Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

redirect problem


  • This topic is locked This topic is locked
56 replies to this topic

#1 coffeeblack

coffeeblack

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:01:32 PM

Posted 08 July 2012 - 02:20 PM

I have the same problem as a recent poster on these forums, so I will quote him:

"When I am online I constantly get redirected regardless of the website or browser I am using. Also I get popups in the lower right corner of the screen. Most are from ilivid - they have two buttons that say download and play. The rest are just like little popup ads. I have run malwarebytes and tdss killer with no result."

Would someone be willing to help me figure this out?

Thanks in advance.

BC AdBot (Login to Remove)

 


#2 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:32 PM

Posted 08 July 2012 - 04:58 PM

Hello and welcome. Please follow these guidelines while we work on your PC:
  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.” Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.
Posted Image Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in:
    netsvcs
  • Click the Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and paste them into your next post.
Posted Image Download aswMBR.exe to your desktop.
  • Double click the aswMBR.exe to run it
  • You will be asked if you want to use Avast! Free anti virus for scanning - select No
  • Click the "Scan" button to start scan
  • On completion of the scan click save log, save it to your desktop and post in your next reply.
Please include the following in your next post:
  • OTL.txt and Extras.txt logs
  • aswMBR log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#3 coffeeblack

coffeeblack
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:01:32 PM

Posted 09 July 2012 - 12:59 PM

RPMcMurphy,

Thank you for your offer to help! I followed your directions and pasted the three logs below. Please know that I really appreciate all of your assistance. The aswMBR scan failed twice, but the third time it finally completed.

OTL.txt log


OTL logfile created on: 7/9/2012 1:18:14 PM - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Admin\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.34 Gb Available Physical Memory | 67.55% Memory free
4.23 Gb Paging File | 3.36 Gb Available in Paging File | 79.57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.06 Gb Total Space | 14.41 Gb Free Space | 5.00% Space Free | Partition Type: NTFS
Drive D: | 10.03 Gb Total Space | 3.01 Gb Free Space | 30.01% Space Free | Partition Type: NTFS

Computer Name: PETER-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/09 13:16:28 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
PRC - [2012/06/27 17:11:10 | 001,090,440 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2012/06/27 17:01:34 | 000,791,488 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
PRC - [2012/06/19 17:32:30 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/05/17 10:34:36 | 001,168,680 | ---- | M] (Starfield Technologies) -- C:\Program Files\Workspace\offSyncService.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/11/10 11:33:08 | 000,605,512 | ---- | M] (WinZip Computing, S.L. (WinZip Computing)) -- C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe
PRC - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/02/18 11:47:12 | 000,079,192 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2010/02/22 05:58:04 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2009/11/03 16:51:42 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/08/16 18:06:02 | 000,141,312 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2006/11/02 05:46:05 | 000,061,440 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %ProgramFiles%\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2012/06/27 17:01:34 | 000,791,488 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2012/06/19 17:32:30 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/06/18 12:50:15 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/06/07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/05/17 10:34:36 | 001,168,680 | ---- | M] (Starfield Technologies) [Auto | Running] -- C:\Program Files\Workspace\offSyncService.exe -- (File Backup)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/11/10 11:33:08 | 000,605,512 | ---- | M] (WinZip Computing, S.L. (WinZip Computing)) [Auto | Running] -- C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe -- (WINZIPSSDiskOptimizer)
SRV - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Boot | Stopped] -- system32\drivers\TfSysMon.sys -- (TFSysMon)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - File not found [Kernel | Boot | Stopped] -- system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | Auto | Stopped] -- system32\drivers\npf.sys -- (NPF)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\mxdyqchp.sys -- (idnkmyhm)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - File not found [Kernel | Auto | Stopped] -- -- (adfs)
DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012/01/12 09:26:20 | 000,101,112 | R--- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2006/11/02 03:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/02 03:30:56 | 000,047,104 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ostpl&s={searchTerms}&f=4
IE - HKLM\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E0 3B 3B E9 12 58 CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\6.0\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {71F77CA1-FF00-458E-B157-F2ABC1C0706C}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=ostpl&s={searchTerms}&f=4
IE - HKCU\..\SearchScopes\{1B977252-65EC-DFCB-E752-794A37822658}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z006&form=ZGAIDF
IE - HKCU\..\SearchScopes\{71F77CA1-FF00-458E-B157-F2ABC1C0706C}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://mail.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.3.3
FF - prefs.js..extensions.enabledItems: {88c7f2aa-f93f-432c-8f0e-b7d85967a527}:3.2.3.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {5051E01D-E8CB-4A46-90FD-8A6F1CD1038E}:1.9.1
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.775: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.775: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.775: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@starfield.com/off: C:\Users\Admin\AppData\Roaming\Mozilla\Plugins\npoff.dll ( Starfield Technologies, LLC.)
FF - HKCU\Software\MozillaPlugins\@starfield.com/wbe: C:\Users\Admin\AppData\Roaming\Mozilla\Plugins\npwbe.dll (Starfield Technology, LLC)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/08/28 18:08:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/18 12:50:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/19 17:14:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{5051E01D-E8CB-4A46-90FD-8A6F1CD1038E}: C:\Users\Admin\AppData\Local\{5051E01D-E8CB-4A46-90FD-8A6F1CD1038E} [2011/07/22 12:59:14 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/18 12:50:17 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/19 17:14:12 | 000,000,000 | ---D | M]

[2010/02/21 01:41:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\Mozilla\Extensions
[2012/07/02 13:48:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3cy828k3.default\extensions
[2010/09/25 08:07:56 | 000,001,919 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3cy828k3.default\searchplugins\bing-zugo.xml
[2012/06/25 12:03:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/06/25 12:03:34 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/02/23 21:37:07 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak
[2012/06/18 12:50:17 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/02/08 21:58:45 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/04/20 21:18:25 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/02/19 11:45:13 | 000,002,048 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrchostpl.xml
[2012/04/20 21:18:25 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/12/16 07:24:56 | 000,001,398 | RHS- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 66.197.194.231 www.google-analytics.com.
O1 - Hosts: 66.197.194.231 ad-emea.doubleclick.net.
O1 - Hosts: 66.197.194.231 www.statcounter.com.
O1 - Hosts: 69.72.252.254 www.google-analytics.com.
O1 - Hosts: 69.72.252.254 ad-emea.doubleclick.net.
O1 - Hosts: 69.72.252.254 www.statcounter.com.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\6.0\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\6.0\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (BitTorrentBar Toolbar) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKCU..\Run: [AdobeBridge] File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O9 - Extra Button: PokerStars.eu - {07BA1DA9-F501-4796-8728-74D1B91A6CD5} - C:\Program Files\PokerStars.EU\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5997C376-5744-4834-871A-E139A6D82E68}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img2.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img2.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004/04/30 20:01:00 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{29d99c43-a9d0-11e1-bc6e-001bb9a023ce}\Shell - "" = AutoRun
O33 - MountPoints2\{29d99c43-a9d0-11e1-bc6e-001bb9a023ce}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O33 - MountPoints2\{4544bb0b-1f05-11df-9d2f-001bb9a023ce}\Shell - "" = AutoRun
O33 - MountPoints2\{4544bb0b-1f05-11df-9d2f-001bb9a023ce}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O33 - MountPoints2\L\Shell - "" = AutoRun
O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/09 12:52:26 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
[2012/07/08 17:31:45 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\RK_Quarantine
[2012/07/04 19:45:15 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\Sarah
[2012/07/04 13:11:24 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\ELMO WHAT MAKES YOU HAPPY
[2012/07/02 13:47:54 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
[2012/07/02 13:47:53 | 000,000,000 | ---D | C] -- C:\Program Files\YouTube Downloader Toolbar
[2012/07/02 13:47:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot
[2012/06/25 12:03:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/06/25 12:03:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/06/25 12:02:54 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2012/06/24 15:33:52 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\Patch
[2012/06/24 14:22:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\4U Download YouTube Video
[2012/06/24 14:22:40 | 000,000,000 | ---D | C] -- C:\Program Files\4U Computing
[2012/06/24 13:10:24 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Youtube Downloader HD
[2012/06/24 13:10:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Youtube Downloader HD
[2012/06/24 13:10:08 | 000,000,000 | ---D | C] -- C:\Program Files\Youtube Downloader HD
[2012/06/19 14:40:50 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\logo trademark registered
[2012/06/15 19:03:44 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\PokerStars.EU
[2012/06/15 19:03:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerStars.EU
[2012/06/15 19:03:08 | 000,000,000 | ---D | C] -- C:\Program Files\PokerStars.EU
[2012/06/13 11:54:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012/06/11 19:38:38 | 000,101,112 | R--- | C] (GFI Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[17 C:\Users\Admin\Desktop\*.tmp files -> C:\Users\Admin\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/09 13:16:28 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
[2012/07/09 13:11:46 | 000,142,336 | ---- | M] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/09 13:02:57 | 000,609,268 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/07/09 13:02:57 | 000,105,808 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/07/09 13:01:46 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/09 13:01:45 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/09 12:46:59 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At72.job
[2012/07/09 11:47:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At70.job
[2012/07/09 10:47:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At68.job
[2012/07/09 09:46:59 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At66.job
[2012/07/09 08:47:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At64.job
[2012/07/09 07:47:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At62.job
[2012/07/09 06:46:59 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At60.job
[2012/07/09 05:47:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At58.job
[2012/07/09 04:47:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At56.job
[2012/07/09 03:46:59 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At54.job
[2012/07/09 02:47:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At52.job
[2012/07/09 01:47:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At50.job
[2012/07/09 00:46:59 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At1.job
[2012/07/08 23:47:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At94.job
[2012/07/08 22:47:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At92.job
[2012/07/08 21:46:59 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At90.job
[2012/07/08 20:47:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At88.job
[2012/07/08 19:47:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At86.job
[2012/07/08 18:46:59 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At84.job
[2012/07/08 17:47:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/08 17:47:27 | 2138,628,096 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/08 16:47:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At80.job
[2012/07/08 16:17:09 | 000,007,497 | ---- | M] () -- C:\Users\Admin\Desktop\mom.jpg
[2012/07/08 15:47:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At78.job
[2012/07/08 14:46:59 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At76.job
[2012/07/08 13:47:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At74.job
[2012/07/07 17:47:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At82.job
[2012/07/07 17:13:17 | 001,292,554 | ---- | M] () -- C:\Users\Admin\Documents\Track 10 - 8.wav
[2012/07/07 17:13:17 | 000,005,104 | ---- | M] () -- C:\Users\Admin\Documents\Track 10 - 8.sfk
[2012/07/07 17:13:02 | 001,600,310 | ---- | M] () -- C:\Users\Admin\Documents\Track 10 - 7.wav
[2012/07/07 17:13:02 | 000,006,312 | ---- | M] () -- C:\Users\Admin\Documents\Track 10 - 7.sfk
[2012/07/07 17:12:23 | 001,512,186 | ---- | M] () -- C:\Users\Admin\Documents\Track 10 - 6.wav
[2012/07/07 17:12:23 | 000,005,968 | ---- | M] () -- C:\Users\Admin\Documents\Track 10 - 6.sfk
[2012/07/07 17:04:19 | 001,269,246 | ---- | M] () -- C:\Users\Admin\Documents\Track 9 - 10.wav
[2012/07/07 17:04:19 | 000,005,016 | ---- | M] () -- C:\Users\Admin\Documents\Track 9 - 10.sfk
[2012/07/06 22:17:15 | 001,865,186 | ---- | M] () -- C:\Users\Admin\Documents\Track 8 - 5.wav
[2012/07/06 22:17:15 | 000,007,344 | ---- | M] () -- C:\Users\Admin\Documents\Track 8 - 5.sfk
[2012/07/06 22:16:42 | 002,292,102 | ---- | M] () -- C:\Users\Admin\Documents\Track 8 - 4.wav
[2012/07/06 22:16:42 | 000,009,008 | ---- | M] () -- C:\Users\Admin\Documents\Track 8 - 4.sfk
[2012/07/06 19:54:23 | 003,782,162 | ---- | M] () -- C:\Users\Admin\Documents\Track 8 - 3.wav
[2012/07/06 19:54:23 | 000,014,832 | ---- | M] () -- C:\Users\Admin\Documents\Track 8 - 3.sfk
[2012/07/06 19:52:48 | 001,395,654 | ---- | M] () -- C:\Users\Admin\Documents\Track 8 - 2.wav
[2012/07/06 19:52:48 | 000,005,512 | ---- | M] () -- C:\Users\Admin\Documents\Track 8 - 2.sfk
[2012/07/06 19:52:34 | 001,776,090 | ---- | M] () -- C:\Users\Admin\Documents\Track 8 - 1.wav
[2012/07/06 19:52:34 | 000,006,992 | ---- | M] () -- C:\Users\Admin\Documents\Track 8 - 1.sfk
[2012/07/06 13:12:10 | 176,744,997 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/07/06 10:58:36 | 001,925,202 | ---- | M] () -- C:\Users\Admin\Documents\Track 9 - 9.wav
[2012/07/06 10:58:36 | 000,007,576 | ---- | M] () -- C:\Users\Admin\Documents\Track 9 - 9.sfk
[2012/07/05 15:27:03 | 004,324,146 | ---- | M] () -- C:\Users\Admin\Documents\Track 9 - 8.wav
[2012/07/05 15:27:03 | 000,016,952 | ---- | M] () -- C:\Users\Admin\Documents\Track 9 - 8.sfk
[2012/07/05 15:26:30 | 002,778,750 | ---- | M] () -- C:\Users\Admin\Documents\Track 9 - 7.wav
[2012/07/05 15:26:30 | 000,010,912 | ---- | M] () -- C:\Users\Admin\Documents\Track 9 - 7.sfk
[2012/07/05 10:26:28 | 002,291,138 | ---- | M] () -- C:\Users\Admin\Documents\Track 10 - 5.wav
[2012/07/05 10:26:28 | 000,009,008 | ---- | M] () -- C:\Users\Admin\Documents\Track 10 - 5.sfk
[2012/07/05 10:25:58 | 002,436,294 | ---- | M] () -- C:\Users\Admin\Documents\Track 10 - 4.wav
[2012/07/05 10:25:58 | 000,009,576 | ---- | M] () -- C:\Users\Admin\Documents\Track 10 - 4.sfk
[2012/07/05 10:25:24 | 002,344,098 | ---- | M] () -- C:\Users\Admin\Documents\Track 10 - 3.wav
[2012/07/05 10:25:24 | 000,009,216 | ---- | M] () -- C:\Users\Admin\Documents\Track 10 - 3.sfk
[2012/07/05 10:24:31 | 002,401,534 | ---- | M] () -- C:\Users\Admin\Documents\Track 10 - 2.wav
[2012/07/05 10:24:31 | 000,009,440 | ---- | M] () -- C:\Users\Admin\Documents\Track 10 - 2.sfk
[2012/07/05 10:23:58 | 002,727,898 | ---- | M] () -- C:\Users\Admin\Documents\Track 9 - 6.wav
[2012/07/05 10:23:58 | 002,727,898 | ---- | M] () -- C:\Users\Admin\Documents\Track 10 - 1.wav
[2012/07/05 10:23:58 | 000,010,712 | ---- | M] () -- C:\Users\Admin\Documents\Track 9 - 6.sfk
[2012/07/05 10:23:58 | 000,010,712 | ---- | M] () -- C:\Users\Admin\Documents\Track 10 - 1.sfk
[2012/07/05 09:48:20 | 002,630,922 | ---- | M] () -- C:\Users\Admin\Documents\Track 9 - 5.wav
[2012/07/05 09:48:20 | 000,010,336 | ---- | M] () -- C:\Users\Admin\Documents\Track 9 - 5.sfk
[2012/07/05 09:47:49 | 002,720,338 | ---- | M] () -- C:\Users\Admin\Documents\Track 9 - 4.wav
[2012/07/05 09:47:49 | 000,010,680 | ---- | M] () -- C:\Users\Admin\Documents\Track 9 - 4.sfk
[2012/07/04 20:46:34 | 003,741,002 | ---- | M] () -- C:\Users\Admin\Documents\Track 9 - 3.wav
[2012/07/04 20:46:34 | 000,014,672 | ---- | M] () -- C:\Users\Admin\Documents\Track 9 - 3.sfk
[2012/07/04 20:44:10 | 002,317,562 | ---- | M] () -- C:\Users\Admin\Documents\Track 9 - 2.wav
[2012/07/04 20:44:10 | 000,009,112 | ---- | M] () -- C:\Users\Admin\Documents\Track 9 - 2.sfk
[2012/07/04 20:43:32 | 000,475,914 | ---- | M] () -- C:\Users\Admin\Documents\Track 9 - 1.wav
[2012/07/04 20:43:32 | 000,001,920 | ---- | M] () -- C:\Users\Admin\Documents\Track 9 - 1.sfk
[2012/07/04 13:03:38 | 036,407,565 | ---- | M] () -- C:\Users\Admin\Desktop\Sam Kissing Charlotte (July 4, 2012).MP4
[2012/07/01 12:53:35 | 000,011,288 | ---- | M] () -- C:\Users\Admin\Desktop\Stuttering101byStutterTalk.jpg
[2012/06/30 19:38:33 | 000,037,691 | ---- | M] () -- C:\Users\Admin\Desktop\Charlotte.jpg
[2012/06/26 18:55:48 | 000,662,904 | ---- | M] () -- C:\Users\Admin\Desktop\06-26-2012_00-41_msg6.mp3
[2012/06/25 20:38:34 | 001,884,682 | ---- | M] () -- C:\Users\Admin\Documents\Track 1 - 4.wav
[2012/06/25 20:38:34 | 000,007,416 | ---- | M] () -- C:\Users\Admin\Documents\Track 1 - 4.sfk
[2012/06/25 20:35:29 | 003,112,786 | ---- | M] () -- C:\Users\Admin\Documents\Track 1 - 3.wav
[2012/06/25 20:35:29 | 000,012,216 | ---- | M] () -- C:\Users\Admin\Documents\Track 1 - 3.sfk
[2012/06/25 20:34:57 | 002,334,002 | ---- | M] () -- C:\Users\Admin\Documents\Track 1 - 2.wav
[2012/06/25 20:34:57 | 000,009,176 | ---- | M] () -- C:\Users\Admin\Documents\Track 1 - 2.sfk
[2012/06/25 20:33:07 | 006,359,766 | ---- | M] () -- C:\Users\Admin\Documents\Track 1 - 1.wav
[2012/06/25 20:33:07 | 000,024,904 | ---- | M] () -- C:\Users\Admin\Documents\Track 1 - 1.sfk
[2012/06/25 17:51:00 | 000,110,805 | ---- | M] () -- C:\Users\Admin\Desktop\StutterTalk logo.jpg
[2012/06/25 15:25:53 | 001,713,750 | ---- | M] () -- C:\Users\Admin\Documents\Peter - 4.wav
[2012/06/25 15:25:53 | 000,006,752 | ---- | M] () -- C:\Users\Admin\Documents\Peter - 4.sfk
[2012/06/25 15:25:07 | 000,452,518 | ---- | M] () -- C:\Users\Admin\Documents\Peter - 3.wav
[2012/06/25 15:25:07 | 000,001,824 | ---- | M] () -- C:\Users\Admin\Documents\Peter - 3.sfk
[2012/06/25 15:24:30 | 003,033,982 | ---- | M] () -- C:\Users\Admin\Documents\Peter - 2.wav
[2012/06/25 15:24:30 | 000,011,912 | ---- | M] () -- C:\Users\Admin\Documents\Peter - 2.sfk
[2012/06/25 15:23:59 | 001,779,178 | ---- | M] () -- C:\Users\Admin\Documents\Peter - 1.wav
[2012/06/25 15:23:59 | 000,007,008 | ---- | M] () -- C:\Users\Admin\Documents\Peter - 1.sfk
[2012/06/25 12:09:44 | 002,045,678 | ---- | M] () -- C:\Users\Admin\Documents\Samantha - 2.wav
[2012/06/25 12:09:44 | 000,008,048 | ---- | M] () -- C:\Users\Admin\Documents\Samantha - 2.sfk
[2012/06/25 12:09:26 | 001,789,794 | ---- | M] () -- C:\Users\Admin\Documents\Samantha - 1.wav
[2012/06/25 12:09:26 | 000,007,048 | ---- | M] () -- C:\Users\Admin\Documents\Samantha - 1.sfk
[2012/06/24 16:00:55 | 000,353,100 | ---- | M] () -- C:\Users\Admin\Desktop\Sam and mom mom (June 24, 2012) - watching Elmo.jpg
[2012/06/15 19:03:44 | 000,000,905 | ---- | M] () -- C:\Users\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\PokerStars.eu.lnk
[2012/06/13 11:54:58 | 000,000,859 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[17 C:\Users\Admin\Desktop\*.tmp files -> C:\Users\Admin\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/08 16:16:13 | 000,007,497 | ---- | C] () -- C:\Users\Admin\Desktop\mom.jpg
[2012/07/07 17:13:17 | 000,005,104 | ---- | C] () -- C:\Users\Admin\Documents\Track 10 - 8.sfk
[2012/07/07 17:13:02 | 001,292,554 | ---- | C] () -- C:\Users\Admin\Documents\Track 10 - 8.wav
[2012/07/07 17:13:02 | 000,006,312 | ---- | C] () -- C:\Users\Admin\Documents\Track 10 - 7.sfk
[2012/07/07 17:12:50 | 001,600,310 | ---- | C] () -- C:\Users\Admin\Documents\Track 10 - 7.wav
[2012/07/07 17:12:23 | 000,005,968 | ---- | C] () -- C:\Users\Admin\Documents\Track 10 - 6.sfk
[2012/07/07 17:12:05 | 001,512,186 | ---- | C] () -- C:\Users\Admin\Documents\Track 10 - 6.wav
[2012/07/07 17:04:19 | 000,005,016 | ---- | C] () -- C:\Users\Admin\Documents\Track 9 - 10.sfk
[2012/07/07 17:04:10 | 001,269,246 | ---- | C] () -- C:\Users\Admin\Documents\Track 9 - 10.wav
[2012/07/06 22:17:15 | 000,007,344 | ---- | C] () -- C:\Users\Admin\Documents\Track 8 - 5.sfk
[2012/07/06 22:16:42 | 001,865,186 | ---- | C] () -- C:\Users\Admin\Documents\Track 8 - 5.wav
[2012/07/06 22:16:42 | 000,009,008 | ---- | C] () -- C:\Users\Admin\Documents\Track 8 - 4.sfk
[2012/07/06 22:16:21 | 002,292,102 | ---- | C] () -- C:\Users\Admin\Documents\Track 8 - 4.wav
[2012/07/06 19:54:23 | 000,014,832 | ---- | C] () -- C:\Users\Admin\Documents\Track 8 - 3.sfk
[2012/07/06 19:54:00 | 003,782,162 | ---- | C] () -- C:\Users\Admin\Documents\Track 8 - 3.wav
[2012/07/06 19:52:48 | 000,005,512 | ---- | C] () -- C:\Users\Admin\Documents\Track 8 - 2.sfk
[2012/07/06 19:52:34 | 001,395,654 | ---- | C] () -- C:\Users\Admin\Documents\Track 8 - 2.wav
[2012/07/06 19:52:34 | 000,006,992 | ---- | C] () -- C:\Users\Admin\Documents\Track 8 - 1.sfk
[2012/07/06 19:52:12 | 001,776,090 | ---- | C] () -- C:\Users\Admin\Documents\Track 8 - 1.wav
[2012/07/06 13:11:45 | 176,744,997 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/07/06 10:58:36 | 000,007,576 | ---- | C] () -- C:\Users\Admin\Documents\Track 9 - 9.sfk
[2012/07/06 10:58:22 | 001,925,202 | ---- | C] () -- C:\Users\Admin\Documents\Track 9 - 9.wav
[2012/07/05 15:27:03 | 000,016,952 | ---- | C] () -- C:\Users\Admin\Documents\Track 9 - 8.sfk
[2012/07/05 15:26:30 | 004,324,146 | ---- | C] () -- C:\Users\Admin\Documents\Track 9 - 8.wav
[2012/07/05 15:26:30 | 000,010,912 | ---- | C] () -- C:\Users\Admin\Documents\Track 9 - 7.sfk
[2012/07/05 15:25:46 | 002,778,750 | ---- | C] () -- C:\Users\Admin\Documents\Track 9 - 7.wav
[2012/07/05 10:26:28 | 000,009,008 | ---- | C] () -- C:\Users\Admin\Documents\Track 10 - 5.sfk
[2012/07/05 10:25:58 | 002,291,138 | ---- | C] () -- C:\Users\Admin\Documents\Track 10 - 5.wav
[2012/07/05 10:25:58 | 000,009,576 | ---- | C] () -- C:\Users\Admin\Documents\Track 10 - 4.sfk
[2012/07/05 10:25:24 | 002,436,294 | ---- | C] () -- C:\Users\Admin\Documents\Track 10 - 4.wav
[2012/07/05 10:25:24 | 000,009,216 | ---- | C] () -- C:\Users\Admin\Documents\Track 10 - 3.sfk
[2012/07/05 10:24:31 | 002,344,098 | ---- | C] () -- C:\Users\Admin\Documents\Track 10 - 3.wav
[2012/07/05 10:24:31 | 000,009,440 | ---- | C] () -- C:\Users\Admin\Documents\Track 10 - 2.sfk
[2012/07/05 10:23:58 | 002,401,534 | ---- | C] () -- C:\Users\Admin\Documents\Track 10 - 2.wav
[2012/07/05 10:23:58 | 000,010,712 | ---- | C] () -- C:\Users\Admin\Documents\Track 9 - 6.sfk
[2012/07/05 10:23:58 | 000,010,712 | ---- | C] () -- C:\Users\Admin\Documents\Track 10 - 1.sfk
[2012/07/05 10:23:38 | 002,727,898 | ---- | C] () -- C:\Users\Admin\Documents\Track 10 - 1.wav
[2012/07/05 09:48:20 | 002,727,898 | ---- | C] () -- C:\Users\Admin\Documents\Track 9 - 6.wav
[2012/07/05 09:48:20 | 000,010,336 | ---- | C] () -- C:\Users\Admin\Documents\Track 9 - 5.sfk
[2012/07/05 09:47:49 | 002,630,922 | ---- | C] () -- C:\Users\Admin\Documents\Track 9 - 5.wav
[2012/07/05 09:47:49 | 000,010,680 | ---- | C] () -- C:\Users\Admin\Documents\Track 9 - 4.sfk
[2012/07/05 09:47:21 | 002,720,338 | ---- | C] () -- C:\Users\Admin\Documents\Track 9 - 4.wav
[2012/07/04 20:46:34 | 000,014,672 | ---- | C] () -- C:\Users\Admin\Documents\Track 9 - 3.sfk
[2012/07/04 20:46:04 | 003,741,002 | ---- | C] () -- C:\Users\Admin\Documents\Track 9 - 3.wav
[2012/07/04 20:44:10 | 000,009,112 | ---- | C] () -- C:\Users\Admin\Documents\Track 9 - 2.sfk
[2012/07/04 20:43:32 | 002,317,562 | ---- | C] () -- C:\Users\Admin\Documents\Track 9 - 2.wav
[2012/07/04 20:43:32 | 000,001,920 | ---- | C] () -- C:\Users\Admin\Documents\Track 9 - 1.sfk
[2012/07/04 20:43:25 | 000,475,914 | ---- | C] () -- C:\Users\Admin\Documents\Track 9 - 1.wav
[2012/07/04 12:16:59 | 036,407,565 | ---- | C] () -- C:\Users\Admin\Desktop\Sam Kissing Charlotte (July 4, 2012).MP4
[2012/07/01 12:53:31 | 000,011,288 | ---- | C] () -- C:\Users\Admin\Desktop\Stuttering101byStutterTalk.jpg
[2012/06/30 19:38:30 | 000,037,691 | ---- | C] () -- C:\Users\Admin\Desktop\Charlotte.jpg
[2012/06/26 18:55:46 | 000,662,904 | ---- | C] () -- C:\Users\Admin\Desktop\06-26-2012_00-41_msg6.mp3
[2012/06/25 20:51:17 | 000,110,805 | ---- | C] () -- C:\Users\Admin\Desktop\StutterTalk logo.jpg
[2012/06/25 20:38:34 | 000,007,416 | ---- | C] () -- C:\Users\Admin\Documents\Track 1 - 4.sfk
[2012/06/25 20:38:21 | 001,884,682 | ---- | C] () -- C:\Users\Admin\Documents\Track 1 - 4.wav
[2012/06/25 20:35:29 | 000,012,216 | ---- | C] () -- C:\Users\Admin\Documents\Track 1 - 3.sfk
[2012/06/25 20:34:57 | 003,112,786 | ---- | C] () -- C:\Users\Admin\Documents\Track 1 - 3.wav
[2012/06/25 20:34:57 | 000,009,176 | ---- | C] () -- C:\Users\Admin\Documents\Track 1 - 2.sfk
[2012/06/25 20:34:42 | 002,334,002 | ---- | C] () -- C:\Users\Admin\Documents\Track 1 - 2.wav
[2012/06/25 20:33:07 | 000,024,904 | ---- | C] () -- C:\Users\Admin\Documents\Track 1 - 1.sfk
[2012/06/25 20:32:28 | 006,359,766 | ---- | C] () -- C:\Users\Admin\Documents\Track 1 - 1.wav
[2012/06/25 15:25:53 | 000,006,752 | ---- | C] () -- C:\Users\Admin\Documents\Peter - 4.sfk
[2012/06/25 15:25:34 | 001,713,750 | ---- | C] () -- C:\Users\Admin\Documents\Peter - 4.wav
[2012/06/25 15:25:07 | 000,001,824 | ---- | C] () -- C:\Users\Admin\Documents\Peter - 3.sfk
[2012/06/25 15:24:30 | 000,452,518 | ---- | C] () -- C:\Users\Admin\Documents\Peter - 3.wav
[2012/06/25 15:24:30 | 000,011,912 | ---- | C] () -- C:\Users\Admin\Documents\Peter - 2.sfk
[2012/06/25 15:23:59 | 003,033,982 | ---- | C] () -- C:\Users\Admin\Documents\Peter - 2.wav
[2012/06/25 15:23:59 | 000,007,008 | ---- | C] () -- C:\Users\Admin\Documents\Peter - 1.sfk
[2012/06/25 15:23:45 | 001,779,178 | ---- | C] () -- C:\Users\Admin\Documents\Peter - 1.wav
[2012/06/25 12:09:44 | 000,008,048 | ---- | C] () -- C:\Users\Admin\Documents\Samantha - 2.sfk
[2012/06/25 12:09:26 | 002,045,678 | ---- | C] () -- C:\Users\Admin\Documents\Samantha - 2.wav
[2012/06/25 12:09:26 | 000,007,048 | ---- | C] () -- C:\Users\Admin\Documents\Samantha - 1.sfk
[2012/06/25 12:09:13 | 001,789,794 | ---- | C] () -- C:\Users\Admin\Documents\Samantha - 1.wav
[2012/06/24 16:00:53 | 000,353,100 | ---- | C] () -- C:\Users\Admin\Desktop\Sam and mom mom (June 24, 2012) - watching Elmo.jpg
[2012/06/24 14:22:44 | 000,001,023 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\4U Download YouTube Video.lnk
[2012/06/15 19:03:44 | 000,000,905 | ---- | C] () -- C:\Users\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\PokerStars.eu.lnk
[2012/06/13 11:54:58 | 000,000,859 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012/01/09 21:43:46 | 000,010,756 | -HS- | C] () -- C:\Users\Admin\AppData\Local\475e21p31gxqka8n7paa3h
[2012/01/09 21:43:46 | 000,010,756 | -HS- | C] () -- C:\ProgramData\475e21p31gxqka8n7paa3h
[2011/12/31 16:30:23 | 000,012,116 | -HS- | C] () -- C:\Users\Admin\AppData\Local\ara327au0mpx25ws6q613p7wrvbho2wq2awry
[2011/12/31 16:30:23 | 000,012,116 | -HS- | C] () -- C:\ProgramData\ara327au0mpx25ws6q613p7wrvbho2wq2awry
[2011/12/22 15:05:52 | 000,010,378 | -HS- | C] () -- C:\Users\Admin\AppData\Local\474672s7k507w783d741k4qvb0b4
[2011/12/22 15:05:52 | 000,010,378 | -HS- | C] () -- C:\ProgramData\474672s7k507w783d741k4qvb0b4
[2011/12/15 19:09:50 | 000,010,832 | -HS- | C] () -- C:\Users\Admin\AppData\Local\786687y7c168q428n153s8xbl4s1
[2011/12/15 19:09:50 | 000,010,832 | -HS- | C] () -- C:\ProgramData\786687y7c168q428n153s8xbl4s1
[2011/12/08 12:58:46 | 000,000,001 | ---- | C] () -- C:\Windows\System32\7aD0SmF.com.b
[2011/12/08 11:19:13 | 000,000,112 | ---- | C] () -- C:\ProgramData\XEDePX48.dat
[2011/12/04 23:13:37 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll0633.old
[2011/12/04 21:57:08 | 000,010,318 | -HS- | C] () -- C:\Users\Admin\AppData\Local\heaera8a3ysp7phg5kwi0c635g7s
[2011/12/04 21:57:08 | 000,010,318 | -HS- | C] () -- C:\ProgramData\heaera8a3ysp7phg5kwi0c635g7s
[2011/09/04 11:11:38 | 000,000,371 | ---- | C] () -- C:\Users\Admin\Documents - Shortcut (4).lnk
[2011/08/11 03:04:46 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011/07/27 12:18:48 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2011/07/22 12:59:15 | 000,000,120 | ---- | C] () -- C:\Users\Admin\AppData\Local\Psoduxocaciris.dat
[2011/07/22 12:59:15 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\Enujuyepiy.bin
[2011/06/03 14:55:20 | 000,000,371 | ---- | C] () -- C:\Users\Admin\Documents - Shortcut (3).lnk
[2011/05/07 03:15:17 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/05/07 03:15:17 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/12/05 11:21:17 | 000,001,356 | ---- | C] () -- C:\Users\Admin\AppData\Local\d3d9caps.dat
[2010/10/14 20:17:47 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2010/04/04 22:16:10 | 000,000,371 | ---- | C] () -- C:\Users\Admin\Documents - Shortcut (2).lnk
[2010/04/02 19:03:03 | 000,000,371 | ---- | C] () -- C:\Users\Admin\Documents - Shortcut.lnk
[2010/02/23 17:57:46 | 000,000,671 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\vso_ts_preview.xml
[2010/02/21 01:48:37 | 000,142,336 | ---- | C] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Custom Scans ==========

< netsves >

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\$NtUninstallKB64352$] -> Error: Cannot create file handle -> Unknown point type

========== Alternate Data Streams ==========

@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:C265C458
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >


Extras.txt logs

OTL Extras logfile created on: 7/9/2012 1:18:14 PM - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Admin\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.34 Gb Available Physical Memory | 67.55% Memory free
4.23 Gb Paging File | 3.36 Gb Available in Paging File | 79.57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.06 Gb Total Space | 14.41 Gb Free Space | 5.00% Space Free | Partition Type: NTFS
Drive D: | 10.03 Gb Total Space | 3.01 Gb Free Space | 30.01% Space Free | Partition Type: NTFS

Computer Name: PETER-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2D156268-4B4F-449F-87F1-66B1F8459FF2}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{465791CA-822C-4AE4-879B-96ACE3878689}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{4C101297-326B-4130-A80A-95E742363208}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{570F3A9C-B5FD-4D55-96F5-1E9714B25A6B}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{6E6201F3-4580-4A8C-B360-761EB8C8BE5C}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{D29E2B86-029D-4675-800E-A252A5B9FC60}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{026437A6-430A-4EC9-90F9-43487B5F4289}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{062439E1-7C9D-4366-A3F3-28040C152DD5}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{24E4D2F9-0224-413A-9CED-63186E7A176A}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{29A99EC2-B191-4F3E-A333-F083E5646F76}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{2C3F7604-1726-4F93-BA7B-61A7DA36277E}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgam.exe |
"{2F134A8B-DF15-455A-B218-70095D9EA826}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{3F90F37D-EF15-490C-B676-75356F3198B7}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{4F1B0D1D-287E-48D9-80EE-91C2F634E607}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{594279A6-CC41-44F4-926D-A988B01DC10F}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{64F98CC4-CD74-4BFA-9100-036CFA88B06E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8377DDA0-6356-428B-81C5-5FC9701F41E7}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{86B11FC4-C303-4FE8-9705-0D2F12979844}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{8A2F9B3E-DA7B-4952-B9CE-710ABA6D5810}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{8C89FDC8-98CF-485C-80C6-5E8534FE3D5F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A3C7B08D-AA91-4578-B996-ABC74B88C4D4}" = protocol=17 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{AA0D2E67-C863-4EBB-B903-A308B345CBCB}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgam.exe |
"{ABDC9CE6-5212-40F5-AF37-6766BB1B5371}" = protocol=6 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{B1BE24CB-03C5-47D5-9DD2-B7DA72BE39C7}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{BAC3B4F1-F50F-4C54-85AE-5C0C7AA1243B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{C322C374-167E-4696-B52D-2AE3697853C0}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{C6E92082-7CEC-4827-81F0-845B33D19007}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C93AC9BE-EE81-4F03-B824-ADAB28FA607F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CBB67D9D-47C0-4F4E-A0CA-EB76C0618A55}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{CC534830-D881-43D1-9AB6-B0B56A176FA5}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{D09EACFC-DB6D-40CC-9515-97EDC0DAF5C3}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{E22BAF1C-41A8-42D5-918D-B8EF6B2EA580}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{EE435AB0-0A9E-4F1B-9916-470BE0EDECAA}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{EE6845D4-B1A7-4C3C-8BEB-B001ECC27ABF}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"TCP Query User{04335844-34D4-4B8C-AEED-C6AB712D0226}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{049C8DBF-8C1E-48F2-985E-A46F9A9FEB95}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"TCP Query User{38D3BC2D-F157-452F-93D5-1C48790B96E9}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{74275AA5-7756-4F78-9773-704F5D5BEB67}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{BDF7F22F-94A0-4F83-BF6A-E11CF57CF7B7}C:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"UDP Query User{520EEA26-72A1-43C3-85DC-8CC8066E828E}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{5A2E62C8-2B9A-45A6-B71A-D7212BC6020B}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{894B4DA1-7CAC-4D32-A86C-3951204A9E09}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"UDP Query User{A4BAB704-C07C-406E-B69A-322771DF96A2}C:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"UDP Query User{C216C5CB-C725-494C-AE36-F5DD47A120E9}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0467A27E-6F81-4809-97BC-B886A6C08350}" = Xtranormal State - Showpak-FM-Preview
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP560_series" = Canon MP560 series MP Drivers
"{16AAFF18-00FC-4D78-AF21-E97B6DF15422}" = Xtranormal State - Voicepack-British-Lucy22k
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 22
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E286237-C618-4DE6-98B2-0E96DBF01250}" = Xtranormal State - Voicepack-USEnglish-Ryan22k
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{56415658-366E-4E28-A6BD-68EC63E560E0}" = Vegas Pro 9.0
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{590E3295-A11B-4C9F-9F88-399397EE393D}" = YouTube Downloader Toolbar v6.0
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73370408-B80E-4509-B9AF-957E2E0F512F}_is1" = WinZip System Utilities Suite
"{75157F34-02C6-4831-BD66-3BC49E7A8394}" = BlackBerry Desktop Software 6.1
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.3.4.106e
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{99718668-A364-4BD6-B7C6-F1A30D5F2D8C}" = Xtranormal State - Voicepack-USEnglish-Heather22k
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0BA5AAC-CA61-4C71-9A29-FDF521296225}" = Xtranormal State - SoundPack-Starter Kit
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A54BF015-5D88-458D-9ECE-4DDA82A589EC}" = Xtranormal State - Voicepack-British-Graham22k
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{AFAC914D-9E83-4A89-8ABE-427521C82CCF}" = Safari
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{CAAB0192-5704-469F-A0BE-2D842D70E93B}_is1" = Sothink FLV Player
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.0.9.322
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"3ivx MPEG-4 5.0.3" = 3ivx MPEG-4 5.0.3 (remove only)
"4U Download YouTube Video_is1" = 4U Download YouTube Video (version 4.9.2)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ASIO4ALL" = ASIO4ALL
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"BitTorrent" = BitTorrent
"BitTorrentBar Toolbar" = BitTorrentBar Toolbar
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.1
"Canon MP560 series User Registration" = Canon MP560 series User Registration
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"conduitEngine" = Conduit Engine
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FL Studio 9" = FL Studio 9
"FLV to AVI MPEG WMV 3GP MP4 iPod Converter" = FLV to AVI MPEG WMV 3GP MP4 iPod Converter
"Foxit PDF Editor" = Foxit PDF Editor
"IL Download Manager" = IL Download Manager
"Levelator_is1" = Levelator
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Microsoft Visual Studio 2005 Tools for Office Runtime
"Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"NewBlue Motion Blends for Windows" = NewBlue Motion Blends for Windows
"NewBlue Video Essentials II for Windows" = NewBlue Video Essentials II for Windows
"Pamela" = Pamela Pro 4.6
"PoiZone" = PoiZone
"PokerStars.eu" = PokerStars.eu
"PowerISO" = PowerISO
"RealPlayer 12.0" = RealPlayer
"Sawer" = Sawer
"SpiceMASTER 2.5 PRO for Vegas" = SpiceMASTER 2.5 PRO for Vegas
"Total Video Converter 3.71_is1" = Total Video Converter 3.71 100812
"Toxic Biohazard" = Toxic Biohazard
"VLC media player" = VLC media player 2.0.1
"WinRAR archiver" = WinRAR archiver
"Youtube Downloader HD_is1" = Youtube Downloader HD v. 2.9.3

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"workspacedesktop" = Workspace Desktop

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/20/2012 7:38:14 AM | Computer Name = Peter-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 6/21/2012 7:43:53 AM | Computer Name = Peter-PC | Source = Application Hang | ID = 1002
Description = The program tvc.exe version 3.7.1.25667 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: e78 Start Time: 01cd4f51bc3b6607 Termination Time: 37

Error - 6/25/2012 8:46:03 AM | Computer Name = Peter-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 6/25/2012 11:23:32 AM | Computer Name = Peter-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 6/25/2012 11:46:26 AM | Computer Name = Peter-PC | Source = Application Error | ID = 1000
Description = Faulting application Skype.exe, version 5.9.0.123, time stamp 0x4fce1530,
faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code
0xc0000005, fault offset 0x00000100, process id 0xd28, application start time 0x01cd52e92c632d0c.

Error - 6/25/2012 11:54:46 AM | Computer Name = Peter-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 6/26/2012 11:54:34 AM | Computer Name = Peter-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 6/26/2012 12:01:30 PM | Computer Name = Peter-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 6/26/2012 12:01:30 PM | Computer Name = Peter-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 6/27/2012 2:09:54 PM | Computer Name = Peter-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

[ Media Center Events ]
Error - 5/21/2012 6:00:35 PM | Computer Name = Peter-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/22/2012 1:34:58 AM | Computer Name = Peter-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/22/2012 3:26:55 AM | Computer Name = Peter-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/22/2012 5:03:54 AM | Computer Name = Peter-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/22/2012 6:15:06 AM | Computer Name = Peter-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/22/2012 9:01:28 PM | Computer Name = Peter-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/22/2012 10:37:55 PM | Computer Name = Peter-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/23/2012 12:24:43 AM | Computer Name = Peter-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/23/2012 2:26:26 PM | Computer Name = Peter-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/23/2012 3:54:03 PM | Computer Name = Peter-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ OSession Events ]
Error - 5/3/2010 5:24:39 AM | Computer Name = Peter-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 50248
seconds with 1620 seconds of active time. This session ended with a crash.

Error - 1/31/2011 8:08:13 AM | Computer Name = Peter-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 984
seconds with 360 seconds of active time. This session ended with a crash.

Error - 8/2/2011 1:52:57 PM | Computer Name = Peter-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 95175
seconds with 900 seconds of active time. This session ended with a crash.

Error - 12/7/2011 8:24:37 PM | Computer Name = Peter-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 74
seconds with 60 seconds of active time. This session ended with a crash.

Error - 12/7/2011 8:33:20 PM | Computer Name = Peter-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 434
seconds with 180 seconds of active time. This session ended with a crash.

Error - 12/7/2011 8:34:01 PM | Computer Name = Peter-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 473
seconds with 0 seconds of active time. This session ended with a crash.

Error - 12/10/2011 9:01:46 PM | Computer Name = Peter-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 12685
seconds with 2100 seconds of active time. This session ended with a crash.

Error - 12/29/2011 8:17:43 PM | Computer Name = Peter-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 18
seconds with 0 seconds of active time. This session ended with a crash.

Error - 1/16/2012 4:57:19 PM | Computer Name = Peter-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 12554
seconds with 300 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 7/7/2012 8:48:40 PM | Computer Name = Peter-PC | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 7/8/2012 12:30:39 AM | Computer Name = Peter-PC | Source = volsnap | ID = 393251
Description = The shadow copies of volume C: were aborted because the shadow copy
storage failed to grow.

Error - 7/8/2012 5:31:49 PM | Computer Name = Peter-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 7/8/2012 5:47:35 PM | Computer Name = Peter-PC | Source = HTTP | ID = 15016
Description =

Error - 7/8/2012 5:48:08 PM | Computer Name = Peter-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 7/8/2012 5:48:08 PM | Computer Name = Peter-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 7/8/2012 5:48:08 PM | Computer Name = Peter-PC | Source = Service Control Manager | ID = 7003
Description =

Error - 7/8/2012 5:48:08 PM | Computer Name = Peter-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 7/8/2012 5:48:08 PM | Computer Name = Peter-PC | Source = Service Control Manager | ID = 7003
Description =

Error - 7/8/2012 5:48:08 PM | Computer Name = Peter-PC | Source = Service Control Manager | ID = 7026
Description =


< End of report >


aswMBR log

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-09 13:41:02
-----------------------------
13:41:02.051 OS Version: Windows 6.0.6001 Service Pack 1
13:41:02.051 Number of processors: 2 586 0xF02
13:41:02.051 ComputerName: PETER-PC UserName: Admin
13:41:03.346 Initialize success
13:41:13.495 AVAST engine defs: 12070600
13:41:14.665 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
13:41:14.681 Disk 0 Vendor: WDC_WD3200AAJS-22RYA0 12.01B01 Size: 305245MB BusType: 3
13:41:14.697 Disk 0 MBR read successfully
13:41:14.697 Disk 0 MBR scan
13:41:14.697 Disk 0 Windows VISTA default MBR code
13:41:14.712 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 10268 MB offset 63
13:41:14.728 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 294974 MB offset 21029085
13:41:14.728 Disk 0 scanning sectors +625137345
13:41:14.806 Disk 0 scanning C:\Windows\system32\drivers
13:41:41.326 Service scanning
13:41:57.207 Service MpKslfe30fa50 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{845F289A-F009-47AC-9780-835F1B02BEBC}\MpKslfe30fa50.sys **LOCKED** 32
13:42:22.853 Modules scanning
13:42:30.091 Disk 0 trace - called modules:
13:42:30.107 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
13:42:30.123 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85b0c180]
13:42:30.123 3 CLASSPNP.SYS[885a6745] -> nt!IofCallDriver -> [0x853dc918]
13:42:30.138 5 acpi.sys[806916a0] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0x84a68030]
13:42:31.667 AVAST engine scan C:\Windows
13:42:39.623 AVAST engine scan C:\Windows\system32
13:48:22.324 AVAST engine scan C:\Windows\system32\drivers
13:48:49.187 AVAST engine scan C:\Users\Admin
13:50:48.724 Disk 0 MBR has been saved successfully to "C:\Users\Admin\Desktop\post\MBR.dat"
13:50:48.755 The log file has been saved successfully to "C:\Users\Admin\Desktop\post\aswMBR.txt"

#4 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:32 PM

Posted 09 July 2012 - 04:39 PM

Posted Image P2P - I see you have P2P software (BitTorrent) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to malware infections. Please see this post for more information. I recommend that you uninstall these now. You can do so via Control Panel >> Add or Remove Programs. If you choose to keep these applications, please do not use them until we are done.

Please do this next:

Posted Image Run OTL.exe
  • Copy/paste the following text written inside of the below box into the Custom Scans/Fixes box located at the bottom of OTL

    :OTL
    [2010/09/25 08:07:56 | 000,001,919 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3cy828k3.default\searchplugins\bing-zugo.xml
    [2012/07/09 13:01:46 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/07/09 13:01:45 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    FF - user.js - File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    O4 - HKLM..\Run: [] File not found
    O4 - HKCU..\Run: [AdobeBridge] File not found
    O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
    O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe File not found[2012/01/09 21:43:46 | 000,010,756 | -HS- | C] () -- C:\Users\Admin\AppData\Local\475e21p31gxqka8n7paa3h
    [2012/01/09 21:43:46 | 000,010,756 | -HS- | C] () -- C:\ProgramData\475e21p31gxqka8n7paa3h
    [2011/12/31 16:30:23 | 000,012,116 | -HS- | C] () -- C:\Users\Admin\AppData\Local\ara327au0mpx25ws6q613p7wrvbho2wq2awry
    [2011/12/31 16:30:23 | 000,012,116 | -HS- | C] () -- C:\ProgramData\ara327au0mpx25ws6q613p7wrvbho2wq2awry
    [2011/12/22 15:05:52 | 000,010,378 | -HS- | C] () -- C:\Users\Admin\AppData\Local\474672s7k507w783d741k4qvb0b4
    [2011/12/22 15:05:52 | 000,010,378 | -HS- | C] () -- C:\ProgramData\474672s7k507w783d741k4qvb0b4
    [2011/12/15 19:09:50 | 000,010,832 | -HS- | C] () -- C:\Users\Admin\AppData\Local\786687y7c168q428n153s8xbl4s1
    [2011/12/15 19:09:50 | 000,010,832 | -HS- | C] () -- C:\ProgramData\786687y7c168q428n153s8xbl4s1
    [2011/12/04 21:57:08 | 000,010,318 | -HS- | C] () -- C:\Users\Admin\AppData\Local\heaera8a3ysp7phg5kwi0c635g7s
    [2011/12/04 21:57:08 | 000,010,318 | -HS- | C] () -- C:\ProgramData\heaera8a3ysp7phg5kwi0c635g7s
    @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:C265C458
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
    @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8
    @Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:DFC5A2B2
    :Files
    C:\windows\tasks\At*.job
    :Commands
    [EmptyTemp]
    [ResetHosts]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, it will reboot when it is done and produce a log
Posted Image Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • If you have trouble, stop and post back. Do not try to repeatedly run comboFix!
  • When finished, it will produce a report for you.
.
Note: If after running ComboFix you receive a message stating, "Illegal Operation Attempted on a registery key that has been marked for deletion" rebooting your computer will resolve the problem.

Please include the following in your next post:
  • OTL Fix log
  • ComboFix log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#5 coffeeblack

coffeeblack
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:01:32 PM

Posted 09 July 2012 - 07:07 PM

Thanks RPM,

Quick question. I ran OTL as you said. The computer froze (program not responding) so I was forced to reboot. A short log was created. I am running OTL again, and after 15 minutes it is still running. At bottom it says, "Reseting HOSTS file..." How long will it take? I ask because I expected this part to be rather quick and I want to make sure it is working correctly.

#6 coffeeblack

coffeeblack
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:01:32 PM

Posted 10 July 2012 - 07:07 AM

RPMcMurphy,

I let OTL run all night and when I woke up this morning (8 hours later) it was still running. I rebooted and now I am getting an error message saying "an unauthorized change was made to windows" and I only have access to an internet browser. Nothing else. I would really appreciate your assistance right now :)

#7 coffeeblack

coffeeblack
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:01:32 PM

Posted 10 July 2012 - 07:13 AM

Just to give you a little more information:

When I reboot, I get to the password screen. A box appears and says, "an unauthorized change was made to windows." Then I am given two choices, "Learn more online" or "close."

When I choose close, I get the windows password screen again, punch in my password, and the box appears all over again. This has happened 10 times. I just keep hoping it will reboot and be fine, but that is not working out.

#8 coffeeblack

coffeeblack
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:01:32 PM

Posted 10 July 2012 - 07:24 AM

I am able to boot up in Safe Mode. I just checked to see.

Edited by coffeeblack, 10 July 2012 - 07:24 AM.


#9 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:32 PM

Posted 10 July 2012 - 07:55 AM

OK, from the Safe Mode, please do this and let me know if you are able to boot normally:

  • Go to Control Panel
  • On the left hand side of the Control Panel window, Click on "Classic View"
  • Double-click "Backup and Restore Center"
  • On the left hand side of the window, click "Repair Windows using system restore"
  • Select "Choose Different Restore Point", Put a check in the box that says "Show restore points older than 5 days", select the restore point that corresponds to the date Before you first noticed the issue.
  • Click the "Next" button.
  • Reboot back into Normal mode

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#10 coffeeblack

coffeeblack
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:01:32 PM

Posted 10 July 2012 - 08:23 AM

I am in classic view, in safe mode, and do not have the option to "Backup and Restore Center." I searched on the term in different ways and the search comes up empty.

#11 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:32 PM

Posted 10 July 2012 - 08:27 AM

Do you see an option for system restore? This LINK has some instructions for different ways to access it.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#12 coffeeblack

coffeeblack
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:01:32 PM

Posted 10 July 2012 - 08:28 AM

So i went to the Start menu, searched and found Backup and Restore Center (it is in the Maintenance folder), but it won't open or run.

#13 coffeeblack

coffeeblack
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:01:32 PM

Posted 10 July 2012 - 08:33 AM

Thanks for staying with me on this! I have to run out for a few hours (my wife and I are refinancing today of all days!), but when I try a normal boot, I am again told that an unauthorized change was made to windows but now I am being asked to type in the Vista product key from the sticker that came with the box. What do you think?

#14 coffeeblack

coffeeblack
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:01:32 PM

Posted 10 July 2012 - 08:43 AM

I will check out the system restore link you posted when I get back home. Thanks!

#15 coffeeblack

coffeeblack
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:01:32 PM

Posted 10 July 2012 - 10:54 AM

I am not able to run system restore in safe mode. My computer says it is running when I try to open it several times, but I cannot see it running and get no visual box to make choices.

All of a sudden, the system restore box popped up, so I am trying to do it now.

Edited by coffeeblack, 10 July 2012 - 10:58 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users