Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Need to remove win32/small.ca and possibly others [Closed]


  • This topic is locked This topic is locked

#1
StonyOTK

StonyOTK

    New Member

  • Member
  • Pip
  • 1 posts
For the past year my pc has be [bleep]ing up. I run scans and it says nothing wrong, but then again it keeps overheating a lot and some settings keep changing. Now yesterday I had an alert that I had a win32/small.ca virus and I don't know how to remove it. I think it's also why my itunes won't recognize my iphone is connected, but my pc does and why I can't sign into yahoo. I ran a scan last night (which is the picture attached), and it says 600 errors and whatnot. Please help, I really want to resolve this before resulting to repair shop bc I can't really afford that right now :(. Also, I've had AVAST and limewire uninstalled, but for some reason it still showing up in my pc and I had blue screen of death a few times.

OTL log:

OTL logfile created on: 4/10/2013 1:50:40 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Crystal\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.22 Gb Total Physical Memory | 1.50 Gb Available Physical Memory | 46.50% Memory free
6.64 Gb Paging File | 4.91 Gb Available in Paging File | 73.85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 450.71 Gb Total Space | 280.96 Gb Free Space | 62.34% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 0.01 Gb Free Space | 0.09% Space Free | Partition Type: NTFS

Computer Name: MCMURDER | User Name: Crystal | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/04/10 13:50:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Crystal\Downloads\OTL.exe
PRC - [2013/03/19 22:26:44 | 003,289,208 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/03/13 17:15:00 | 004,394,032 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe
PRC - [2013/02/27 23:42:12 | 004,937,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe
PRC - [2013/02/26 23:41:54 | 000,763,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe
PRC - [2013/02/19 04:02:02 | 000,282,624 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
PRC - [2013/02/19 04:01:34 | 001,116,720 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe
PRC - [2013/02/19 04:01:04 | 000,799,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgemcx.exe
PRC - [2013/02/19 04:00:58 | 000,448,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe
PRC - [2012/12/18 10:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/09/13 00:38:44 | 000,204,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2012/09/13 00:38:20 | 000,264,040 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2011/05/27 16:57:30 | 000,562,592 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
PRC - [2010/07/28 14:39:22 | 001,156,440 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2009/08/27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2009/04/28 09:58:26 | 000,094,208 | ---- | M] (Lexmark International, Inc.) -- C:\Windows\System32\spool\drivers\w32x86\3\lxdnserv.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/09/23 23:09:52 | 001,295,656 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DellDock.exe
PRC - [2008/09/23 23:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/07/18 08:42:10 | 006,246,400 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/02/27 19:07:26 | 000,594,600 | ---- | M] ( ) -- C:\Windows\System32\lxdncoms.exe
PRC - [2006/11/02 08:35:35 | 000,176,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpcumi.exe


========== Modules (No Company Name) ==========

MOD - [2013/04/09 04:57:07 | 000,390,096 | ---- | M] () -- C:\Users\Crystal\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppgooglenaclpluginchrome.dll
MOD - [2013/04/09 04:57:06 | 013,130,704 | ---- | M] () -- C:\Users\Crystal\AppData\Local\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
MOD - [2013/04/09 04:57:05 | 004,050,896 | ---- | M] () -- C:\Users\Crystal\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll
MOD - [2013/04/09 04:56:15 | 000,598,480 | ---- | M] () -- C:\Users\Crystal\AppData\Local\Google\Chrome\Application\26.0.1410.64\libglesv2.dll
MOD - [2013/04/09 04:56:14 | 000,124,368 | ---- | M] () -- C:\Users\Crystal\AppData\Local\Google\Chrome\Application\26.0.1410.64\libegl.dll
MOD - [2013/04/09 04:56:13 | 001,606,096 | ---- | M] () -- C:\Users\Crystal\AppData\Local\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll
MOD - [2013/02/13 04:29:15 | 015,880,192 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MenuSkinning\dfd7654b5332f421439d1abdcbd03ced\MenuSkinning.ni.dll
MOD - [2013/02/13 04:29:04 | 000,284,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\VistaBridgeLibrary\c01706f8ce8cef42e3115a3370576d8d\VistaBridgeLibrary.ni.dll
MOD - [2013/02/13 04:29:03 | 002,500,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\DellDock\0ac29b474a2e459b83f5d673d391d349\DellDock.ni.exe
MOD - [2013/02/13 04:29:02 | 000,274,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MyDock.Util\22f225901aa3169b227420c35293f9ef\MyDock.Util.ni.dll
MOD - [2013/02/13 04:26:10 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e64304962098e90f0d3f4c33c1b080a6\System.Windows.Forms.ni.dll
MOD - [2013/01/28 13:08:56 | 000,087,952 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2013/01/28 13:08:28 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2013/01/10 04:33:46 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f042f66c2ad8fd5b8c34fa22cd22079e\System.Management.ni.dll
MOD - [2013/01/10 04:31:55 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\9b2eef59d0cfc5aff182d0951de5f040\Accessibility.ni.dll
MOD - [2013/01/10 04:31:36 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\004bc6615f9c06df5c98859d35149fe6\System.Configuration.ni.dll
MOD - [2013/01/10 04:31:34 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\b757806657fa5db2b1ed1a89b026b463\System.Xml.ni.dll
MOD - [2013/01/10 04:31:12 | 001,593,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\78157a494dc9a7e52be8840decfcd9cc\System.Drawing.ni.dll
MOD - [2013/01/10 04:30:19 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll
MOD - [2013/01/10 04:30:11 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll
MOD - [2012/09/13 00:39:18 | 000,336,232 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
MOD - [2012/09/13 00:38:20 | 000,264,040 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
MOD - [2010/05/07 18:37:40 | 000,126,808 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2010/05/07 18:37:40 | 000,027,480 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2010/05/07 18:36:54 | 000,340,824 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2010/05/07 18:35:56 | 007,954,776 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2010/05/07 18:35:44 | 002,143,576 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTCore4.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV - [2013/03/19 22:26:44 | 003,289,208 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/03/13 04:39:12 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/02/27 23:42:12 | 004,937,264 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/02/19 04:02:02 | 000,282,624 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013/01/08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/12/18 10:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/27 16:57:30 | 000,562,592 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService)
SRV - [2010/07/28 14:39:22 | 001,156,440 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2009/08/27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2009/04/28 09:58:26 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxdnserv.exe -- (lxdnCATSCustConnectService)
SRV - [2008/11/29 15:26:40 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [Disabled | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/09/23 23:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/08/14 01:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Disabled | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter)
SRV - [2008/08/07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [Disabled | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2008/07/18 08:42:08 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Disabled | Stopped] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)
SRV - [2008/05/02 02:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008/02/27 19:07:26 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxdncoms.exe -- (lxdn_device)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/05/31 09:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 09:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Disabled | Stopped] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lvpopflt.sys -- (lvpopflt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2013/03/01 10:32:20 | 000,022,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2013/02/26 23:40:46 | 000,208,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2013/02/14 03:52:46 | 000,182,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2013/02/08 04:37:58 | 000,096,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2013/02/08 04:37:56 | 000,245,048 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx)
DRV - [2013/02/08 04:37:52 | 000,060,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2013/02/08 04:37:44 | 000,170,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2013/02/08 04:37:40 | 000,039,224 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2013/01/20 16:59:04 | 000,100,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012/10/30 19:51:58 | 000,199,320 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswNdis2.sys -- (aswNdis2)
DRV - [2012/10/30 19:51:56 | 000,106,560 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswFW.sys -- (aswFW)
DRV - [2012/10/30 19:51:56 | 000,020,624 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2012/09/21 15:09:06 | 004,261,224 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2012/09/21 15:09:00 | 000,310,504 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/06/23 10:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2010/05/07 18:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/11/10 10:27:06 | 000,019,456 | ---- | M] (LeapFrog) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\FlyUsb.sys -- (FlyUsb)
DRV - [2009/09/30 21:22:08 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2009/04/11 00:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2008/07/21 07:18:20 | 000,027,648 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\RtNdPt60.sys -- (RtNdPt60)
DRV - [2008/07/17 08:37:28 | 000,112,128 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2008/02/29 03:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/02/29 03:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2008/01/20 22:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2006/11/02 03:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...ie7&rlz=1I7DKUS
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT1269415

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylo...000002170707d58
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...000002170707d58
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...C0-80BEADBD7AD9
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT1269415
IE - HKCU\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://dl.ask.com/to...m=1&toolbar=GV2
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\..\SearchScopes\{E112C8EC-AFB5-4DB6-9BB0-A84B72DB734E}: "URL" = http://www.google.co...&rlz=1I7DKUS_en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Crystal\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Crystal\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Crystal\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Crystal\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Crystal\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Crystal\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/12/25 20:40:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

[2010/12/09 23:45:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Crystal\AppData\Roaming\Mozilla\Extensions
[2009/03/23 13:02:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Crystal\AppData\Roaming\Mozilla\Extensions\[email protected]
[2010/10/30 07:27:10 | 000,000,000 | ---D | M] (Download Energy Toolbar) -- C:\Users\Crystal\AppData\Roaming\Mozilla\Firefox\Profiles\e1fh8xuz.default\extensions
[2010/10/30 07:27:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Crystal\AppData\Roaming\Mozilla\Firefox\Profiles\e1fh8xuz.default\extensions\chrome
[2010/10/30 07:27:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Crystal\AppData\Roaming\Mozilla\Firefox\Profiles\e1fh8xuz.default\extensions\components
[2010/10/30 07:27:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Crystal\AppData\Roaming\Mozilla\Firefox\Profiles\e1fh8xuz.default\extensions\defaults
[2010/10/30 07:27:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Crystal\AppData\Roaming\Mozilla\Firefox\Profiles\e1fh8xuz.default\extensions\lib
[2010/10/30 07:27:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Crystal\AppData\Roaming\Mozilla\Firefox\Profiles\e1fh8xuz.default\extensions\META-INF
[2010/10/30 07:27:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Crystal\AppData\Roaming\Mozilla\Firefox\Profiles\e1fh8xuz.default\extensions\searchplugin
[2010/10/30 07:27:10 | 000,000,000 | ---D | M] (Download Energy Toolbar) -- C:\Users\Crystal\AppData\Roaming\Mozilla\Firefox\Profiles\yrisy0gt.default\extensions
[2010/10/30 07:27:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Crystal\AppData\Roaming\Mozilla\Firefox\Profiles\yrisy0gt.default\extensions\chrome
[2010/10/30 07:27:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Crystal\AppData\Roaming\Mozilla\Firefox\Profiles\yrisy0gt.default\extensions\components
[2010/10/30 07:27:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Crystal\AppData\Roaming\Mozilla\Firefox\Profiles\yrisy0gt.default\extensions\defaults
[2010/10/30 07:27:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Crystal\AppData\Roaming\Mozilla\Firefox\Profiles\yrisy0gt.default\extensions\lib
[2010/10/30 07:27:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Crystal\AppData\Roaming\Mozilla\Firefox\Profiles\yrisy0gt.default\extensions\META-INF
[2010/10/30 07:27:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Crystal\AppData\Roaming\Mozilla\Firefox\Profiles\yrisy0gt.default\extensions\searchplugin

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Crystal\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\Crystal\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Crystal\AppData\Local\Google\Chrome\Application\26.0.1410.64\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Crystal\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Crystal\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Crystal\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Entanglement = C:\Users\Crystal\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: Angry Birds = C:\Users\Crystal\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: Sexy Undo Close Tab = C:\Users\Crystal\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcennaiejdjpomgmmohhpgnjlmpcjmbg\7.2.9_0\
CHR - Extension: Add to Amazon Wish List = C:\Users\Crystal\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\
CHR - Extension: AT_MEcko = C:\Users\Crystal\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbdglekpmmdlmdfogflhiponnndbokpk\2_0\
CHR - Extension: AdBlock = C:\Users\Crystal\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.61_0\
CHR - Extension: Poppit = C:\Users\Crystal\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: Zombie Drop = C:\Users\Crystal\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhmhllfgcoopjdmcmdeobhgimokcabmc\1.0_0\
CHR - Extension: Plants vs Zombies = C:\Users\Crystal\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina\1.0.5_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Crystal\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\

O1 HOSTS File: ([2013/04/10 05:02:05 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - Startup: C:\Users\Crystal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9057D608-7B47-44E3-AD44-D1F33A1B9121}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\PFW: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\1600x1200_black.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\1600x1200_black.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/04/10 05:25:07 | 000,000,000 | -HSD | C] -- C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
[2013/04/10 05:08:12 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/04/10 04:59:47 | 000,000,000 | ---D | C] -- C:\Users\Crystal\AppData\Local\temp
[2013/04/10 04:59:46 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/04/10 04:50:37 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/04/10 04:50:37 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/04/10 04:50:37 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/04/10 04:50:34 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013/04/10 04:48:08 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/04/10 04:47:37 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/04/10 04:19:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileASSASSIN
[2013/04/10 04:19:04 | 000,000,000 | ---D | C] -- C:\Program Files\FileASSASSIN
[2013/04/10 04:16:18 | 000,000,000 | ---D | C] -- C:\Users\Crystal\AppData\Local\visi_coupon
[2013/04/10 02:30:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/04/10 02:30:19 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/04/10 02:30:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/04/09 13:36:56 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013/04/09 13:19:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/04/09 13:19:09 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/04/09 13:19:07 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/04/09 13:18:32 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2013/04/09 13:14:43 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2013/04/09 13:14:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2013/04/05 08:57:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/04/04 01:22:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
[2013/04/01 20:20:14 | 000,000,000 | ---D | C] -- C:\Users\Crystal\Documents\SightSpeed Recordings
[2013/03/22 19:48:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013/03/12 02:18:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\File Shredder
[2013/03/12 02:18:22 | 000,000,000 | ---D | C] -- C:\Program Files\File Shredder
[2009/07/23 15:27:14 | 008,653,312 | ---- | C] (Dell, Inc. ) -- C:\Users\Crystal\AppData\Roaming\DataSafeDotNet.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/04/10 13:48:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/10 13:46:59 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1527147898-3176993531-3168613052-1003UA.job
[2013/04/10 13:39:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/04/10 13:32:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1527147898-3176993531-3168613052-1001UA.job
[2013/04/10 13:04:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1527147898-3176993531-3168613052-1002UA.job
[2013/04/10 12:52:05 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1527147898-3176993531-3168613052-1001UA.job
[2013/04/10 12:52:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1527147898-3176993531-3168613052-1001Core.job
[2013/04/10 12:51:43 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/10 12:51:42 | 000,000,276 | ---- | M] () -- C:\Windows\tasks\RtlNICDiagVistaStart.job
[2013/04/10 12:34:51 | 000,630,976 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/04/10 12:34:51 | 000,113,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/04/10 12:28:03 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/10 12:28:03 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/10 12:28:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/04/10 12:26:15 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013/04/10 05:37:40 | 000,345,288 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/04/10 05:02:05 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/04/09 22:32:46 | 000,002,056 | ---- | M] () -- C:\Users\Crystal\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/04/09 21:03:59 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1527147898-3176993531-3168613052-1002Core.job
[2013/04/09 20:32:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1527147898-3176993531-3168613052-1001Core.job
[2013/04/09 15:47:00 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1527147898-3176993531-3168613052-1003Core.job
[2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/04/04 01:22:22 | 000,000,928 | ---- | M] () -- C:\Users\Crystal\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2013/03/30 15:21:08 | 377,695,178 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/03/18 03:04:28 | 000,033,655 | ---- | M] () -- C:\Users\Crystal\Documents\emotional.jpg
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/04/10 04:50:37 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/04/10 04:50:37 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/04/10 04:50:37 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/04/10 04:50:37 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/04/10 04:50:37 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/04/09 13:18:32 | 000,001,830 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2013/04/04 01:22:22 | 000,000,928 | ---- | C] () -- C:\Users\Crystal\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2013/03/18 03:04:17 | 000,033,655 | ---- | C] () -- C:\Users\Crystal\Documents\emotional.jpg
[2013/02/05 03:15:03 | 000,178,688 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2013/01/13 23:24:10 | 000,000,883 | ---- | C] () -- C:\Users\Crystal\.recently-used.xbel
[2012/12/18 15:32:08 | 000,094,208 | ---- | C] () -- C:\Windows\System32\lua5.1a.dll
[2012/09/21 15:08:36 | 010,919,784 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2012/09/21 15:08:36 | 000,338,136 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2012/09/21 15:08:36 | 000,103,272 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2012/09/13 02:23:20 | 000,000,101 | ---- | C] () -- C:\Windows\System32\ud-boot-time.ini
[2011/10/11 22:33:25 | 000,000,055 | ---- | C] () -- C:\Users\Crystal\.gtk-bookmarks
[2011/07/26 06:48:54 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2010/12/15 20:45:04 | 000,000,632 | RHS- | C] () -- C:\Users\Crystal\ntuser.pol
[2009/08/11 13:35:45 | 000,000,133 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2009/05/07 15:01:52 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/04/14 01:18:33 | 000,000,600 | ---- | C] () -- C:\Users\Crystal\AppData\Roaming\winscp.rnd
[2009/01/13 14:29:44 | 000,000,318 | ---- | C] () -- C:\Users\Crystal\AppData\Roaming\wklnhst.dat
[2008/12/23 16:34:37 | 000,000,680 | ---- | C] () -- C:\Users\Crystal\AppData\Local\d3d9caps.dat
[2008/12/02 17:37:46 | 000,093,184 | ---- | C] () -- C:\Users\Crystal\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006/11/02 08:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 13:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 02:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 02:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/03/01 02:32:27 | 000,000,000 | ---D | M] -- C:\Users\Crystal\AppData\Roaming\AVG2013
[2012/04/25 02:06:08 | 000,000,000 | ---D | M] -- C:\Users\Crystal\AppData\Roaming\Babylon
[2011/01/25 17:13:58 | 000,000,000 | ---D | M] -- C:\Users\Crystal\AppData\Roaming\BeadTool
[2011/01/13 23:45:16 | 000,000,000 | ---D | M] -- C:\Users\Crystal\AppData\Roaming\BitLord
[2011/05/27 15:16:24 | 000,000,000 | ---D | M] -- C:\Users\Crystal\AppData\Roaming\Chrome
[2012/01/22 15:54:33 | 000,000,000 | ---D | M] -- C:\Users\Crystal\AppData\Roaming\Dropbox
[2008/12/31 18:49:07 | 000,000,000 | ---D | M] -- C:\Users\Crystal\AppData\Roaming\eGames
[2008/12/02 17:54:57 | 000,000,000 | ---D | M] -- C:\Users\Crystal\AppData\Roaming\ESET
[2010/10/30 07:23:03 | 000,000,000 | ---D | M] -- C:\Users\Crystal\AppData\Roaming\FrostWire
[2008/12/31 18:21:30 | 000,000,000 | ---D | M] -- C:\Users\Crystal\AppData\Roaming\GameHouse
[2013/01/30 17:23:43 | 000,000,000 | ---D | M] -- C:\Users\Crystal\AppData\Roaming\gtk-2.0
[2008/12/02 18:31:50 | 000,000,000 | ---D | M] -- C:\Users\Crystal\AppData\Roaming\Leadertech
[2009/07/13 00:03:20 | 000,000,000 | ---D | M] -- C:\Users\Crystal\AppData\Roaming\Lexmark Productivity Studio
[2011/06/02 21:50:21 | 000,000,000 | ---D | M] -- C:\Users\Crystal\AppData\Roaming\MAGIX
[2010/09/14 11:09:51 | 000,000,000 | ---D | M] -- C:\Users\Crystal\AppData\Roaming\NCH Swift Sound
[2011/06/01 16:09:06 | 000,000,000 | ---D | M] -- C:\Users\Crystal\AppData\Roaming\ooVoo Details
[2008/12/24 12:57:33 | 000,000,000 | ---D | M] -- C:\Users\Crystal\AppData\Roaming\Pegasys Inc
[2011/01/13 23:31:50 | 000,000,000 | ---D | M] -- C:\Users\Crystal\AppData\Roaming\Python-Eggs
[2011/02/16 22:18:56 | 000,000,000 | ---D | M] -- C:\Users\Crystal\AppData\Roaming\QuickScan
[2011/09/01 22:39:08 | 000,000,000 | ---D | M] -- C:\Users\Crystal\AppData\Roaming\Registry Mechanic
[2011/01/24 20:13:32 | 000,000,000 | ---D | M] -- C:\Users\Crystal\AppData\Roaming\Sony
[2010/07/15 09:02:56 | 000,000,000 | ---D | M] -- C:\Users\Crystal\AppData\Roaming\Teleca
[2009/01/13 14:30:40 | 000,000,000 | ---D | M] -- C:\Users\Crystal\AppData\Roaming\Template
[2013/03/01 02:31:29 | 000,000,000 | ---D | M] -- C:\Users\Crystal\AppData\Roaming\TuneUp Software
[2009/01/04 23:33:53 | 000,000,000 | ---D | M] -- C:\Users\Crystal\AppData\Roaming\Unity
[2010/10/30 07:52:57 | 000,000,000 | ---D | M] -- C:\Users\Crystal\AppData\Roaming\WinMX Music

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:409A775B
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:61F0C8FB
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:DFC3B090
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:63596073
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >

OTL Extras logfile created on: 4/10/2013 1:50:40 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Crystal\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.22 Gb Total Physical Memory | 1.50 Gb Available Physical Memory | 46.50% Memory free
6.64 Gb Paging File | 4.91 Gb Available in Paging File | 73.85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 450.71 Gb Total Space | 280.96 Gb Free Space | 62.34% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 0.01 Gb Free Space | 0.09% Space Free | Partition Type: NTFS

Computer Name: MCMURDER | User Name: Crystal | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\CA Personal Firewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0FA75987-0DF1-4B0B-813D-3C8548064406}" = lport=139 | protocol=6 | dir=in | app=system |
"{21FA09B7-0728-4BEA-98B1-265A95EADA3F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{26CA11FA-4E4B-4111-B301-1E1FD35B31FF}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{389172CD-7EA9-4E4B-81CA-865AF4028F83}" = rport=138 | protocol=17 | dir=out | app=system |
"{3C3A226C-4662-41F4-B1EE-F9FB9433437B}" = rport=137 | protocol=17 | dir=out | app=system |
"{40FF6790-DCDB-47C5-BACB-C9753AD7A2BC}" = lport=138 | protocol=17 | dir=in | app=system |
"{53C39512-EE2B-401E-8AD2-AC78DAC27690}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{577DAE62-1D57-4854-BDAC-F37B903ADD3A}" = lport=137 | protocol=17 | dir=in | app=system |
"{60EF2CDE-C3E1-4067-BF82-41266CBD55FE}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6694E55A-B2FB-43EF-BD68-E0BBFA6E1AEB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{6CEAB106-F77A-45BD-B0D0-807365BB9585}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{93198468-F3C9-47FB-A6B6-5FAB2F357EA6}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B36A905D-0E4B-4EAD-A8F4-4C03958C6D40}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D4119328-9A8B-4529-AACF-DB1F660B030F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{E3FF5803-A01E-4FCF-9C63-1ED18466BF0D}" = rport=445 | protocol=6 | dir=out | app=system |
"{E532525B-3A28-4BCD-8856-92B5BF3F03B6}" = lport=445 | protocol=6 | dir=in | app=system |
"{FC9BAFC5-9E34-4831-A007-E4B240CE1CE6}" = rport=139 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{014B8C18-1871-4337-9144-C21AEC840E14}" = protocol=6 | dir=in | app=c:\program files\lexmark fax solutions\faxctr.exe |
"{0375312E-BDF8-4F1B-990F-8E31AFE39C3C}" = protocol=6 | dir=in | app=c:\windows\system32\lxdncoms.exe |
"{059E5FC7-0F9D-4262-9D86-B817CEBA4306}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxccpswx.exe |
"{0D55E509-9619-4AFB-9B9B-22BD3B8789AD}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{11022233-FC16-41C2-9CE2-81D02411BCC7}" = protocol=17 | dir=in | app=c:\program files\lexmark 2600 series\lxdnmon.exe |
"{121E8A64-A6C1-48DF-8397-EE95A59F4A52}" = protocol=17 | dir=in | app=c:\program files\lexmark 2600 series\frun.exe |
"{16AE0417-BAFD-47E5-B86A-DAFCB20BC54C}" = protocol=6 | dir=in | app=c:\users\crystal\appdata\roaming\dropbox\bin\dropbox.exe |
"{1803EDD1-FB39-401F-92C3-B39F73F698BC}" = protocol=6 | dir=out | app=system |
"{18A9E324-969A-490E-9292-03DE38C15B41}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1993D84B-910B-4ADF-A899-31D02F2A108C}" = protocol=17 | dir=in | app=c:\program files\belkin\router setup and monitor\belkinsetup.exe |
"{26CC5875-E51E-4F8D-8920-F530802298E5}" = protocol=6 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{274C514B-14CB-4E9A-8517-3B8F6C41F537}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxccpswx.exe |
"{2BC9073A-A1E7-4436-9084-BE97EFE17ABB}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{2C13A347-BC0A-48F0-A781-D4BDA8FDB55E}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdnjswx.exe |
"{2EE4316C-56BC-4E95-91AA-C2D6A0D1B264}" = protocol=17 | dir=in | app=c:\windows\system32\lxcccoms.exe |
"{30CCEB6C-1616-4197-95C5-05F29EC1CC1A}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
"{314BF2A4-14BB-4324-883E-FECA8AAFD268}" = protocol=6 | dir=out | app=c:\windows\system32\wudfhost.exe |
"{3425EDD3-53E1-4C5D-917C-6C0720F75454}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"{3720D060-3356-468D-B40D-88F4D026E438}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{380B116A-A266-41B2-9996-03DFF9BA569A}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{3985BCFD-0809-4BFA-82A7-0F1F570FFF2C}" = protocol=6 | dir=in | app=c:\program files\dell video chat\dellvideochat.exe |
"{3B1548CB-6DD3-4350-BEA1-FBAB24313292}" = protocol=6 | dir=in | app=c:\program files\lexmark 2600 series\lxdnamon.exe |
"{3DBACB6D-5B11-4591-8918-51FA93269A89}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{4196D468-F891-4F08-885A-965F33BEDCEF}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdntime.exe |
"{4B05C0A8-8EA4-46CF-86F8-70300911766A}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"{4C3F29E0-00A6-44F3-AD19-12AFB6DBAC07}" = protocol=17 | dir=in | app=c:\users\crystal\appdata\roaming\dropbox\bin\dropbox.exe |
"{4DDEFD5D-1886-4138-8397-F03E7BE2D7E3}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdnpswx.exe |
"{507DF374-C05B-40BA-9B1D-AC3F8A92C7AE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{55D963E6-2AAD-4E2E-9448-6D5E78120B8A}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdntime.exe |
"{572935D5-3CF3-4037-98D3-9A71525956B6}" = protocol=17 | dir=in | app=c:\program files\winmx music\winmx music.exe |
"{5D534FA5-3657-47B8-8721-16B4753C727A}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{6B95CDFF-5AA0-425E-994E-90CC1A75F952}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{76168E6D-13E6-4C3A-84D3-4773C143B657}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{771E1D55-A23F-4708-A5B1-B8EF028F9D62}" = protocol=6 | dir=in | app=c:\program files\winmx music\winmx music.exe |
"{7AB8A400-A62F-406D-B3DF-DBED5814BDE6}" = protocol=1 | dir=in | [email protected],-28543 |
"{7D2EFA35-48BC-4C6D-A9B9-D53B98199A39}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{829D3FA8-09F5-4780-A976-B8666F9DC84C}" = protocol=17 | dir=in | app=c:\program files\lexmark 2600 series\lxdnlscn.exe |
"{84D38F9F-161E-4571-A8C9-866383427D5B}" = dir=in | app=c:\program files\leapfrog\leapfrog connect\leapfrogconnect.exe |
"{864F7033-44C8-499A-8734-993778EE4A52}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe |
"{887531C3-F09B-4E9D-908E-2887042240DA}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
"{8ADACD09-7EDF-4D91-8EB2-379050BE7CF5}" = protocol=17 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{9222D66D-E7C2-48C5-AF68-E93823F34CEB}" = protocol=6 | dir=in | app=c:\windows\system32\lxcccoms.exe |
"{93108B57-798A-4C29-B7CA-994104865021}" = dir=in | app=c:\program files\belkin\router setup and monitor\belkinsetup.exe |
"{974E48FF-9947-4093-9C32-C4B2195BDD12}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
"{9A7E36CD-8BC1-465A-A61C-EF0E9AD1C042}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe |
"{9AA6A9E8-0794-40B1-BEEF-C0108988078B}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"{9AB0D766-58FC-4203-82E9-EB617F1EB964}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{9C555E5D-1C11-4F4D-884A-7117BFF7DF25}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdnjswx.exe |
"{9E12B560-98FE-40E4-BC22-6634D4BC3F2D}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{9FCB3E17-405D-4BA5-ACD2-D2387A8B2404}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{A4525036-9A3E-46A7-AA16-5DBE90494A70}" = protocol=1 | dir=out | [email protected],-28544 |
"{A5BB5546-9011-48DE-B5E4-C05DFD4EF957}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A6F70B7E-BE3D-4246-800E-EBBF2648A715}" = protocol=6 | dir=in | app=c:\program files\belkin\router setup and monitor\belkinsetup.exe |
"{A88408FE-48C9-4BB8-B1B1-8D5430FA2E6A}" = protocol=17 | dir=in | app=c:\users\crystal\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{A95BF990-E343-497F-8B50-A20812174B22}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{AF0D8A37-B18B-4E19-BD73-8FF60F5146F0}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{B6D54530-3F1B-4C02-86EF-67F9C36C3DC5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B76DA8FF-FE12-4763-92C9-41AFCF18944E}" = protocol=6 | dir=in | app=c:\program files\lexmark 2600 series\lxdnlscn.exe |
"{B99D4503-CBD9-477E-9307-ACB2B7CF8F67}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BC5E14E5-ACC1-4C07-ADCC-F63B3CA16EF3}" = protocol=17 | dir=in | app=c:\program files\belkin\router setup and monitor\belkinsetup.exe |
"{BDD1E5A1-2E10-44C7-B9D8-AAE0036F610C}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
"{BE996CD0-D4AC-4D46-B423-E9DFCE328AF6}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe |
"{C17DC477-6A66-4F73-A975-EBE734D7633F}" = protocol=6 | dir=in | app=c:\program files\lexmark 2600 series\frun.exe |
"{C3282D97-DA12-43B0-B83D-A2AA2CEA41BE}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{CCEC2538-F544-4FE2-8AF7-D55715C508F4}" = protocol=6 | dir=in | app=c:\program files\belkin\router setup and monitor\belkinsetup.exe |
"{CDCDFAD2-F67F-4EBC-B16E-F19AF1CEFFA8}" = protocol=17 | dir=in | app=c:\windows\system32\lxdncoms.exe |
"{D23F8591-B11F-4966-8EE2-0357D7011D7C}" = protocol=6 | dir=in | app=c:\program files\lexmark 2600 series\lxdnmon.exe |
"{D3B1189B-A511-4F44-96B0-4EED4FE04075}" = protocol=17 | dir=in | app=c:\program files\lexmark 2600 series\lxdnamon.exe |
"{D8BDCCC4-3DA8-4815-8FAA-43215E5FE2AA}" = protocol=17 | dir=in | app=c:\program files\lexmark fax solutions\faxctr.exe |
"{DC8BE1C6-6E36-457A-920A-44C6C9F33A9E}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{E0280BE0-6180-440A-90CF-5575B028A2D3}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{E16DCDC8-61BE-4CE8-A2D5-3C9ED3CC3143}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{E583C1DF-1EB3-4C5A-84DE-A4469EDD203A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E6FA7EF8-2449-4C93-A502-0E4F5423E986}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdnpswx.exe |
"{EA6861BA-169E-4CA4-B3BD-6A573B798064}" = protocol=17 | dir=in | app=c:\program files\dell video chat\dellvideochat.exe |
"{EAF1F601-FD26-4F4A-9E2C-41800264B23A}" = dir=in | app=c:\users\crystal\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{EC5860FA-EC09-44A1-88F9-32A2FDD1DE3E}" = protocol=58 | dir=out | [email protected],-28546 |
"{ED385091-A42E-4C80-9D01-F66CC928DC4F}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{EFDE3EAC-CE2B-4C73-A3D1-5ADEEBDD3B24}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"{F477AF34-2785-4CF9-9B2C-D1EACB7B1633}" = protocol=6 | dir=in | app=c:\users\crystal\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{FBFF1D08-8020-47BC-9548-B9426E3532A4}" = protocol=58 | dir=in | [email protected],-28545 |
"{FD03379B-76AD-4276-8DF6-5F90960D5BFF}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"TCP Query User{05A475F8-000F-4617-A620-9A251372BFC5}C:\program files\zultrax p2p\zultrax.exe" = protocol=6 | dir=in | app=c:\program files\zultrax p2p\zultrax.exe |
"TCP Query User{05E6C5AD-4E15-4F07-97DB-E049148E9216}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{0A9E759E-101C-40D3-8C1A-FE5FDBB33A6B}C:\program files\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files\oovoo\oovoo.exe |
"TCP Query User{2A1B9663-EA97-4A98-B810-46EAB9592F2D}C:\program files\logitech\vid hd\vid.exe" = protocol=6 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |
"TCP Query User{2A8E3413-2143-4460-9CA0-99B2C9BADFB9}C:\program files\gametap\bin\release\gametap.exe" = protocol=6 | dir=in | app=c:\program files\gametap\bin\release\gametap.exe |
"TCP Query User{37CA3E74-3302-4FDE-AAB3-AF1FECED4324}C:\windows\system32\spool\drivers\w32x86\3\lxdnpswx.exe" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdnpswx.exe |
"TCP Query User{86E5F8D0-D96E-4E29-8DF5-5735DAA7AF5C}C:\program files\logitech\vid hd\vid.exe" = protocol=6 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |
"TCP Query User{8B1A5D0C-BB4C-4C5A-8CC3-6BEEECC644FE}C:\users\crystal\documents\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\users\crystal\documents\limewire\limewire.exe |
"TCP Query User{919FC9D9-C6B4-4C32-850D-5AC4DA1D9B31}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{AEE5BA01-3239-4B31-91AC-2F9ECE472E63}C:\program files\aim\aim.exe" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"TCP Query User{B766B820-E161-4FB2-9B9D-DECFC75A1ED6}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{BCBC74E3-A18D-4FDB-8A05-CAC81F764D1A}C:\program files\aim6\aim6.exe" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"TCP Query User{BF2257FB-7B34-400C-A250-E759CC0945E7}C:\program files\infogrames interactive\scrabble complete\scrabblecomplete.exe" = protocol=6 | dir=in | app=c:\program files\infogrames interactive\scrabble complete\scrabblecomplete.exe |
"TCP Query User{C96D886B-3B89-4A6A-8AE6-F07406E4BD14}C:\program files\bitlord\bitlord.exe" = protocol=6 | dir=in | app=c:\program files\bitlord\bitlord.exe |
"TCP Query User{D0FE7B40-9E23-4DF5-9237-3DFF36D7ECA2}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{EE12FF53-1316-46E7-8B21-2A47D79434F3}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{F7B9C6D2-5782-4F08-8BBB-97E672490E4A}C:\users\crystal\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\crystal\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{FB34EEF2-B70C-4831-8966-B0ED8C070DE2}C:\program files\lexmark 2600 series\lxdnmon.exe" = protocol=6 | dir=in | app=c:\program files\lexmark 2600 series\lxdnmon.exe |
"UDP Query User{06A79E31-8FDE-44BA-9542-EDAE58EF400A}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{0A4D3CA1-EEF5-464B-9AB1-AAAFDF3BEEC9}C:\program files\logitech\vid hd\vid.exe" = protocol=17 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |
"UDP Query User{0C84E3F0-0968-4DDE-97B7-4FAC9D115EFE}C:\users\crystal\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\crystal\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{10585620-8D76-4998-8806-D707591A531C}C:\program files\infogrames interactive\scrabble complete\scrabblecomplete.exe" = protocol=17 | dir=in | app=c:\program files\infogrames interactive\scrabble complete\scrabblecomplete.exe |
"UDP Query User{123AF5FE-A5AF-434C-810E-A68D60328A9B}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{4EB341A1-6C6B-4461-ACFD-F55431747A88}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{6002F2FC-38BD-4176-8DA0-D5BE71C36C4D}C:\program files\lexmark 2600 series\lxdnmon.exe" = protocol=17 | dir=in | app=c:\program files\lexmark 2600 series\lxdnmon.exe |
"UDP Query User{64BA689E-1ED2-4766-930E-54BDA9EC62DE}C:\program files\bitlord\bitlord.exe" = protocol=17 | dir=in | app=c:\program files\bitlord\bitlord.exe |
"UDP Query User{67EAC8DE-ABEE-45CD-A851-1BCC83BC12EC}C:\program files\aim\aim.exe" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"UDP Query User{793FB0ED-BE0D-4EFF-B6E8-1D4B8878C1D5}C:\program files\logitech\vid hd\vid.exe" = protocol=17 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |
"UDP Query User{8BBA86C5-E97D-473A-B4EF-0E164FE97021}C:\program files\aim6\aim6.exe" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"UDP Query User{9D21440D-BB4B-4976-8212-5D687B76CF33}C:\program files\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files\oovoo\oovoo.exe |
"UDP Query User{AEE773DF-1ABF-418F-8F27-C6D890E520C0}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{C4558005-F131-475F-B544-8F1F210E7D50}C:\users\crystal\documents\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\users\crystal\documents\limewire\limewire.exe |
"UDP Query User{D6143315-575B-454E-B696-65ED13F435D6}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{DD7824BE-1799-4FF2-B308-BAE735FCDD29}C:\program files\zultrax p2p\zultrax.exe" = protocol=17 | dir=in | app=c:\program files\zultrax p2p\zultrax.exe |
"UDP Query User{DF255243-1FFB-426B-AE48-EAB841AF1EA9}C:\program files\gametap\bin\release\gametap.exe" = protocol=17 | dir=in | app=c:\program files\gametap\bin\release\gametap.exe |
"UDP Query User{EE94B61A-C698-4E47-9EBC-A6966E361C34}C:\windows\system32\spool\drivers\w32x86\3\lxdnpswx.exe" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdnpswx.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{08C1D270-DD63-4E4A-875B-1347C5998E08}" = Rugrats™ All Growed Up
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{09B50A0B-F3E8-469C-B2D1-EB2D370BB92A}" = LeapFrog Tag Plugin
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{136FD2EA-C01B-4351-90CA-1C7E49291CF0}" = Rugrats in Paris
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{1FECF5F8-8E75-432C-9FF7-1C04F1956B54}" = Realtek Ethernet Network Card Diagnostic tool for Windows Vista
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{268278CF-FB69-4D98-B70E-BFEC1CDCA225}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D8F9830-D6A3-413A-9A54-993827A73E47}" = DELL0604
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{48A5AB54-6327-43DC-A376-4AC74C5D40B0}" = AVG 2013
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{55718B4B90B54F7EADC5621C750A14E6}" = DivX Author 1.5
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6E4CF694-BD0C-45EB-9602-9D6D46941250}" = LeapFrog Connect
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7735BD50-87C5-4838-A276-4A3621BBD306}" = AVG 2013
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{901B0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word 2003
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9CE0266-6801-3B33-94AD-00520085CF4B}" = Google Talk Plugin
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.6)
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{B935C985-A17F-484B-8470-09E4FC27DC26}" = Dell-eBay
"{B9BD9BF5-F1D1-4904-B348-40D0E9FF0023}" = Scooby-Doo 2 - Monsters Unleashed
"{C0EAE1CA-EBF0-4A55-BEA9-EA79FAF40889}" = MAGIX Video easy SE
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C7888C3F-0506-555F-7907-CDD3F81719A5}" = Adobe Media Player
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D859D35F-E947-4F2A-8591-C76A4D116178}" = Dora Backpack
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"781745E87AFF80C0C1388CFF79D19ECAB2E9BB47" = Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0)
"8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AVG" = AVG 2013
"Belkin Setup and Router Monitor_is1" = Belkin Setup and Router Monitor
"CGlpV10" = Curious George Learns Phonics
"CleanUp!" = CleanUp!
"Clifford Adventure" = Clifford Thinking Adventures
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DivX Setup" = DivX Setup
"File Shredder_is1" = File Shredder 2.5
"FileASSASSIN" = FileASSASSIN
"GoToAssist" = GoToAssist 8.0.0.514
"HDMI" = Intel® Graphics Media Accelerator Driver
"InterActual Player" = InterActual Player
"Jimmy Neutron vs. Jimmy Negatron" = Jimmy Neutron vs. Jimmy Negatron
"JSSPAN" = JumpStart Spanish
"Kelly Club™ Pet Parade™ CD-ROM" = Kelly Club™ Pet Parade™ CD-ROM
"KLiteCodecPack_is1" = K-Lite Codec Pack 9.7.0 (Full)
"Lexmark 2600 Series" = Lexmark 2600 Series
"Lexmark Fax Solutions" = Lexmark Fax Solutions
"Logitech Vid" = Logitech Vid HD
"MAGIX Photo Manager 9 US" = MAGIX Photo Manager 9
"MAGIX Screenshare US" = MAGIX Screenshare
"MAGIX_MSI_Video_easy_SE" = MAGIX Video easy SE
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Miss Spider" = Miss Spider
"Pet Luv Spa and Resort Tycoon" = Pet Luv Spa and Resort Tycoon (remove only)
"Rainbow Fish and the Amazing Lagoon" = Rainbow Fish and the Amazing Lagoon
"Rainbow fish and the Whale-U.S. English" = Rainbow fish and the Whale
"Rainbow Fish-U.S. English" = Rainbow Fish
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"spirit-9.06" = Spirit (remove only)
"TagPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin)
"UltraDefrag" = Ultra Defragmenter
"UPCShell" = LeapFrog Connect
"ViewpointMediaPlayer" = Viewpoint Media Player
"WildTangent dell Master Uninstall" = WildTangent Games
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WT081841" = Mystery P.I. - The Lottery Ticket
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 9/20/2011 3:02:13 AM | Computer Name = McMurder | Source = MsiInstaller | ID = 11606
Description =

Error - 9/20/2011 3:02:13 AM | Computer Name = McMurder | Source = MsiInstaller | ID = 11606
Description =

Error - 9/20/2011 3:02:51 AM | Computer Name = McMurder | Source = MsiInstaller | ID = 11606
Description =

Error - 9/20/2011 3:02:51 AM | Computer Name = McMurder | Source = MsiInstaller | ID = 11606
Description =

Error - 9/20/2011 3:02:51 AM | Computer Name = McMurder | Source = Microsoft Security Client Setup | ID = 100
Description = HRESULT:0x80070643 Description:Cannot complete the Security Essentials
Upgrade. Security Essentials is not currently monitoring and helping to protect
your computer. Please restart your computer and try again. Error code:0x80070643.
Fatal error during installation.

Error - 9/21/2011 3:02:11 AM | Computer Name = McMurder | Source = MsiInstaller | ID = 11606
Description =

Error - 9/21/2011 3:02:11 AM | Computer Name = McMurder | Source = MsiInstaller | ID = 11606
Description =

Error - 9/21/2011 3:02:57 AM | Computer Name = McMurder | Source = MsiInstaller | ID = 11606
Description =

Error - 9/21/2011 3:02:57 AM | Computer Name = McMurder | Source = MsiInstaller | ID = 11606
Description =

Error - 9/21/2011 3:02:58 AM | Computer Name = McMurder | Source = Microsoft Security Client Setup | ID = 100
Description = HRESULT:0x80070643 Description:Cannot complete the Security Essentials
Upgrade. Security Essentials is not currently monitoring and helping to protect
your computer. Please restart your computer and try again. Error code:0x80070643.
Fatal error during installation.

[ Media Center Events ]
Error - 3/11/2009 5:46:21 AM | Computer Name = McMurder | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 7/7/2009 5:27:41 PM | Computer Name = McMurder | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 4/9/2013 11:28:48 AM | Computer Name = McMurder | Source = Service Control Manager | ID = 7006
Description =

Error - 4/9/2013 11:45:33 AM | Computer Name = McMurder | Source = Service Control Manager | ID = 7031
Description =

Error - 4/9/2013 1:04:14 PM | Computer Name = McMurder | Source = Service Control Manager | ID = 7031
Description =

Error - 4/10/2013 4:47:47 AM | Computer Name = McMurder | Source = Service Control Manager | ID = 7034
Description =

Error - 4/10/2013 4:52:32 AM | Computer Name = McMurder | Source = Service Control Manager | ID = 7030
Description =

Error - 4/10/2013 4:56:34 AM | Computer Name = McMurder | Source = Service Control Manager | ID = 7030
Description =

Error - 4/10/2013 5:02:07 AM | Computer Name = McMurder | Source = Service Control Manager | ID = 7030
Description =

Error - 4/10/2013 5:06:12 AM | Computer Name = McMurder | Source = Service Control Manager | ID = 7006
Description =

Error - 4/10/2013 5:32:29 AM | Computer Name = McMurder | Source = Service Control Manager | ID = 7006
Description =

Error - 4/10/2013 12:26:08 PM | Computer Name = McMurder | Source = Service Control Manager | ID = 7006
Description =


< End of report >

Attached Thumbnails

  • Untitled.jpg

Edited by StonyOTK, 10 April 2013 - 03:14 PM.

  • 0

Advertisements


#2
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hello Crystal, :wave: Welcome to the forums!
:welcome:. My name is godawgs and I will be assisting you with your Virus / Malware issues.
I will start working on your Malware issues. This may, or may not, solve other issues you have with your machine. The fixes are specific to your problem and should only be used for this issue on this machine!

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.
If you have not, please adhere to the guidelines below and then carefully follow all future instructions:

You must reply to posts within four days. If you haven't replied within that time, the topic will be closed! If you need additional time to complete things, just let me know.
If you're not sure, or if something unexpected happens, Do NOT continue! Stop and ask!

This board can notify you when a new reply is added to a topic. Please read this topic to find out how to do that.

Please do not run any tools unless instructed to do so.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability. Do as the instructions ask, nothing extra. Do Not run things twice unless instructed.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • If I ask a Question just answer it, don't run anything unless directed to.
Please read every post completely before doing anything.
  • Pay special attention to the NOTE: lines, or anything in red. These entries identify an individual issue or important step in the cleanup process.
  • Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. Some of the steps I will be asking you to do may require you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
Logs from malware diagnostic or removal programs (OTL is one of them) can take some time to analyze.
  • I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forum, (sometimes :lol: )
  • Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
Lastly, Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. Some infections are so severe that we might encounter situations where the only recourse is to re-format and re-install your operating system. Don't worry, this only happens in severe cases, but, sadly, it does happen.
In light of this be prepared to back up your data. Have means of backing up your data available.

IMPORTANT:Change your browser(s) to download any tools to the desktop.
Follow the directions here
For FireFox check the dot beside "Always ask me where to save files."
For Chrome, check the box beside "Ask where to save each file before downloading"
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

I am analyzing your logs. I see the remants of the Avast antivirus program and also the Microsoft Security Essentials antivirus program so we deal with those. I also see some nasty toolbars and BHO's and browser hijackers.
I will post back with further instructions. But before I do, I see that you have run ComboFix. I would like to see the log it produced. You can find the log at C:\ComboFix.txt

I also want you to run a couple more scans.


Step-1.

Run aswMBR
  • Download aswMBR.exe to your desktop.
  • (Windows /7 users: Right click the file and click Run as Administrator. If you get a UAC window, allow the file to run.
  • If it asks you if you want to download the latest virus definitions, click "No"
    Posted Image
  • Click the "Scan" button to start the scan
    Posted Image
  • On completion of the scan click save log. Save it to your desktop and post in your next reply.
    Posted Image
NOTE: When you run aswMBR, if it is shutdown automatically, then it is most likely the infection detecting that aswMBR is running and terminating it. In this situation you should rename the executable (aswMBR.exe) to iexplore.exe and try it again.


Step-2.

AdwCleaner by Xplode

Download AdwCleaner from here to your desktop.
Close all open windows and browsers.

  • (Vista and 7 users)right click The adwcleaner.exe, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    Posted Image
  • Click the Search button and wait for the scan to finish.
  • Once done it may ask to reboot, allow this.
  • On reboot a log will be produced please copy/paste that in your next reply. This report is also saved to C:\AdwCleaner[R1].txt


Step-3.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. The ComboFix.txt log
2. The aswMBR log
3. The AdwCleaner[R1].txt log
  • 0

#3
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP