Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer crashes after 10-20 minutes every time (possibly due to troj


  • Please log in to reply

#1
beirouti

beirouti

    New Member

  • Member
  • Pip
  • 3 posts
Hi everyone,

My computer recently started crashing at random times. Avast kept detecting an infection so I decided to follow these instructions http://www.geekstogo...uide-t2852.html

First I used TFC to clean my temporary files, then I used ERUNT to back up my registry. Here's where the fun starts, when I tried to use malwarebytes to scan and clean the infections, it would crash about 3 minutes into the scan after it detected 19 infections. this happened about 3 or 4 times, so I started windows in safe mode and was able to successfully complete the scan and clear the infections, here is the log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4215

Windows 6.0.6001 Service Pack 1 (Safe Mode)
Internet Explorer 7.0.6001.18000

6/20/2010 2:56:58 PM
mbam-log-2010-06-20 (14-56-58).txt

Scan type: Quick scan
Objects scanned: 130226
Time elapsed: 4 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 19
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\ProgramData\sysReserve.ini (Malware.Trace) -> No action taken.

Anyway, the computer is still crashing at random times, so I created I ran gmer here is the log:
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-20 23:18:31
Windows 6.0.6001 Service Pack 1
Running: gmer.exe


---- Files - GMER 1.0.15 ----

File C:\Users\Basil Beirouti\AppData\Local\Temp\Oj+b9cvw.mp3.part 0 bytes

---- EOF - GMER 1.0.15 ----

OTL Log:
OTL logfile created on: 6/21/2010 1:24:47 PM - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Users\Basil Beirouti\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 85.00% Memory free
8.00 Gb Paging File | 8.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286.97 Gb Total Space | 75.34 Gb Free Space | 26.25% Space Free | Partition Type: NTFS
Drive D: | 11.12 Gb Total Space | 1.83 Gb Free Space | 16.50% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BASILBEIROUTI
Current User Name: Basil Beirouti
Logged in as Administrator.

Current Boot Mode: SafeMode
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/06/21 00:49:20 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\Basil Beirouti\Desktop\OTL.exe


========== Modules (SafeList) ==========

MOD - [2010/06/21 00:49:20 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\Basil Beirouti\Desktop\OTL.exe
MOD - [2008/01/21 05:50:03 | 000,450,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\comdlg32.dll
MOD - [2008/01/21 05:50:01 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\msscript.ocx
MOD - [2008/01/21 05:48:06 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/05/06 23:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV:64bit: - [2010/05/06 23:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV:64bit: - [2010/05/06 23:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2009/05/26 17:28:22 | 001,030,600 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2008/09/11 19:53:00 | 000,279,040 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_bd5387da\STacSV64.exe -- (STacSV)
SRV:64bit: - [2008/06/27 23:53:06 | 000,089,088 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_bd5387da\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/03/19 02:25:40 | 000,023,040 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\Hpservice.exe -- (hpsrv)
SRV:64bit: - [2008/01/21 05:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/12/11 22:11:30 | 000,015,872 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio)
SRV - [2010/05/12 03:08:52 | 002,478,640 | ---- | M] () [Auto | Stopped] -- c:\Program Files (x86)\Common Files\Akamai\rswin_3697.dll -- (Akamai)
SRV - [2010/01/15 15:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/07/21 22:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/14 00:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008/07/27 21:01:49 | 000,093,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2008/04/16 03:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2008/03/27 01:26:56 | 000,341,328 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2007/01/05 00:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/11/02 16:34:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\WINDOWS\SysWOW64\Msdtc -- (MSDTC)
SRV - [2006/11/02 09:35:15 | 000,060,994 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2006/11/02 09:35:15 | 000,055,846 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\wbem\vss.mof -- (VSS)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/05/06 23:39:27 | 000,051,280 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2010/05/06 23:39:06 | 000,121,936 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2010/05/06 23:34:30 | 000,028,752 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2010/05/06 23:34:14 | 000,063,568 | ---- | M] () [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2010/05/06 23:33:50 | 000,022,096 | ---- | M] () [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2009/12/11 05:37:27 | 000,074,880 | ---- | M] () [File_System | Auto | Stopped] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2009/08/29 04:42:52 | 000,049,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/05/18 23:17:08 | 000,034,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/09/11 19:54:44 | 000,465,408 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2008/05/23 06:29:00 | 000,054,816 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2008/04/28 09:38:12 | 004,730,368 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64) Intel®
DRV:64bit: - [2008/04/16 03:54:16 | 000,388,120 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:64bit: - [2008/04/15 13:05:42 | 000,161,792 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/04/01 14:13:34 | 000,120,720 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\jmcr.sys -- (JMCR)
DRV:64bit: - [2008/03/27 22:10:56 | 000,026,984 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2008/03/27 22:10:14 | 000,040,296 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2008/03/01 01:59:32 | 001,252,352 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2008/01/24 16:24:24 | 000,060,928 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\enecir.sys -- (enecir)
DRV:64bit: - [2008/01/21 05:47:28 | 000,046,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008/01/21 05:47:27 | 000,168,704 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbvideo.sys -- (usbvideo) USB Video Device (WDM)
DRV:64bit: - [2008/01/21 05:47:04 | 000,098,816 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV:64bit: - [2008/01/21 05:46:57 | 001,523,712 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTDPV6.SYS -- (HSF_DPV)
DRV:64bit: - [2008/01/21 05:46:57 | 000,724,480 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTCNXT6.SYS -- (winachsf)
DRV:64bit: - [2008/01/21 05:46:57 | 000,286,720 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS -- (HSFHWAZL)
DRV:64bit: - [2008/01/21 05:46:55 | 000,111,104 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2008/01/21 05:46:51 | 000,017,792 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\CmBatt.sys -- (CmBatt)
DRV:64bit: - [2008/01/18 14:31:30 | 000,320,560 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2007/07/11 20:30:34 | 000,009,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\HpqRemHid.sys -- (HpqRemHid)
DRV:64bit: - [2007/06/19 03:13:12 | 000,018,432 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2006/11/02 08:28:10 | 000,273,920 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService)
DRV:64bit: - [2006/10/10 05:09:03 | 000,742,696 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nvm60x64.sys -- (NVENETFD)
DRV:64bit: - [2006/10/07 05:13:22 | 000,550,912 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XV)
DRV - [2008/04/24 09:50:54 | 000,032,240 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Stopped] -- C:\Program Files (x86)\HP\QuickPlay\000.fcl -- ({22D78859-9CE9-4B77-BF18-AC83E81A9263})
DRV - [2006/09/19 00:36:40 | 000,003,066 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\SysWOW64\wbem\tcpip.mof -- (Tcpip)
DRV - [2006/09/19 00:35:23 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...ion&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...ion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...ion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...ion&pf=cnnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...ion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.msn.com"
FF - prefs.js..extensions.enabledItems: {d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}:1.0.0.1
FF - prefs.js..extensions.enabledItems: [email protected]:4.60
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.63

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/01 08:42:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/28 10:06:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/03 16:12:52 | 000,000,000 | ---D | M]

[2010/01/20 23:16:43 | 000,000,000 | ---D | M] -- C:\Users\Basil Beirouti\AppData\Roaming\Mozilla\Extensions
[2010/01/20 23:16:43 | 000,000,000 | ---D | M] -- C:\Users\Basil Beirouti\AppData\Roaming\Mozilla\Extensions\[email protected]
[2010/06/21 07:58:07 | 000,000,000 | ---D | M] -- C:\Users\Basil Beirouti\AppData\Roaming\Mozilla\Firefox\Profiles\ow73ldks.default\extensions
[2009/06/25 14:34:26 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Basil Beirouti\AppData\Roaming\Mozilla\Firefox\Profiles\ow73ldks.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/01 08:18:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Basil Beirouti\AppData\Roaming\Mozilla\Firefox\Profiles\ow73ldks.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}

O1 HOSTS File: ([2006/09/19 00:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\real\realplayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL ()
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.DLL ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Users\Basil Beirouti\Program Files (x86)\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [cdloader] C:\Users\Basil Beirouti\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKCU..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe File not found
O4 - HKCU..\Run: [la7nckruudn86] C:\Windows\SysWow64\la7nckruudn86.exe File not found
O4 - HKCU..\Run: [MsnMsgr] C:\Program Files (x86)\Windows Live\Messenger\MsnMsgr.Exe (Microsoft Corporation)
O4 - HKCU..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe File not found
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} https://h50203.www5....DataManager.CAB (Hewlett-Packard Online Support Services)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} https://wimpro.cce.h...ads/sysinfo.cab (SysData Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 95.172.193.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Basil Beirouti\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Users\Basil Beirouti\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/05/26 16:09:48 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O33 - MountPoints2\{4139b99f-4721-11de-adc4-001e68a26a3e}\Shell\Autoplay\Command - "" = F:\autorun.exe -- File not found
O33 - MountPoints2\{4139b99f-4721-11de-adc4-001e68a26a3e}\Shell\AutoRun\command - "" = F:\autorun.exe -- File not found
O33 - MountPoints2\{4139b99f-4721-11de-adc4-001e68a26a3e}\Shell\Explore\Command - "" = F:\autorun.exe -- File not found
O33 - MountPoints2\{4139b99f-4721-11de-adc4-001e68a26a3e}\Shell\Open\Command - "" = F:\autorun.exe -- File not found
O33 - MountPoints2\{4571754b-bc68-11dd-b2f9-001e68a26a3e}\Shell\AutoRun\command - "" = b.com
O33 - MountPoints2\{4571754b-bc68-11dd-b2f9-001e68a26a3e}\Shell\explore\Command - "" = b.com
O33 - MountPoints2\{4571754b-bc68-11dd-b2f9-001e68a26a3e}\Shell\open\Command - "" = b.com
O33 - MountPoints2\{46354b6a-881d-11de-b56f-001e68a26a3e}\Shell\AutoRun\command - "" = F:\autorun.exe -- File not found
O33 - MountPoints2\{46354b6a-881d-11de-b56f-001e68a26a3e}\Shell\phone\command - "" = F:\autorun.exe -- File not found
O33 - MountPoints2\{62cf0336-a5c0-11dd-a79f-001e68a26a3e}\Shell - "" = AutoRun
O33 - MountPoints2\{62cf0336-a5c0-11dd-a79f-001e68a26a3e}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{ed4eb9c7-0ed8-11df-aaf5-001e68a26a3e}\Shell\AutoRun\command - "" = WDSetup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs:64bit: Ias - C:\Windows\SysNative\ias [2008/01/21 06:06:38 | 000,000,000 | ---D | M]
NetSvcs:64bit: Irmon - C:\Windows\SysNative\irmon.dll ()
NetSvcs:64bit: Wmi - C:\Windows\SysNative\wmi.dll ()
NetSvcs: Ias - C:\WINDOWS\SysWOW64\ias [2008/01/21 06:08:35 | 000,000,000 | ---D | M]
NetSvcs: Wmi - C:\WINDOWS\SysWOW64\wmi.dll (Microsoft Corporation)

Drivers32:64bit: aux - C:\Windows\SysNative\wdmaud.drv ()
Drivers32:64bit: aux1 - C:\Windows\SysNative\wdmaud.drv ()
Drivers32:64bit: midi - C:\Windows\SysNative\wdmaud.drv ()
Drivers32:64bit: midi1 - C:\Windows\SysNative\wdmaud.drv ()
Drivers32:64bit: midi2 - C:\Windows\SysNative\wdmaud.drv ()
Drivers32:64bit: midi3 - C:\Windows\SysNative\wdmaud.drv ()
Drivers32:64bit: midimapper - C:\Windows\SysNative\midimap.dll ()
Drivers32:64bit: mixer - C:\Windows\SysNative\wdmaud.drv ()
Drivers32:64bit: mixer1 - C:\Windows\SysNative\wdmaud.drv ()
Drivers32:64bit: mixer2 - C:\Windows\SysNative\wdmaud.drv ()
Drivers32:64bit: mixer3 - C:\Windows\SysNative\wdmaud.drv ()
Drivers32:64bit: msacm.imaadpcm - C:\Windows\SysNative\imaadp32.acm ()
Drivers32:64bit: msacm.l3acm - C:\Windows\SysNative\l3codeca.acm ()
Drivers32:64bit: msacm.msadpcm - C:\Windows\SysNative\msadp32.acm ()
Drivers32:64bit: msacm.msg711 - C:\Windows\SysNative\msg711.acm ()
Drivers32:64bit: msacm.msgsm610 - C:\Windows\SysNative\msgsm32.acm ()
Drivers32:64bit: MSVideo8 - C:\Windows\SysNative\vfwwdm32.dll ()
Drivers32:64bit: vidc.i420 - C:\Windows\SysNative\iyuv_32.dll ()
Drivers32:64bit: VIDC.IYUV - C:\Windows\SysNative\iyuv_32.dll ()
Drivers32:64bit: vidc.mrle - C:\Windows\SysNative\msrle32.dll ()
Drivers32:64bit: vidc.msvc - C:\Windows\SysNative\msvidc32.dll ()
Drivers32:64bit: VIDC.UYVY - C:\Windows\SysNative\msyuv.dll ()
Drivers32:64bit: VIDC.YUY2 - C:\Windows\SysNative\msyuv.dll ()
Drivers32:64bit: VIDC.YVU9 - C:\Windows\SysNative\tsbyuv.dll ()
Drivers32:64bit: VIDC.YVYU - C:\Windows\SysNative\msyuv.dll ()
Drivers32:64bit: wave - C:\Windows\SysNative\wdmaud.drv ()
Drivers32:64bit: wave1 - C:\Windows\SysNative\wdmaud.drv ()
Drivers32:64bit: wave2 - C:\Windows\SysNative\wdmaud.drv ()
Drivers32:64bit: wave3 - C:\Windows\SysNative\wdmaud.drv ()
Drivers32:64bit: wavemapper - C:\Windows\SysNative\msacm32.drv ()
Drivers32: aux - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi3 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\SysWow64\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer3 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\Windows\SysWow64\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\Windows\SysWow64\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\SysWow64\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\SysWow64\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\Windows\SysWow64\sirenacm.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\SysWow64\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.iyuv - C:\Windows\SysWow64\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\SysWow64\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\SysWow64\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\Windows\SysWow64\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wave3 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\SysWow64\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2010/06/21 09:31:49 | 000,000,000 | -HSD | C] -- C:\found.001
[2010/06/21 00:49:06 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Users\Basil Beirouti\Desktop\OTL.exe
[2010/06/21 00:31:00 | 000,000,000 | -HSD | C] -- C:\found.002
[2010/06/19 13:33:00 | 000,000,000 | ---D | C] -- C:\Users\Basil Beirouti\AppData\Roaming\Malwarebytes
[2010/06/19 13:32:53 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/06/19 13:32:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/06/19 13:32:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/06/19 13:24:31 | 006,153,384 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Basil Beirouti\Desktop\blablabla.exe
[2010/06/19 13:23:56 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/06/19 13:21:23 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/06/19 13:21:00 | 000,000,000 | ---D | C] -- C:\ProgramData\SITEguard
[2010/06/19 13:19:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\iS3
[2010/06/19 13:19:28 | 000,000,000 | ---D | C] -- C:\ProgramData\STOPzilla!
[2010/06/19 12:54:37 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Basil Beirouti\Desktop\blablabla2.exe
[2010/06/19 08:11:40 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Users\Basil Beirouti\Desktop\TFC.exe
[2010/06/18 04:44:17 | 000,000,000 | -HSD | C] -- C:\found.000
[2010/06/10 15:44:56 | 000,833,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll
[2010/06/10 15:44:56 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2010/06/10 15:44:54 | 000,476,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2010/06/10 15:44:54 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2010/06/10 15:44:53 | 000,458,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010/06/10 15:44:53 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2010/06/10 15:44:53 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iedkcs32.dll
[2010/06/10 15:44:53 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2010/06/10 15:44:53 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010/06/10 15:44:53 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2010/06/10 15:44:52 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstime.dll
[2010/06/10 15:44:52 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieencode.dll
[2010/06/10 15:44:52 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsproxy.dll
[2010/06/10 05:55:57 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2010/06/10 05:55:57 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2010/06/10 05:50:38 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\asycfilt.dll
[2010/06/10 04:04:24 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2010/06/08 16:38:09 | 000,000,000 | ---D | C] -- C:\Users\Basil Beirouti\Documents\Basil's Files

========== Files - Modified Within 30 Days ==========

[2010/06/21 13:23:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/06/21 08:24:59 | 000,000,436 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{EB9C2E78-9E49-481D-97B5-440598385D6A}.job
[2010/06/21 08:22:49 | 005,505,024 | -HS- | M] () -- C:\Users\Basil Beirouti\NTUSER.DAT
[2010/06/21 08:05:22 | 000,071,470 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/06/21 08:05:03 | 000,001,231 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2010/06/21 08:04:40 | 000,071,470 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/06/21 08:04:38 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/06/21 08:01:24 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/06/21 08:01:24 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/06/21 08:01:18 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/06/21 08:00:29 | 000,524,288 | -HS- | M] () -- C:\Users\Basil Beirouti\NTUSER.DAT{28029397-7cb8-11df-baad-001e68a26a3e}.TMContainer00000000000000000001.regtrans-ms
[2010/06/21 08:00:29 | 000,065,536 | -HS- | M] () -- C:\Users\Basil Beirouti\NTUSER.DAT{28029397-7cb8-11df-baad-001e68a26a3e}.TM.blf
[2010/06/21 08:00:08 | 002,029,732 | -H-- | M] () -- C:\Users\Basil Beirouti\AppData\Local\IconCache.db
[2010/06/21 01:10:10 | 000,524,288 | -HS- | M] () -- C:\Users\Basil Beirouti\NTUSER.DAT{28029397-7cb8-11df-baad-001e68a26a3e}.TMContainer00000000000000000002.regtrans-ms
[2010/06/21 00:49:20 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\Basil Beirouti\Desktop\OTL.exe
[2010/06/20 23:46:44 | 038,398,782 | ---- | M] () -- C:\Users\Basil Beirouti\Desktop\6-19-2010.zip
[2010/06/20 23:32:02 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/06/20 15:41:28 | 000,284,915 | ---- | M] () -- C:\Users\Basil Beirouti\Desktop\gmer.zip
[2010/06/20 14:57:21 | 000,524,288 | -HS- | M] () -- C:\Users\Basil Beirouti\NTUSER.DAT{e1e02651-b5a5-11de-a261-001e68a26a3e}.TMContainer00000000000000000001.regtrans-ms
[2010/06/20 14:57:21 | 000,065,536 | -HS- | M] () -- C:\Users\Basil Beirouti\NTUSER.DAT{e1e02651-b5a5-11de-a261-001e68a26a3e}.TM.blf
[2010/06/19 21:15:18 | 000,107,008 | ---- | M] () -- C:\Users\Basil Beirouti\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/19 20:52:39 | 000,690,960 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/06/19 20:52:39 | 000,595,684 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/06/19 20:52:39 | 000,101,350 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/06/19 14:33:39 | 000,066,159 | ---- | M] () -- C:\Users\Basil Beirouti\Desktop\messi.jpg
[2010/06/19 14:28:11 | 001,048,576 | -HS- | M] () -- C:\Users\Basil Beirouti\NTUSER.DAT{e1e02650-b5a5-11de-a261-001e68a26a3e}.TxR.2.regtrans-ms
[2010/06/19 14:28:11 | 001,048,576 | -HS- | M] () -- C:\Users\Basil Beirouti\NTUSER.DAT{e1e02650-b5a5-11de-a261-001e68a26a3e}.TxR.1.regtrans-ms
[2010/06/19 14:28:11 | 001,048,576 | -HS- | M] () -- C:\Users\Basil Beirouti\NTUSER.DAT{e1e02650-b5a5-11de-a261-001e68a26a3e}.TxR.0.regtrans-ms
[2010/06/19 14:28:10 | 000,065,536 | -HS- | M] () -- C:\Users\Basil Beirouti\NTUSER.DAT{e1e02650-b5a5-11de-a261-001e68a26a3e}.TxR.blf
[2010/06/19 13:32:55 | 000,000,774 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/19 13:32:19 | 006,153,384 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Basil Beirouti\Desktop\blablabla.exe
[2010/06/19 13:23:16 | 000,000,670 | ---- | M] () -- C:\Users\Basil Beirouti\Desktop\ERUNT.lnk
[2010/06/19 13:23:11 | 000,005,904 | ---- | M] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg
[2010/06/19 12:56:38 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Basil Beirouti\Desktop\blablabla2.exe
[2010/06/19 08:11:56 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Users\Basil Beirouti\Desktop\TFC.exe
[2010/06/19 04:14:55 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2010/06/11 07:33:39 | 000,505,872 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/06/09 21:28:25 | 000,000,924 | ---- | M] () -- C:\Users\Basil Beirouti\Desktop\magicJack.lnk
[2010/06/08 15:48:05 | 000,001,773 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2010/06/08 15:48:05 | 000,001,771 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010/05/26 19:53:52 | 000,048,128 | ---- | M] () -- C:\Windows\SysNative\atmlib.dll
[2010/05/26 19:16:50 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2010/05/26 17:56:53 | 000,366,080 | ---- | M] () -- C:\Windows\SysNative\atmfd.dll
[2010/05/26 17:25:15 | 000,289,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll

========== Files Created - No Company Name ==========

[2010/06/21 01:08:08 | 000,524,288 | -HS- | C] () -- C:\Users\Basil Beirouti\NTUSER.DAT{28029397-7cb8-11df-baad-001e68a26a3e}.TMContainer00000000000000000002.regtrans-ms
[2010/06/21 01:08:08 | 000,524,288 | -HS- | C] () -- C:\Users\Basil Beirouti\NTUSER.DAT{28029397-7cb8-11df-baad-001e68a26a3e}.TMContainer00000000000000000001.regtrans-ms
[2010/06/21 01:08:08 | 000,065,536 | -HS- | C] () -- C:\Users\Basil Beirouti\NTUSER.DAT{28029397-7cb8-11df-baad-001e68a26a3e}.TM.blf
[2010/06/20 23:46:31 | 038,398,782 | ---- | C] () -- C:\Users\Basil Beirouti\Desktop\6-19-2010.zip
[2010/06/20 15:41:26 | 000,284,915 | ---- | C] () -- C:\Users\Basil Beirouti\Desktop\gmer.zip
[2010/06/19 14:33:36 | 000,066,159 | ---- | C] () -- C:\Users\Basil Beirouti\Desktop\messi.jpg
[2010/06/19 14:28:11 | 001,048,576 | -HS- | C] () -- C:\Users\Basil Beirouti\NTUSER.DAT{e1e02650-b5a5-11de-a261-001e68a26a3e}.TxR.2.regtrans-ms
[2010/06/19 14:28:11 | 001,048,576 | -HS- | C] () -- C:\Users\Basil Beirouti\NTUSER.DAT{e1e02650-b5a5-11de-a261-001e68a26a3e}.TxR.1.regtrans-ms
[2010/06/19 14:28:11 | 001,048,576 | -HS- | C] () -- C:\Users\Basil Beirouti\NTUSER.DAT{e1e02650-b5a5-11de-a261-001e68a26a3e}.TxR.0.regtrans-ms
[2010/06/19 14:28:10 | 000,065,536 | -HS- | C] () -- C:\Users\Basil Beirouti\NTUSER.DAT{e1e02650-b5a5-11de-a261-001e68a26a3e}.TxR.blf
[2010/06/19 13:32:55 | 000,000,774 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/19 13:32:51 | 000,024,664 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys
[2010/06/19 13:23:16 | 000,000,670 | ---- | C] () -- C:\Users\Basil Beirouti\Desktop\ERUNT.lnk
[2010/06/19 13:21:13 | 000,005,904 | ---- | C] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg
[2010/06/10 15:44:59 | 005,690,368 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll
[2010/06/10 15:44:58 | 007,006,208 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll
[2010/06/10 15:44:57 | 001,426,944 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll
[2010/06/10 15:44:56 | 001,032,704 | ---- | C] () -- C:\Windows\SysNative\wininet.dll
[2010/06/10 15:44:56 | 000,208,896 | ---- | C] () -- C:\Windows\SysNative\occache.dll
[2010/06/10 15:44:55 | 000,422,400 | ---- | C] () -- C:\Windows\SysNative\ieapfltr.dll
[2010/06/10 15:44:54 | 000,758,784 | ---- | C] () -- C:\Windows\SysNative\mshtmled.dll
[2010/06/10 15:44:54 | 000,580,608 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll
[2010/06/10 15:44:53 | 000,485,376 | ---- | C] () -- C:\Windows\SysNative\html.iec
[2010/06/10 15:44:53 | 000,480,256 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll
[2010/06/10 15:44:53 | 000,375,296 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll
[2010/06/10 15:44:53 | 000,267,776 | ---- | C] () -- C:\Windows\SysNative\ieaksie.dll
[2010/06/10 15:44:53 | 000,249,856 | ---- | C] () -- C:\Windows\SysNative\iepeers.dll
[2010/06/10 15:44:53 | 000,032,768 | ---- | C] () -- C:\Windows\SysNative\ieUnatt.exe
[2010/06/10 15:44:52 | 001,129,984 | ---- | C] () -- C:\Windows\SysNative\mstime.dll
[2010/06/10 15:44:52 | 000,086,528 | ---- | C] () -- C:\Windows\SysNative\ieencode.dll
[2010/06/10 15:44:52 | 000,032,256 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll
[2010/06/10 15:44:51 | 001,383,424 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb
[2010/06/10 05:55:58 | 000,366,080 | ---- | C] () -- C:\Windows\SysNative\atmfd.dll
[2010/06/10 05:55:57 | 000,048,128 | ---- | C] () -- C:\Windows\SysNative\atmlib.dll
[2010/06/10 05:50:38 | 000,084,480 | ---- | C] () -- C:\Windows\SysNative\asycfilt.dll
[2010/06/10 04:20:55 | 002,749,952 | ---- | C] () -- C:\Windows\SysNative\win32k.sys
[2010/06/10 04:04:24 | 001,570,816 | ---- | C] () -- C:\Windows\SysNative\quartz.dll
[2010/06/08 15:56:27 | 000,002,048 | ---- | C] () -- C:\Windows\SysNative\tzres.dll
[2009/03/27 00:33:30 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\NSREG.DLL
[2009/03/18 21:11:23 | 000,000,030 | ---- | C] () -- C:\Windows\EZSOLVE.INI
[2009/03/18 21:11:23 | 000,000,009 | ---- | C] () -- C:\Windows\MSE5E.INI
[2009/03/18 21:11:22 | 000,097,792 | ---- | C] () -- C:\Windows\SysWow64\Winsys.dll
[2009/03/18 21:11:22 | 000,000,195 | ---- | C] () -- C:\Windows\SysWow64\Ic.ini
[2008/10/26 01:33:53 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2008/01/21 05:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/21 05:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2008/01/15 01:47:06 | 000,099,712 | ---- | C] () -- C:\Windows\HPBroker.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2008/01/21 05:50:15 | 000,333,203 | RHS- | M] () -- C:\bootmgr
[2008/10/22 10:59:42 | 000,000,368 | -H-- | M] () -- C:\IPH.PH
[2006/12/02 09:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2007/08/30 00:47:44 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\npbittorrent.dll
[2010/06/21 13:23:25 | 310,657,023 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\user32.dll /md5 >
[2008/01/21 05:49:14 | 000,648,192 | ---- | M] (Microsoft Corporation) MD5=3D691030DBD3BD75DE1501BE54F0D425 -- C:\WINDOWS\SysWOW64\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/01/21 05:50:35 | 000,179,200 | ---- | M] (Microsoft Corporation) MD5=B304D47D5744BA20FCB99FB8B2C07B0B -- C:\WINDOWS\SysWOW64\ws2_32.dll
< End of report >

OTL extras:

OTL Extras logfile created on: 6/21/2010 1:24:47 PM - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Users\Basil Beirouti\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 85.00% Memory free
8.00 Gb Paging File | 8.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286.97 Gb Total Space | 75.34 Gb Free Space | 26.25% Space Free | Partition Type: NTFS
Drive D: | 11.12 Gb Total Space | 1.83 Gb Free Space | 16.50% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BASILBEIROUTI
Current User Name: Basil Beirouti
Logged in as Administrator.

Current Boot Mode: SafeMode
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l ()
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{057FAAA5-4FD3-45DF-A52A-FB2D0AAA3FCB}" = lport=138 | protocol=17 | dir=in | app=system |
"{05F60510-A296-4391-A0D1-B10A5C3564DC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{1271A7DE-1783-4059-A0EC-4B727AA5762A}" = rport=138 | protocol=17 | dir=out | app=system |
"{15BB9319-25C7-4073-A468-C1AEACD2F420}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{18B21A61-2622-4FC0-A6BB-1BDCE2D1564A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1ED9D36A-9B1D-4B13-B416-7D12F3BD3AD2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{288E876A-2C9F-478A-8A41-23843144C01C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{33F8A192-A42C-4F78-A855-DCB74D54E45A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3654F88D-9BFA-4DC7-B82C-0D78C8522190}" = lport=445 | protocol=6 | dir=in | app=system |
"{41D2F5FA-F583-444C-A345-63EDE52E28FF}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{44E9EC24-C8E8-487A-85B7-C824577E632B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{4EC45BAF-5E6A-4FEC-BA84-D22E4E2122B3}" = rport=10243 | protocol=6 | dir=out | app=system |
"{6358A42C-BC89-46A4-A7DD-7D7973BBAAE5}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{64A0ECAF-9E42-4AAF-870E-A0168CADF38B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{66E10191-2135-4579-A04B-C1C11E75C6CB}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{6E80E182-39E2-435D-863D-D2FB125AD322}" = rport=139 | protocol=6 | dir=out | app=system |
"{768D4A7E-5596-4BF3-A19A-89BED6BEC0B1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{774337C0-671F-43CE-856B-A344AA29865A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7DDA7631-B714-486E-9CEC-E713194C0F10}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{803EC333-9F27-4B07-A6B8-48FF0EBE054E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{88A2A3B4-8709-48E6-A24E-ADF97E3F97A6}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{90A9C113-999D-4B90-91C7-3CD0C7E88680}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{97F582AF-7681-49CC-9878-90C8D453AEC5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9D6DBAE4-5FF2-4B60-9315-30C332BA5895}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A4627BE1-DD63-448C-8CB9-B576D2488C45}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A76855E6-6FD2-45EA-93B2-E418A7013180}" = lport=2869 | protocol=6 | dir=in | app=system |
"{AA444E4D-B0E6-4E76-9D84-F0E4910FD9D8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AB65CC9A-852D-4945-BFEE-84EE06E0A626}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{ABA9787F-54A8-4605-B705-8C76E8157D77}" = rport=137 | protocol=17 | dir=out | app=system |
"{B043BEF8-2339-418D-BE13-7E3CA1B021EF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{B2A7925D-E19F-4933-9AD1-DF7184C57F67}" = rport=445 | protocol=6 | dir=out | app=system |
"{B602E37C-4931-4DFA-8582-5698E152CE59}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B7FB228A-76B2-44B8-88C6-D2D138B56B18}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BC6B8D51-E07D-418D-80DF-7A0BAC85132C}" = lport=137 | protocol=17 | dir=in | app=system |
"{C1302B01-E327-4642-9916-FC5D02EA9DA0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{C466537E-B49E-44AC-A380-8F2175A3CB48}" = lport=49158 | protocol=6 | dir=in | name=akamai netsession interface |
"{C920891F-8414-4EEE-B678-83B59625ACAC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CD5CE5CB-AEF9-42B3-BE5C-5B3EBD6EFC79}" = lport=49227 | protocol=6 | dir=in | name=akamai netsession interface |
"{DAC94DCC-8C20-4C9A-B110-47B8D6A27863}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{E4ED448D-CA3C-4AB1-99CA-422694F88509}" = lport=10243 | protocol=6 | dir=in | app=system |
"{F1AFF98A-D594-490E-8426-65575343C106}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F27D78F0-141E-40DC-9411-28C9164B789C}" = lport=139 | protocol=6 | dir=in | app=system |
"{F2E6BE52-5007-4BAD-8581-6E1B078F82B4}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01F4E093-B609-402E-B9DB-5DDD2A2F9266}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{031C9CED-091C-4540-8643-597018DFCD69}" = protocol=6 | dir=in | app=c:\program files\wolfram research\mathematica\7.0\mathkernel.exe |
"{06735CAD-442D-4E3B-8498-8A0A1C608489}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent_dna\dna.exe |
"{0C3D8895-45F4-4031-B541-277E05E739E1}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{0CE064B0-B34A-438F-9298-5453AC7B8F39}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe |
"{0DA0437A-DC09-4263-8CC3-AAF09BC134AF}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{11F5EC2F-4329-4DE0-86D7-CD44DBD97A93}" = protocol=17 | dir=in | app=c:\program files (x86)\firaxis games\sid meier's civilization 4\civilization4.exe |
"{12EA3D6E-E6E6-4489-8AC4-1BC517D2EFA0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{13BDC337-60A2-4E4F-8130-2E92ADDD65FD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1532AB0C-04FF-4BB5-AF65-2DFB16A3BA86}" = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{15B2728E-0B1A-431F-9949-BA42A3D1415F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe |
"{1D4D971B-BFBE-44D1-96D8-3751BAD340D2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1D76EB8C-A547-4F1C-9E01-EB1BC2A5F17A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{24F34E1C-BC92-46C8-8830-09D68A33BB70}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{264E3DFD-E8D4-474F-8061-CCA358C1E90C}" = protocol=1 | dir=out | [email protected],-28544 |
"{2D53F64F-E42D-42D3-A8F2-42F7A9528BF9}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe |
"{32ACC2C7-F4D8-4EEB-AEC9-C70A66332749}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{43298955-C09B-49E4-B6A9-EC93B340761C}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\prototype\prototypef.exe |
"{45DD81B1-6CF6-4F50-A249-65A149917D79}" = protocol=58 | dir=in | [email protected],-28545 |
"{45E63F67-81C9-498D-BF6D-B517EA13F4B1}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{51FB7E0D-237A-4A1C-9EE3-1AB0C89E129E}" = protocol=17 | dir=in | app=c:\program files\wolfram research\mathematica\7.0\mathematica.exe |
"{53F0A2D5-661E-4562-A391-3AB8DC6373A6}" = protocol=6 | dir=out | app=system |
"{54E1AB30-154E-4DB4-8B25-E80F25A8BF3A}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{624B5C22-DD3A-4344-B002-DA074097ADAA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe |
"{663DDE16-0D60-4F84-A699-6C4D6B37F3EE}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6A428DCA-CF72-457E-AC43-614F3B09563A}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\prototype\prototypef.exe |
"{6AED4C38-F77B-4156-8DBD-CBF94F39BB28}" = dir=in | app=c:\program files (x86)\hp\quickplay\qp.exe |
"{6D3CC809-B6EF-4AA8-9625-40204ED7120A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6F7EDA50-B600-4B2D-88BD-8C867F11FE7E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{77204920-DAA4-400F-8A02-D71360B8E28F}" = protocol=6 | dir=in | app=c:\program files\wolfram research\mathematica\7.0\mathematica.exe |
"{7B4B6AD5-2BD5-4EBF-A46A-8746FC491118}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{819C2E24-76B1-4099-9233-FAFBEA8FAE35}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe |
"{8B06C066-DDED-4FEB-90BD-3F76B4E1DF88}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{8BC11314-7887-4E7F-ADFE-315ACCF8697D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8D015FE0-C68B-45C0-A5CF-B99C862EC1FC}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{8DD998E7-C597-46D6-B322-2E31A3E48E72}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{975EF47F-1EA0-4E1F-9626-8EE6A8E5A7EF}" = protocol=17 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{989E56E9-B4CD-4229-9E49-F28351351F68}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{9E8E7856-6718-4669-8CF6-B3B5AA74A6CA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A12C5566-AE5C-4369-8A0B-335218307F3E}" = protocol=6 | dir=in | app=c:\program files\wolfram research\mathematica\7.0\math.exe |
"{ABB589CD-21BD-4462-8652-1346D9DDF722}" = protocol=17 | dir=in | app=c:\program files\wolfram research\mathematica\7.0\mathkernel.exe |
"{AD0E3633-F70E-4028-ACDF-6B0220F1DC4A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AEE648E3-4B92-4F2A-ADA0-2812FAAC0922}" = protocol=6 | dir=in | app=c:\program files (x86)\firaxis games\sid meier's civilization 4\civilization4.exe |
"{B1414930-C8B1-40A0-BCC0-FA9250C30F11}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\red alert 3\ra3.exe |
"{B5480A96-8494-4640-93D9-FE816EB6746D}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B68FD785-DAA6-4AED-80F9-A2BC93480063}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{B9F86038-D70D-4A98-B957-094666E4CEF4}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent_dna\dna.exe |
"{BB28CA12-4607-4C39-9F56-1442AAFCE0E3}" = protocol=6 | dir=in | app=c:\program files (x86)\firaxis games\sid meier's civilization 4\civilization4.exe |
"{C1FBFCC5-4D8A-4857-87AB-AE6ABD8F0A83}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{C73D81BA-A7A3-419F-918A-460C21BF7195}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{C7A7BFD1-F316-46B8-94A0-9744F724F2F5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C7DE6782-7E3E-406E-A1BF-CDEF28870E7A}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{CB6F3177-0443-4A3F-9456-7AD732F03ACD}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe |
"{CF0939F8-8E25-4798-BB73-7210215C42FF}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{CF5AE70A-226A-428B-B41A-ACB1308AFC6B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe |
"{D1320B38-53CB-45E2-9C0B-8A719EEE3D5E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{D3B3CA0D-4C05-4C70-81EA-EA9D1AF81522}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D46965C1-48F6-4EA4-BD1A-22666168F59C}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{D91ACB0F-7973-4634-8538-4AA14A6E286E}" = protocol=17 | dir=in | app=c:\program files\wolfram research\mathematica\7.0\math.exe |
"{D91C00E0-69DD-4FBB-B054-86CAC052991B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D977792A-B74A-41C6-821E-D9A32C600E21}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{E39C7A38-DA8F-4B0D-B70F-B7DD598B5514}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{E3E9B5E6-5106-43A5-8F77-41C16B221C81}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{E4C89489-4B02-4296-8CC5-17B1C61EBBE0}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{E52070C7-FD74-4C64-B808-75DD36CEB491}" = dir=in | app=c:\program files (x86)\hp\quickplay\qpservice.exe |
"{E7594096-FD07-48E1-8B7D-70DEB6BF37D6}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{E8336FD0-040F-4877-8EA9-D2D9DB7210C0}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe |
"{E94CCDDC-8937-4AF7-891A-5D1435FAE126}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EBA2EBD8-CA2E-4AC0-9462-F54394C17BAD}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EE5E6F4C-B74A-4CA6-8B45-9E849BA2FB53}" = protocol=58 | dir=out | [email protected],-28546 |
"{F07DB27B-50E8-46B3-8842-E30091056D34}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{F48B70F8-8802-4721-9B3B-BEFCD52F6FFD}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\red alert 3\ra3.exe |
"{F90016E5-DEA1-41A5-97E6-342788DD57C3}" = protocol=17 | dir=in | app=c:\program files (x86)\firaxis games\sid meier's civilization 4\civilization4.exe |
"{FC5240FA-FB38-4C9E-A785-D62F0C76D234}" = protocol=1 | dir=in | [email protected],-28543 |
"TCP Query User{131F1C0B-CE82-47AD-965D-69BAAC374B3C}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{1D11F834-94E3-4316-8085-B6F100A6AD33}C:\program files (x86)\deusty\mojo\mojo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\deusty\mojo\mojo.exe |
"TCP Query User{1D9C12C9-A309-40C9-928B-B0122C5D732F}C:\users\basil beirouti\program files (x86)\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\basil beirouti\program files (x86)\dna\btdna.exe |
"TCP Query User{55EB87CB-FF0F-4C07-8637-1D95B042A51F}C:\users\basil beirouti\appdata\roaming\mjusbsp\magicjack.exe" = protocol=6 | dir=in | app=c:\users\basil beirouti\appdata\roaming\mjusbsp\magicjack.exe |
"TCP Query User{72CC6EA3-825A-4491-AB1C-DBB63D6AC699}C:\program files (x86)\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"TCP Query User{78697AE0-1776-4E10-923F-82711630393B}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{878BAC6A-3473-4DA0-9420-42CC98BDD930}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{92B7FB01-6059-4F7C-B8B9-6BB2420D1C9A}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{93BA4BA8-ED4E-4B41-A0A3-098044143AB0}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{AD4E596E-C438-4CB7-A6EF-805232A060F8}C:\users\basil beirouti\program files (x86)\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\users\basil beirouti\program files (x86)\bittorrent\bittorrent.exe |
"TCP Query User{B0DC26E4-8A91-4D61-92D5-597BC58D026A}C:\program files (x86)\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"TCP Query User{B4F6DFD9-D5D1-4FB2-ABCC-115B23584A8B}C:\program files\imagej\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\imagej\jre\bin\javaw.exe |
"TCP Query User{BD83F767-7680-4793-A953-CD22D2611595}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"TCP Query User{C8BAF37D-35CB-4D09-9227-4E02F25C4F66}C:\users\basil beirouti\program files (x86)\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\users\basil beirouti\program files (x86)\bittorrent\bittorrent.exe |
"TCP Query User{D545BBDB-695A-4CCD-8C7B-013A83ACCE7A}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{D8A82CA5-CB97-4A89-99DE-2155F6D89E3F}C:\program files (x86)\electronic arts\red alert 3\data\ra3_1.4.game" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\red alert 3\data\ra3_1.4.game |
"TCP Query User{E9F6D28F-27CC-44F0-A513-041A89999C36}C:\imagej\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\imagej\jre\bin\javaw.exe |
"TCP Query User{EB1DDFFA-036A-4635-8C55-A02380F832E2}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"TCP Query User{EF39CAA7-9F2A-4F95-9DEF-11598071F2DA}C:\users\basil beirouti\appdata\roaming\mjusbsp\magicjack.exe" = protocol=6 | dir=in | app=c:\users\basil beirouti\appdata\roaming\mjusbsp\magicjack.exe |
"TCP Query User{EF4FF778-8A67-4A64-8515-75731EC652EE}C:\program files (x86)\deusty\mojo\mojo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\deusty\mojo\mojo.exe |
"TCP Query User{F92E1551-7E4B-4B9B-B788-D67AC711940D}C:\users\basil beirouti\program files (x86)\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\basil beirouti\program files (x86)\dna\btdna.exe |
"TCP Query User{F9CB1BF3-0900-4217-96F1-726565C290E0}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{0B1CCE67-60EC-4D06-9668-1A34ECF5E230}C:\users\basil beirouti\program files (x86)\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\basil beirouti\program files (x86)\dna\btdna.exe |
"UDP Query User{0D05388D-07E7-4F1C-BC37-EEB1FF306511}C:\users\basil beirouti\program files (x86)\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\basil beirouti\program files (x86)\dna\btdna.exe |
"UDP Query User{11366448-F0D9-411E-933E-06BA29B1766E}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{1E80F437-76A6-4F3B-97EE-E9483D3ADC98}C:\users\basil beirouti\appdata\roaming\mjusbsp\magicjack.exe" = protocol=17 | dir=in | app=c:\users\basil beirouti\appdata\roaming\mjusbsp\magicjack.exe |
"UDP Query User{34AB5C75-D3EC-49F2-A5B3-FA5696030696}C:\program files (x86)\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"UDP Query User{3A33B6CB-9B29-4C39-9C7C-DB36AD0E2A7A}C:\users\basil beirouti\program files (x86)\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\users\basil beirouti\program files (x86)\bittorrent\bittorrent.exe |
"UDP Query User{4D657B7A-C141-487D-B293-F78C12B57D2A}C:\program files (x86)\deusty\mojo\mojo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\deusty\mojo\mojo.exe |
"UDP Query User{54075BB6-FDB3-4992-99EA-8DBE1EA26AF7}C:\program files (x86)\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"UDP Query User{5D66F354-B8B9-49BB-B4E9-B6AFDB6717E3}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{6262FAF8-BB4C-4568-B31C-9B3BBF4E731C}C:\users\basil beirouti\appdata\roaming\mjusbsp\magicjack.exe" = protocol=17 | dir=in | app=c:\users\basil beirouti\appdata\roaming\mjusbsp\magicjack.exe |
"UDP Query User{63295AAB-B021-43DC-879E-69CCD854DC6B}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{66D99CE1-BF6F-467F-AB26-25FE0FD5CD8C}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{6ED3ABA5-7282-456E-A950-1DE4629E23B8}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"UDP Query User{8C21A384-4651-40AA-AE29-117CAEAA63EF}C:\program files (x86)\deusty\mojo\mojo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\deusty\mojo\mojo.exe |
"UDP Query User{95B4DE2A-FC3C-40A1-B0D7-DDD6B978F905}C:\program files\imagej\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\imagej\jre\bin\javaw.exe |
"UDP Query User{98764FF2-5078-4C69-8922-80F4F2D0F72B}C:\program files (x86)\electronic arts\red alert 3\data\ra3_1.4.game" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\red alert 3\data\ra3_1.4.game |
"UDP Query User{9D5404BA-2CF5-4BE1-BA9D-36C812D46194}C:\users\basil beirouti\program files (x86)\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\users\basil beirouti\program files (x86)\bittorrent\bittorrent.exe |
"UDP Query User{A3900013-0A23-46D5-AD9F-2CF8978B68F2}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{BEAA4A76-61D6-4017-AED7-F8CDD4C93B4B}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{D5F81D40-E399-4A03-83D4-F129362DCD55}C:\program files\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"UDP Query User{D62225E0-1CCE-4D82-BD84-51FF29BE352D}C:\imagej\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\imagej\jre\bin\javaw.exe |
"UDP Query User{D73C0CDF-0EEC-490E-B33A-69E9BE1B029A}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1AD2F8FE-A357-4728-BDF8-B92D794CE793}" = HP QuickTouch 1.00 D2
"{2F97CE84-9C33-4631-821B-85EA371EA254}" = ProtectSmart Hard Drive Protection
"{5783F2D7-8001-0409-0102-0060B0CE6BBA}" = AutoCAD 2010 - English
"{5783F2D7-8001-0409-1102-0060B0CE6BBA}" = AutoCAD 2010 Language Pack - English
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9EFC40E3-5F31-4F75-8445-286273F74D8E}" = Apple Mobile Device Support
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B812FCC0-6192-4BFA-A9C6-1E8578F255DA}" = iTunes
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"AutoCAD 2010 - English" = AutoCAD 2010 - English
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"MatlabR2008b" = MATLAB R2008b
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"M-WIN-L 7.0.1 1213965_is1" = Wolfram Mathematica 7 (M-WIN-L 7.0.1 1213965)
"NVIDIA Drivers" = NVIDIA Drivers
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{06E74B9B-631F-4378-BF3A-40D868450C05}" = HPPhotoSmartPhotobookHolidayPack1
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{172AEB5E-CBB2-4CDD-A4CF-388600825839}" = HPPhotoSmartPhotobookPlayfulPack1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24A55F97-AA44-4EDB-BEA1-CD51441B2AD4}" = Mojo
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 20
"{31216452-5540-4C96-B754-94890A63D5AB}" = HP Help and Support
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 D1
"{35F83303-C0C0-46B7-B8A8-ADA7C2AC5645}" = muvee autoProducer 6.1
"{38EAC694-0D90-445F-8C17-8B50ADFE3162}" = Slingbox Flash Tour
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45A136EC-88BF-4B95-99F5-C45D3930E1CC}" = HP MULTIPLE MODEM INSTALLER for VISTA
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.7
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{55D9E026-DCB0-46FF-B60A-68B972228CF6}" = Autodesk Design Review 2010
"{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}" = HP Active Support Library
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89E052B2-5CA5-4B7A-AF0C-28CA2836B030}" = HPPhotoSmartPhotobookModernPack1
"{8C0DF485-DB3E-453C-BFB3-4C47E636ECF9}" = Serif WebPlus 10
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype™
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{98736A65-3C79-49EC-B7E9-A3C77774B0E6}" = Google SketchUp 6
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{A5CE7175-080D-49AC-B5A3-E7E3502428F5}" = HP Wireless Assistant
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A869A1DA-9571-4287-B170-4A7246994C84}" = Serif WebPlus 10 Resources
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AC95121F-1576-45B8-82F7-3911D27882E6}" = HPPhotoSmartPhotobookScrapbookPack1
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}" = Google SketchUp 6
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{B6C2569C-E2AA-4AB9-8C26-AC2487A2BFFC}" = Sid Meier's Civilization 4
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}" = HP Customer Experience Enhancements
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{f32502b5-5b64-4882-bf61-77f23edcac4f}" = HP Total Care Advisor
"{F48098CD-2D66-4861-85EC-DC1D4D09D5F9}" = HP User Guides 0102
"{F636EE9A-F9EC-4606-BCFA-77DD0E210788}" = HPPhotoSmartDiscLabel_Tattoo
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{FA3B34BE-4246-4062-90A3-34CBBEA12B72}" = HPTCSSetup
"{FB9607C0-17B8-42B8-BB99-A1C9F7038363}" = Wolfram Notebook Indexer 2.0
"7-Zip" = 7-Zip 4.57
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Akamai" = Akamai NetSession Interface
"Autodesk Design Review 2010" = Autodesk Design Review 2010
"avast5" = avast! Free Antivirus
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BrainWave Generator" = BrainWave Generator
"ERUNT_is1" = ERUNT 1.1j
"Guitar Pro 5_is1" = Guitar Pro 5.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype™
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"LimeWire" = LimeWire 5.4.6
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox (3.5)" = Mozilla Firefox (3.5)
"PokerStars" = PokerStars
"RealPlayer 12.0" = RealPlayer
"Skype_is1" = Skype 2.5
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6
"Total Video Player 1.03_is1" = Total Video Player 1.03
"ViewpointMediaPlayer" = Viewpoint Media Player
"WCIF ImageJ_is1" = Uninstall_ImageJ
"WildTangent hp Master Uninstall" = My HP Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"Xfire" = Xfire (remove only)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/12/2009 2:11:13 AM | Computer Name = BasilBeirouti | Source = Application Error | ID = 1000
Description = Faulting application AcroRd32.exe, version 8.1.0.137, time stamp 0x46444e37,
faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code
0xc0000005, fault offset 0x3030302e, process id 0x1054, application start time 0x01ca635eeec07778.

Error - 11/12/2009 2:11:15 AM | Computer Name = BasilBeirouti | Source = Application Error | ID = 1000
Description = Faulting application AcroRd32.exe, version 8.1.0.137, time stamp 0x46444e37,
faulting module MSVCR80.dll, version 8.0.50727.3053, time stamp 0x4889d619, exception
code 0xc0000005, fault offset 0x00014a7f, process id 0x1054, application start time
0x01ca635eeec07778.

Error - 11/12/2009 11:49:27 PM | Computer Name = BasilBeirouti | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 11/12/2009 11:49:28 PM | Computer Name = BasilBeirouti | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 11/13/2009 5:12:49 AM | Computer Name = BasilBeirouti | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 11/13/2009 5:12:49 AM | Computer Name = BasilBeirouti | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 11/13/2009 5:27:41 PM | Computer Name = BasilBeirouti | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 11/15/2009 1:15:10 AM | Computer Name = BasilBeirouti | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 11/15/2009 1:15:10 AM | Computer Name = BasilBeirouti | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 11/16/2009 3:19:10 AM | Computer Name = BasilBeirouti | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

[ Media Center Events ]
Error - 1/29/2009 12:40:43 AM | Computer Name = BasilBeirouti | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 3/17/2009 11:36:13 PM | Computer Name = BasilBeirouti | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ OSession Events ]
Error - 11/13/2008 8:50:31 PM | Computer Name = BasilBeirouti | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6308.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 4160
seconds with 120 seconds of active time. This session ended with a crash.

Error - 11/13/2008 8:51:28 PM | Computer Name = BasilBeirouti | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6308.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 43
seconds with 0 seconds of active time. This session ended with a crash.

Error - 11/13/2008 8:51:38 PM | Computer Name = BasilBeirouti | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6308.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 4
seconds with 0 seconds of active time. This session ended with a crash.

Error - 11/13/2008 8:52:16 PM | Computer Name = BasilBeirouti | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6308.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 33
seconds with 0 seconds of active time. This session ended with a crash.

Error - 12/6/2008 4:58:50 AM | Computer Name = BasilBeirouti | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6324.5001, Microsoft Office Version: 12.0.6215.1000. This session lasted 6800
seconds with 5940 seconds of active time. This session ended with a crash.


========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

Also, when I opened my computer in safe mode once, it kept telling me windows explorer has caused an error and then windows explorer is restarting whenever I pressed the start menu. I don't know if that helps. I also still don't know if it's a hardware or software problem hopefully it's a software one. It's getting bad though I had to prepare this post in safe mode and save it on a notepad, then copy it here in regular mode because I couldn't keep the computer from crashing long enough to write this. Please let me know if you need any other information I will be checking this very often.

Thanks a lot guys.
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,147 posts
  • MVP
Uninstall:
Java™ 6 Update 5
Java™ 6 Update 7
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"LimeWire" = LimeWire 5.4.6
"McAfee Security Scan" = McAfee Security Scan Plus
BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2

The Java versions are obsolete. One anti-virus is all we want. P2P programs (Limewire, BitTorrent, DNA) are dangerous and we don't need them right now. Adobe reader is not working correctly.

You do have traces of an infection.
O4 - HKCU..\Run: [la7nckruudn86] C:\Windows\SysWow64\la7nckruudn86.exe File not found
O33 - MountPoints2\{4571754b-bc68-11dd-b2f9-001e68a26a3e}\Shell\AutoRun\command - "" = b.com which might be from an infected USB drive.

install AutoRun Eater v2.4
http://oldmcdonald.w...orun-eater-v24/

It will stay resident and prevent USB drives from infecting your PC.

Your profile says you are US but the DNS server is located in Jordan. Which is correct?



I also see a few Disk Check folders so your hard drive has had problems. Let's check it again.

1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.


Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Select Windows Logs then right click on System and Clear Log, No (we don't want to save the old log), OK. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.

Restart now. It will take about an hour or so to check your hard drive. Once it boots back up do:

Start, Programs, Accessories, then right click on Command Prompt and Run As Administrator. Type:

sfc /scannow

SPACE after sfc. This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.

sigverif

Press Start. This will check your drivers. If you just get a few when it finishes tell me what they are. If you get a lot just look for those with newish dates (since about the time the problem started.)






Copy the text in the code box by highlighting and Ctrl + c

:OTL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKCU..\Run: [BitTorrent DNA] C:\Users\Basil Beirouti\Program Files (x86)\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe File not found
O4 - HKCU..\Run: [la7nckruudn86] C:\Windows\SysWow64\la7nckruudn86.exe File not found
O4 - HKCU..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Users\Basil Beirouti\Program Files (x86)\DNA\btdna.exe (BitTorrent, Inc.)

O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O33 - MountPoints2\{4139b99f-4721-11de-adc4-001e68a26a3e}\Shell\Autoplay\Command - "" = F:\autorun.exe -- File not found
O33 - MountPoints2\{4139b99f-4721-11de-adc4-001e68a26a3e}\Shell\AutoRun\command - "" = F:\autorun.exe -- File not found
O33 - MountPoints2\{4139b99f-4721-11de-adc4-001e68a26a3e}\Shell\Explore\Command - "" = F:\autorun.exe -- File not found
O33 - MountPoints2\{4139b99f-4721-11de-adc4-001e68a26a3e}\Shell\Open\Command - "" = F:\autorun.exe -- File not found
O33 - MountPoints2\{4571754b-bc68-11dd-b2f9-001e68a26a3e}\Shell\AutoRun\command - "" = b.com
O33 - MountPoints2\{4571754b-bc68-11dd-b2f9-001e68a26a3e}\Shell\explore\Command - "" = b.com
O33 - MountPoints2\{4571754b-bc68-11dd-b2f9-001e68a26a3e}\Shell\open\Command - "" = b.com
O33 - MountPoints2\{46354b6a-881d-11de-b56f-001e68a26a3e}\Shell\AutoRun\command - "" = F:\autorun.exe -- File not found
O33 - MountPoints2\{46354b6a-881d-11de-b56f-001e68a26a3e}\Shell\phone\command - "" = F:\autorun.exe -- File not found
O33 - MountPoints2\{62cf0336-a5c0-11dd-a79f-001e68a26a3e}\Shell - "" = AutoRun
O33 - MountPoints2\{62cf0336-a5c0-11dd-a79f-001e68a26a3e}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found

:Files
C:\Windows\SysWow64\la7nckruudn86.exe

	  
:Commands
[purity]
[emptytemp]
[Reboot]
then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done.

Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.


Get SIW

http://www.snapfiles.com/get/siw.html

Run it and under Hardware look for Sensors. Click on Sensors and look in the right pane there should be some temperature readings. What are they? Watch your video for a little bit then look again. Are the temps going up?

Use IE or Firefox and go to http://eset.com/onlinescan and click on ESET online Scanner. Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).

# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.

Also do the BitDefender scan

http://www.bitdefend...nline/free.html

If windows blocks the active x then try putting Bitdefender in your trusted sites: In IE, Tool, Internet Options, Security, Trusted Sites, Sites. Then uncheck the HTTPS box and put in *.bitdefender.com then ADD. OK.



Ron
  • 0

#3
beirouti

beirouti

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
I put my location as United States because I go to University there I am only in Jordan for the

summer, so right now I am in Jordan but it's only temporary. I guess I should have made that

clear.

For sigverif, they were all in this folder: C:\windows\nvtmpinst, and they were about 100 files.

Date modified is listed as unkown, but almost all are CHM files except for one CPL, one exe, 2

dll. I couldn't copy the file names on here.

Here is the OTL quick scan log after I ran a custom fix with the code you provided:

OTL logfile created on: 6/23/2010 1:46:26 PM - Run 2
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Users\Basil Beirouti\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type =

NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 62.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286.97 Gb Total Space | 73.33 Gb Free Space | 25.55% Space Free | Partition Type: NTFS
Drive D: | 11.12 Gb Total Space | 1.83 Gb Free Space | 16.50% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BASILBEIROUTI
Current User Name: Basil Beirouti
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/06/21 00:49:20 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\Basil

Beirouti\Desktop\OTL.exe
PRC - [2010/05/06 23:59:42 | 002,815,192 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil

Software\Avast5\AvastUI.exe
PRC - [2010/05/06 23:59:38 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil

Software\Avast5\AvastSvc.exe
PRC - [2010/05/06 19:09:06 | 000,415,638 | ---- | M] (Old McDonald's Farm) -- C:\Program

Files\Autorun Eater\billy.exe
PRC - [2010/05/06 18:59:36 | 000,516,216 | ---- | M] (Old McDonald's Farm) -- C:\Program

Files\Autorun Eater\oldmcdonald.exe
PRC - [2009/12/09 19:33:57 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files

(x86)\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/07/27 01:44:34 | 003,883,856 | ---- | M] (Microsoft Corporation) -- C:\Program Files

(x86)\Windows Live\Messenger\msnmsgr.exe
PRC - [2009/06/24 16:25:56 | 000,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program

Files\Mozilla Firefox\firefox.exe
PRC - [2008/04/16 03:54:42 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files

(x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/04/16 03:54:40 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files

(x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/03/27 01:26:56 | 000,341,328 | ---- | M] () -- C:\WINDOWS\SMINST\BLService.exe
PRC - [2007/01/05 00:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files

(x86)\Viewpoint\Common\ViewpointService.exe


========== Modules (SafeList) ==========

MOD - [2010/06/21 00:49:20 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\Basil

Beirouti\Desktop\OTL.exe
MOD - [2008/01/21 05:50:03 | 000,450,048 | ---- | M] (Microsoft Corporation) --

C:\WINDOWS\SysWOW64\comdlg32.dll
MOD - [2008/01/21 05:50:01 | 000,110,592 | ---- | M] (Microsoft Corporation) --

C:\WINDOWS\SysWOW64\msscript.ocx
MOD - [2008/01/21 05:48:06 | 001,684,480 | ---- | M] (Microsoft Corporation) --

C:\WINDOWS\winsxs\x86_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/05/06 23:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand |

Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV:64bit: - [2010/05/06 23:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand |

Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV:64bit: - [2010/05/06 23:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [Auto |

Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2009/05/26 17:28:22 | 001,030,600 | ---- | M] (Macrovision Europe Ltd.)

[On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet

Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2008/09/11 19:53:00 | 000,279,040 | ---- | M] () [Auto | Running] --

C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_bd5387da\STacSV64.exe -- (STacSV)
SRV:64bit: - [2008/06/27 23:53:06 | 000,089,088 | ---- | M] () [Auto | Running] --

C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_bd5387da\AESTSr64.exe --

(AESTFilters)
SRV:64bit: - [2008/03/19 02:25:40 | 000,023,040 | ---- | M] () [Auto | Running] --

C:\Windows\SysNative\Hpservice.exe -- (hpsrv)
SRV:64bit: - [2008/01/21 05:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto

| Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/12/11 22:11:30 | 000,015,872 | ---- | M] () [Auto | Running] --

C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio)
SRV - [2010/05/12 03:08:52 | 002,478,640 | ---- | M] () [Auto | Running] -- c:\Program Files

(x86)\Common Files\Akamai\rswin_3697.dll -- (Akamai)
SRV - [2008/07/27 21:01:49 | 000,093,184 | ---- | M] (Microsoft Corporation) [On_Demand |

Stopped] -- C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe --

(clr_optimization_v2.0.50727_64)
SRV - [2008/04/16 03:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] --

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2008/03/27 01:26:56 | 000,341,328 | ---- | M] () [Auto | Running] --

C:\WINDOWS\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2007/01/05 00:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] --

C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/11/02 16:34:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\WINDOWS\SysWOW64

\Msdtc -- (MSDTC)
SRV - [2006/11/02 09:35:15 | 000,060,994 | ---- | M] () [On_Demand | Stopped] --

C:\WINDOWS\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2006/11/02 09:35:15 | 000,055,846 | ---- | M] () [On_Demand | Stopped] --

C:\WINDOWS\SysWOW64\wbem\vss.mof -- (VSS)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/05/06 23:39:27 | 000,051,280 | ---- | M] () [Kernel | System | Running]

-- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2010/05/06 23:39:06 | 000,121,936 | ---- | M] () [Kernel | System | Running]

-- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2010/05/06 23:34:30 | 000,028,752 | ---- | M] () [Kernel | System | Running]

-- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2010/05/06 23:34:14 | 000,063,568 | ---- | M] () [File_System | Auto |

Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2010/05/06 23:33:50 | 000,022,096 | ---- | M] () [File_System | Auto |

Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2009/08/29 04:42:52 | 000,049,152 | ---- | M] () [Kernel | On_Demand |

Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/05/18 23:17:08 | 000,034,152 | ---- | M] () [Kernel | On_Demand |

Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/09/11 19:54:44 | 000,465,408 | ---- | M] () [Kernel | On_Demand |

Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2008/05/23 06:29:00 | 000,054,816 | ---- | M] () [Kernel | On_Demand |

Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2008/04/28 09:38:12 | 004,730,368 | ---- | M] () [Kernel | On_Demand |

Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64) Intel®
DRV:64bit: - [2008/04/16 03:54:16 | 000,388,120 | ---- | M] () [Kernel | Boot | Running]

-- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:64bit: - [2008/04/15 13:05:42 | 000,161,792 | ---- | M] () [Kernel | On_Demand |

Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/04/01 14:13:34 | 000,120,720 | ---- | M] () [Kernel | On_Demand |

Running] -- C:\Windows\SysNative\DRIVERS\jmcr.sys -- (JMCR)
DRV:64bit: - [2008/03/27 22:10:56 | 000,026,984 | ---- | M] () [Kernel | Boot | Running]

-- C:\Windows\SysNative\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2008/03/27 22:10:14 | 000,040,296 | ---- | M] () [Kernel | On_Demand |

Running] -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2008/03/01 01:59:32 | 001,252,352 | ---- | M] () [Kernel | On_Demand |

Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2008/01/24 16:24:24 | 000,060,928 | ---- | M] () [Kernel | On_Demand |

Running] -- C:\Windows\SysNative\DRIVERS\enecir.sys -- (enecir)
DRV:64bit: - [2008/01/21 05:47:28 | 000,046,080 | ---- | M] () [Kernel | On_Demand |

Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008/01/21 05:47:27 | 000,168,704 | ---- | M] () [Kernel | On_Demand |

Running] -- C:\Windows\SysNative\Drivers\usbvideo.sys -- (usbvideo) USB Video Device (WDM)
DRV:64bit: - [2008/01/21 05:47:04 | 000,098,816 | ---- | M] () [Kernel | On_Demand |

Stopped] -- C:\Windows\SysNative\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV:64bit: - [2008/01/21 05:46:57 | 001,523,712 | ---- | M] () [Kernel | On_Demand |

Stopped] -- C:\Windows\SysNative\DRIVERS\VSTDPV6.SYS -- (HSF_DPV)
DRV:64bit: - [2008/01/21 05:46:57 | 000,724,480 | ---- | M] () [Kernel | On_Demand |

Stopped] -- C:\Windows\SysNative\DRIVERS\VSTCNXT6.SYS -- (winachsf)
DRV:64bit: - [2008/01/21 05:46:57 | 000,286,720 | ---- | M] () [Kernel | On_Demand |

Stopped] -- C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS -- (HSFHWAZL)
DRV:64bit: - [2008/01/21 05:46:55 | 000,111,104 | ---- | M] () [Kernel | On_Demand |

Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2008/01/21 05:46:51 | 000,017,792 | ---- | M] () [Kernel | On_Demand |

Running] -- C:\Windows\SysNative\DRIVERS\CmBatt.sys -- (CmBatt)
DRV:64bit: - [2008/01/18 14:31:30 | 000,320,560 | ---- | M] () [Kernel | On_Demand |

Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2007/07/11 20:30:34 | 000,009,088 | ---- | M] () [Kernel | On_Demand |

Running] -- C:\Windows\SysNative\DRIVERS\HpqRemHid.sys -- (HpqRemHid)
DRV:64bit: - [2007/06/19 03:13:12 | 000,018,432 | ---- | M] () [Kernel | On_Demand |

Running] -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2006/11/02 08:28:10 | 000,273,920 | ---- | M] () [Kernel | On_Demand |

Stopped] -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService)
DRV:64bit: - [2006/10/10 05:09:03 | 000,742,696 | ---- | M] () [Kernel | On_Demand |

Stopped] -- C:\Windows\SysNative\DRIVERS\nvm60x64.sys -- (NVENETFD)
DRV:64bit: - [2006/10/07 05:13:22 | 000,550,912 | ---- | M] () [Kernel | On_Demand |

Stopped] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XV)
DRV - [2008/04/24 09:50:54 | 000,032,240 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running]

-- C:\Program Files (x86)\HP\QuickPlay\000.fcl -- ({22D78859-9CE9-4B77-BF18-AC83E81A9263})
DRV - [2006/09/19 00:36:40 | 000,003,066 | ---- | M] () [Kernel | Boot | Running] --

C:\WINDOWS\SysWOW64\wbem\tcpip.mof -- (Tcpip)
DRV - [2006/09/19 00:35:23 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] --

C:\WINDOWS\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://ie.redirect.h...a...ion&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%

\system32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =

http://ie.redirect.h...a...ion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://ie.redirect.h...a...ion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =

http://ie.redirect.h...a...ion&pf=cnnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://ie.redirect.h...a...ion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.msn.com"
FF - prefs.js..extensions.enabledItems: [email protected]:4.60
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.63

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)

\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/01 08:42:33 | 000,000,000 | ---D |

M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5\extensions\\Components: C:\Program Files\Mozilla

Firefox\components [2010/01/28 10:06:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5\extensions\\Plugins: C:\Program Files\Mozilla

Firefox\plugins [2010/06/03 16:12:52 | 000,000,000 | ---D | M]

[2010/01/20 23:16:43 | 000,000,000 | ---D | M] -- C:\Users\Basil

Beirouti\AppData\Roaming\Mozilla\Extensions
[2010/01/20 23:16:43 | 000,000,000 | ---D | M] -- C:\Users\Basil

Beirouti\AppData\Roaming\Mozilla\Extensions\[email protected]
[2010/06/22 14:05:25 | 000,000,000 | ---D | M] -- C:\Users\Basil

Beirouti\AppData\Roaming\Mozilla\Firefox\Profiles\ow73ldks.default\extensions
[2009/06/25 14:34:26 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) --

C:\Users\Basil

Beirouti\AppData\Roaming\Mozilla\Firefox\Profiles\ow73ldks.default\extensions\{20a82645-c095-

46ed-80e3-08825760534b}
[2010/03/01 08:18:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Basil

Beirouti\AppData\Roaming\Mozilla\Firefox\Profiles\ow73ldks.default\extensions\{AE93811A-5C9A-

4d34-8462-F7B864FC4696}

O1 HOSTS File: ([2006/09/19 00:37:24 | 000,000,761 | ---- | M]) -

C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)

\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-

8870-4C09146192CA} - c:\Program Files\real\realplayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)

\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program

Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft

Corporation)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)

\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage

Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL ()
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.DLL ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe

(Microsoft Corporation)
O4 - HKLM..\Run: [Autorun Eater] C:\Program Files\Autorun Eater\oldmcdonald.exe (Old McDonald's

Farm)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health

Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre6\bin\jusched.exe File not

found
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe

(RealNetworks, Inc.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe

(CyberLink Corp.)
O4 - HKCU..\Run: [cdloader] C:\Users\Basil Beirouti\AppData\Roaming\mjusbsp\cdloader2.exe

(magicJack L.P.)
O4 - HKCU..\Run: [MsnMsgr] C:\Program Files (x86)\Windows Live\Messenger\MsnMsgr.Exe (Microsoft

Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files

(x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} -

C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} -

C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000}

http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A}

https://h50203.www5....DataManager.CAB (Hewlett-Packard Online

Support Services)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B}

https://wimpro.cce.h...ads/sysinfo.cab (SysData Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...1.6.0/jinstall-

1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...1.6.0/jinstall-

1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...1.6.0/jinstall-

1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7}

http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 95.172.193.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error:

Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error:

Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error:

Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error:

Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)

\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)

\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft

Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft

Corporation)
O24 - Desktop WallPaper: C:\Users\Basil Beirouti\AppData\Roaming\Mozilla\Firefox\Desktop

Background.bmp
O24 - Desktop BackupWallPaper: C:\Users\Basil Beirouti\AppData\Roaming\Mozilla\Firefox\Desktop

Background.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/05/26 16:09:48 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O33 - MountPoints2\{ed4eb9c7-0ed8-11df-aaf5-001e68a26a3e}\Shell\AutoRun\command - "" =

WDSetup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 90 Days ==========

[2010/06/23 13:35:57 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/06/23 13:15:52 | 000,000,000 | ---D | C] -- C:\Users\Basil Beirouti\Desktop\Post 2
[2010/06/23 13:07:23 | 000,061,440 | ---- | C] ( ) -- C:\Users\Basil Beirouti\Desktop\VEW.exe
[2010/06/23 06:11:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Autorun Eater
[2010/06/23 06:11:23 | 000,000,000 | ---D | C] -- C:\Program Files\Autorun Eater
[2010/06/23 05:45:10 | 001,396,513 | ---- | C] (Old McDonald's Farm) -- C:\Users\Basil

Beirouti\Desktop\aesetup2.5.exe
[2010/06/23 01:35:29 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/06/22 06:30:48 | 000,000,000 | ---D | C] -- C:\Users\Basil Beirouti\Desktop\Post
[2010/06/21 09:31:49 | 000,000,000 | -HSD | C] -- C:\found.001
[2010/06/21 00:49:06 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Users\Basil

Beirouti\Desktop\OTL.exe
[2010/06/21 00:31:00 | 000,000,000 | -HSD | C] -- C:\found.002
[2010/06/19 13:33:00 | 000,000,000 | ---D | C] -- C:\Users\Basil

Beirouti\AppData\Roaming\Malwarebytes
[2010/06/19 13:32:53 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64

\drivers\mbamswissarmy.sys
[2010/06/19 13:32:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/06/19 13:32:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/06/19 13:23:56 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/06/19 13:21:23 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/06/19 13:21:00 | 000,000,000 | ---D | C] -- C:\ProgramData\SITEguard
[2010/06/19 13:19:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\iS3
[2010/06/19 13:19:28 | 000,000,000 | ---D | C] -- C:\ProgramData\STOPzilla!
[2010/06/19 12:54:37 | 000,791,393 | ---- | C] (Lars Hederer

) -- C:\Users\Basil Beirouti\Desktop\blablabla2.exe
[2010/06/19 08:11:40 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Users\Basil

Beirouti\Desktop\TFC.exe
[2010/06/18 04:44:17 | 000,000,000 | -HSD | C] -- C:\found.000
[2010/06/08 16:38:09 | 000,000,000 | ---D | C] -- C:\Users\Basil Beirouti\Documents\Basil's Files
[2010/05/16 15:07:15 | 000,000,000 | ---D | C] -- C:\22b0c2c32ef88ed32f7e35
[2010/05/08 12:48:30 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2010/05/04 06:47:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/04/08 14:21:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2010/04/08 14:21:51 | 000,000,000 | ---D | C] -- C:\Users\Basil Beirouti\AppData\Local\Google
[2010/04/07 07:43:26 | 000,441,344 | ---- | C] (IDT, Inc.) -- C:\Windows\sttray64.exe
[2010/04/07 07:43:24 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SRSLabs
[2010/04/07 07:42:21 | 000,000,000 | ---D | C] -- C:\Program Files\IDT

========== Files - Modified Within 90 Days ==========

[2010/06/23 13:46:26 | 005,505,024 | -HS- | M] () -- C:\Users\Basil Beirouti\NTUSER.DAT
[2010/06/23 13:44:59 | 000,000,436 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-

{EB9C2E78-9E49-481D-97B5-440598385D6A}.job
[2010/06/23 13:44:12 | 000,071,470 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/06/23 13:43:33 | 000,001,242 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2010/06/23 13:41:52 | 000,071,470 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/06/23 13:41:50 | 000,000,910 | ---- | M] () --

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/06/23 13:41:35 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-

B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/06/23 13:41:35 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-

B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/06/23 13:41:27 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/06/23 13:41:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/06/23 13:41:16 | 4292,038,656 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/23 13:39:54 | 000,524,288 | -HS- | M] () -- C:\Users\Basil Beirouti\NTUSER.DAT{28029397

-7cb8-11df-baad-001e68a26a3e}.TMContainer00000000000000000001.regtrans-ms
[2010/06/23 13:39:54 | 000,065,536 | -HS- | M] () -- C:\Users\Basil Beirouti\NTUSER.DAT{28029397

-7cb8-11df-baad-001e68a26a3e}.TM.blf
[2010/06/23 13:12:51 | 001,267,888 | ---- | M] () -- C:\Users\Basil Beirouti\Desktop\siw.exe
[2010/06/23 13:07:33 | 000,061,440 | ---- | M] ( ) -- C:\Users\Basil Beirouti\Desktop\VEW.exe
[2010/06/23 06:12:52 | 000,690,960 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/06/23 06:12:52 | 000,595,684 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/06/23 06:12:52 | 000,101,350 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/06/23 06:11:24 | 000,000,748 | ---- | M] () -- C:\Users\Public\Desktop\Autorun Eater.lnk
[2010/06/23 05:49:22 | 001,396,513 | ---- | M] (Old McDonald's Farm) -- C:\Users\Basil

Beirouti\Desktop\aesetup2.5.exe
[2010/06/23 01:32:25 | 000,000,914 | ---- | M] () --

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/06/21 01:10:10 | 000,524,288 | -HS- | M] () -- C:\Users\Basil Beirouti\NTUSER.DAT{28029397

-7cb8-11df-baad-001e68a26a3e}.TMContainer00000000000000000002.regtrans-ms
[2010/06/21 00:49:20 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\Basil

Beirouti\Desktop\OTL.exe
[2010/06/20 23:46:44 | 038,398,782 | ---- | M] () -- C:\Users\Basil Beirouti\Desktop\6-19-

2010.zip
[2010/06/20 15:41:28 | 000,284,915 | ---- | M] () -- C:\Users\Basil Beirouti\Desktop\gmer.zip
[2010/06/20 14:57:21 | 000,524,288 | -HS- | M] () -- C:\Users\Basil Beirouti\NTUSER.DAT{e1e02651

-b5a5-11de-a261-001e68a26a3e}.TMContainer00000000000000000001.regtrans-ms
[2010/06/20 14:57:21 | 000,065,536 | -HS- | M] () -- C:\Users\Basil Beirouti\NTUSER.DAT{e1e02651

-b5a5-11de-a261-001e68a26a3e}.TM.blf
[2010/06/19 21:15:18 | 000,107,008 | ---- | M] () -- C:\Users\Basil

Beirouti\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/19 14:33:39 | 000,066,159 | ---- | M] () -- C:\Users\Basil Beirouti\Desktop\messi.jpg
[2010/06/19 14:28:11 | 001,048,576 | -HS- | M] () -- C:\Users\Basil Beirouti\NTUSER.DAT{e1e02650

-b5a5-11de-a261-001e68a26a3e}.TxR.2.regtrans-ms
[2010/06/19 14:28:11 | 001,048,576 | -HS- | M] () -- C:\Users\Basil Beirouti\NTUSER.DAT{e1e02650

-b5a5-11de-a261-001e68a26a3e}.TxR.1.regtrans-ms
[2010/06/19 14:28:11 | 001,048,576 | -HS- | M] () -- C:\Users\Basil Beirouti\NTUSER.DAT{e1e02650

-b5a5-11de-a261-001e68a26a3e}.TxR.0.regtrans-ms
[2010/06/19 14:28:10 | 000,065,536 | -HS- | M] () -- C:\Users\Basil Beirouti\NTUSER.DAT{e1e02650

-b5a5-11de-a261-001e68a26a3e}.TxR.blf
[2010/06/19 13:32:55 | 000,000,774 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-

Malware.lnk
[2010/06/19 13:23:16 | 000,000,670 | ---- | M] () -- C:\Users\Basil Beirouti\Desktop\ERUNT.lnk
[2010/06/19 13:23:11 | 000,005,904 | ---- | M] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg
[2010/06/19 12:56:38 | 000,791,393 | ---- | M] (Lars Hederer

) -- C:\Users\Basil Beirouti\Desktop\blablabla2.exe
[2010/06/19 08:11:56 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Users\Basil

Beirouti\Desktop\TFC.exe
[2010/06/19 04:14:55 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2010/06/11 07:33:39 | 000,505,872 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/06/09 21:28:25 | 000,000,924 | ---- | M] () -- C:\Users\Basil

Beirouti\Desktop\magicJack.lnk
[2010/05/26 19:53:52 | 000,048,128 | ---- | M] () -- C:\Windows\SysNative\atmlib.dll
[2010/05/26 17:56:53 | 000,366,080 | ---- | M] () -- C:\Windows\SysNative\atmfd.dll
[2010/05/06 23:59:57 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\Windows\SysWow64

\avastSS.scr
[2010/05/06 23:59:36 | 000,165,032 | ---- | M] (ALWIL Software) -- C:\Windows\SysWow64

\aswBoot.exe
[2010/05/06 23:39:27 | 000,051,280 | ---- | M] () -- C:\Windows\SysNative\drivers\aswTdi.sys
[2010/05/06 23:39:06 | 000,121,936 | ---- | M] () -- C:\Windows\SysNative\drivers\aswSP.sys
[2010/05/06 23:34:30 | 000,028,752 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRdr.sys
[2010/05/06 23:34:14 | 000,063,568 | ---- | M] () -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2010/05/06 23:33:50 | 000,022,096 | ---- | M] () -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2010/05/04 22:18:31 | 001,032,704 | ---- | M] () -- C:\Windows\SysNative\wininet.dll
[2010/05/04 22:16:22 | 000,208,896 | ---- | M] () -- C:\Windows\SysNative\occache.dll
[2010/05/04 22:15:02 | 001,129,984 | ---- | M] () -- C:\Windows\SysNative\mstime.dll
[2010/05/04 22:14:31 | 000,758,784 | ---- | M] () -- C:\Windows\SysNative\mshtmled.dll
[2010/05/04 22:14:22 | 000,580,608 | ---- | M] () -- C:\Windows\SysNative\msfeeds.dll
[2010/05/04 22:12:55 | 000,032,256 | ---- | M] () -- C:\Windows\SysNative\jsproxy.dll
[2010/05/04 22:12:27 | 000,375,296 | ---- | M] () -- C:\Windows\SysNative\iertutil.dll
[2010/05/04 22:12:27 | 000,249,856 | ---- | M] () -- C:\Windows\SysNative\iepeers.dll
[2010/05/04 22:12:17 | 000,480,256 | ---- | M] () -- C:\Windows\SysNative\iedkcs32.dll
[2010/05/04 22:12:17 | 000,086,528 | ---- | M] () -- C:\Windows\SysNative\ieencode.dll
[2010/05/04 22:12:16 | 000,422,400 | ---- | M] () -- C:\Windows\SysNative\ieapfltr.dll
[2010/05/04 22:12:16 | 000,267,776 | ---- | M] () -- C:\Windows\SysNative\ieaksie.dll
[2010/05/04 20:53:47 | 000,485,376 | ---- | M] () -- C:\Windows\SysNative\html.iec
[2010/05/04 20:27:37 | 000,032,768 | ---- | M] () -- C:\Windows\SysNative\ieUnatt.exe
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64

\drivers\mbamswissarmy.sys
[2010/04/29 15:39:28 | 000,024,664 | ---- | M] () -- C:\Windows\SysNative\drivers\mbam.sys
[2010/04/27 01:20:18 | 000,001,159 | ---- | M] () -- C:\Users\Public\Desktop\Launch Sid Meier's

Civilization 4.lnk
[2010/04/16 19:40:20 | 001,570,816 | ---- | M] () -- C:\Windows\SysNative\quartz.dll
[2010/04/09 20:18:46 | 000,035,784 | ---- | M] () -- C:\Users\Basil Beirouti\Documents\6.docx
[2010/04/05 19:51:12 | 000,084,480 | ---- | M] () -- C:\Windows\SysNative\asycfilt.dll
[2010/03/31 23:10:19 | 000,035,421 | ---- | M] () -- C:\Users\Basil Beirouti\Documents\Wesley Ike

Gullett March 30 at 6.docx
[2010/03/26 17:44:40 | 000,024,311 | ---- | M] () -- C:\Users\Basil Beirouti\Documents\omar.docx

========== Files Created - No Company Name ==========

[2010/06/23 13:41:16 | 4292,038,656 | -HS- | C] () -- C:\hiberfil.sys
[2010/06/23 13:08:26 | 001,267,888 | ---- | C] () -- C:\Users\Basil Beirouti\Desktop\siw.exe
[2010/06/23 06:11:24 | 000,000,748 | ---- | C] () -- C:\Users\Public\Desktop\Autorun Eater.lnk
[2010/06/21 01:08:08 | 000,524,288 | -HS- | C] () -- C:\Users\Basil Beirouti\NTUSER.DAT{28029397

-7cb8-11df-baad-001e68a26a3e}.TMContainer00000000000000000002.regtrans-ms
[2010/06/21 01:08:08 | 000,524,288 | -HS- | C] () -- C:\Users\Basil Beirouti\NTUSER.DAT{28029397

-7cb8-11df-baad-001e68a26a3e}.TMContainer00000000000000000001.regtrans-ms
[2010/06/21 01:08:08 | 000,065,536 | -HS- | C] () -- C:\Users\Basil Beirouti\NTUSER.DAT{28029397

-7cb8-11df-baad-001e68a26a3e}.TM.blf
[2010/06/20 23:46:31 | 038,398,782 | ---- | C] () -- C:\Users\Basil Beirouti\Desktop\6-19-

2010.zip
[2010/06/20 15:41:26 | 000,284,915 | ---- | C] () -- C:\Users\Basil Beirouti\Desktop\gmer.zip
[2010/06/19 14:33:36 | 000,066,159 | ---- | C] () -- C:\Users\Basil Beirouti\Desktop\messi.jpg
[2010/06/19 14:28:11 | 001,048,576 | -HS- | C] () -- C:\Users\Basil Beirouti\NTUSER.DAT{e1e02650

-b5a5-11de-a261-001e68a26a3e}.TxR.2.regtrans-ms
[2010/06/19 14:28:11 | 001,048,576 | -HS- | C] () -- C:\Users\Basil Beirouti\NTUSER.DAT{e1e02650

-b5a5-11de-a261-001e68a26a3e}.TxR.1.regtrans-ms
[2010/06/19 14:28:11 | 001,048,576 | -HS- | C] () -- C:\Users\Basil Beirouti\NTUSER.DAT{e1e02650

-b5a5-11de-a261-001e68a26a3e}.TxR.0.regtrans-ms
[2010/06/19 14:28:10 | 000,065,536 | -HS- | C] () -- C:\Users\Basil Beirouti\NTUSER.DAT{e1e02650

-b5a5-11de-a261-001e68a26a3e}.TxR.blf
[2010/06/19 13:32:55 | 000,000,774 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-

Malware.lnk
[2010/06/19 13:32:51 | 000,024,664 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys
[2010/06/19 13:23:16 | 000,000,670 | ---- | C] () -- C:\Users\Basil Beirouti\Desktop\ERUNT.lnk
[2010/06/19 13:21:13 | 000,005,904 | ---- | C] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg
[2010/06/10 15:44:59 | 005,690,368 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll
[2010/06/10 15:44:58 | 007,006,208 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll
[2010/06/10 15:44:57 | 001,426,944 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll
[2010/06/10 15:44:56 | 001,032,704 | ---- | C] () -- C:\Windows\SysNative\wininet.dll
[2010/06/10 15:44:56 | 000,208,896 | ---- | C] () -- C:\Windows\SysNative\occache.dll
[2010/06/10 15:44:55 | 000,422,400 | ---- | C] () -- C:\Windows\SysNative\ieapfltr.dll
[2010/06/10 15:44:54 | 000,758,784 | ---- | C] () -- C:\Windows\SysNative\mshtmled.dll
[2010/06/10 15:44:54 | 000,580,608 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll
[2010/06/10 15:44:53 | 000,485,376 | ---- | C] () -- C:\Windows\SysNative\html.iec
[2010/06/10 15:44:53 | 000,480,256 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll
[2010/06/10 15:44:53 | 000,375,296 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll
[2010/06/10 15:44:53 | 000,267,776 | ---- | C] () -- C:\Windows\SysNative\ieaksie.dll
[2010/06/10 15:44:53 | 000,249,856 | ---- | C] () -- C:\Windows\SysNative\iepeers.dll
[2010/06/10 15:44:53 | 000,032,768 | ---- | C] () -- C:\Windows\SysNative\ieUnatt.exe
[2010/06/10 15:44:52 | 001,129,984 | ---- | C] () -- C:\Windows\SysNative\mstime.dll
[2010/06/10 15:44:52 | 000,086,528 | ---- | C] () -- C:\Windows\SysNative\ieencode.dll
[2010/06/10 15:44:52 | 000,032,256 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll
[2010/06/10 15:44:51 | 001,383,424 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb
[2010/06/10 05:55:58 | 000,366,080 | ---- | C] () -- C:\Windows\SysNative\atmfd.dll
[2010/06/10 05:55:57 | 000,048,128 | ---- | C] () -- C:\Windows\SysNative\atmlib.dll
[2010/06/10 05:50:38 | 000,084,480 | ---- | C] () -- C:\Windows\SysNative\asycfilt.dll
[2010/06/10 04:20:55 | 002,749,952 | ---- | C] () -- C:\Windows\SysNative\win32k.sys
[2010/06/10 04:04:24 | 001,570,816 | ---- | C] () -- C:\Windows\SysNative\quartz.dll
[2010/06/08 15:56:27 | 000,002,048 | ---- | C] () -- C:\Windows\SysNative\tzres.dll
[2010/05/12 02:26:55 | 000,974,848 | ---- | C] () -- C:\Windows\SysNative\inetcomm.dll
[2010/05/08 07:27:37 | 000,000,069 | ---- | C] () -- C:\Users\Basil Beirouti\Credit Card.txt
[2010/04/14 08:48:43 | 000,072,192 | ---- | C] () -- C:\Windows\SysNative\l3codeca.acm
[2010/04/14 08:48:41 | 001,420,688 | ---- | C] () -- C:\Windows\SysNative\drivers\tcpip.sys
[2010/04/14 08:48:40 | 000,224,256 | ---- | C] () -- C:\Windows\SysNative\iphlpsvc.dll
[2010/04/14 08:48:40 | 000,029,696 | ---- | C] () -- C:\Windows\SysNative\drivers\tunnel.sys
[2010/04/14 08:48:37 | 000,273,920 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb10.sys
[2010/04/14 08:48:37 | 000,135,168 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb.sys
[2010/04/14 08:48:30 | 000,105,472 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb20.sys
[2010/04/14 08:48:27 | 004,690,832 | ---- | C] () -- C:\Windows\SysNative\ntoskrnl.exe
[2010/04/14 08:48:24 | 000,603,648 | ---- | C] () -- C:\Windows\SysNative\vbscript.dll
[2010/04/14 08:47:28 | 000,218,112 | ---- | C] () -- C:\Windows\SysNative\wintrust.dll
[2010/04/14 08:47:24 | 000,104,960 | ---- | C] () -- C:\Windows\SysNative\cabview.dll
[2010/04/09 20:11:13 | 000,035,784 | ---- | C] () -- C:\Users\Basil Beirouti\Documents\6.docx
[2010/04/08 14:22:01 | 000,000,914 | ---- | C] () --

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/08 14:22:00 | 000,000,910 | ---- | C] () --

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/07 07:43:28 | 000,439,808 | ---- | C] () -- C:\Windows\SysNative\AESTEC64.dll
[2010/04/07 07:43:28 | 000,155,648 | ---- | C] () -- C:\Windows\SysNative\AESTAC64.dll
[2010/04/07 07:43:26 | 010,760,704 | ---- | C] () -- C:\Windows\SysNative\idtcpl64.cpl
[2010/04/07 07:43:26 | 002,869,248 | ---- | C] () -- C:\Windows\SysNative\stlang64.dll
[2010/04/07 07:43:26 | 000,562,688 | ---- | C] () -- C:\Windows\SysNative\idt64mp1.exe
[2010/04/07 07:43:26 | 000,076,288 | ---- | C] () -- C:\Windows\SysNative\AESTCo64.dll
[2010/04/07 07:43:26 | 000,015,222 | ---- | C] () -- C:\Windows\SysNative\nbspkrs.ico
[2010/04/07 07:43:26 | 000,003,774 | ---- | C] () -- C:\Windows\SysNative\bltinmic.ico
[2010/04/07 07:43:26 | 000,003,774 | ---- | C] () -- C:\Windows\SysNative\2hps.ico
[2010/04/07 07:42:27 | 000,773,632 | ---- | C] () -- C:\Windows\SysNative\stapo64.dll
[2010/04/07 07:42:27 | 000,465,408 | ---- | C] () -- C:\Windows\SysNative\drivers\stwrt64.sys
[2010/04/07 07:42:27 | 000,430,592 | ---- | C] () -- C:\Windows\SysNative\stcplx64.dll
[2010/04/07 07:42:25 | 000,530,944 | ---- | C] () -- C:\Windows\SysNative\stapi64.dll
[2010/03/31 23:10:19 | 000,035,421 | ---- | C] () -- C:\Users\Basil Beirouti\Documents\Wesley Ike

Gullett March 30 at 6.docx
[2010/03/26 13:09:02 | 000,024,311 | ---- | C] () -- C:\Users\Basil Beirouti\Documents\omar.docx
[2009/03/27 00:33:30 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\NSREG.DLL
[2009/03/18 21:11:23 | 000,000,030 | ---- | C] () -- C:\Windows\EZSOLVE.INI
[2009/03/18 21:11:23 | 000,000,009 | ---- | C] () -- C:\Windows\MSE5E.INI
[2009/03/18 21:11:22 | 000,097,792 | ---- | C] () -- C:\Windows\SysWow64\Winsys.dll
[2009/03/18 21:11:22 | 000,000,195 | ---- | C] () -- C:\Windows\SysWow64\Ic.ini
[2008/10/26 01:33:53 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2008/01/21 05:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/21 05:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2008/01/15 01:47:06 | 000,099,712 | ---- | C] () -- C:\Windows\HPBroker.dll

========== LOP Check ==========

[2009/06/30 19:57:54 | 000,000,000 | ---D | M] -- C:\Users\Basil

Beirouti\AppData\Roaming\Autodesk
[2008/10/24 03:27:26 | 000,000,000 | ---D | M] -- C:\Users\Basil

Beirouti\AppData\Roaming\BitTorrent DNA
[2009/08/28 08:58:55 | 000,000,000 | ---D | M] -- C:\Users\Basil Beirouti\AppData\Roaming\Deusty
[2009/04/22 12:25:52 | 000,000,000 | ---D | M] -- C:\Users\Basil

Beirouti\AppData\Roaming\GetRightToGo
[2010/06/09 21:28:29 | 000,000,000 | ---D | M] -- C:\Users\Basil Beirouti\AppData\Roaming\mjusbsp
[2009/07/12 00:44:36 | 000,000,000 | ---D | M] -- C:\Users\Basil Beirouti\AppData\Roaming\My

Games
[2008/11/17 12:05:38 | 000,000,000 | ---D | M] -- C:\Users\Basil Beirouti\AppData\Roaming\Red

Alert 3
[2010/06/23 13:30:22 | 000,032,536 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT
[2010/06/23 13:44:59 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-

{EB9C2E78-9E49-481D-97B5-440598385D6A}.job

========== Purity Check ==========


< End of report >



Concerning VEW, I tried to do what you said and when I pressed run, I got this error: "Runtime

error 75, path/file access error" I tried to download it again in case it didn't download

properly and got the same thing. Please tell me if you need me to do something else.

Temperatures hover between 59 and 69 degrees, but I managed to get it up to 69 only by putting it

directly on my lap and then on a leather couch which I don't ever do. It usually stays around 62

degrees celsius.

Here is the ESET Log:

C:\HP\HPQWare\aim_icq\triton_de_de\setup.exe probably a variant of Win32/Agent trojan

cleaned by deleting - quarantined
C:\HP\HPQWare\aim_icq\triton_en_gb\setup.exe probably a variant of Win32/Agent trojan

cleaned by deleting - quarantined
C:\HP\HPQWare\aim_icq\triton_es_es\setup.exe probably a variant of Win32/Agent trojan

cleaned by deleting - quarantined
C:\HP\HPQWare\aim_icq\triton_fr_fr\setup.exe probably a variant of Win32/Agent trojan

cleaned by deleting - quarantined
C:\HP\HPQWare\aim_icq\triton_it_it\setup.exe probably a variant of Win32/Agent trojan

cleaned by deleting - quarantined
C:\HP\HPQWare\aim_icq\triton_nl_nl\setup.exe probably a variant of Win32/Agent trojan

cleaned by deleting - quarantined
C:\Program Files (x86)\Windows Live\Messenger\msimg32.dll Win32/Toolbar.MyWebSearch

application cleaned by deleting (after the next restart) - quarantined
C:\Program Files (x86)\Windows Live\Messenger\riched20.dll Win32/Toolbar.MyWebSearch

application cleaned by deleting - quarantined
C:\Users\Basil Beirouti\AppData\Local\Temp\NOD3846.tmp Win32/Toolbar.MyWebSearch application

cleaned by deleting (after the next restart) - quarantined

Is there any bitdefender log I'm supposed to post?

thanks a lot for your help, I apologize for taking so long to reply but my connection is really

slow. Please let me know if you need anything else.
  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,147 posts
  • MVP
I don't keep track so never notice delays.

I assume it is still crashing.

Start, Programs, Accessories then right click on Command Prompt and select Run As Administrator.

Type:

msconfig

then hit Enter.

Under Startup, uncheck everything unless it has to do with your antivirus or wireless connection (if used). Apply

Under Services, first check Hide Microsoft Services then uncheck everything unless it has to do with your antivirus or wireless connection (if used). OK and reboot. Cancel the msconfig when it comes up. Does it still crash?

If so download ShellExView from

http://www.nirsoft.n...hexview-x64.zip. You will have to unzip it and then install it. Once you get it running look in the third or so column from the right. The column Header should say Microsoft. Click on it once or twice so that it sorts things with the NO's at the top. Select each of the NO items and then click on the little red light at the top left. This will disable them.
Close the program and reboot.

Does it still Crash. If that fixed it then go back in and turn on about half of the ones you disabled and reboot. Try and isolate the problem to a single item.

Ron
  • 0

#5
beirouti

beirouti

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Actually Ron it doesn't crash anymore, but the ESET scan showed some viruses and so I decided to post to be sure. Should I be worried about them? Also, what was the problem if you don't mind me asking? Thanks for all your help.
  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,147 posts
  • MVP
Glad the problem is gone. Your original OTL log showed signs of an infection but the infection did not seem to be active. We removed the signs since sometimes the files can hide and that may have been it. Or one of the programs we uninstalled might have been defective. It's hard to say since the Event log viewer doesn't seem to work on 64 bit systems.

The first files that ESET found were probably a false positive based on where they were located. The others are just some adware that HP puts on all of their computers.

We need to clean up System Restore.
The best way is to follow Jim's procedure here http://aumha.net/vie...=...p;sk=t&sd=a
tho it hasn't been updated for Vista or Win 7 yet so To create a Restore Point try this:
right click on Computer and select Properties and System Protection (Continue) and then Create (at the bottom). OK Give it a name like Clean and then Create. OK. OK.

Once you have created a Restore Point:

Now Start (Windows Logo Button), Programs, Accessories, Right click on Command Prompt and select Run As Administrator,
cleanmgr

Select "Files from All Users."
Continue

Select OS (C:)
OK

It will think for a few minutes.

Then come up with a few suggestions. Ignore those and press More Options. Under System Restore and Shadow Copies, click Clean Up and let it do its thing.

You can uninstall or delete any tools we had you download and their logs.

To hide hidden files again:

Vista or Win7

# Open the Control Panel menu and click Folder Options.
# After the new window appears select the View tab.
# Remove the check in the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat. Adobe is fond of foisting GetPlus on you. You can let them install it and then afterwards, go into Control Panel, Add/Remove Software and remove it. It probably doesn't hurt to leave it but I don't see the need for it and it has caused problems in the past.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

I recommend you install the free WinPatrol 2010 from http://www.winpatrol.com/download.html

It's a small program that will sit in your systray and warn you if something tries to make changes to your system.


If you use Firefox then get the AdBlock Plus Add-on.

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox



If your current antivirus is not a paid up subscription you should dump it and install the free Avast
http://www.avast.com...avast-home.html


Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.

Ron
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP