Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

MSIAILEI.SRC and Trojan Virus [Closed]


  • This topic is locked This topic is locked

#1
jogyboi5

jogyboi5

    New Member

  • Member
  • Pip
  • 5 posts
When I downloaded a Flash update for my Google Chrome, something came up after I restarted my laptop. My antivirus AVG claimed that msiailei.src is a trojan virus, therefore I deleted it. However, upon deleting it, my laptop indicates that it cannot be loaded since it was deleted. Another thing was, there is a folder occurred at my Drive C with this folder name: 04df8eaf191cfaf31908aceb4d and cannot be deleted. There is also a file in the TEMP folder in drive C that is infected with a trojan virus. In addition, there is a file in the Document folder named ntuser.dat, this bothers me since it cannot be deleted. Please help me with this problem.
  • 0

Advertisements


#2
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,989 posts
Hello jogyboi5,

Welcome to Geekstogo.

There is also a file in the TEMP folder in drive C that is infected with a trojan virus.


Is there something that told you that?

In addition, there is a file in the Document folder named ntuser.dat, this bothers me since it cannot be deleted.


ntuser.dat is an essential system file, you should leave it alone, see link below for an explanation:

http://www.ehow.com/...-dat-file_.html

Turning to your computer, let's see if we can find any malware:

Please disable your security programs before you start as they may interfere with the tools we want to user.

Now

You may have used Malwarebytes before. If you have, and still have it on your machine, please update and run. Post the scan report back here.

If you do not have Malwarebytes please download from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Next

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so.

    o When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    o Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post back here.
So when you return please post
  • MBAM log
  • the two OTL logs - OTL.txt and Extras.txt


Note: Unless otherwise instructed always post the logs in the forum. If reports don't fit on one post. It might be necessary to break the logs up to get them on the forum. Just use as many posts as you need, that's fine. :)
  • 0

#3
jogyboi5

jogyboi5

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Here is the Malwarebytes Log:


Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org

Database version: v2013.03.28.01

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19401
user1 :: GLENGLENKO [administrator]

Protection: Enabled

3/28/2013 9:15:52 AM
mbam-log-2013-03-28 (09-15-52).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 242216
Time elapsed: 12 minute(s), 21 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 2
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (PUM.UserWLoad) -> Data: C:\Users\user1\LOCALS~1\Temp\msiailei.scr -> Delete on reboot.
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Ransom) -> Data: C:\Users\user1\LOCALS~1\Temp\msiailei.scr -> Delete on reboot.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#4
jogyboi5

jogyboi5

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Here is the OTL Extras.txt:

OTL Extras logfile created on: 3/28/2013 11:04:48 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\user1\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19401)
Locale: 00003409 | Country: Republic of the Philippines | Language: ENP | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.84 Gb Available Physical Memory | 66.94% Memory free
5.73 Gb Paging File | 4.56 Gb Available in Paging File | 79.62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.03 Gb Total Space | 47.15 Gb Free Space | 21.14% Space Free | Partition Type: NTFS
Drive D: | 9.85 Gb Total Space | 1.32 Gb Free Space | 13.37% Space Free | Partition Type: NTFS

Computer Name: GLENGLENKO | User Name: user1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableSR" = 0
"DisableConfig" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0266A7EB-1447-4143-A87D-4534B5DF7956}" = rport=2869 | protocol=6 | dir=out | app=system |
"{02870902-EAFF-49F3-96FC-94D2F6741371}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{032277F8-7011-46F2-923B-06167CE5F2C6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{076D5515-E292-4F5F-81EE-4BAF0011DCE6}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{1C8A4DD3-13AB-4FD9-909B-461D1A311531}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{263CE34E-F46B-4A65-8835-10A4857D5764}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{27632213-5791-4654-A168-4B566469FC66}" = lport=10243 | protocol=6 | dir=in | app=system |
"{30F49355-62E6-4749-919B-2FB83CDF03EA}" = lport=445 | protocol=6 | dir=in | app=system |
"{35451F41-E961-40D5-A209-472B0A5D0E2E}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{3C454BC6-331A-407D-8F86-A3D24A30D953}" = rport=139 | protocol=6 | dir=out | app=system |
"{43132969-413D-44D5-BA3A-15CA80A58605}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{43569842-EF4E-45FD-96D4-12E28B4EE62E}" = rport=138 | protocol=17 | dir=out | app=system |
"{4613D05F-4C10-4FA6-B5BA-AE3B9D9B0D7C}" = rport=10243 | protocol=6 | dir=out | app=system |
"{492D4115-5408-4021-B0DA-98141B6E9E31}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4CF457B2-342F-4E03-A1C5-1C03378726CA}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4F43025C-B01E-4486-BC97-F9F95F8A6EBF}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{5C196D2C-7349-417F-BFBE-DAAEBE69CC82}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{61588691-EC34-468C-9D09-6053766EE504}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{626B771C-0A1A-4D40-B33B-D477B4E01905}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{74670995-4E82-430F-9A09-E5E370E0A798}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8A8B1E20-16A1-4269-A322-2B88F1C64167}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9329FB52-D33C-4021-A953-C1807E123F05}" = lport=137 | protocol=17 | dir=in | app=system |
"{9348EDCD-35E3-4FD3-A51B-6D271F04F35E}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{98B6A61C-657A-4590-AEC1-DD5AFA7F8E40}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9B488EE7-E69E-4369-861B-82A42515CD12}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{9C20BA68-4884-4F3D-828F-9CE9B194B6E1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9E12D460-6E0F-4F5C-A1C2-BC019547950F}" = lport=138 | protocol=17 | dir=in | app=system |
"{A8EFD64D-3909-44FB-9502-FAADC432D1FE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A9AC525B-001C-4D94-8E74-A7324B9D5266}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{AAEE7042-7631-41EC-90B8-B967F4FBEB73}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{ABE2AD85-B9F9-451F-974E-F8981411A0FA}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{AF369008-D8BA-4F7B-BB2C-28E3152D41D4}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B29D5530-0895-4241-8EA5-09EF0B79AEFF}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B45D9B1D-7B44-49AD-983E-4BE8117CDAAA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B59272C5-0F26-43D7-BBB7-19ABEBD79C39}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B5CE2C6F-AA29-4A3B-8A28-9A183938A807}" = rport=445 | protocol=6 | dir=out | app=system |
"{C1A6313A-E4E0-472C-BB4F-B15F5D740C82}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{C207B8F3-559E-4AC0-AB48-3E571F39BF9F}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{C51A65CF-FEFD-40E7-BED9-A6E46CBFADB6}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{C5800921-FB6E-4F5E-AFDD-D528655C22F1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C9B00A43-EE40-4230-BA5D-278E84075181}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{CD185643-167B-415F-9F54-75C99C1E91A7}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{CEA511A5-186A-46E9-B188-66131508B5E0}" = rport=137 | protocol=17 | dir=out | app=system |
"{D5A14EE8-3DF9-47D7-8EE6-2A00C834FA6F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DE8BB79A-B0F8-4AF0-A528-960A0E732203}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E10DBDF5-13FE-4EA3-88BD-CFA18EE37E51}" = lport=139 | protocol=6 | dir=in | app=system |
"{E2A2E0EE-D74F-4279-95DB-EC53C0C29169}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{F9FA8E4F-BB87-4918-A048-9563DA915C67}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{053E5549-ECD5-4FE4-8DB9-641DFB10CF77}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{079FDD6B-71F2-4888-BB55-E9640F762C9B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{0B6BDD2D-CD3B-4EDB-B6B9-70FE83B6731A}" = protocol=1 | dir=in | [email protected],-28543 |
"{0D43CD3E-C31A-46AC-9CAC-EADE564006BF}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{127C1280-C4E0-41D5-A755-51CA90E83834}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{1D12A51B-1B23-458A-9186-931A930C9C43}" = dir=in | app=c:\program files\avg\avg9\avgam.exe |
"{1D906C1C-901A-4229-AD9F-7924AEBF680F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
"{402949A1-7FE9-46EC-A244-0A9A6077AFBD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{48CBE360-D397-4893-81E1-678F45B982C4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4AB5966E-297F-4B87-B286-C32C8EF78970}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4D28F710-7806-44C0-A6D9-884930D1C39C}" = protocol=58 | dir=out | [email protected],-28546 |
"{4E0F9344-1B5F-40D0-84C5-6259536AAFF6}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{4E67DF8D-49C5-4F29-BD5E-1273B296D165}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{54458596-0914-4EB2-B6A4-BAAB8D79CCE6}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{5AC24FD6-486C-4F18-9290-D4BD8FB7700B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5C70C946-9498-4FEB-9478-222355F91818}" = dir=in | app=c:\program files\avg\avg9\avgdiagex.exe |
"{5D2E670B-67AE-4474-872B-40D44EBD9A45}" = protocol=58 | dir=in | [email protected],-28545 |
"{5E62CE6E-AA4A-4359-A666-BEB8C999470A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{6300B22E-520D-40FB-ADD3-DD288AF5A38D}" = dir=in | app=c:\program files\avg\avg9\avgnsx.exe |
"{63CAFAAB-D75A-488B-8541-B65778BDBF6B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{63D422F5-8AE0-45D3-9B05-63052087643D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{76C2EBFD-C9AE-49CF-9679-E84CE84FE120}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8016F0F5-DCE8-45F6-B63E-0EAC069158A1}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{8270CDA6-5062-4048-BB69-BF6E146EAC3F}" = protocol=6 | dir=out | app=system |
"{86ED9B2E-3FEB-4381-9A79-24C4CC44352D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{8712C3C6-C68A-4D95-A2F7-06041488F894}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8839B63C-7DA8-473B-B3E7-5B40B8A8B5D5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{924A2752-A0A0-43C8-BA09-537C7E3507FD}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{BAE81B7E-3CF4-40B1-A701-DCC68EB58DD4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BC4B6616-94E7-477B-AED1-66DA262C2364}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{BE796ABF-293B-4BCF-931A-8444A0603FB9}" = protocol=1 | dir=out | [email protected],-28544 |
"{BFC9B242-F28F-4947-B0D5-A76B3061133E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C1BAABB6-21B7-49B7-91E1-E455B4B6BC44}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{C29F826A-AAFF-4EEC-8BD5-3784A81457B7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C55EE582-4D18-4465-B67C-01CCBFDC83AC}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{CC9F20A7-E1C4-494E-B646-A672596064E2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CCF32902-02FD-4FC3-96B5-A719053D4FCF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CE13090A-0E84-4FBD-AE8C-2B4EE0897B9F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{D0F7FC99-E9E4-46E3-BA66-1873A90F1C67}" = protocol=58 | dir=in | [email protected],-148 |
"{D141E523-69BC-4F6E-ABED-314F599924DD}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{D2021564-DA01-4A43-B96E-95AD42009FDA}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{D6A79B6E-343C-4202-A6A2-7B0DC7959F08}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{DCBAAB62-FFE7-4768-8FD7-49089143A8C5}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{DDBEBD78-3ADD-4447-B81E-4C3214FA42F6}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{EC181A64-7E89-4E86-AEC6-005755DDDED3}" = dir=in | app=c:\program files\avg\avg9\avgupd.exe |
"{ED73B2A1-E4AF-48D7-957E-C9FC154494AD}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{EE7DC1BD-4F6E-4D3F-BB76-68BB5944C886}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F6A42EB3-AFE9-438F-869A-6C259E6EC6A4}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{FA7A6D4B-42E2-40B6-862A-99D097F65703}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{25513DA9-6FBD-4B87-9157-402A65F5F91F}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{3ABC4013-720A-4D87-B515-8840030B1A19}C:\users\user1\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\user1\appdata\local\akamai\netsession_win.exe |
"TCP Query User{90A76647-3E56-46FF-AFFA-9385DD33D592}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{C8EEE1F0-9F24-4BB1-8598-00C53B65A46D}C:\users\user1\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\user1\appdata\local\akamai\netsession_win.exe |
"TCP Query User{EA4C3018-52FB-4259-B6CB-186A52EAC00E}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{0B58D9C3-9260-4F57-B40B-7969DEC7C2B8}C:\users\user1\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\user1\appdata\local\akamai\netsession_win.exe |
"UDP Query User{501A79D4-BFE6-450F-8AE4-262AB900DBF1}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{802798EE-3530-4591-A073-526A487AEE4C}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{8359DEC4-D939-4658-A31F-231C521B969F}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{E2B92A4E-9ED8-499C-AE78-A51B713E271F}C:\users\user1\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\user1\appdata\local\akamai\netsession_win.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{06E74B9B-631F-4378-BF3A-40D868450C05}" = HPPhotoSmartPhotobookHolidayPack1
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{172AEB5E-CBB2-4CDD-A4CF-388600825839}" = HPPhotoSmartPhotobookPlayfulPack1
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{31B27B28-5E06-4483-A363-8D1F2A97D38D}" = HP Officejet J3600 Series
"{340F521E-3576-4E1A-B75C-EB0ACF751379}" = HP Wireless Assistant
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 D3
"{380357CA-29F4-4B3C-B401-32C057E6B59B}" = HP Smart Web Printing
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{4D04C9A1-F28C-4F6F-9D66-81BB000693D9}" = BPDSoftware_Ini
"{4D7A77C6-D335-42ec-9392-587C21BF0800}" = HP Deskjet D730 Printer Driver 12.0 Rel .4
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5783F2D7-5001-0409-0002-0060B0CE6BBA}" = AutoCAD 2007 - English
"{5783F2D7-B028-0409-0000-0060B0CE6BBA}" = DWG TrueView 2013
"{582287DA-0806-4AC0-BF19-C15E3A466034}" = LightScribe System Software 1.12.33.2
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6ACB0B03-2D8C-42E6-91C3-8AB8044E0B2F}" = ETABS 9
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1" = Auslogics BoostSpeed
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89E052B2-5CA5-4B7A-AF0C-28CA2836B030}" = HPPhotoSmartPhotobookModernPack1
"{8CE4CB34-8187-42A1-B597-517760BEE8EC}" = BPD_Scan
"{8DF92D68-F8EE-4F9C-89A2-26254C1C4B6B}" = HP Help and Support
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_PRJPRO_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_PRJPRO_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_PRJPRO_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2007
"{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{8446EB22-A746-46DC-B1BD-E0DFA1F3CDDA}" = Microsoft Office Project 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_PRJPRO_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2007
"{90120000-00B4-0409-0000-0000000FF1CE}_PRJPRO_{F3CD3F3F-726C-4414-A1FE-5CD0968313EA}" = Microsoft Office Project 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_PRJPRO_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{949EFC0F-0265-4084-9B31-23122D298C9D}" = SAFE
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{9A346205-EA92-4406-B1AB-50379DA3F057}" = Autodesk DWF Viewer 7
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E2CCD5E-1990-4EF2-9B61-32F0BBACC29B}" = HP Active Support Library
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox
"{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1
"{AC95121F-1576-45B8-82F7-3911D27882E6}" = HPPhotoSmartPhotobookScrapbookPack1
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{AF4D17F7-1B40-471D-BCEC-D126748CA89D}" = DJ_SF_04_D730_Software_Min
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{B6D0B141-B2BE-4DD0-B08F-B9186F3E36B3}" = HP User Guides 0118
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}" = HP Customer Experience Enhancements
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}" = WinZip 12.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D4A33E08-4FE7-40C4-BF5E-5853C56ADD7C}" = Bentley IEG License Service
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{ECAD4F6A-0BF3-4028-9C81-E5D9F9606CBA}" = BPDSoftware
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{f32502b5-5b64-4882-bf61-77f23edcac4f}" = HP Total Care Advisor
"{F636EE9A-F9EC-4606-BCFA-77DD0E210788}" = HPPhotoSmartDiscLabel_Tattoo
"{FA3B34BE-4246-4062-90A3-34CBBEA12B72}" = HPTCSSetup
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFD28B25-7A8C-4B3E-9939-E211C908E22F}" = STAAD.Pro V8i
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AVG Secure Search" = AVG Security Toolbar
"AVG9Uninstall" = AVG 9.0
"BitTorrent" = BitTorrent
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_HERMOSA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-01-24
"DWG TrueView 2013" = DWG TrueView 2013
"ENTERPRISE" = Microsoft Office Enterprise 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"LogonStudio Vista" = LogonStudio Vista
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"NVIDIA Drivers" = NVIDIA Drivers
"PRJPRO" = Microsoft Office Project Professional 2007
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"The_Interview_With_God" = The_Interview_With_God Screen Saver
"VLC media player" = VLC media player 2.0.3
"Winamp" = Winamp
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Google Chrome" = Google Chrome
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 3/6/2013 6:41:55 AM | Computer Name = GlenGlenko | Source = Windows Search Service | ID = 3013
Description =

Error - 3/6/2013 6:43:34 AM | Computer Name = GlenGlenko | Source = Windows Search Service | ID = 3013
Description =

Error - 3/6/2013 6:43:34 AM | Computer Name = GlenGlenko | Source = Windows Search Service | ID = 3013
Description =

Error - 3/6/2013 6:47:57 AM | Computer Name = GlenGlenko | Source = Windows Search Service | ID = 3013
Description =

Error - 3/6/2013 6:47:57 AM | Computer Name = GlenGlenko | Source = Windows Search Service | ID = 3013
Description =

Error - 3/15/2013 4:14:58 AM | Computer Name = GlenGlenko | Source = Windows Search Service | ID = 3013
Description =

Error - 3/15/2013 4:14:58 AM | Computer Name = GlenGlenko | Source = Windows Search Service | ID = 3013
Description =

Error - 3/20/2013 2:21:21 AM | Computer Name = GlenGlenko | Source = Microsoft-Windows-RestartManager | ID = 10007
Description =

Error - 3/20/2013 6:05:01 AM | Computer Name = GlenGlenko | Source = Windows Search Service | ID = 3013
Description =

Error - 3/21/2013 5:14:19 AM | Computer Name = GlenGlenko | Source = Windows Search Service | ID = 3013
Description =

Error - 3/21/2013 5:33:22 AM | Computer Name = GlenGlenko | Source = Windows Search Service | ID = 3013
Description =

Error - 3/26/2013 2:43:59 AM | Computer Name = GlenGlenko | Source = EventSystem | ID = 4609
Description =

[ OSession Events ]
Error - 2/26/2010 8:34:50 AM | Computer Name = user1-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2585
seconds with 2520 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 3/27/2013 4:29:34 AM | Computer Name = GlenGlenko | Source = Service Control Manager | ID = 7000
Description =

Error - 3/27/2013 8:22:39 AM | Computer Name = GlenGlenko | Source = Service Control Manager | ID = 7000
Description =

Error - 3/27/2013 8:24:27 AM | Computer Name = GlenGlenko | Source = Service Control Manager | ID = 7011
Description =

Error - 3/27/2013 8:24:27 AM | Computer Name = GlenGlenko | Source = Service Control Manager | ID = 7011
Description =

Error - 3/27/2013 3:03:14 PM | Computer Name = GlenGlenko | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 3/27/2013 9:33:18 PM | Computer Name = GlenGlenko | Source = Service Control Manager | ID = 7000
Description =

Error - 3/27/2013 9:33:18 PM | Computer Name = GlenGlenko | Source = Service Control Manager | ID = 7023
Description =

Error - 3/27/2013 10:04:56 PM | Computer Name = GlenGlenko | Source = EventLog | ID = 6008
Description = The previous system shutdown at 10:01:37 AM on 3/28/2013 was unexpected.

Error - 3/27/2013 10:06:17 PM | Computer Name = GlenGlenko | Source = Service Control Manager | ID = 7000
Description =

Error - 3/27/2013 10:06:17 PM | Computer Name = GlenGlenko | Source = Service Control Manager | ID = 7023
Description =


< End of report >
  • 0

#5
jogyboi5

jogyboi5

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Here is the OTL.txt:

OTL logfile created on: 3/28/2013 11:04:48 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\user1\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19401)
Locale: 00003409 | Country: Republic of the Philippines | Language: ENP | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.84 Gb Available Physical Memory | 66.94% Memory free
5.73 Gb Paging File | 4.56 Gb Available in Paging File | 79.62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.03 Gb Total Space | 47.15 Gb Free Space | 21.14% Space Free | Partition Type: NTFS
Drive D: | 9.85 Gb Total Space | 1.32 Gb Free Space | 13.37% Space Free | Partition Type: NTFS

Computer Name: GLENGLENKO | User Name: user1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/03/28 09:38:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user1\Downloads\OTL.exe
PRC - [2013/02/19 17:47:38 | 001,151,152 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2013/02/19 17:47:38 | 000,968,880 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
PRC - [2013/01/26 07:08:30 | 004,480,768 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\user1\AppData\Local\Akamai\netsession_win.exe
PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/01/27 09:24:22 | 002,077,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/12/13 19:20:40 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/12/13 19:20:33 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/12/13 07:53:40 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/12/13 07:53:37 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/12/13 07:53:36 | 000,842,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgam.exe
PRC - [2010/12/13 07:48:09 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2009/04/11 14:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/11/10 04:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/26 16:15:26 | 000,361,808 | ---- | M] () -- C:\Windows\SMINST\BLService.exe


========== Modules (No Company Name) ==========

MOD - [2013/02/19 17:47:38 | 001,151,152 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2013/02/19 17:47:38 | 000,156,848 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\SiteSafety.dll
MOD - [2008/06/12 13:17:08 | 000,066,856 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll


========== Services (SafeList) ==========

SRV - [2013/03/13 20:03:00 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/02/19 17:47:38 | 000,968,880 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe -- (vToolbarUpdater14.2.0)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/11/10 21:17:31 | 000,167,264 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/05/17 15:41:56 | 000,077,944 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2010/12/13 07:53:40 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2008/11/10 04:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/04/26 16:15:26 | 000,361,808 | ---- | M] () [Auto | Running] -- C:\Windows\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/01/21 10:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\usbaapl.sys -- (USBAAPL)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbfake.sys -- (hwusbfake)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbdev.sys -- (hwusbdev)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - [2013/02/19 17:47:38 | 000,033,112 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2013/01/16 09:20:41 | 000,226,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/09/13 09:59:41 | 000,029,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2011/05/08 19:34:24 | 000,243,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/12/13 07:53:36 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2010/08/12 12:07:50 | 000,292,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVNET)
DRV - [2010/08/12 12:07:50 | 000,292,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2009/07/23 21:01:00 | 009,791,072 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/10/03 03:39:28 | 000,222,208 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/05/10 03:17:32 | 000,043,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008/04/28 02:07:44 | 000,909,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/04/25 06:51:46 | 000,014,848 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007/10/18 07:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/19 08:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No CLSID value found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{3D454AFF-6E01-437B-90B1-2D4F2B069DE3}: "URL" = http://ph.search.yah...h_fr_005&fr=chr
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...pa&d=2011-12-02 19:34:53&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://toolbar.ask.c...rm=1&toolbar=BT
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultEngine: "Yahoo"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....ch?fr=ffsp1&p="
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://isearch.avg.c...pa&d=2011-12-02 19:34:53&v=14.2.0.1&pid=avg&sg=&sap=hp"
FF - prefs.js..extensions.enabledItems: [email protected]:3.2.3.3
FF - prefs.js..extensions.enabledItems: {88c7f2aa-f93f-432c-8f0e-b7d85967a527}:3.2.3.3
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.911
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7550
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..extensions.enabledItems: [email protected]:9.0.0.18.1
FF - prefs.js..keyword.URL: "http://ph.search.yah...8&&fr=ytff-&p="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\user1\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\user1\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\user1\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008/08/05 02:35:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2011/09/13 10:00:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\AVG Secure Search\FireFoxExt\14.2.0.1 [2013/02/19 17:48:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/13 20:18:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/03/20 14:22:48 | 000,000,000 | ---D | M]

[2009/11/19 18:47:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user1\AppData\Roaming\mozilla\Extensions
[2012/10/20 15:38:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user1\AppData\Roaming\mozilla\Firefox\Profiles\5axg0byw.default\extensions
[2009/11/20 18:08:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\user1\AppData\Roaming\mozilla\Firefox\Profiles\5axg0byw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/07/07 22:12:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user1\AppData\Roaming\mozilla\Firefox\Profiles\5axg0byw.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/11/26 18:31:21 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\user1\AppData\Roaming\mozilla\Firefox\Profiles\5axg0byw.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2010/11/26 18:31:21 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\user1\AppData\Roaming\mozilla\Firefox\Profiles\5axg0byw.default\extensions\[email protected]
[2013/03/20 14:22:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/05/12 11:48:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2011/07/18 14:24:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2013/02/19 17:48:12 | 000,003,714 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml

========== Chrome ==========

CHR - default_search_provider: AVG Secure Search (Enabled)
CHR - default_search_provider: search_url = http://isearch.avg.c...pa&d=2011-12-02 19:34:53&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}
CHR - default_search_provider: suggest_url = http://toolbar.avg.c...earchTerms}&o=1
CHR - homepage: http://isearch.avg.c...pa&d=2011-12-02 19:34:53&v=14.2.0.1&pid=avg&sg=&sap=hp
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\user1\AppData\Local\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\user1\AppData\Local\Google\Chrome\Application\25.0.1364.172\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\user1\AppData\Local\Google\Chrome\Application\25.0.1364.172\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Google Update (Enabled) = C:\Users\user1\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\user1\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\user1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Users\user1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Troll Emoticons = C:\Users\user1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hndllphbhpadfpoikpaofkkkpkpnmjik\5.1.8_0\
CHR - Extension: Night Time In New York City = C:\Users\user1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnimonidkipnhnpgkhgliocfnnpgkhek\1.2_0\
CHR - Extension: AVG Security Toolbar = C:\Users\user1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\14.2.0.1_0\
CHR - Extension: Gmail = C:\Users\user1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2006/09/19 05:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\user1\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
F3 - HKCU WinNT: Load - (C:\Users\user1\LOCALS~1\Temp\msiailei.scr) - File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.17.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E26D1994-3780-4DFE-9AED-5FCB34F7800F}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll ()
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\user1\Pictures\nba\Dwyane_Wade_21198.jpg
O24 - Desktop BackupWallPaper: C:\Users\user1\Pictures\nba\Dwyane_Wade_21198.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/11/14 08:55:32 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2008/08/05 02:03:40 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1ac545c2-281b-11df-81a8-001d7277b757}\Shell\AutoRun\command - "" = F:\MAKSIMALNO///minimalno.exe
O33 - MountPoints2\{1ac545c2-281b-11df-81a8-001d7277b757}\Shell\open\command - "" = F:\MAKSIMALNO///minimalno.exe
O33 - MountPoints2\{22146e7f-154f-11df-9228-001d7277b757}\Shell\1\Command - "" = G:\Recycle.exe
O33 - MountPoints2\{22146e7f-154f-11df-9228-001d7277b757}\Shell\2\Command - "" = G:\Recycle.exe
O33 - MountPoints2\{22146e7f-154f-11df-9228-001d7277b757}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\Recycle.exe
O33 - MountPoints2\{2c3d3017-a350-11de-8b4a-001d7277b757}\Shell\AutoRun\command - "" = F:\kasper/kasper32.exe
O33 - MountPoints2\{2c3d3017-a350-11de-8b4a-001d7277b757}\Shell\explore\command - "" = F:\.////////kasper/\\\\\kasper32.exe
O33 - MountPoints2\{2c3d3017-a350-11de-8b4a-001d7277b757}\Shell\open\command - "" = F:\kasper/////////kasper32.exe
O33 - MountPoints2\{4c362f38-77ec-11de-952a-001d7277b757}\Shell\auto\command - "" = Scrap
O33 - MountPoints2\{4c362f38-77ec-11de-952a-001d7277b757}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Scrap
O33 - MountPoints2\{4c362f38-77ec-11de-952a-001d7277b757}\Shell\explore\command - "" = Scrap
O33 - MountPoints2\{4c362f38-77ec-11de-952a-001d7277b757}\Shell\open\command - "" = Scrap
O33 - MountPoints2\{5f3a416a-0bdc-11df-bc8a-001d7277b757}\Shell\AutoRun\command - "" = H:\svchost.exe
O33 - MountPoints2\{725cd502-1458-11df-871c-001d7277b757}\Shell - "" = AutoRun
O33 - MountPoints2\{725cd502-1458-11df-871c-001d7277b757}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{790cc640-2b48-11df-8f0d-001d7277b757}\Shell\AutoRun\command - "" = G:\usecure/usecure32.exe
O33 - MountPoints2\{790cc640-2b48-11df-8f0d-001d7277b757}\Shell\explore\command - "" = G:\usecure/usecure32.exe
O33 - MountPoints2\{790cc640-2b48-11df-8f0d-001d7277b757}\Shell\open\command - "" = G:\usecure/usecure32.exe
O33 - MountPoints2\{a6e22e69-0a59-11df-b868-001d7277b757}\Shell\AutoRun\command - "" = bitdecoy/bitdecoy32.exe
O33 - MountPoints2\{a6e22e69-0a59-11df-b868-001d7277b757}\Shell\explore\command - "" = bitdecoy/bitdecoy32.exe
O33 - MountPoints2\{a6e22e69-0a59-11df-b868-001d7277b757}\Shell\open\command - "" = .\bitdecoy/bitdecoy32.exe
O33 - MountPoints2\{a762aee0-e51d-11de-ac60-001d7277b757}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\dirsystem.cmd
O33 - MountPoints2\{c2c29856-228a-11df-83ee-001d7277b757}\Shell - "" = AutoRun
O33 - MountPoints2\{c2c29856-228a-11df-83ee-001d7277b757}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{d1f02a2b-b9fc-11de-896a-001d7277b757}\Shell\AutoRun\command - "" = k1d.exe
O33 - MountPoints2\{d1f02a2b-b9fc-11de-896a-001d7277b757}\Shell\open\Command - "" = k1d.exe
O33 - MountPoints2\{d98baa68-b929-11de-b715-001d7277b757}\Shell - "" = AutoRun
O33 - MountPoints2\{d98baa68-b929-11de-b715-001d7277b757}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{da77ce07-0d63-11df-969c-001d7277b757}\Shell\AutoRun\command - "" = F:\kasper/kasper32.exe
O33 - MountPoints2\{da77ce07-0d63-11df-969c-001d7277b757}\Shell\explore\command - "" = F:\.////////kasper/\\\\\kasper32.exe
O33 - MountPoints2\{da77ce07-0d63-11df-969c-001d7277b757}\Shell\open\command - "" = F:\kasper/////////kasper32.exe
O33 - MountPoints2\{dae8c2b8-5c5b-11de-93e6-001d7277b757}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL LAQig.eXe
O33 - MountPoints2\{e4a6b499-b222-11de-b88e-001d7277b757}\Shell\AutoRun\command - "" = ucure/ucure32.exe
O33 - MountPoints2\{e4a6b499-b222-11de-b88e-001d7277b757}\Shell\explore\command - "" = ucure/ucure32.exe
O33 - MountPoints2\{e4a6b499-b222-11de-b88e-001d7277b757}\Shell\open\command - "" = ucure/ucure32.exe
O33 - MountPoints2\{e8279ed4-6590-11de-b3bd-001d7277b757}\Shell\AuTopLaY\cOmmAnD - "" = I:\xmagx.pif
O33 - MountPoints2\{e8279ed4-6590-11de-b3bd-001d7277b757}\Shell\AutoRun\command - "" = I:\xmagx.pif
O33 - MountPoints2\{e8279ed4-6590-11de-b3bd-001d7277b757}\Shell\EXpLorE\CoMmAnD - "" = I:\xmagx.pif
O33 - MountPoints2\{e8279ed4-6590-11de-b3bd-001d7277b757}\Shell\opeN\ComMaND - "" = I:\xmagx.pif
O33 - MountPoints2\{e8279ed9-6590-11de-b3bd-001d7277b757}\Shell - "" = AutoRun
O33 - MountPoints2\{e8279ed9-6590-11de-b3bd-001d7277b757}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{fc900ec8-df15-11de-95d8-001d7277b757}\Shell - "" = AutoRun
O33 - MountPoints2\{fc900ec8-df15-11de-95d8-001d7277b757}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{fc900ed4-df15-11de-95d8-001d7277b757}\Shell - "" = AutoRun
O33 - MountPoints2\{fc900ed4-df15-11de-95d8-001d7277b757}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\Launcher.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/03/28 09:12:45 | 000,000,000 | ---D | C] -- C:\Users\user1\AppData\Roaming\Malwarebytes
[2013/03/28 09:12:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/03/28 09:12:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/03/28 09:12:34 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/03/28 09:12:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/03/14 03:07:18 | 000,000,000 | ---D | C] -- C:\04df8eaf191cfaf31908aceb4d
[2013/03/13 22:50:07 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys
[2013/03/13 09:45:03 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/03/13 09:45:03 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2013/03/13 09:45:02 | 000,630,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/03/13 09:45:02 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2013/03/13 09:45:02 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013/03/13 09:45:02 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013/03/13 09:45:02 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2013/03/13 09:45:01 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/03/13 09:45:01 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013/03/13 09:44:56 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013/03/13 09:44:56 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2013/03/13 09:44:55 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2013/03/13 09:44:55 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013/03/13 09:44:54 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/03/13 09:44:53 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013/03/13 09:44:53 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/03/13 09:44:53 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/03/13 09:44:50 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/03/11 09:03:00 | 027,215,683 | ---- | C] (Computers and Structures, Inc.) -- C:\Users\user1\Desktop\CSI ETABS 9.7 Portable.exe
[2013/03/11 08:45:21 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013/03/11 08:44:44 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/03/11 08:44:43 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/03/11 08:44:43 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013/03/09 18:48:20 | 000,000,000 | ---D | C] -- C:\Users\user1\AppData\Local\Xenocode
[2013/03/04 12:07:31 | 000,000,000 | ---D | C] -- C:\FRST
[2013/03/02 15:11:58 | 000,000,000 | ---D | C] -- C:\TEMP
[2013/03/02 12:43:41 | 000,000,000 | ---D | C] -- C:\Users\user1\AppData\Roaming\{C64C782F-F116-458F-971F-3CFEC4CD44CF}
[2013/02/28 19:54:02 | 000,000,000 | ---D | C] -- C:\Users\user1\AppData\Roaming\{35DE4F28-A4BE-4F10-A49C-975D40B597D0}
[2013/02/28 19:53:05 | 000,000,000 | ---D | C] -- C:\Users\user1\AppData\Roaming\{E0F63152-C24E-4A21-83E2-41B815A52919}
[2013/02/28 17:52:51 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2013/02/28 17:52:40 | 000,693,976 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe

========== Files - Modified Within 30 Days ==========

[2013/03/28 11:00:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/03/28 10:41:01 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3340730019-3293077109-2200735973-1000UA.job
[2013/03/28 10:08:25 | 000,401,540 | ---- | M] () -- C:\ProgramData\nvModes.001
[2013/03/28 10:05:20 | 000,401,540 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2013/03/28 10:05:13 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/28 10:05:12 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/28 10:04:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/28 10:04:36 | 2951,073,792 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/28 09:53:48 | 114,850,794 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2013/03/28 09:12:38 | 000,000,890 | ---- | M] () -- C:\Users\user1\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2013/03/27 19:41:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3340730019-3293077109-2200735973-1000Core.job
[2013/03/27 16:39:28 | 000,097,298 | ---- | M] () -- C:\Users\user1\Desktop\Untitled.jpg
[2013/03/26 13:08:58 | 000,655,148 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/03/26 13:08:58 | 000,137,294 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/03/23 23:57:22 | 000,206,848 | ---- | M] () -- C:\Users\user1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/03/14 21:26:27 | 000,000,114 | ---- | M] () -- C:\Windows\System32\prsgrc.tgz
[2013/03/14 21:26:26 | 000,000,218 | ---- | M] () -- C:\Windows\System32\svat0iq.tgz
[2013/03/14 21:26:26 | 000,000,204 | ---- | M] () -- C:\Windows\System32\svat0iq.dll
[2013/03/14 21:26:26 | 000,000,100 | ---- | M] () -- C:\Windows\System32\prsgrc.dll
[2013/03/14 00:52:56 | 000,002,084 | ---- | M] () -- C:\Users\user1\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/03/14 00:52:56 | 000,002,082 | ---- | M] () -- C:\Users\user1\Desktop\Google Chrome.lnk
[2013/03/13 20:02:51 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/03/13 20:02:51 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/03/11 08:44:30 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/03/11 08:44:29 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013/03/11 08:44:29 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/03/11 08:44:28 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013/03/11 08:44:27 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2013/03/11 08:44:27 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2013/03/05 18:21:45 | 000,008,523 | -H-- | M] () -- C:\Users\user1\Documents\acaddoc.lsp
[2013/02/28 10:49:23 | 001,638,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

========== Files Created - No Company Name ==========

[2013/03/28 09:12:38 | 000,000,890 | ---- | C] () -- C:\Users\user1\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2013/03/27 16:39:27 | 000,097,298 | ---- | C] () -- C:\Users\user1\Desktop\Untitled.jpg
[2013/03/05 18:21:45 | 000,008,523 | -H-- | C] () -- C:\Users\user1\Documents\acaddoc.lsp
[2013/02/28 17:52:42 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2011/08/18 11:10:33 | 000,144,540 | ---- | C] () -- C:\Windows\hpwins16.dat
[2011/05/12 13:42:31 | 000,000,327 | ---- | C] () -- C:\Windows\SAFEv8.ini
[2011/05/12 13:37:29 | 000,000,016 | -H-- | C] () -- C:\Windows\System32\u3rpij6.dll
[2011/05/12 13:37:28 | 000,000,016 | -H-- | C] () -- C:\Windows\System32\hpdlnno.dll
[2011/05/12 13:37:28 | 000,000,016 | -H-- | C] () -- C:\Windows\System32\fdcuoct.dll
[2011/05/12 13:37:26 | 000,000,016 | -H-- | C] () -- C:\Windows\System32\hycc0i8.dll
[2011/05/12 13:37:23 | 000,000,016 | -H-- | C] () -- C:\Windows\System32\l0ebt1m.dll
[2011/05/12 13:37:19 | 000,000,016 | -H-- | C] () -- C:\Windows\System32\ls3v6ks.dll
[2011/05/12 13:00:21 | 000,000,271 | ---- | C] () -- C:\Windows\ETABS.ini
[2011/04/17 09:29:52 | 000,000,073 | ---- | C] () -- C:\Windows\System32\ssprs.dll
[2011/04/16 14:24:44 | 000,026,840 | ---- | C] () -- C:\Users\user1\AppData\Roaming\UserTile.png
[2010/12/20 12:47:05 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/12/03 07:21:04 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/10/08 16:40:01 | 000,197,632 | ---- | C] () -- C:\Program Files\patchw32.dll
[2009/10/08 16:40:01 | 000,168,029 | ---- | C] () -- C:\Program Files\std2004patch.exe
[2009/08/25 06:06:34 | 000,000,680 | ---- | C] () -- C:\Users\user1\AppData\Local\d3d9caps.dat
[2008/11/14 22:56:38 | 000,002,060 | ---- | C] () -- C:\Users\user1\AppData\Roaming\wklnhst.dat
[2008/11/12 21:56:03 | 000,401,540 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008/11/12 21:55:01 | 000,401,540 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008/11/12 20:23:18 | 000,206,848 | ---- | C] () -- C:\Users\user1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006/11/02 20:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 01:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 14:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 14:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 181 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:679ABA25
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:ADF211B1

< End of report >
  • 0

#6
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,989 posts
Hello jogyboi5,

There appears to be the left overs of Farbars Recovery Scan Tool on your system. Are you receiving help elsewhere?

Tell me when you return.

For now

Please run OTL.exe

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKCU\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://toolbar.ask.c...rm=1&toolbar=BT
    FF - prefs.js..extensions.enabledItems: [email protected]:3.2.3.3
    [2010/11/26 18:31:21 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\user1\AppData\Roaming\mozilla\Firefox\Profiles\5axg0byw.default\extensions\[email protected]
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
    F3 - HKCU WinNT: Load - (C:\Users\user1\LOCALS~1\Temp\msiailei.scr) - File not found
    O33 - MountPoints2\{1ac545c2-281b-11df-81a8-001d7277b757}\Shell\AutoRun\command - "" = F:\MAKSIMALNO///minimalno.exe
    O33 - MountPoints2\{1ac545c2-281b-11df-81a8-001d7277b757}\Shell\open\command - "" = F:\MAKSIMALNO///minimalno.exe
    O33 - MountPoints2\{22146e7f-154f-11df-9228-001d7277b757}\Shell\1\Command - "" = G:\Recycle.exe
    O33 - MountPoints2\{22146e7f-154f-11df-9228-001d7277b757}\Shell\2\Command - "" = G:\Recycle.exe
    O33 - MountPoints2\{22146e7f-154f-11df-9228-001d7277b757}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\Recycle.exe
    O33 - MountPoints2\{2c3d3017-a350-11de-8b4a-001d7277b757}\Shell\AutoRun\command - "" = F:\kasper/kasper32.exe
    O33 - MountPoints2\{2c3d3017-a350-11de-8b4a-001d7277b757}\Shell\explore\command - "" = F:\.////////kasper/\\\\\kasper32.exe
    O33 - MountPoints2\{2c3d3017-a350-11de-8b4a-001d7277b757}\Shell\open\command - "" = F:\kasper/////////kasper32.exe
    O33 - MountPoints2\{4c362f38-77ec-11de-952a-001d7277b757}\Shell\auto\command - "" = Scrap
    O33 - MountPoints2\{4c362f38-77ec-11de-952a-001d7277b757}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Scrap
    O33 - MountPoints2\{4c362f38-77ec-11de-952a-001d7277b757}\Shell\explore\command - "" = Scrap
    O33 - MountPoints2\{4c362f38-77ec-11de-952a-001d7277b757}\Shell\open\command - "" = Scrap
    O33 - MountPoints2\{5f3a416a-0bdc-11df-bc8a-001d7277b757}\Shell\AutoRun\command - "" = H:\svchost.exe
    O33 - MountPoints2\{725cd502-1458-11df-871c-001d7277b757}\Shell - "" = AutoRun
    O33 - MountPoints2\{725cd502-1458-11df-871c-001d7277b757}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{790cc640-2b48-11df-8f0d-001d7277b757}\Shell\AutoRun\command - "" = G:\usecure/usecure32.exe
    O33 - MountPoints2\{790cc640-2b48-11df-8f0d-001d7277b757}\Shell\explore\command - "" = G:\usecure/usecure32.exe
    O33 - MountPoints2\{790cc640-2b48-11df-8f0d-001d7277b757}\Shell\open\command - "" = G:\usecure/usecure32.exe
    O33 - MountPoints2\{a6e22e69-0a59-11df-b868-001d7277b757}\Shell\AutoRun\command - "" = bitdecoy/bitdecoy32.exe
    O33 - MountPoints2\{a6e22e69-0a59-11df-b868-001d7277b757}\Shell\explore\command - "" = bitdecoy/bitdecoy32.exe
    O33 - MountPoints2\{a6e22e69-0a59-11df-b868-001d7277b757}\Shell\open\command - "" = .\bitdecoy/bitdecoy32.exe
    O33 - MountPoints2\{a762aee0-e51d-11de-ac60-001d7277b757}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\dirsystem.cmd
    O33 - MountPoints2\{c2c29856-228a-11df-83ee-001d7277b757}\Shell - "" = AutoRun
    O33 - MountPoints2\{c2c29856-228a-11df-83ee-001d7277b757}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{d1f02a2b-b9fc-11de-896a-001d7277b757}\Shell\AutoRun\command - "" = k1d.exe
    O33 - MountPoints2\{d1f02a2b-b9fc-11de-896a-001d7277b757}\Shell\open\Command - "" = k1d.exe
    O33 - MountPoints2\{d98baa68-b929-11de-b715-001d7277b757}\Shell - "" = AutoRun
    O33 - MountPoints2\{d98baa68-b929-11de-b715-001d7277b757}\Shell\AutoRun\command - "" = G:\AutoRun.exe
    O33 - MountPoints2\{da77ce07-0d63-11df-969c-001d7277b757}\Shell\AutoRun\command - "" = F:\kasper/kasper32.exe
    O33 - MountPoints2\{da77ce07-0d63-11df-969c-001d7277b757}\Shell\explore\command - "" = F:\.////////kasper/\\\\\kasper32.exe
    O33 - MountPoints2\{da77ce07-0d63-11df-969c-001d7277b757}\Shell\open\command - "" = F:\kasper/////////kasper32.exe
    O33 - MountPoints2\{dae8c2b8-5c5b-11de-93e6-001d7277b757}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL LAQig.eXe
    O33 - MountPoints2\{e4a6b499-b222-11de-b88e-001d7277b757}\Shell\AutoRun\command - "" = ucure/ucure32.exe
    O33 - MountPoints2\{e4a6b499-b222-11de-b88e-001d7277b757}\Shell\explore\command - "" = ucure/ucure32.exe
    O33 - MountPoints2\{e4a6b499-b222-11de-b88e-001d7277b757}\Shell\open\command - "" = ucure/ucure32.exe
    O33 - MountPoints2\{e8279ed4-6590-11de-b3bd-001d7277b757}\Shell\AuTopLaY\cOmmAnD - "" = I:\xmagx.pif
    O33 - MountPoints2\{e8279ed4-6590-11de-b3bd-001d7277b757}\Shell\AutoRun\command - "" = I:\xmagx.pif
    O33 - MountPoints2\{e8279ed4-6590-11de-b3bd-001d7277b757}\Shell\EXpLorE\CoMmAnD - "" = I:\xmagx.pif
    O33 - MountPoints2\{e8279ed4-6590-11de-b3bd-001d7277b757}\Shell\opeN\ComMaND - "" = I:\xmagx.pif
    O33 - MountPoints2\{e8279ed9-6590-11de-b3bd-001d7277b757}\Shell - "" = AutoRun
    O33 - MountPoints2\{e8279ed9-6590-11de-b3bd-001d7277b757}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
    O33 - MountPoints2\{fc900ec8-df15-11de-95d8-001d7277b757}\Shell - "" = AutoRun
    O33 - MountPoints2\{fc900ec8-df15-11de-95d8-001d7277b757}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{fc900ed4-df15-11de-95d8-001d7277b757}\Shell - "" = AutoRun
    O33 - MountPoints2\{fc900ed4-df15-11de-95d8-001d7277b757}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\G\Shell - "" = AutoRun
    O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\Launcher.exe
    O34 - HKLM BootExecute: (autocheck autochk *)
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [resethosts]
    [emptytemp]
    
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.The log is saved in the same location as OTL.
Next

Download and run Junkware removal Tool by thisisu

When the scan completes a log will be produced please post it back here.

When you return please post
  • OTL fix .txt
  • Junkware log

  • 0

#7
jogyboi5

jogyboi5

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Hello,

With regards to your question if I am receiving help elsewhere, well I'm just reading some directionals from the websites in the internet before. Is it normal that the OTL fix will run for a long time? Apparently, it becomes unresponsive after I let it run for an hour. So what should I do is to let it run for quite some time?

Thanks.
  • 0

#8
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,989 posts

Apparently, it becomes unresponsive after I let it run for an hour. So what should I do is to let it run for quite some time?


No that is too long. Likely AVG getting in the way. If it was disabled when you ran OTL then try in Safe Mode otherwise try it after you have disabled AVG.

Boot into Safe Mode:

1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, tap F8 continually.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.
  • 0

#9
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,989 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP