF - prefs.js..extensions.enabledItems: YoutubeDownloader@PeterOlayev.com:1.1
FF - prefs.js..extensions.enabledItems: {b0e1b4a6-2c6f-4e99-94f2-8e625d7ae255}:3.0.4
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.2
FF - prefs.js..extensions.enabledItems: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.10
FF - prefs.js..extensions.enabledItems: anycolor.pavlos256@gmail.com:0.3.1
FF - prefs.js..extensions.enabledItems: autopager@mozilla.org:0.5.5.6
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.45
FF - prefs.js..extensions.enabledItems: capturefoxmovie@advancity.net:0.7.0
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.11.5
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.5
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.6.5
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.7
FF - prefs.js..extensions.enabledItems: Eraser@vikram:1.021
FF - prefs.js..extensions.enabledItems: {4BBDD651-70CF-4821-84F8-2B918CF89CA3}:6.3.2
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:3.3.19
FF - prefs.js..extensions.enabledItems: flashkiller@joli.clic:1.2.1
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.11.2
FF - prefs.js..extensions.enabledItems: foxyproxy@eric.h.jung:2.16.1
FF - prefs.js..extensions.enabledItems: firefox@ghostery.com:2.0.2
FF - prefs.js..extensions.enabledItems: locationbar2@design-noir.de:1.0.4
FF - prefs.js..extensions.enabledItems: {75CEEE46-9B64-46f8-94BF-54012DE155F0}:0.3.9
FF - prefs.js..extensions.enabledItems: {6e764c17-863a-450f-bdd0-6772bd5aaa18}:1.0.3
FF - prefs.js..extensions.enabledItems: {FBF6D7FB-F305-4445-BB3D-FEF66579A033}:4.3
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.27
FF - prefs.js..extensions.enabledItems: {a756d17a-5a4c-4417-813c-c8cd0151e486}:1.3.2
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.1
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5
FF - prefs.js..extensions.enabledItems: amin.eft_PhProxy@gmail.com:3.5.1C
FF - prefs.js..extensions.enabledItems: {d5ea4520-61a1-11da-8cd6-0800200c9a66}:2009.07.19
FF - prefs.js..extensions.enabledItems: isreaditlater@ideashower.com:2.0.3
FF - prefs.js..extensions.enabledItems: requestpolicy@requestpolicy.com:0.5.12
FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:4.0
FF - prefs.js..extensions.enabledItems: {3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}:0.8.19
FF - prefs.js..extensions.enabledItems: siteinfo@wmtips:1.2
FF - prefs.js..extensions.enabledItems: {45925a5c-e3de-447f-bed2-ded87acae111}:1.9
FF - prefs.js..extensions.enabledItems: {9c51bd27-6ed8-4000-a2bf-36cb95c0c947}:10.1.0
FF - prefs.js..extensions.enabledItems: optout@dubfire.net:2.0
FF - prefs.js..extensions.enabledItems: tineye@ideeinc.com:0.7.1
FF - prefs.js..extensions.enabledItems: {9815d32d-08c2-42ca-a8c6-43e501a4512f}:0.3.2
FF - prefs.js..extensions.enabledItems: unplug@compunach:2.024
FF - prefs.js..extensions.enabledItems: VacuumPlacesImproved@lultimouomo-gmail.com:1
FF - prefs.js..extensions.enabledItems: {f36c6cd1-da73-491d-b290-8fc9115bfa55}:2.0.0
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20091028
FF - prefs.js..network.proxy.type: 2


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2009/10/26 14:08:49 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2009/10/21 15:17:31 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files (x86)\MOZILLA FIREFOX 3.5.5\components [2009/12/17 21:24:35 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files (x86)\MOZILLA FIREFOX 3.5.5\plugins [2009/12/17 21:17:10 | 00,000,000 | ---D | M]

[2009/03/25 18:08:56 | 00,000,000 | ---D | M] -- C:\Users\GeorgeS\AppData\Roaming\Mozilla\Extensions
[2009/12/29 23:33:10 | 00,000,000 | ---D | M] -- C:\Users\GeorgeS\AppData\Roaming\Mozilla\Firefox\Profiles\3xiujakb.Testing New Profile\extensions
[2009/12/16 17:22:46 | 00,000,000 | ---D | M] -- C:\Users\GeorgeS\AppData\Roaming\Mozilla\Firefox\Profiles\3xiujakb.Testing New Profile\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2009/12/26 01:12:05 | 00,000,000 | ---D | M] -- C:\Users\GeorgeS\AppData\Roaming\Mozilla\Firefox\Profiles\3xiujakb.Testing New Profile\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2009/10/26 14:40:06 | 00,000,000 | ---D | M] -- C:\Users\GeorgeS\AppData\Roaming\Mozilla\Firefox\Profiles\3xiujakb.Testing New Profile\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/10/26 14:44:34 | 00,000,000 | ---D | M] -- C:\Users\GeorgeS\AppData\Roaming\Mozilla\Firefox\Profiles\3xiujakb.Testing New Profile\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2009/12/16 17:22:46 | 00,000,000 | ---D | M] -- C:\Users\GeorgeS\AppData\Roaming\Mozilla\Firefox\Profiles\3xiujakb.Testing New Profile\extensions\{3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}
[2009/11/15 19:44:40 | 00,000,000 | ---D | M] -- C:\Users\GeorgeS\AppData\Roaming\Mozilla\Firefox\Profiles\3xiujakb.Testing New Profile\extensions\{45925a5c-e3de-447f-bed2-ded87acae111}
[2009/12/02 19:12:54 | 00,000,000 | ---D | M] -- C:\Users\GeorgeS\AppData\Roaming\Mozilla\Firefox\Profiles\3xiujakb.Testing New Profile\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2009/10/26 14:44:34 | 00,000,000 | ---D | M] -- C:\Users\GeorgeS\AppData\Roaming\Mozilla\Firefox\Profiles\3xiujakb.Testing New Profile\extensions\{64161300-e22b-11db-8314-0800200c9a66}
[2009/12/26 01:12:05 | 00,000,000 | ---D | M] -- C:\Users\GeorgeS\AppData\Roaming\Mozilla\Firefox\Profiles\3xiujakb.Testing New Profile\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/12/09 17:52:37 | 00,000,000 | ---D | M] -- C:\Users\GeorgeS\AppData\Roaming\Mozilla\Firefox\Profiles\3xiujakb.Testing New Profile\extensions\{9815d32d-08c2-42ca-a8c6-43e501a4512f}
[2009/12/09 17:52:37 | 00,000,000 | ---D | M] -- C:\Users\GeorgeS\AppData\Roaming\Mozilla\Firefox\Profiles\3xiujakb.Testing New Profile\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}
[2009/11/06 14:27:37 | 00,000,000 | ---D | M] -- C:\Users\GeorgeS\AppData\Roaming\Mozilla\Firefox\Profiles\3xiujakb.Testing New Profile\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2009/11/21 19:00:13 | 00,000,000 | ---D | M] -- C:\Users\GeorgeS\AppData\Roaming\Mozilla\Firefox\Profiles\3xiujakb.Testing New Profile\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/12/09 19:34:21 | 00,000,000 | ---D | M] -- C:\Users\GeorgeS\AppData\Roaming\Mozilla\Firefox\Profiles\3xiujakb.Testing New Profile\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
[2009/12/16 17:22:47 | 00,000,000 | ---D | M] -- C:\Users\GeorgeS\AppData\Roaming\Mozilla\Firefox\Profiles\3xiujakb.Testing New Profile\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/11/06 23:04:59 | 00,000,000 | ---D | M] -- C:\Users\GeorgeS\AppData\Roaming\Mozilla\Firefox\Profiles\3xiujakb.Testing New Profile\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2009/12/09 17:52:39 | 00,000,000 | ---D | M] -- C:\Users\GeorgeS\AppData\Roaming\Mozilla\Firefox\Profiles\3xiujakb.Testing New Profile\extensions\{d5ea4520-61a1-11da-8cd6-0800200c9a66}
[2009/11/24 11:25:45 | 00,000,000 | ---D | M] -- C:\Users\GeorgeS\AppData\Roaming\Mozilla\Firefox\Profiles\3xiujakb.Testing New Profile\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009/12/09 17:52:37 | 00,000,000 | ---D | M] -- C:\Users\GeorgeS\AppData\Roaming\Mozilla\Firefox\Profiles\3xiujakb.Testing New Profile\extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}
[2009/12/17 21:19:19 | 00,000,000 | ---D | M] -- C:\Users\GeorgeS\AppData\Roaming\Mozilla\Firefox\Profiles\3xiujakb.Testing New Profile\extensions\{f36c6cd1-da73-491d-b290-8fc9115bfa55}
[2009/10/26 14:51:59 | 00,000,000 | ---D | M] -- C:\Users\GeorgeS\AppData\Roaming\Mozilla\Firefox\Profiles\3xiujakb.Testing New Profile\extensions\Eraser@vikram
[2009/12/09 19:34:21 | 00,000,000 | ---D | M] -- C:\Users\GeorgeS\AppData\Roaming\Mozilla\Firefox\Profiles\3xiujakb.Testing New Profile\extensions\firefox@ghostery.com
[2009/12/09 17:52:38 | 00,000,000 | ---D | M] -- C:\Users\GeorgeS\AppData\Roaming\Mozilla\Firefox\Profiles\3xiujakb.Testing New Profile\extensions\foxyproxy@eric.h.jung
[2009/12/09 17:52:36 | 00,000,000 | ---D | M] -- C:\Users\GeorgeS\AppData\Roaming\Mozilla\Firefox\Profiles\3xiujakb.Testing New Profile\extensions\optout@dubfire.net
[2009/12/09 17:52:37 | 00,000,000 | ---D | M] -- C:\Users\GeorgeS\AppData\Roaming\Mozilla\Firefox\Profiles\3xiujakb.Testing New Profile\extensions\pluginchecker@dafizilla.sourceforge.net
[2009/12/09 17:52:37 | 00,000,000 | ---D | M] -- C:\Users\GeorgeS\AppData\Roaming\Mozilla\Firefox\Profiles\3xiujakb.Testing New Profile\extensions\prifoxy@prifoxy.org
[2009/12/09 17:52:37 | 00,000,000 | ---D | M] -- C:\Users\GeorgeS\AppData\Roaming\Mozilla\Firefox\Profiles\3xiujakb.Testing New Profile\extensions\PrivacyPlus@PeterOlayev.com
[2009/12/09 17:52:37 | 00,000,000 | ---D | M] -- C:\Users\GeorgeS\AppData\Roaming\Mozilla\Firefox\Profiles\3xiujakb.Testing New Profile\extensions\requestpolicy@requestpolicy.com
[2009/11/09 01:57:06 | 00,000,000 | ---D | M] -- C:\Users\GeorgeS\AppData\Roaming\Mozilla\Firefox\Profiles\3xiujakb.Testing New Profile\extensions\YoutubeDownloader@PeterOlayev.com
[2009/12/25 18:09:36 | 00,000,000 | ---D | M] -- C:\Users\GeorgeS\AppData\Roaming\Mozilla\Firefox\Profiles\sa6i0m6k.default\extensions
[2009/08/19 17:09:42 | 00,000,000 | ---D | M] -- C:\Users\GeorgeS\AppData\Roaming\Mozilla\Firefox\Profiles\sa6i0m6k.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2009/05/20 14:22:12 | 00,000,000 | ---D | M] -- C:\Users\GeorgeS\AppData\Roaming\Mozilla\Firefox\Profiles\sa6i0m6k.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}
[2009/11/07 22:25:21 | 00,000,000 | ---D | M] -- C:\Users\GeorgeS\AppData\Roaming\Mozilla\Firefox\Profiles\sa6i0m6k.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2009/12/25 17:54:01 | 00,000,000 | ---D | M] -- C:\Users\GeorgeS\AppData\Roaming\Mozilla\Firefox\Profiles\sa6i0m6k.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2009/12/25 17:53:59 | 00,000,000 | ---D | M] -- C:\Users\GeorgeS\AppData\Roaming\Mozilla\Firefox\Profiles\sa6i0m6k.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2009/05/20 14:22:18 | 00,000,000 | ---D | M] -- C:\Users\GeorgeS\AppData\Roaming\Mozilla\Firefox\Profiles\sa6i0m6k.default\extensions\{27A2FD41-CB23-4518-AB5C-C25BAFFDE531}
[2009/11/09 02:51:54 | 00,000,000 | ---D | M] -- C:\Users\GeorgeS\AppData\Roaming\Mozilla\Firefox\Profiles\sa6i0m6k.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
[2009/10/16 14:05:46 | 00,000,000 | ---D | M] -- C:\Users\GeorgeS\AppData\Roaming\Mozilla\Firefox\Profiles\sa6i0m6k.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2009/07/24 12:08:45 | 00,000,000 | ---D | M] -- C:\Users\GeorgeS\AppData\Roaming\Mozilla\Firefox\Profiles\sa6i0m6k.default\extensions\{398e77b8-2304-11dc-8314-0800200c9a66}
[2009/07/30 16:19:37 | 00,000,000 | ---D | M] -- C:\Users\GeorgeS\AppData\Roaming\Mozilla\Firefox\Profiles\sa6i0m6k.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2009/12/25 17:54:01 | 00,000,000 | ---D | M] -- C:\Users\GeorgeS\AppData\Roaming\Mozilla\Firefox\Profiles\sa6i0m6k.default\extensions\{3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}
[2009/11/15 19:15:46 | 00,000,000 | ---D | M] -- C:\Users\GeorgeS\AppData\Roaming\Mozilla\Firefox\Profiles\sa6i0m6k.default\extensions\{45925a5c-e3de-447f-bed2-ded87acae111}
[2009/11/15 19:15:46 | 00,000,000 | ---D | M] -- C:\Users\GeorgeS\AppData\Roaming\Mozilla\Firefox\Profiles\sa6i0m6k.default\extensions\{45925a5c-e3de-447f-bed2-ded87acae111}-trash
[2009/11/15 18:55:20 | 00,000,000 | ---D | M] -- C:\Users\GeorgeS\AppData\Roaming\Mozilla\Firefox\Profiles\sa6i0m6k.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2009/12/25 17:53:59 | 00,000,000 | ---D | M] -- C:\Users\GeorgeS\AppData\Roaming\Mozilla\Firefox\Profiles\sa6i0m6k.default\extensions\{5fb1186a-3398-4c47-b579-0f2eee222ad1}
[2009/09/01 00:49:42 | 00,000,000 | ---D | M] -- C:\Users\GeorgeS\AppData\Roaming\Mozilla\Firefox\Profiles\sa6i0m6k.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}
[2009/05/20 14:22:10 | 00,000,000 | ---D | M] -- C:\Users\GeorgeS\AppData\Roaming\Mozilla\Firefox\Profiles\sa6i0m6k.default\extensions\{6e764c17-863a-450f-bdd0-6772bd5aaa18}
[2009/12/25 17:54:09 | 00,000,000 | ---D | M] -- C:\Users\GeorgeS\AppData\Roaming\Mozilla\Firefox\Profiles\sa6i0m6k.default\extensions\{6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3}
[2009/12/25 17:54:14 | 00,000,000 | ---D | M] -- C:\Users\GeorgeS\AppData\Roaming\Mozilla\Firefox\Profiles\sa6i0m6k.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/06/30 13:02:17 | 00,000,000 | ---D | M] -- C:\Users\GeorgeS\AppData\Roaming\Mozilla\Firefox\Profiles\sa6i0m6k.default\extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}
[2009/05/17 01:34:56 | 00,000,000 | ---D | M] -- C:\Users\GeorgeS\AppData\Roaming\Mozilla\Firefox\Profiles\sa6i0m6k.default\extensions\{79fcaa13-5f29-4c33-aad7-6c48c175760a}
[2009/05/20 14:22:18 | 00,000,000 | ---D | M] -- C:\Users\GeorgeS\AppData\Roaming\Mozilla\Firefox\Profiles\sa6i0m6k.default\extensions\{9815d32d-08c2-42ca-a8c6-43e501a4512f}
[2009/12/16 18:27:42 | 00,000,000 | ---D | M] -- C:\Users\GeorgeS\AppData\Roaming\Mozilla\Firefox\Profiles\sa6i0m6k.default\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}
[2009/11/09 02:51:54 | 00,000,000 | ---D | M] -- C:\Users\GeorgeS\AppData\Roaming\Mozilla\Firefox\Profiles\sa6i0m6k.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2009/10/23 16:19:20 | 00,000,000 | ---D | M] -- C:\Users\GeorgeS\AppData\Roaming\Mozilla\Firefox\Profiles\sa6i0m6k.default\extensions\{a756d17a-5a4c-4417-813c-c8cd0151e486}
[2009/12/25 17:54:03 | 00,000,000 | ---D | M] -- C:\Users\GeorgeS\AppData\Roaming\Mozilla\Firefox\Profiles\sa6i0m6k.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2009/08/16 11:38:18 | 00,000,000 | ---D | M] -- C:\Users\GeorgeS\AppData\Roaming\Mozilla\Firefox\Profiles\sa6i0m6k.default\extensions\{b0e1b4a6-2c6f-4e99-94f2-8e625d7ae255}
[2009/12/25 17:53:58 | 00,000,000 | ---D | M] -- C:\Users\GeorgeS\AppData\Roaming\Mozilla\Firefox\Profiles\sa6i0m6k.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/10/11 12:02:03 | 00,000,000 | ---D | M] -- C:\Users\GeorgeS\AppData\Roaming\Mozilla\Firefox\Profiles\sa6i0m6k.default\extensions\{c33c5b47-69c8-45a4-a5e0-af85bbe628dd}
[2009/10/20 08:40:33 | 00,000,000 | ---D | M] -- C:\Users\GeorgeS\AppData\Roaming\Mozilla\Firefox\Profiles\sa6i0m6k.default\extensions\{ca0849e8-2c76-42ae-9abe-34e14d337acf}
[2009/12/25 17:53:58 | 00,000,000 | ---D | M] -- C:\Users\GeorgeS\AppData\Roaming\Mozilla\Firefox\Profiles\sa6i0m6k.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/11/09 02:51:45 | 00,000,000 | ---D | M] -- C:\Users\GeorgeS\AppData\Roaming\Mozilla\Firefox\Profiles\sa6i0m6k.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2009/05/16 21:57:13 | 00,000,000 | ---D | M] -- C:\Users\GeorgeS\AppData\Roaming\Mozilla\Firefox\Profiles\sa6i0m6k.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2009/08/31 00:21:49 | 00,000,000 | ---D | M] -- C:\Users\GeorgeS\AppData\Roaming\Mozilla\Firefox\Profiles\sa6i0m6k.default\extensions\{d5ea4520-61a1-11da-8cd6-0800200c9a66}
[2009/11/07 22:25:23 | 00,000,000 | ---D | M] -- C:\Users\GeorgeS\AppData\Roaming\Mozilla\Firefox\Profiles\sa6i0m6k.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009/12/25 17:54:00 | 00,000,000 | ---D | M] -- C:\Users\GeorgeS\AppData\Roaming\Mozilla\Firefox\Profiles\sa6i0m6k.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/05/20 14:22:18 | 00,000,000 | ---D | M] -- C:\Users\GeorgeS\AppData\Roaming\Mozilla\Firefox\Profiles\sa6i0m6k.default\extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}
[2009/09/03 16:49:56 | 00,000,000 | ---D | M] -- C:\Users\GeorgeS\AppData\Roaming\Mozilla\Firefox\Profiles\sa6i0m6k.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2009/11/09 02:52:00 | 00,000,000 | ---D | M] -- C:\Users\GeorgeS\AppData\Roaming\Mozilla\Firefox\Profiles\sa6i0m6k.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
[2009/12/25 17:54:09 | 00,000,000 | ---D | M] -- C:\Users\GeorgeS\AppData\Roaming\Mozilla\Firefox\Profiles\sa6i0m6k.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}
[2009/12/25 17:54:08 | 00,000,000 | ---D | M] -- C:\Users\GeorgeS\AppData\Roaming\Mozilla\Firefox\Profiles\sa6i0m6k.default\extensions\{f36c6cd1-da73-491d-b290-8fc9115bfa55}
[2009/12/25 17:54:08 | 00,000,000 | ---D | M] -- C:\Users\GeorgeS\AppData\Roaming\Mozilla\Firefox\Profiles\sa6i0m6k.default\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}
[2009/12/25 17:54:08 | 00,000,000 | ---D | M] -- C:\Users\GeorgeS\AppData\Roaming\Mozilla\Firefox\Profiles\sa6i0m6k.default\extensions\amin.eft_PhProxy@gmail.com
[2009/11/07 22:25:17 | 00,000,000 | ---D | M] -- C:\Users\GeorgeS\AppData\Roaming\Mozilla\Firefox\Profiles\sa6i0m6k.default\extensions\anycolor.pavlos256@gmail.com
[2009/12/25 17:53:58 | 00,000,000 | ---D | M] -- C:\Users\GeorgeS\AppData\Roaming\Mozilla\Firefox\Profiles\sa6i0m6k.default\extensions\autopager@mozilla.org
[2009/12/25 17:53:58 | 00,000,000 | ---D | M] -- C:\Users\GeorgeS\AppData\Roaming\Mozilla\Firefox\Profiles\sa6i0m6k.default\extensions\base-outfit@outwit.com
[2009/12/25 17:54:01 | 00,000,000 | ---D | M] -- C:\Users\GeorgeS\AppData\Roaming\Mozilla\Firefox\Profiles\sa6i0m6k.default\extensions\capturefoxmovie@advancity.net
[2009/12/16 18:27:42 | 00,000,000 | ---D | M] -- C:\Users\GeorgeS\AppData\Roaming\Mozilla\Firefox\Profiles\sa6i0m6k.default\extensions\Eraser@vikram
[2009/12/25 17:54:03 | 00,000,000 | ---D | M] -- C:\Users\GeorgeS\AppData\Roaming\Mozilla\Firefox\Profiles\sa6i0m6k.default\extensions\feedbar@efinke.com
[2009/11/09 02:51:48 | 00,000,000 | ---D | M] -- C:\Users\GeorgeS\AppData\Roaming\Mozilla\Firefox\Profiles\sa6i0m6k.default\extensions\firebug@software.joehewitt.com
[2009/12/25 17:54:03 | 00,000,000 | ---D | M] -- C:\Users\GeorgeS\AppData\Roaming\Mozilla\Firefox\Profiles\sa6i0m6k.default\extensions\firefox@ghostery.com
[2009/07/14 17:25:36 | 00,000,000 | ---D | M] -- C:\Users\GeorgeS\AppData\Roaming\Mozilla\Firefox\Profiles\sa6i0m6k.default\extensions\flashkiller@joli.clic
[2009/12/25 17:54:13 | 00,000,000 | ---D | M] -- C:\Users\GeorgeS\AppData\Roaming\Mozilla\Firefox\Profiles\sa6i0m6k.default\extensions\foxyproxy@eric.h.jung
[2009/12/25 17:54:08 | 00,000,000 | ---D | M] -- C:\Users\GeorgeS\AppData\Roaming\Mozilla\Firefox\Profiles\sa6i0m6k.default\extensions\isreaditlater@ideashower.com
[2009/12/25 17:54:03 | 00,000,000 | ---D | M] -- C:\Users\GeorgeS\AppData\Roaming\Mozilla\Firefox\Profiles\sa6i0m6k.default\extensions\locationbar2@design-noir.de
[2009/09/03 16:49:57 | 00,000,000 | ---D | M] -- C:\Users\GeorgeS\AppData\Roaming\Mozilla\Firefox\Profiles\sa6i0m6k.default\extensions\myimage@captaincaveman.nl
[2009/11/09 02:51:54 | 00,000,000 | ---D | M] -- C:\Users\GeorgeS\AppData\Roaming\Mozilla\Firefox\Profiles\sa6i0m6k.default\extensions\netvideohunter@netvideohunter.com
[2009/12/16 18:37:47 | 00,000,000 | ---D | M] -- C:\Users\GeorgeS\AppData\Roaming\Mozilla\Firefox\Profiles\sa6i0m6k.default\extensions\optout@dubfire.net
[2009/12/25 17:54:02 | 00,000,000 | ---D | M] -- C:\Users\GeorgeS\AppData\Roaming\Mozilla\Firefox\Profiles\sa6i0m6k.default\extensions\outwit-images@outwit.com
[2009/12/25 17:53:59 | 00,000,000 | ---D | M] -- C:\Users\GeorgeS\AppData\Roaming\Mozilla\Firefox\Profiles\sa6i0m6k.default\extensions\personas@christopher.beard
[2009/10/23 16:20:14 | 00,000,000 | ---D | M] -- C:\Users\GeorgeS\AppData\Roaming\Mozilla\Firefox\Profiles\sa6i0m6k.default\extensions\piclens@cooliris.com
[2009/09/17 02:47:09 | 00,000,000 | ---D | M] -- C:\Users\GeorgeS\AppData\Roaming\Mozilla\Firefox\Profiles\sa6i0m6k.default\extensions\plugin@reframeit.com
[2009/12/16 18:27:42 | 00,000,000 | ---D | M] -- C:\Users\GeorgeS\AppData\Roaming\Mozilla\Firefox\Profiles\sa6i0m6k.default\extensions\requestpolicy@requestpolicy.com
[2009/05/20 14:22:10 | 00,000,000 | ---D | M] -- C:\Users\GeorgeS\AppData\Roaming\Mozilla\Firefox\Profiles\sa6i0m6k.default\extensions\siteinfo@wmtips
[2009/05/17 01:16:09 | 00,000,000 | ---D | M] -- C:\Users\GeorgeS\AppData\Roaming\Mozilla\Firefox\Profiles\sa6i0m6k.default\extensions\thumbnailexpander@extensions.danwendorf.com
[2009/11/15 18:55:18 | 00,000,000 | ---D | M] -- C:\Users\GeorgeS\AppData\Roaming\Mozilla\Firefox\Profiles\sa6i0m6k.default\extensions\tineye@ideeinc.com
[2009/12/25 17:54:02 | 00,000,000 | ---D | M] -- C:\Users\GeorgeS\AppData\Roaming\Mozilla\Firefox\Profiles\sa6i0m6k.default\extensions\unplug@compunach
[2009/10/03 22:34:59 | 00,000,000 | ---D | M] -- C:\Users\GeorgeS\AppData\Roaming\Mozilla\Firefox\Profiles\sa6i0m6k.default\extensions\VacuumPlacesImproved@lultimouomo-gmail.com
[2009/11/09 03:25:00 | 00,000,000 | ---D | M] -- C:\Users\GeorgeS\AppData\Roaming\Mozilla\Firefox\Profiles\sa6i0m6k.default\extensions\YoutubeDownloader@PeterOlayev.com
[2009/05/20 14:22:10 | 00,000,000 | ---D | M] -- C:\Users\GeorgeS\AppData\Roaming\Mozilla\Firefox\Profiles\sa6i0m6k.default\extensions\zotero@chnm.gmu.edu
[2009/05/17 01:16:09 | 00,000,000 | ---D | M] -- C:\Users\GeorgeS\AppData\Roaming\Mozilla\Firefox\Profiles\sa6i0m6k.default\extensions\thumbnailexpander@extensions.danwendorf.com\chrome
[2009/05/17 01:16:09 | 00,000,000 | ---D | M] -- C:\Users\GeorgeS\AppData\Roaming\Mozilla\Firefox\Profiles\sa6i0m6k.default\extensions\thumbnailexpander@extensions.danwendorf.com\defaults
[2009/11/19 18:20:19 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions

O1 HOSTS File: (370684 bytes) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 12779 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (no name) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Hotmail Spam Filter) - {58A83E4F-477A-4A3F-BF9B-B65BC2BD5598} - C:\Program Files (x86)\Sunbelt Software\iHateSpam\siClientUIHotmail.dll (GIANT Company Software inc.)
O3 - HKLM\..\Toolbar: (no name) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Hotmail Spam Filter) - {58A83E4F-477A-4A3F-BF9B-B65BC2BD5598} - C:\Program Files (x86)\Sunbelt Software\iHateSpam\siClientUIHotmail.dll (GIANT Company Software inc.)
O3:HKU - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
O4:64bit: - HKLM..\Run: [AsioReg] C:\Windows\SysNative\CTASIO.DLL (Creative Technology Ltd)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray64.exe (SigmaTel, Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [WrtMon.exe] C:\Windows\SysNative\spool\drivers\x64\3\WrtMon.exe ()
O4 - HKLM..\Run: [AsioReg] C:\Windows\SysWow64\ctasio.dll (Creative Technology Ltd)
O4 - HKLM..\Run: [AsioThk32Reg] C:\Windows\SysWow64\ctasio.dll (Creative Technology Ltd)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CTHelper] C:\Windows\SysWow64\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Jet Detection] C:\Program Files (x86)\Creative\SBLive\Program\ADGJDet.exe ()
O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WINDVDPatch] C:\Windows\SysWow64\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKCU..\Run: [SetDefaultMIDI] C:\Windows\MIDIDEF.EXE (Creative Technology Ltd)
O4 - HKCU..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysNative\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15:64bit: - ..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: bing.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: 65 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1C855A0E-34AF-4660-A2FD-66A82A57D14B} http://auctions.liveauctioneers.com/contai...les/lgbexec.cab (XExcuter Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} http://support.microsoft.com/mats/DiagWebControl.cab (Diagnostics ActiveX WebControl)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.11.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/12/07 01:48:09 | 00,000,095 | ---- | M] () - H:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{2ecd71af-4d5b-11de-aa63-806e6f6e6963}\Shell\AutoRun\command - "" = N:\autorun.exe -- File not found
O33 - MountPoints2\{2ecd71af-4d5b-11de-aa63-806e6f6e6963}\Shell\phone\command - "" = N:\autorun.exe -- File not found
O33 - MountPoints2\{75e83ec6-4b43-11de-b8c9-001b21118426}\Shell - "" = AutoRun
O33 - MountPoints2\{75e83ec6-4b43-11de-b8c9-001b21118426}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - comfile [open] -- "%1" %* File not found
64bit: O35 - exefile [open] -- "%1" %* File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs:64bit: Ias - C:\Windows\SysNative\ias [2008/01/20 19:05:52 | 00,000,000 | ---D | M]
NetSvcs:64bit: Irmon - C:\Windows\SysNative\irmon.dll (Microsoft Corporation)
NetSvcs:64bit: Wmi - C:\Windows\SysNative\wmi.dll (Microsoft Corporation)
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
NetSvcs: Ias - C:\Windows\SysWOW64\ias [2008/01/20 19:07:48 | 00,000,000 | ---D | M]
NetSvcs: Wmi - C:\Windows\SysWOW64\wmi.dll (Microsoft Corporation)
OTL cannot create restorepoints on Vista OSs!

========== Files/Folders - Created Within 14 Days ==========

[2009/12/28 18:48:23 | 00,000,000 | ---D | C] -- C:\WTablet
[2009/12/25 21:41:37 | 00,018,816 | ---- | C] (Sophos Plc) -- C:\Windows\SysWow64\SAVRKBootTasks.sys
[2009/12/25 19:52:21 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2009/12/23 14:46:33 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Softwin
[2009/12/23 14:29:10 | 03,550,592 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\GeorgeS\Desktop\procexp - Copy.exe
[2009/12/23 14:29:10 | 00,000,000 | ---D | C] -- C:\Users\GeorgeS\Desktop\ROOTKIT - Copy
[2009/12/23 14:04:02 | 00,000,000 | R--D | C] -- C:\Users\GeorgeS\Desktop\ROOTKIT
[2009/12/16 20:29:38 | 00,000,000 | ---D | C] -- C:\Program Files\Windows7FirewallControl
[2007/04/09 11:32:58 | 00,034,816 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll
[6 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Users\GeorgeS\Documents\*.tmp files -> C:\Users\GeorgeS\Documents\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2009/12/30 11:09:01 | 10,485,760 | -HS- | M] () -- C:\Users\GeorgeS\ntuser.dat
[2009/12/30 11:02:17 | 00,786,922 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2009/12/30 11:02:17 | 00,662,888 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2009/12/30 11:02:17 | 00,127,194 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2009/12/30 10:56:27 | 00,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{2347F510-463C-4A41-B140-E66F4438D9F6}.job
[2009/12/30 10:56:21 | 00,271,288 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2009/12/30 10:56:20 | 00,271,288 | ---- | M] () -- C:\ProgramData\nvModes.001
[2009/12/30 10:55:51 | 00,003,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/12/30 10:55:51 | 00,003,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/12/30 10:55:41 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/12/30 10:55:38 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/12/30 10:54:47 | 00,001,076 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2009/12/30 10:54:46 | 00,524,288 | -HS- | M] () -- C:\Users\GeorgeS\ntuser.dat{728fa4b6-e9fc-11de-a16b-001bdc00031b}.TMContainer00000000000000000001.regtrans-ms
[2009/12/30 10:54:46 | 00,065,536 | -HS- | M] () -- C:\Users\GeorgeS\ntuser.dat{728fa4b6-e9fc-11de-a16b-001bdc00031b}.TM.blf
[2009/12/30 10:54:38 | 03,616,794 | -H-- | M] () -- C:\Users\GeorgeS\AppData\Local\IconCache.db
[2009/12/29 17:27:06 | 00,271,360 | ---- | M] () -- C:\Users\GeorgeS\Desktop\mailbox.pst
[2009/12/28 19:39:09 | 00,168,448 | ---- | M] () -- C:\Users\GeorgeS\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/28 14:59:57 | 56,332,5507 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2009/12/26 14:55:20 | 00,001,460 | ---- | M] () -- C:\Users\GeorgeS\AppData\Local\d3d9caps64.dat
[2009/12/25 18:02:37 | 00,370,684 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2009/12/25 17:57:56 | 00,001,745 | ---- | M] () -- C:\Users\GeorgeS\Desktop\CCleaner.lnk
[2009/12/23 14:21:13 | 00,001,120 | ---- | M] () -- C:\Users\GeorgeS\Desktop\Revo Uninstaller.lnk
[2009/12/23 14:20:34 | 00,370,684 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20091225-180237.backup
[2009/12/23 14:20:18 | 02,458,624 | ---- | M] () -- C:\Users\GeorgeS\Desktop\permissions.sqlite
[2009/12/22 17:41:34 | 00,000,557 | ---- | M] () -- C:\Users\GeorgeS\Desktop\ADVANCE SEARCH WINDOW.lnk
[2009/12/17 21:12:08 | 00,366,488 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20091223-142034.backup
[2009/12/16 21:37:25 | 00,524,288 | -HS- | M] () -- C:\Users\GeorgeS\ntuser.dat{728fa4b6-e9fc-11de-a16b-001bdc00031b}.TMContainer00000000000000000002.regtrans-ms
[2009/12/16 20:59:08 | 00,524,288 | -HS- | M] () -- C:\Users\GeorgeS\ntuser.dat{e77d16b4-e8fa-11de-aecd-001bdc00031b}.TMContainer00000000000000000001.regtrans-ms
[2009/12/16 20:59:08 | 00,065,536 | -HS- | M] () -- C:\Users\GeorgeS\ntuser.dat{e77d16b4-e8fa-11de-aecd-001bdc00031b}.TM.blf
[6 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Users\GeorgeS\Documents\*.tmp files -> C:\Users\GeorgeS\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/12/28 19:49:43 | 00,000,557 | ---- | C] () -- C:\Users\GeorgeS\Desktop\ADVANCE SEARCH WINDOW.lnk
[2009/12/28 14:59:57 | 56,332,5507 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2009/12/23 14:21:13 | 00,001,120 | ---- | C] () -- C:\Users\GeorgeS\Desktop\Revo Uninstaller.lnk
[2009/12/16 21:05:56 | 00,524,288 | -HS- | C] () -- C:\Users\GeorgeS\ntuser.dat{728fa4b6-e9fc-11de-a16b-001bdc00031b}.TMContainer00000000000000000002.regtrans-ms
[2009/12/16 21:05:56 | 00,524,288 | -HS- | C] () -- C:\Users\GeorgeS\ntuser.dat{728fa4b6-e9fc-11de-a16b-001bdc00031b}.TMContainer00000000000000000001.regtrans-ms
[2009/12/16 21:05:56 | 00,065,536 | -HS- | C] () -- C:\Users\GeorgeS\ntuser.dat{728fa4b6-e9fc-11de-a16b-001bdc00031b}.TM.blf
[2009/12/16 15:23:15 | 00,114,688 | ---- | C] () -- C:\Fport.exe
[2009/12/10 09:43:11 | 00,228,742 | ---- | C] () -- C:\Users\GeorgeS\AppData\Local\dd_ATL90SP1_KB973924MSI09E5.txt
[2009/12/10 09:43:10 | 00,011,696 | ---- | C] () -- C:\Users\GeorgeS\AppData\Local\dd_ATL90SP1_KB973924UI09E5.txt
[2009/12/09 15:59:04 | 00,429,190 | ---- | C] () -- C:\Users\GeorgeS\AppData\Local\dd_vcredistMSI5B77.txt
[2009/12/09 15:59:04 | 00,013,542 | ---- | C] () -- C:\Users\GeorgeS\AppData\Local\dd_vcredistUI5B77.txt
[2009/12/01 15:01:22 | 00,004,096 | -H-- | C] () -- C:\Users\GeorgeS\AppData\Local\keyfile3.drm
[2009/10/22 15:22:15 | 00,188,416 | ---- | C] () -- C:\Windows\SysWow64\ff_theora.dll
[2009/10/22 15:22:15 | 00,118,784 | ---- | C] () -- C:\Windows\SysWow64\ff_realaac.dll
[2009/10/20 10:19:30 | 00,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2009/10/03 09:13:52 | 00,000,586 | ---- | C] () -- C:\Windows\cdgrabber.ini
[2009/09/21 21:03:30 | 00,000,341 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009/09/14 18:40:15 | 00,000,231 | ---- | C] () -- C:\Windows\AC3API.INI
[2009/09/14 18:40:15 | 00,000,000 | ---- | C] () -- C:\Windows\SBWIN.INI
[2009/09/14 18:40:09 | 00,037,727 | ---- | C] () -- C:\Windows\SysWow64\Emu10kx.ini
[2009/09/14 18:25:51 | 00,030,756 | ---- | C] () -- C:\Windows\SysWow64\e10kxwdm.ini
[2009/09/14 17:00:02 | 00,003,072 | ---- | C] () -- C:\Windows\SysWow64\CTXFIRES.DLL
[2009/07/28 12:34:33 | 00,232,010 | ---- | C] () -- C:\Users\GeorgeS\AppData\Local\dd_ATL90SP1_KB973924MSI591D.txt
[2009/07/28 12:34:33 | 00,011,792 | ---- | C] () -- C:\Users\GeorgeS\AppData\Local\dd_ATL90SP1_KB973924UI591D.txt
[2009/07/28 12:34:14 | 00,557,612 | ---- | C] () -- C:\Users\GeorgeS\AppData\Local\dd_ATL80SP1_KB973923MSI58DF.txt
[2009/07/28 12:34:14 | 00,011,680 | ---- | C] () -- C:\Users\GeorgeS\AppData\Local\dd_ATL80SP1_KB973923UI58DF.txt
[2009/07/27 13:00:15 | 00,271,288 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/07/27 13:00:07 | 00,271,288 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/07/11 12:33:38 | 00,000,362 | ---- | C] () -- C:\Users\GeorgeS\AppData\Roaming\flashfavorite.htm
[2009/06/14 23:54:51 | 00,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/06/14 23:54:23 | 00,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/13 23:31:22 | 00,332,882 | ---- | C] () -- C:\Users\GeorgeS\AppData\Local\dd_vcredistMSI13D6.txt
[2009/06/13 23:31:22 | 00,011,150 | ---- | C] () -- C:\Users\GeorgeS\AppData\Local\dd_vcredistUI13D6.txt
[2009/05/27 20:58:38 | 00,335,116 | ---- | C] () -- C:\Users\GeorgeS\AppData\Local\dd_vcredistMSI6EAD.txt
[2009/05/27 20:58:38 | 00,011,230 | ---- | C] () -- C:\Users\GeorgeS\AppData\Local\dd_vcredistUI6EAD.txt
[2009/05/16 02:58:50 | 00,000,427 | ---- | C] () -- C:\Windows\ULEAD32.INI
[2009/05/16 02:58:50 | 00,000,087 | ---- | C] () -- C:\Windows\dswplug.ini
[2009/05/16 02:58:44 | 00,073,728 | ---- | C] () -- C:\Windows\SysWow64\mplaw7.dll
[2009/05/16 02:58:44 | 00,073,728 | ---- | C] () -- C:\Windows\SysWow64\mplaa6.dll
[2009/05/16 02:58:44 | 00,061,440 | ---- | C] () -- C:\Windows\SysWow64\mplam6.dll
[2009/05/16 02:58:44 | 00,019,968 | ---- | C] () -- C:\Windows\SysWow64\cpuinf32.dll
[2009/03/29 23:18:18 | 00,003,756 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/03/28 00:48:18 | 00,418,626 | ---- | C] () -- C:\Users\GeorgeS\AppData\Local\dd_vcredistMSI0058.txt
[2009/03/28 00:48:18 | 00,011,406 | ---- | C] () -- C:\Users\GeorgeS\AppData\Local\dd_vcredistUI0058.txt
[2009/03/27 17:10:50 | 00,000,185 | ---- | C] () -- C:\Windows\SysWow64\msblcd32.dll
[2009/03/27 13:05:26 | 00,000,120 | ---- | C] () -- C:\Users\GeorgeS\AppData\Roaming\FixVTS.ini
[2009/03/27 03:48:47 | 00,011,776 | ---- | C] () -- C:\Windows\SysWow64\pmsbfn32.dll
[2009/03/27 03:47:08 | 00,000,424 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2009/03/27 03:31:17 | 00,000,162 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/03/27 02:23:02 | 00,778,556 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/03/27 00:19:41 | 00,000,680 | ---- | C] () -- C:\Users\GeorgeS\AppData\Local\d3d9caps.dat
[2009/03/26 22:52:19 | 00,168,448 | ---- | C] () -- C:\Users\GeorgeS\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/26 22:49:25 | 00,000,059 | ---- | C] () -- C:\Users\GeorgeS\AppData\Local\SUMQU0C1-FE20-APII-YE7M-BEDSDWMY5R6A.dat
[2009/03/26 00:25:53 | 00,000,082 | ---- | C] () -- C:\ProgramData\SUMQU0C1-FE20-APII-YE7M-BEDSDWMY5R6A.dat
[2009/03/25 03:15:15 | 00,142,848 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2009/03/25 03:15:15 | 00,070,656 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2009/03/25 01:33:46 | 00,001,460 | ---- | C] () -- C:\Users\GeorgeS\AppData\Local\d3d9caps64.dat
[2009/02/16 09:19:42 | 00,662,016 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009/02/16 08:32:20 | 00,204,800 | ---- | C] () -- C:\Windows\SysWow64\TomsMoComp_ff.dll
[2009/02/16 08:30:30 | 00,520,192 | ---- | C] () -- C:\Windows\SysWow64\ff_x264.dll
[2009/02/16 08:27:28 | 00,404,992 | ---- | C] () -- C:\Windows\SysWow64\libmplayer.dll
[2009/02/16 08:23:50 | 00,122,880 | ---- | C] () -- C:\Windows\SysWow64\libmpeg2_ff.dll
[2009/02/16 06:49:30 | 00,204,800 | ---- | C] () -- C:\Windows\SysWow64\ff_kernelDeint.dll
[2009/02/16 06:47:42 | 03,104,256 | ---- | C] () -- C:\Windows\SysWow64\libavcodec.dll
[2009/02/14 07:15:42 | 00,397,312 | ---- | C] () -- C:\Windows\SysWow64\ff_libfaad2.dll
[2009/02/09 14:28:18 | 00,026,624 | ---- | C] () -- C:\Windows\SysWow64\ff_wmv9.dll
[2009/02/09 12:19:18 | 00,135,168 | ---- | C] () -- C:\Windows\SysWow64\ff_samplerate.dll
[2009/02/09 12:19:12 | 00,143,360 | ---- | C] () -- C:\Windows\SysWow64\ff_libmad.dll
[2009/02/09 12:18:52 | 00,038,400 | ---- | C] () -- C:\Windows\SysWow64\ff_unrar.dll
[2009/02/09 12:18:32 | 00,102,912 | ---- | C] () -- C:\Windows\SysWow64\ff_tremor.dll
[2009/02/09 12:18:24 | 00,167,936 | ---- | C] () -- C:\Windows\SysWow64\ff_libdts.dll
[2009/02/09 12:18:20 | 00,054,784 | ---- | C] () -- C:\Windows\SysWow64\ff_liba52.dll
[2009/02/09 11:56:22 | 00,007,680 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009/01/10 14:17:32 | 00,163,840 | ---- | C] () -- C:\Windows\SysWow64\ts.dll
[2009/01/10 14:16:56 | 00,148,480 | ---- | C] () -- C:\Windows\SysWow64\mkx.dll
[2009/01/10 14:16:50 | 00,108,032 | ---- | C] () -- C:\Windows\SysWow64\avi.dll
[2009/01/10 14:16:14 | 00,141,312 | ---- | C] () -- C:\Windows\SysWow64\mp4.dll
[2009/01/10 14:15:54 | 00,120,832 | ---- | C] () -- C:\Windows\SysWow64\ogm.dll
[2009/01/10 14:15:44 | 00,159,744 | ---- | C] () -- C:\Windows\SysWow64\mmfinfo.dll
[2009/01/10 14:15:32 | 00,102,400 | ---- | C] () -- C:\Windows\SysWow64\avss.dll
[2009/01/10 14:15:28 | 00,246,784 | ---- | C] () -- C:\Windows\SysWow64\dxr.dll
[2009/01/10 14:15:12 | 00,097,280 | ---- | C] () -- C:\Windows\SysWow64\avs.dll
[2009/01/10 14:14:08 | 00,079,360 | ---- | C] () -- C:\Windows\SysWow64\mkzlib.dll
[2009/01/10 14:14:06 | 00,023,552 | ---- | C] () -- C:\Windows\SysWow64\mkunicode.dll
[2008/12/03 14:11:50 | 00,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2008/11/06 08:37:32 | 03,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2008/11/06 08:34:00 | 00,000,416 | ---- | C] () -- C:\Windows\SysWow64\dtu100.dll.manifest
[2008/11/06 08:34:00 | 00,000,416 | ---- | C] () -- C:\Windows\SysWow64\dpl100.dll.manifest
[2008/10/07 08:13:30 | 00,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008/10/07 08:13:22 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008/06/22 12:24:37 | 00,000,233 | -H-- | C] () -- C:\Windows\gvac.sys
[2008/01/20 18:49:10 | 00,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007/10/13 01:30:20 | 00,000,137 | ---- | C] () -- C:\Windows\SysWow64\Registration.ini
[2007/07/10 09:10:12 | 00,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest
[2007/04/12 07:10:28 | 00,105,728 | ---- | C] () -- C:\Windows\SysWow64\APOMgrH.dll
[2007/04/09 11:55:14 | 00,097,785 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini
[2007/04/09 11:55:14 | 00,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
[2007/04/09 11:33:50 | 00,043,520 | ---- | C] () -- C:\Windows\SysWow64\CTBurst.dll
[2006/10/02 08:25:18 | 00,000,307 | ---- | C] () -- C:\Windows\SysWow64\kill.ini
[2005/06/16 09:17:16 | 00,071,680 | ---- | C] () -- C:\Windows\SysWow64\ctmmactl.dll
[2003/04/01 12:14:30 | 00,057,344 | ---- | C] () -- C:\Windows\SysWow64\PVProp143N.dll

========== LOP Check ==========

[2009/05/16 02:41:30 | 00,000,000 | ---D | M] -- C:\Users\GeorgeS\AppData\Roaming\ALLCapture
[2009/03/28 19:18:41 | 00,000,000 | ---D | M] -- C:\Users\GeorgeS\AppData\Roaming\AntiSpamFilter
[2009/12/10 13:43:38 | 00,000,000 | ---D | M] -- C:\Users\GeorgeS\AppData\Roaming\Auslogics
[2009/06/29 00:17:44 | 00,000,000 | ---D | M] -- C:\Users\GeorgeS\AppData\Roaming\AVCWare Studio
[2009/05/16 23:28:55 | 00,000,000 | ---D | M] -- C:\Users\GeorgeS\AppData\Roaming\BitZipper
[2009/09/18 02:55:53 | 00,000,000 | ---D | M] -- C:\Users\GeorgeS\AppData\Roaming\Canon
[2009/03/25 14:02:30 | 00,000,000 | ---D | M] -- C:\Users\GeorgeS\AppData\Roaming\DAEMON Tools
[2009/03/25 14:04:21 | 00,000,000 | ---D | M] -- C:\Users\GeorgeS\AppData\Roaming\DAEMON Tools Lite
[2009/03/25 14:02:30 | 00,000,000 | ---D | M] -- C:\Users\GeorgeS\AppData\Roaming\DAEMON Tools Pro
[2009/06/29 13:59:11 | 00,000,000 | ---D | M] -- C:\Users\GeorgeS\AppData\Roaming\FireShot
[2009/06/21 13:48:40 | 00,000,000 | ---D | M] -- C:\Users\GeorgeS\AppData\Roaming\Foxit
[2009/03/27 13:09:33 | 00,000,000 | ---D | M] -- C:\Users\GeorgeS\AppData\Roaming\GARMIN
[2009/11/14 18:55:12 | 00,000,000 | ---D | M] -- C:\Users\GeorgeS\AppData\Roaming\GrabPro
[2009/07/12 18:06:59 | 00,000,000 | ---D | M] -- C:\Users\GeorgeS\AppData\Roaming\ICAClient
[2009/11/16 05:50:44 | 00,000,000 | ---D | M] -- C:\Users\GeorgeS\AppData\Roaming\mjusbsp
[2009/03/31 16:26:38 | 00,000,000 | ---D | M] -- C:\Users\GeorgeS\AppData\Roaming\NewSoft
[2009/12/11 11:19:50 | 00,000,000 | ---D | M] -- C:\Users\GeorgeS\AppData\Roaming\Notepad++
[2009/11/14 14:06:45 | 00,000,000 | ---D | M] -- C:\Users\GeorgeS\AppData\Roaming\Orbit
[2009/03/26 00:25:54 | 00,000,000 | ---D | M] -- C:\Users\GeorgeS\AppData\Roaming\PixelMetrics
[2009/03/27 03:47:06 | 00,000,000 | ---D | M] -- C:\Users\GeorgeS\AppData\Roaming\ScanSoft
[2009/03/25 22:59:32 | 00,000,000 | ---D | M] -- C:\Users\GeorgeS\AppData\Roaming\Silicondust
[2009/05/16 02:38:01 | 00,000,000 | ---D | M] -- C:\Users\GeorgeS\AppData\Roaming\Sony
[2009/10/02 18:32:32 | 00,000,000 | ---D | M] -- C:\Users\GeorgeS\AppData\Roaming\WinPatrol
[2009/12/09 21:45:45 | 00,000,000 | ---D | M] -- C:\Users\GeorgeS\AppData\Roaming\Wireshark
[2009/12/30 10:54:47 | 00,032,554 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/12/30 10:56:27 | 00,000,422 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{2347F510-463C-4A41-B140-E66F4438D9F6}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2001/05/04 13:58:10 | 00,114,688 | ---- | M] () -- C:\Fport.exe


< MD5 for: AGP440.SYS >
[2008/01/20 18:45:58 | 00,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys
[2008/01/20 18:45:58 | 00,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/01/20 18:45:58 | 00,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2009/04/10 23:15:00 | 00,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 03:16:48 | 00,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll
[2006/11/02 01:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006/11/02 01:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006/11/02 01:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2008/01/20 18:46:07 | 00,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2008/01/20 18:50:06 | 00,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll
[2009/04/10 22:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll
[2009/04/10 22:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll
[2009/04/10 22:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll
[2009/04/10 23:11:16 | 00,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll
[2008/01/20 18:47:35 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2008/01/20 18:46:02 | 00,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/20 18:49:34 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll
[2008/01/20 18:48:56 | 00,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll
[2009/04/10 22:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll
[2009/04/10 22:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll
[2009/04/10 22:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll
[2009/04/10 23:11:23 | 00,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 736 bytes -> C:\Users\GeorgeS\Documents\wachovia ann miller.eml:OECustomProperty
@Alternate Data Stream - 732 bytes -> C:\Users\GeorgeS\Documents\justin martyr doctrine of early church.eml:OECustomProperty
@Alternate Data Stream - 726 bytes -> C:\Users\GeorgeS\Documents\Mae Kemp Family Trust.eml:OECustomProperty
@Alternate Data Stream - 670 bytes -> C:\Users\GeorgeS\Documents\'Le Protecteur'.eml:OECustomProperty
@Alternate Data Stream - 64 bytes -> C:\Users\GeorgeS\Desktop\HAUTNER.avi:TOC.WMV
@Alternate Data Stream - 594 bytes -> C:\Users\GeorgeS\Documents\wachovia.eml:OECustomProperty
@Alternate Data Stream - 594 bytes -> C:\Users\GeorgeS\Documents\ftc spam button.eml:OECustomProperty
@Alternate Data Stream - 574 bytes -> C:\Users\GeorgeS\Documents\negative news.eml:OECustomProperty
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:F7B65412
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:A9662AE0
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5C321E34
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:DD4DD9B9
@Alternate Data Stream - 1030 bytes -> C:\Users\GeorgeS\Documents\MaeKemp Family Trust.eml:OECustomProperty
< End of report >

OTL Extras logfile created on: 12/30/2009 11:06:35 AM - Run 1
OTL by OldTimer - Version 3.1.15.1 Folder = C:\Users\GeorgeS\Desktop\VIRUS SCAN PROCEDURES &PROGRAMS\VIRUS SCAN PROCEDURES &PROGRAMS
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.93 Gb Total Physical Memory | 2.11 Gb Available Physical Memory | 53.66% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 384.86 Gb Total Space | 290.27 Gb Free Space | 75.42% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 546.65 Gb Total Space | 116.33 Gb Free Space | 21.28% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 501.40 Gb Total Space | 68.09 Gb Free Space | 13.58% Space Free | Partition Type: NTFS
Drive I: | 430.11 Gb Total Space | 165.94 Gb Free Space | 38.58% Space Free | Partition Type: NTFS
Drive M: | 952.19 Mb Total Space | 907.42 Mb Free Space | 95.30% Space Free | Partition Type: FAT
Drive N: | 15.05 Gb Total Space | 0.99 Gb Free Space | 6.58% Space Free | Partition Type: FAT32

Computer Name: VISTA64MAIN
Current User Name: GeorgeS
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.js[@ = JSFile] -- C:\Windows\SysWOW64\cscript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysWOW64\cscript.exe (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysWOW64\cscript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysWOW64\cscript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysWOW64\cscript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\SysWOW64\cscript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWOW64\cscript.exe (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWOW64\cscript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWOW64\cscript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWOW64\cscript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\MOZILLA FIREFOX 3.5.5\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SystemRoot%\hh.exe" %1 File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
chm.file [open] -- "%SystemRoot%\hh.exe" %1
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = C2 FE 8D 6A DC 5B C8 01 [binary data]
"VistaSp2" = 52 3D 1A B2 97 ED C9 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{20AEAF1E-5138-46CA-BFEE-3AA1CD74E293}" = rport=445 | protocol=6 | dir=out | app=system |
"{46BA4EC0-ED9B-4594-9A7D-5F99030CABFA}" = lport=138 | protocol=17 | dir=in | app=system |
"{4BC04FB3-0E17-4213-8D61-3D11892B8C52}" = lport=445 | protocol=6 | dir=in | app=system |
"{5F5F7C31-4064-4C8A-8302-FBDB4E98ED05}" = lport=139 | protocol=6 | dir=in | app=system |
"{73C912E2-C2CB-4F01-98B1-AE5BAE634996}" = lport=137 | protocol=17 | dir=in | app=system |
"{94AE8A2B-1246-4FCC-A902-9339E59D05D0}" = lport=1434 | protocol=17 | dir=in | name=microsoft sql (udp) |
"{9E0E097B-6C9D-49B8-8E49-1143F9F956AA}" = lport=1433 | protocol=6 | dir=in | name=microsoft sql (tcp) |
"{A750D4C8-825A-4B4E-A651-D7AD0F304761}" = rport=137 | protocol=17 | dir=out | app=system |
"{A7EADFF0-8CC0-4213-8EA7-B880F466E229}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A89D6F5A-7C5A-4CA5-AD2D-D2668E93BB2D}" = rport=138 | protocol=17 | dir=out | app=system |
"{B361E225-5BEF-4E6C-B66C-B5E0709A2C6A}" = rport=139 | protocol=6 | dir=out | app=system |
"{C7EF6A39-7B90-4FCA-8096-605FC5A4F54D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{EB5E41BD-9E6F-4B7D-8A81-CF194CAA235F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{013AE79E-F5A5-46F7-B105-3B292FDADDDB}" = protocol=17 | dir=in | app=c:\program files (x86)\snapstream media\beyond tv\btvplaybackengine.exe |
"{0D004E2B-1DFE-42DC-9E10-A4B342CCC188}" = protocol=17 | dir=in | app=c:\program files (x86)\snapstream media\beyond tv\btvd3dshell.exe |
"{10D2D40C-501C-41F6-85CB-680A0424D130}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{12537321-EA3F-49E5-BE95-834DC69AE9DE}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{129A9E70-6B2A-45EC-88F3-117E10DF3D80}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
"{13437EBC-77EE-4927-A4AC-8D2646D7F25D}" = protocol=6 | dir=in | app=c:\program files\silicondust\hdhomerun\hdhomerun_config_gui.exe |
"{14EA3654-7D41-493E-85FF-C1DDB42A070C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
"{15FF7D6A-C842-44D9-BA03-56FB1E0FCDCB}" = protocol=17 | dir=in | app=c:\program files (x86)\arcsoft\totalmedia 3.5\totalmedia.exe |
"{179E9BAB-AF45-4D9D-8340-C128BCD84784}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{1C3036D0-4BCA-4D49-A023-58EDF04FD388}" = protocol=6 | dir=in | app=c:\users\georges\appdata\roaming\mjusbsp\magicjack.exe |
"{205F58C0-23AC-41C7-ACB0-48C42561185A}" = protocol=17 | dir=in | app=c:\program files\silicondust\hdhomerun\hdhomerun_setup.exe |
"{2F159C3D-A630-41FC-B230-2FB0D58884FF}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2F9D8A95-C9D6-404B-90CF-90BECEF3A103}" = protocol=17 | dir=in | app=c:\program files\silicondust\hdhomerun\hdhomerun_setup.exe |
"{3348DDE7-EF27-4D49-BE09-D09899B018D0}" = protocol=17 | dir=in | app=c:\users\georges\appdata\roaming\mjusbsp\magicjack.exe |
"{39A203BE-ABE3-43E1-B476-CA102DD01E4F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
"{3CCCCC12-D14F-4BE7-A272-7E17F8A75BE1}" = protocol=6 | dir=in | app=c:\program files\silicondust\hdhomerun\hdhomerun_setup.exe |
"{3E4E48FD-2FDA-4A2D-85D3-8607463F4E4C}" = protocol=17 | dir=in | app=c:\windows\ehome\ehrecvr.exe |
"{41D52F85-4DC3-4FF9-A3AE-669EA786F608}" = protocol=17 | dir=in | app=c:\windows\ehome\ehrecvr.exe |
"{46FA0338-34E0-464E-BD70-35BF9F4DCEA8}" = protocol=6 | dir=in | app=c:\program files (x86)\snapstream media\beyond tv\setupwizard.exe |
"{4EC34D3F-CF01-4C2D-A203-A715DAAA1FE6}" = protocol=6 | dir=in | app=c:\program files (x86)\snapstream media\beyond tv\btvrecordingengine.exe |
"{529309AF-A74D-4334-AF6C-8AEB821FCB33}" = protocol=17 | dir=in | app=c:\program files\silicondust\hdhomerun\hdhomerun_config_gui.exe |
"{5C08E5F7-2DA6-4679-9B60-9A239CF46F39}" = protocol=6 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{63E2CACF-B24F-4D9B-B2DD-6279E15361F7}" = protocol=6 | dir=in | app=c:\program files (x86)\snapstream media\beyond tv\btvplaybackengine.exe |
"{63F8C9BA-501C-4072-A5AD-584BD00EC245}" = protocol=17 | dir=in | app=c:\program files (x86)\snapstream media\beyond tv\btvnetworkservice.exe |
"{663BFE17-9557-44FE-BAB0-ACEE2C2B48F2}" = protocol=17 | dir=in | app=c:\users\georges\appdata\roaming\mjusbsp\magicjack.exe |
"{70816FE0-7036-4C2C-ABDD-373BB29BC203}" = protocol=17 | dir=in | app=c:\program files (x86)\snapstream media\beyond tv\setupwizard.exe |
"{75A8D1E9-C85C-4696-8869-628FD3A078B7}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
"{786427BC-D445-43C0-870D-1B46F8EA590D}" = protocol=6 | dir=in | app=c:\program files\silicondust\hdhomerun\hdhomerun_config_gui.exe |
"{7998FE44-3CE1-42ED-A8A1-750A73A5EB29}" = protocol=17 | dir=in | app=c:\program files\silicondust\hdhomerun\hdhomerun_quicktv.exe |
"{7AFB2A45-0150-4B9E-AF46-F45C207FE275}" = protocol=17 | dir=in | app=c:\program files (x86)\snapstream media\beyond tv\btvtaskmanagerservice.exe |
"{8109A92C-4E06-4B77-A136-FF62987E0961}" = protocol=6 | dir=in | app=c:\program files (x86)\snapstream media\beyond tv\btvnetworkservice.exe |
"{85464C12-977D-4EBB-9923-F1CB70E1D34F}" = protocol=17 | dir=in | app=c:\program files\silicondust\hdhomerun\hdhomerun_config.exe |
"{886646EC-C4C9-4598-A412-29DEBC056539}" = protocol=6 | dir=in | app=c:\program files (x86)\snapstream media\beyond tv\btvsettingsservice.exe |
"{88F7B695-BEAE-4CAB-B7F3-A8049B9B2FB2}" = protocol=6 | dir=in | app=c:\program files\silicondust\hdhomerun\hdhomerun_manager.exe |
"{89CE78BD-2877-4AA6-85A8-7825229268D2}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
"{8E159FF9-26CE-4E8F-BD90-386880AD685C}" = protocol=6 | dir=in | app=c:\program files (x86)\snapstream media\beyond tv\btvd3dshell.exe |
"{8E64FED1-80AF-4D47-8F26-F28A083B2ADD}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{92086ADD-DC78-441E-8FDA-5AC9E47D2FB4}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{9233E01E-DBE9-4FEB-B2D8-126A46343FAD}" = protocol=17 | dir=in | app=c:\program files (x86)\snapstream media\beyond tv\btvregistrationservice.exe |
"{94F107E7-E57E-4063-84C3-C6BE5FF9ED97}" = protocol=6 | dir=in | app=c:\program files (x86)\snapstream media\beyond tv\btvregistrationservice.exe |
"{9EF04F70-5B6E-4403-AC05-0F68BB7DC394}" = protocol=6 | dir=in | app=c:\windows\ehome\ehrecvr.exe |
"{9FC20BE1-74F3-42D8-915A-D70391D38EEF}" = protocol=6 | dir=in | app=c:\users\georges\appdata\roaming\mjusbsp\magicjack.exe |
"{A16E5151-CEB1-462C-A968-582A93BFF9DF}" = protocol=6 | dir=in | app=c:\program files (x86)\snapstream media\beyond tv\btvguidedataloader.exe |
"{A8F747DB-5B90-43BE-8814-7612D14F1767}" = protocol=17 | dir=in | app=c:\program files\silicondust\hdhomerun\hdhomerun_config_gui.exe |
"{A95D188A-5BB0-4A16-9451-632273BC99E8}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
"{B273DA9F-B980-49FD-A9DC-CC5AAA180361}" = protocol=17 | dir=in | app=c:\program files (x86)\snapstream media\beyond tv\btvsettingsservice.exe |
"{B3F00452-5061-47F4-8812-2B8A06488CA9}" = protocol=6 | dir=in | app=c:\program files\silicondust\hdhomerun\hdhomerun_quicktv.exe |
"{B52A2122-7FEB-4DBB-9CB7-4B207541BF0C}" = protocol=17 | dir=in | app=c:\program files (x86)\snapstream media\beyond tv\btvguidedataloader.exe |
"{B6480EB2-AB5E-4EC1-83C9-02692BFA3745}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{B67E1505-C9A0-4621-8D14-E269B3CFA75E}" = protocol=6 | dir=in | app=c:\windows\ehome\ehrecvr.exe |
"{BF425E65-ADA5-4D74-BDD5-465524E7614A}" = protocol=6 | dir=in | app=c:\program files\silicondust\hdhomerun\hdhomerun_setup.exe |
"{C12CF7BB-5178-4E8B-8615-6EF64BBE5DEE}" = protocol=6 | dir=in | app=c:\program files (x86)\snapstream media\beyond tv\btvtaskmanagerservice.exe |
"{C67434EE-0F61-483B-AF13-782C9C9C6A0A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{DA7B9107-78DB-43A2-9512-497C0E6BA3F6}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{EBA74398-6ED8-411E-9027-05DE28B9F37E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
"{ECD74973-15D4-4B44-B7FF-C0EA36443AF6}" = protocol=6 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{EFDDB367-A046-4DC0-85CD-F1EC8F855017}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{F0407F16-AD73-4D06-B1D8-B42EF8CBECBD}" = protocol=6 | dir=in | app=c:\program files\silicondust\hdhomerun\hdhomerun_config.exe |
"{F09E623B-FD4E-4DD1-AE97-23C577E7B655}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
"{F19D8D39-F723-4F66-8C4A-D031CE2BA96F}" = protocol=17 | dir=in | app=c:\program files (x86)\snapstream media\beyond tv\btvrecordingengine.exe |
"{F48F550D-9B8C-4C98-883B-71694E9F48F5}" = protocol=6 | dir=in | app=c:\program files (x86)\arcsoft\totalmedia 3.5\totalmedia.exe |
"{FB7531C7-A7AB-447B-BE0B-0A21CBE99E94}" = protocol=17 | dir=in | app=c:\program files\silicondust\hdhomerun\hdhomerun_manager.exe |
"{FD19431F-1615-44AD-94D9-56A22B1340AD}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"TCP Query User{1009FB8E-AB68-4A72-ADCF-05458B7E207C}C:1\program files\ea games\battlefield 2\bf2.exe" = protocol=6 | dir=in | app=c:1\program files\ea games\battlefield 2\bf2.exe |
"TCP Query User{1CEA4E0E-7938-47D1-AF19-3D45D6DE1EAA}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"TCP Query User{45680FE5-609D-4DC1-8E53-F479F2B638DB}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{7FAFEE55-D35E-474D-AFAE-7FFA32C046A6}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{E94A7F24-5B48-4DF2-B61B-B2CD3ACB9677}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"UDP Query User{12C1D6FC-A3E3-4E2C-8AEA-7EC41620D4FA}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"UDP Query User{6FCF2AEE-85F0-4EB5-B382-A4797E4C8796}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{EBA991FA-846C-4594-99D7-417952DEA9E7}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{EEC78644-7A51-4272-8439-D10667A41B71}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"UDP Query User{F3B18779-6B47-41FB-BFC5-EBA0E1B0D3D4}C:1\program files\ea games\battlefield 2\bf2.exe" = protocol=17 | dir=in | app=c:1\program files\ea games\battlefield 2\bf2.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0EC06B0E-9063-4F00-909D-5ACE78D798D6}" = HDHomeRun
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX850_series" = Canon MX850 series
"{365C5A10-6561-454F-B975-56EA878D0A06}" = Microsoft Network Monitor 3.3
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3E061CBA-1DBB-45DD-8873-D100072ADCAD}" = Microsoft LifeCam
"{6ACE7F46-FACE-4125-AE86-672F4F2A6A28}" = Bing Maps 3D
"{79BF7CB8-1E09-489F-9547-DB3EE8EA3F16}" = Microsoft SQL Server Native Client
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{86177DAE-38B1-49DD-912E-35CB703AB779}" = Microsoft SQL Server VSS Writer
"{8F30C4EE-6488-4979-810F-B8E5D7A8DDC3}" = Microsoft IntelliType Pro 6.3
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
"{A9D6787F-24E2-4A08-8CF9-7950D384CCE4}" = Microsoft Network Monitor: Microsoft Parsers 3.3
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2BA75B3-526D-45F1-8944-450C1259022E}" = PDFill PDF Editor with FREE PDF Writer and Tools
"{E06F2502-A5E7-4F3A-945C-94607B67F301}" = Microsoft IntelliPoint 6.3
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NVIDIA Drivers" = NVIDIA Drivers
"UltSounds" = Windows Sound Schemes
"UltSounds2" = Ultimate Extras sounds from Microsoft® Tinker™
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{53A908D4-99C6-469B-BC13-F4189F260742}" = Corel Painter Essentials 4
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{07A8ED9E-B98E-437F-B750-241B412BE924}" = Garmin USB Drivers
"{08E16CBF-7029-4881-83DF-D0B3A63030B4}" = WOT for Internet Explorer
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.5.3
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 13
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2EB3B0AB-4FEB-4548-B7E7-7A0E73F69125}" = CrazyTalk v5.1 PRO Trial
"{326957C7-83FD-4550-A59A-849B7B4297DE}" = Microsoft Easy Assist v2
"{32E50C3F-46FB-4827-9BC3-0429860F5288}_is1" = ALLCapture 2.0 Trial
"{353D20CC-719B-4A60-AD33-D03F88C10330}" = Microsoft Office Accounting PayPal Addin
"{3FCAADB8-EB1B-11D6-AB2D-0090271A23A2}" = Sound Blaster Live!
"{46614A49-222A-48EF-87A9-BFD603E608E1}" = Microsoft Office Accounting Fixed Asset Manager
"{47AA42FD-0450-4CB4-ADAF-B6E770AA7B2F}" = Sony Media Manager 2.2
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{53A908D4-99C6-469B-BC13-F4189F260742}" = Corel Painter Essentials 4
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{5D7564B5-864C-4967-858D-8030E45A6C69}" = iHateSpam
"{5FA793A6-0071-42C1-9355-8F69A428C44F}" = Microsoft Office Accounting ADP Payroll Addin
"{63C98752-1B7D-4C8F-8C70-0B0A29D5ECBF}" = ArcSoft MediaConverter 2.5
"{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7078C6C2-F5A5-4A5F-86A8-CD1301CA07DF}" = Mobipocket Reader 6.1
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74335A80-207A-4112-A08F-CEB1DC229450}" = KENWOOD Music Editor
"{7694E0B1-2332-448B-9235-929F84B41E3F}" = Active@ ISO Burner
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{812ADE19-8FAB-4DDB-907F-DDAADE876655}" = ArcSoft TotalMedia 3.5
"{830D40F7-7092-4418-BE17-F7F7899F2B41}" = e-Sword
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C711818-076E-475C-B95B-DF11CD9D8DBE}" = Microsoft Office Accounting Equifax Addin
"{8D8024F1-2945-49A5-9B78-5AB7B11D7942}_is1" = Auslogics Registry Cleaner
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ULTIMATER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_VISPROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ULTIMATER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_VISPROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ULTIMATER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_VISPROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ULTIMATER_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_VISPROR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ULTIMATER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_VISPROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
"{90120000-0054-0409-0000-0000000FF1CE}_VISPROR_{519D9F45-CBF4-4E57-B419-11F196CCA8AE}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ULTIMATER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_VISPROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ULTIMATER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_VISPROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ULTIMATER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_VISPROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{91120000-0051-0000-0000-0000000FF1CE}_VISPROR_{0FD405D3-CAF8-4CA6-8BFD-911D2F8A6585}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{91120000-0051-0000-0000-0000000FF1CE}_VISPROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E321DCB-3AC5-466C-B214-4CD340EE3A13}" = Rio Music Manager
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A321A581-322B-4AF0-B7BB-5E62297DC981}" = Tweak PDF Converter
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A6E71574-2126-4E95-816E-32B2411C94BA}" = Ulead MediaStudio Pro 8.0
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{B0717D5A-1976-482B-9ADF-F19631A541A4}" = Microsoft Office Accounting 2007
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C084BC61-E537-11DE-8616-005056806466}" = Google Earth
"{C29B13CC-F0C5-4973-8980-2BCDC7C44E39}" = Beyond TV DVD Burning Foundation
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}" = Presto! PageManager 7.15.20
"{DD1865F0-AD73-40FB-B23E-1822E02396FF}" = NVIDIA PhysX
"{E0783143-EAE2-4047-A8D6-E155523C594C}" = Garmin WebUpdater
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E9B64F7A-1CBC-4D04-A71C-3C12B2BD049A}_is1" = Free CD to WAV MP3 WMA AMR AC3 AAC Ripper 3.5
"{EC6BAAC5-F5E0-48D4-B4B6-7C654DD54086}" = Sony Vegas 7.0
"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
"{F6970FBD-809A-4C51-BAB3-D94A04C6C8E7}" = Garmin Communicator Plugin
"{FE893E2C-11B4-47CB-88F6-6647D90C6A13}" = ScanSoft OmniPage SE 4
"1-Click YouTube Downloader_is1" = 1-Click YouTube Downloader 3.5
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"a-squared Free_is1" = a-squared Free 4.5
"AudioConSole" = Creative Audio Console
"AVCWare Video Converter" = AVCWare Video Converter
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BitZipper_is1" = BitZipper 5.1
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"Canon MX850 series User Registration" = Canon MX850 series User Registration
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CaptureWiz" = CaptureWizPro 3.B0
"CCleaner" = CCleaner
"Citrix ICA Web Client" = Citrix ICA Web Client
"Cole2k Media - Codec Pack" = Cole2k Media - Codec Pack (Advanced) 7.4.0
"Color Efex Pro 3.0 Wacom Edition 3" = Color Efex Pro 3.0 Wacom Edition 3
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"Early Church Fathers 200803.19.08" = Early Church Fathers 2008
"Easy CD-DA Extractor 12" = Easy CD-DA Extractor 12
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ERUNT_is1" = ERUNT 1.1j
"ffdshow_is1" = ffdshow [rev 1723] [2007-12-24]
"Flash Favorite_is1" = Flash Favorite 1.8
"FlashWorks_is1" = FlashWorks
"FormatFactory" = FormatFactory 1.80
"Foxit PDF Editor" = Foxit PDF Editor
"Foxit Reader" = Foxit Reader
"Free FLV Converter_is1" = Free FLV Converter V 6.5
"GetFLV Pro 8.8.64_is1" = GetFLV Pro
"GOM Player" = GOM Player
"GPL Ghostscript 8.63" = GPL Ghostscript 8.63
"HijackThis" = HijackThis 2.0.2
"Index.dat Analyzer_is1" = Index.dat Analyzer v2.0
"InstallShield_{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"JBidwatcher_0" = JBidwatcher 2
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft Office Accounting 2007" = Microsoft Office Accounting 2007
"Microsoft Office Accounting Equifax Addin" = Microsoft Office Accounting Equifax Addin
"Microsoft Office Accounting PayPal Addin" = Microsoft Office Accounting PayPal Addin
"Mozilla Firefox (3.5.3)" = Mozilla Firefox (3.5.3)
"Mozilla Firefox (3.5.6)" = Mozilla Firefox (3.5.6)
"MP Navigator EX 1.1" = Canon MP Navigator EX 1.1
"Notepad++" = Notepad++
"OpenAL" = OpenAL
"PC Study Bible 3.1" = PC Study Bible 3.1
"Pen Tablet Driver" = Pen Tablet
"PitchPerfect" = PitchPerfect Musical Instrument Tuner
"PowerISO" = PowerISO
"Quis? Lite_is1" = Quis? Lite v1.1.1
"Replay Media Catcher 3.01" = Replay Media Catcher 3.01
"Revo Uninstaller" = Revo Uninstaller 1.85
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.0
"SpeedTestPro_is1" = Absolute Futurity SpeedTestPro Ver 1.0.71
"SpywareBlaster_is1" = SpywareBlaster 4.2
"TekniaGreek" = TekniaGreek
"ToolBox" = NCH Toolbox
"ULTIMATER" = Microsoft Office Ultimate 2007
"UltraISO_is1" = UltraISO Premium V9.33
"VISPROR" = Microsoft Office Visio Professional 2007
"VLC media player" = VideoLAN VLC media player 0.8.6h
"Webcam Watchdog" = Webcam Watchdog
"WinPatrol" = WinPatrol 2009
"WinPcapInst" = WinPcap 4.1.1
"Wireshark" = Wireshark 1.2.4
"Wisdom-soft ScreenHunter 5.1 Free" = Wisdom-soft ScreenHunter 5.1 Free
"Wisdom-soft Toolbar" = Wisdom-soft Toolbar
"Xilisoft Video Converter Platinum" = Xilisoft Video Converter Platinum

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"QUICKMEDIACONVERTER" = Player

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >


When I ran the OTL program, I received an error message "There is no disk in the drive. Please insert a disk into drive Device\Harddisk3\DR3 Cancel Ignore or Continue. I choose Ignore. I don't know what the program was telling me to do?

Thanks

#8 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:01:05 PM

Posted 31 December 2009 - 06:27 AM

Hi,

Looks good. How is your system running?


I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#9 Befuddle

Befuddle
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:05 AM

Posted 31 December 2009 - 11:15 PM

I used Avira if that is OK as I was having trouble with Eset



Avira AntiVir Personal
Report file date: Thursday, December 31, 2009 09:34

Scanning for 1475066 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows Vista 64 Bit
Windows version : (Service Pack 2) [6.0.6002]
Boot mode : Normally booted
Username : SYSTEM
Computer name : VISTA64MAIN

Version information:
BUILD.DAT : 9.0.0.403 17961 Bytes 6/3/2009 17:05:00
AVSCAN.EXE : 9.0.3.6 466689 Bytes 6/15/2009 06:38:07
AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/2009 18:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 19:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/2009 18:58:52
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 21:57:45
VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 21:57:45
VBASE002.VDF : 7.10.1.1 2048 Bytes 11/19/2009 21:57:45
VBASE003.VDF : 7.10.1.2 2048 Bytes 11/19/2009 21:57:46
VBASE004.VDF : 7.10.1.3 2048 Bytes 11/19/2009 21:57:46
VBASE005.VDF : 7.10.1.4 2048 Bytes 11/19/2009 21:57:46
VBASE006.VDF : 7.10.1.5 2048 Bytes 11/19/2009 21:57:46
VBASE007.VDF : 7.10.1.6 2048 Bytes 11/19/2009 21:57:46
VBASE008.VDF : 7.10.1.7 2048 Bytes 11/19/2009 21:57:46
VBASE009.VDF : 7.10.1.8 2048 Bytes 11/19/2009 21:57:46
VBASE010.VDF : 7.10.1.9 2048 Bytes 11/19/2009 21:57:46
VBASE011.VDF : 7.10.1.10 2048 Bytes 11/19/2009 21:57:46
VBASE012.VDF : 7.10.1.11 2048 Bytes 11/19/2009 21:57:46
VBASE013.VDF : 7.10.1.79 209920 Bytes 11/25/2009 00:41:53
VBASE014.VDF : 7.10.1.128 197632 Bytes 11/30/2009 00:41:51
VBASE015.VDF : 7.10.1.178 195584 Bytes 12/7/2009 01:21:21
VBASE016.VDF : 7.10.1.224 183296 Bytes 12/14/2009 05:09:41
VBASE017.VDF : 7.10.1.247 182272 Bytes 12/15/2009 05:09:41
VBASE018.VDF : 7.10.2.30 198144 Bytes 12/21/2009 22:29:36
VBASE019.VDF : 7.10.2.31 2048 Bytes 12/21/2009 22:29:36
VBASE020.VDF : 7.10.2.32 2048 Bytes 12/21/2009 22:29:36
VBASE021.VDF : 7.10.2.33 2048 Bytes 12/21/2009 22:29:37
VBASE022.VDF : 7.10.2.34 2048 Bytes 12/21/2009 22:29:37
VBASE023.VDF : 7.10.2.35 2048 Bytes 12/21/2009 22:29:37
VBASE024.VDF : 7.10.2.36 2048 Bytes 12/21/2009 22:29:37
VBASE025.VDF : 7.10.2.37 2048 Bytes 12/21/2009 22:29:37
VBASE026.VDF : 7.10.2.38 2048 Bytes 12/21/2009 22:29:38
VBASE027.VDF : 7.10.2.39 2048 Bytes 12/21/2009 22:29:38
VBASE028.VDF : 7.10.2.40 2048 Bytes 12/21/2009 22:29:38
VBASE029.VDF : 7.10.2.41 2048 Bytes 12/21/2009 22:29:38
VBASE030.VDF : 7.10.2.42 2048 Bytes 12/21/2009 22:29:39
VBASE031.VDF : 7.10.2.61 211968 Bytes 12/25/2009 00:50:05
Engineversion : 8.2.1.122
AEVDF.DLL : 8.1.1.2 106867 Bytes 9/16/2009 04:53:06
AESCRIPT.DLL : 8.1.3.4 586105 Bytes 12/22/2009 22:29:51
AESCN.DLL : 8.1.3.0 127348 Bytes 12/11/2009 01:21:20
AESBX.DLL : 8.1.1.1 246132 Bytes 11/19/2009 21:57:49
AERDL.DLL : 8.1.3.4 479605 Bytes 12/1/2009 00:41:48
AEPACK.DLL : 8.2.0.3 422261 Bytes 11/6/2009 11:38:26
AEOFFICE.DLL : 8.1.0.38 196987 Bytes 6/18/2009 09:57:13
AEHEUR.DLL : 8.1.0.189 2195833 Bytes 12/22/2009 22:29:48
AEHELP.DLL : 8.1.9.0 237943 Bytes 12/18/2009 05:09:42
AEGEN.DLL : 8.1.1.82 369014 Bytes 12/22/2009 22:29:42
AEEMU.DLL : 8.1.1.0 393587 Bytes 10/2/2009 23:58:06
AECORE.DLL : 8.1.9.1 180598 Bytes 12/11/2009 01:21:20
AEBB.DLL : 8.1.0.3 53618 Bytes 10/9/2008 22:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 16:47:59
AVPREF.DLL : 9.0.0.1 43777 Bytes 12/5/2008 18:32:15
AVREP.DLL : 8.0.0.3 155905 Bytes 1/20/2009 22:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/2008 18:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 3/24/2009 23:05:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/2009 18:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/2009 23:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 16:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/2008 18:32:10
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 6/15/2009 06:38:07
RCTEXT.DLL : 9.0.37.0 86785 Bytes 4/17/2009 18:19:48

Configuration settings for the scan:
Jobname.............................: Manual Selection
Configuration file..................: C:\ProgramData\Avira\AntiVir Desktop\PROFILES\folder.avp
Logging.............................: low
Primary action......................: repair
Secondary action....................: delete
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: off
Integrity checking of system files..: on
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: high
Deviating risk categories...........: +APPL,+PCK,+SPR,

Start of the scan: Thursday, December 31, 2009 09:34

Initiating scan of system files:
Signed -> 'C:\Windows\system32\svchost.exe'
Signed -> 'C:\Windows\system32\winlogon.exe'
Signed -> 'C:\Windows\explorer.exe'
Signed -> 'C:\Windows\system32\smss.exe'
Signed -> 'C:\Windows\system32\wininet.DLL'
Signed -> 'C:\Windows\system32\wsock32.DLL'
Signed -> 'C:\Windows\system32\ws2_32.DLL'
Signed -> 'C:\Windows\system32\services.exe'
Signed -> 'C:\Windows\system32\lsass.exe'
Signed -> 'C:\Windows\system32\csrss.exe'
Signed -> 'C:\Windows\system32\drivers\kbdclass.sys'
Signed -> 'C:\Windows\system32\spoolsv.exe'
Signed -> 'C:\Windows\system32\alg.exe'
Signed -> 'C:\Windows\system32\wuauclt.exe'
Signed -> 'C:\Windows\system32\advapi32.DLL'
Signed -> 'C:\Windows\system32\user32.DLL'
Signed -> 'C:\Windows\system32\gdi32.DLL'
Signed -> 'C:\Windows\system32\kernel32.DLL'
Signed -> 'C:\Windows\system32\ntdll.DLL'
Signed -> 'C:\Windows\system32\ntoskrnl.exe'
Signed -> 'C:\Windows\system32\ctfmon.exe'
The system files were scanned ('21' files)

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'a2free.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '0' Module(s) have been scanned
Scan process 'wmplayer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'NetTools.exe' - '1' Module(s) have been scanned
Scan process 'ScreenHunter.exe' - '1' Module(s) have been scanned
Scan process 'procexp64.exe' - '0' Module(s) have been scanned
Scan process 'SUPERANTISPYWARE.EXE' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '0' Module(s) have been scanned
Scan process 'InputPersonalization.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'ehrecvr.exe' - '0' Module(s) have been scanned
Scan process 'ehsched.exe' - '0' Module(s) have been scanned
Scan process 'WrtProc.exe' - '1' Module(s) have been scanned
Scan process 'ehmsas.exe' - '0' Module(s) have been scanned
Scan process 'CtHelper.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'WinPatrol.exe' - '1' Module(s) have been scanned
Scan process 'ehtray.exe' - '0' Module(s) have been scanned
Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
Scan process 'sidebar.exe' - '0' Module(s) have been scanned
Scan process 'ipoint.exe' - '0' Module(s) have been scanned
Scan process 'itype.exe' - '0' Module(s) have been scanned
Scan process 'sttray64.exe' - '0' Module(s) have been scanned
Scan process 'BJMYPRT.EXE' - '0' Module(s) have been scanned
Scan process 'WrtMon.exe' - '1' Module(s) have been scanned
Scan process 'MSASCui.exe' - '0' Module(s) have been scanned
Scan process 'Pen_Tablet.exe' - '0' Module(s) have been scanned
Scan process 'TabTip32.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '0' Module(s) have been scanned
Scan process 'TabTip.exe' - '0' Module(s) have been scanned
Scan process 'wisptis.exe' - '0' Module(s) have been scanned
Scan process 'taskeng.exe' - '0' Module(s) have been scanned
Scan process 'dwm.exe' - '0' Module(s) have been scanned
Scan process 'WUDFHost.exe' - '0' Module(s) have been scanned
Scan process 'SDWinSec.exe' - '1' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'Pen_Tablet.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'stacsv64.exe' - '0' Module(s) have been scanned
Scan process 'sqlwriter.exe' - '0' Module(s) have been scanned
Scan process 'PSIService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'GoogleUpdate.exe' - '1' Module(s) have been scanned
Scan process 'sqlservr.exe' - '1' Module(s) have been scanned
Scan process 'MSCamS64.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'PhotoshopElementsFileAgent.exe' - '1' Module(s) have been scanned
Scan process 'ACService.exe' - '1' Module(s) have been scanned
Scan process 'a2service.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '0' Module(s) have been scanned
Scan process 'TabTip.exe' - '0' Module(s) have been scanned
Scan process 'wisptis.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'nvvsvc.exe' - '0' Module(s) have been scanned
Scan process 'SLsvc.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'audiodg.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'nvvsvc.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'winlogon.exe' - '0' Module(s) have been scanned
Scan process 'lsm.exe' - '0' Module(s) have been scanned
Scan process 'lsass.exe' - '0' Module(s) have been scanned
Scan process 'services.exe' - '0' Module(s) have been scanned
Scan process 'csrss.exe' - '0' Module(s) have been scanned
Scan process 'wininit.exe' - '0' Module(s) have been scanned
Scan process 'csrss.exe' - '0' Module(s) have been scanned
Scan process 'smss.exe' - '0' Module(s) have been scanned
25 processes with 25 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!
Master boot sector HD3
[INFO] No virus was found!
[INFO] Please restart the search with Administrator rights
Master boot sector HD4
[INFO] No virus was found!
[INFO] Please restart the search with Administrator rights
Master boot sector HD5
[INFO] No virus was found!
[INFO] Please restart the search with Administrator rights
Master boot sector HD6
[INFO] No virus was found!
Master boot sector HD7
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '36' files ).


Starting the file scan:

Begin scan in 'C:\' <VISTA 64 MAIN DISK 1>
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\Windows\System32\drivers\sptd.sys
[WARNING] The file could not be opened!


End of the scan: Thursday, December 31, 2009 10:15
Used time: 40:56 Minute(s)

The scan has been done completely.

34238 Scanned directories
466972 Files were scanned
0 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
2 Files cannot be scanned
466970 Files not concerned
3566 Archives were scanned
2 Warnings
1 Notes


So hmm I was wondering if it could be something like Conflicker where it hides from most scanning software. Can someone put software on my computer and access the computer remotely without the scanning software detecting it or put software that can change security policies or permissions?
I notice when I start firefox, I get a lot of schost.exe files and when I click on processes I notice different number of SID with ? Why is it when, and this is getting way over my head, that when I log into the internet, I have a09-17-148-58.deploy.AKAMAITECHNOLOGIES.COM Cambridge, MA 02142 logged on and connected to me on ports 3116, 3130, 3133, 3134, 3138, 3139? When I look at the TCP/IP under process and highlight them under Security I have Mandatory Full Control for: Everyone, Local, Interactive and SID s-5-5-0-77779 as groups even though that SID is not in my registry . When I snoop further, all those lines in TCPviewer suddenly flash red and disappear from TCP viewer and my normal connections to comcast are left? Am I being to paranoid? Why are they connecting to me? Could there be remote access software or software that could change the policies and permissions without being detected similar to Conflicker or is question for another forum?

Thanks :(

#10 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:01:05 PM

Posted 01 January 2010 - 07:24 AM

Hi,

Everything what I can see looks clean. Remote software should be visible in the logs.

Do you use a router or a modem?

Edited by schrauber, 01 January 2010 - 07:24 AM.

regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#11 Befuddle

Befuddle
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:05 AM

Posted 01 January 2010 - 11:46 AM

Yes I have Buffalo wireless router with WPA encryption. However I am concern with ADS streams that Hijack picked up when I ran a scan. Can you run HIJACK THIS on 64 bit system because I get file missing in a lot of areas? Are the ADS streams in the report above OK?


@Alternate Data Stream - 736 bytes -> C:\Users\GeorgeS\Documents\wachovia ann miller.eml:OECustomProperty
@Alternate Data Stream - 732 bytes -> C:\Users\GeorgeS\Documents\justin martyr doctrine of early church.eml:OECustomProperty
@Alternate Data Stream - 726 bytes -> C:\Users\GeorgeS\Documents\Mae Kemp Family Trust.eml:OECustomProperty
@Alternate Data Stream - 670 bytes -> C:\Users\GeorgeS\Documents\'Le Protecteur'.eml:OECustomProperty
@Alternate Data Stream - 64 bytes -> C:\Users\GeorgeS\Desktop\HAUTNER.avi:TOC.WMV
@Alternate Data Stream - 594 bytes -> C:\Users\GeorgeS\Documents\wachovia.eml:OECustomProperty
@Alternate Data Stream - 594 bytes -> C:\Users\GeorgeS\Documents\ftc spam button.eml:OECustomProperty
@Alternate Data Stream - 574 bytes -> C:\Users\GeorgeS\Documents\negative news.eml:OECustomProperty
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:F7B65412
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:A9662AE0
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5C321E34
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:DD4DD9B9
@Alternate Data Stream - 1030 bytes -> C:\Users\GeorgeS\Documents\MaeKemp Family Trust.eml:OECustomProperty
< End of report >

Hijack This Report Startup list reports errors in the following attach document. I still have access denied on changing UAC

The other screen attachments on screen captures on netstart showing connections in the higher port range

Thanks for all your part! :(

Attached Files



#12 Befuddle

Befuddle
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:05 AM

Posted 01 January 2010 - 12:09 PM

OTHER SCREEN SHOTS THAT ARE ACCESSING HIGHER END PORTS THAT ARE USUALLY RESERVE FOR TROJAN, HIJACK ETC CONNECTIONS. A SCAN ON ONE OF THE CONNECTION PORT 80 AND PORT 443 SHOW TROJANS SPYWARE ETC ON THE SERVERS. I KNOW THAT SOME APACHE SERVERS ARE INFECTED WITH THE SLASSER WORM. I exceeded my upload limit so I have to insert images. :(

Visit My Website
http://i912.photobucket.com/albums/ac327/A...onnections4.jpg

Thanks

Edited by Befuddle, 01 January 2010 - 12:10 PM.


#13 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:01:05 PM

Posted 02 January 2010 - 01:23 AM

We can take out those ADS streams, no problem. But I cannot follow you with your explanation and your pictures, sorry :(

Edited by schrauber, 02 January 2010 - 01:23 AM.

regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#14 Befuddle

Befuddle
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:05 AM

Posted 02 January 2010 - 08:39 PM

Question 1. On the Hijack This 'Startup List' why are there so many items that show "Not Found" "No File"

Question 2. The screenshots taken running netstat -an after bootup showing foreign IP's establishing connections to my computer through various ports and linking to various scvhost.exe processes. The question I have is why are IP's connections being established on port on the higher range ports when other security sites states that connections to ports in the higher range should be suspect for backdoor trojans. I don't know if this is the proper forum for these type of connections but I am concern that someone has remote access or my machine is a zombie for some other site? When I first startup, the only process that should be established are those in the startup list so why are there other established connections?

Question 3. When I trace established connections to the process on one of the svchost.exe listed inn process explorer, I click on security and view the tcp/ip connections. I then click the permissions tab which brings up the groups that have access to that process. There is a SID(...) that has a ? on it which is not in my windows registry, everyone group, interactive group, and group called PA. All these groups and the users in these groups have mandatory full access rights to my system. Are these valid groups which should have full access and mandatory control? If so why are they not listed as a group in the accounts section of adminstrative control panel?

Question 4. My User Account Control is disabled and when I tried to enable it, I get the message "Access Denied". When I tried to disable or stop a remote access service, I get "Access Denied" even though I have Full Administrative Rights. Something is preventing me from taking control of these functions?

Maybe this is something I should take to Microsoft for resolution?

Thanks for sharing any light on this!
Happy New Year

#15 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:01:05 PM

Posted 03 January 2010 - 11:37 AM

On the Hijack This 'Startup List' why are there so many items that show "Not Found" "No File"


I do not see any signs of this in your logfiles, but I know that Hijackthis is a bit buggy in some things, specially with 64bit systems.

And for the rest of your questions:

Sorry but I am not so familiar with those things. The only thing I can say is that your logfiles looking clean, no malware, no rootkits.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users