Hi,
I noticed some odd browser activity - some web pages only loading to a blank page and now I am being redirected to random sites when I do a google search and click on a requested link. Yesterday Malwarebytes picked up and quarantined backdoor.bot but I am still having problems even though the scan is coming up clean. Also when I try to make sure malwarebytes is updated - the program will crash.
I have done a hijack this log....
Any help would be brilliant...
ogfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:25:32 AM, on 4/13/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Opdicom\OpdiTracker\OptT3STA.exe
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigpond.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Start OpdiTracker.lnk = C:\Program Files\Opdicom\OpdiTracker\OptT3STA.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://edownload.grisoft.cz/ewidoOnlineScan.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
--
End of file - 6468 bytes
Full Version: Browser redirecting to random sites
I also have the following logs which I hope help.....
OTListIt logfile created on: 4/13/2009 8:56:02 AM - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.30 Gb Available Physical Memory | 65.20% Memory free
3.85 Gb Paging File | 3.46 Gb Available in Paging File | 89.90% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 69.65 Gb Free Space | 23.37% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 3.73 Gb Total Space | 3.60 Gb Free Space | 96.56% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: COMPUTER1
Current User Name: Administrator
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On
========== Processes (SafeList) ==========
PRC - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe (iS3, Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\WINDOWS\system32\IoctlSvc.exe (Prolific Technology Inc.)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
PRC - C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
PRC - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\Opdicom\OpdiTracker\OptT3STA.exe (Opdicom Pty. Ltd.)
PRC - C:\Program Files\Brother\Brmfcmon\BrMfimon.exe (Brother Industries, Ltd.)
PRC - C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\Administrator\Desktop\OTListIt2.exe (OldTimer Tools)
========== Win32 Services (SafeList) ==========
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (HOAHC [Disabled | Stopped]) -- File not found
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (Lavasoft Ad-Aware Service [Auto | Stopped]) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (LTMFHDZGS [Disabled | Stopped]) -- File not found
SRV - (MBAMService [Auto | Running]) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (Nero BackItUp Scheduler 3 [Disabled | Stopped]) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe (Nero AG)
SRV - (NMIndexingService [Disabled | Stopped]) -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe (Nero AG)
SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (PLFlash DeviceIoControl Service [Auto | Running]) -- C:\WINDOWS\system32\IoctlSvc.exe (Prolific Technology Inc.)
SRV - (RHPSTWWURJS [Disabled | Stopped]) -- File not found
SRV - (ServiceLayer [On_Demand | Stopped]) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (szserver [Auto | Running]) -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe (iS3, Inc.)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (61883 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\61883.sys (Microsoft Corporation)
DRV - (Avc [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\avc.sys (Microsoft Corporation)
DRV - (gdrv [On_Demand | Stopped]) -- C:\WINDOWS\gdrv.sys (Windows ® 2000 DDK provider)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (JGOGO [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\JGOGO.sys (JMicron )
DRV - (JRAID [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\jraid.sys (JMicron Technology Corp.)
DRV - (Lbd [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (MBAMProtector [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (MSDV [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\msdv.sys (Microsoft Corporation)
DRV - (MTDVC2 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\mtdv2ku2.sys (Matsushita Electric Industrial Co., Ltd.)
DRV - (MTDVC2_ENUM [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\mtdv2ks2.sys (Matsushita Electric Industrial Co., Ltd.)
DRV - (nm [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\NMnt.sys (Microsoft Corporation)
DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (pavboot [Boot | Running]) -- C:\WINDOWS\system32\drivers\pavboot.sys (Panda Security, S.L.)
DRV - (pcouffin [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\pcouffin.sys (VSO Software)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (RTLE8023xp [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SQTECH913D [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\Capt913D.sys (Service & Quality Technology.)
DRV - (StillCam [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\serscan.sys (Microsoft Corporation)
DRV - (szkg5 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\szkg.sys (iS3 Inc.)
DRV - (tmcomm [Auto | Running]) -- C:\WINDOWS\system32\drivers\tmcomm.sys (Trend Micro Inc.)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.)
========== Standard Registry (All) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bigpond.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
O1 HOSTS File: (287875 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.123haustiereundmehr.com
O1 - Hosts: 127.0.0.1 123haustiereundmehr.com
O1 - Hosts: 9921 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (STOPzilla Browser Helper Object) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll (iS3, Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
O4 - HKLM..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot (Gigabyte Technology Corp.)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [Alcmtr] ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun (Brother Industries, Ltd.)
O4 - HKLM..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" (Nuance Communications, Inc.)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /install ()
O4 - HKLM..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini (Nuance Communications, Inc.)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [PowerBar] File not found
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Start OpdiTracker.lnk = C:\Program Files\Opdicom\OpdiTracker\OptT3STA.exe (Opdicom Pty. Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [Tcpip] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [NTDS] - C:\WINDOWS\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [Network Location Awareness (NLA) Namespace] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O15 - HKLM\..Trusted Domains: 50 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} http://edownload.grisoft.cz/ewidoOnlineScan.cab (ewidoOnlineScan Control)
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/buxus/docs/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Filter: - application/octet-stream - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-complus - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-msdownload - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - Class Install Handler - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - lzdhtml - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/webviewhtml - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\system32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\system32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\system32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\system32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\system32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\system32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\system32\WlNotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\system32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O27 - HKLM IFEO\Your Image File Name Here without a path: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\system32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\system32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\system32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\system32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O33 - MountPoints2\{a4300532-9968-11dc-9169-001a4d4e13bf}\Shell - "" = Autorun
O33 - MountPoints2\{a4300532-9968-11dc-9169-001a4d4e13bf}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a4300532-9968-11dc-9169-001a4d4e13bf}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\Shell32.DLL -- [2008/07/03 23:16:57 | 08,454,656 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{a4300532-9968-11dc-9169-001a4d4e13bf}\Shell\Open\command - "" = E:\regsvr.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
========== Files/Folders - Created Within 30 Days ==========
[2009/04/13 08:53:41 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTListIt2.exe
[2009/04/13 08:52:12 | 00,360,002 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\dds.scr
[2009/04/13 07:35:12 | 00,000,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2009/04/12 10:04:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\My Received Files
[2009/04/02 08:00:34 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Administrator\Desktop\setup-spybotsd162.exe
[2009/03/31 06:50:54 | 00,000,000 | ---D | C] -- C:\fsaua.data
[2009/03/30 18:25:22 | 00,007,668 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\drivers\RKREVEAL150.SYS
[2009/03/30 15:56:54 | 00,000,000 | ---D | C] -- C:\Program Files\EsetOnlineScanner
[2009/03/30 13:18:52 | 00,015,688 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/03/30 13:12:45 | 00,064,160 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/03/30 13:12:36 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/03/30 13:09:41 | 00,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/03/30 13:09:37 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2009/03/30 12:49:54 | 05,455,872 | ---- | C] () -- C:\WINDOWS\System32\YLVGZEECR
[2009/03/30 12:32:44 | 00,000,000 | ---- | C] () -- C:\Documents
[2009/03/30 11:40:35 | 05,455,872 | ---- | C] () -- C:\WINDOWS\System32\HJGNTUGOS
[2009/03/29 22:44:25 | 00,208,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\muweb.dll
[2009/03/29 21:10:30 | 00,632,514 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\iS3_rebate.pdf
[2009/03/29 19:56:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2009/03/29 19:55:09 | 00,000,000 | ---D | C] -- C:\Program Files\STOPzilla!
[2009/03/29 19:55:09 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2009/03/29 19:55:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2009/03/29 18:54:37 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk
[2009/03/29 18:54:37 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/03/29 17:46:27 | 00,138,384 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2009/03/29 17:45:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\HouseCall 6.6
[2009/03/29 17:33:23 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[2009/03/19 09:40:14 | 00,017,408 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\SZIO5.dll
[2009/03/19 09:39:14 | 00,294,912 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\SZBase5.dll
[2009/03/19 09:38:48 | 00,540,672 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\SZComp5.dll
[2008/11/07 11:02:15 | 00,000,003 | ---- | C] () -- C:\WINDOWS\System32\msrctp.ini
[2008/10/23 16:34:57 | 00,000,413 | ---- | C] () -- C:\WINDOWS\ViewNX.INI
[2008/09/20 07:57:34 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/09/20 07:55:10 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/09/20 07:55:10 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/09/20 07:54:18 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/09/14 15:31:40 | 00,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2008/09/14 15:31:40 | 00,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2008/09/14 15:31:22 | 00,000,094 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2008/09/14 15:31:21 | 00,000,226 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2008/09/14 15:30:30 | 00,000,086 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini
[2008/09/14 15:30:28 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2008/09/14 15:29:11 | 00,032,041 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2008/05/05 18:32:22 | 00,000,044 | ---- | C] () -- C:\WINDOWS\liveup.ini
[2008/02/11 08:39:26 | 00,253,952 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLA.dll
[2008/02/11 08:39:18 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLW.dll
[2008/02/08 12:53:46 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerLang.dll
[2008/01/14 14:29:20 | 00,000,066 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/01/09 14:01:48 | 00,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2007/12/22 16:23:02 | 00,000,000 | ---- | C] () -- C:\WINDOWS\ka.ini
[2007/11/19 12:58:31 | 00,000,047 | ---- | C] () -- C:\WINDOWS\Userinfo.ini
[2007/11/19 12:53:43 | 00,000,029 | ---- | C] () -- C:\WINDOWS\fcx001.ini
[2007/11/15 07:31:50 | 00,000,000 | ---- | C] () -- C:\WINDOWS\WATCH.INI
[2007/10/21 20:54:59 | 00,000,329 | ---- | C] () -- C:\WINDOWS\ULEAD32.INI
[2007/10/08 14:24:00 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/10/08 09:33:06 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/10/07 12:00:20 | 00,372,736 | R--- | C] () -- C:\WINDOWS\System32\hpzidi01.dll
[2007/10/07 12:00:20 | 00,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2007/07/27 13:49:02 | 00,225,355 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiW.dll
[2007/07/27 13:49:02 | 00,196,683 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiA.dll
[2007/05/11 08:03:00 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/05/11 08:03:00 | 01,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/05/11 08:03:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/05/11 08:03:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/05/11 08:03:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/02/28 22:00:00 | 00,000,686 | ---- | C] () -- C:\WINDOWS\win.ini
[2006/02/28 22:00:00 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[2005/12/05 18:25:22 | 00,139,264 | ---- | C] () -- C:\WINDOWS\System32\lnod32umc.dll
[2005/12/05 11:37:10 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\lnod32upd.dll
========== Files - Modified Within 30 Days ==========
[3 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2009/04/13 08:55:05 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTListIt2.exe
[2009/04/13 08:42:00 | 00,360,002 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\dds.scr
[2009/04/13 07:39:25 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/13 07:35:12 | 00,000,240 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2009/04/13 07:35:10 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/13 07:35:07 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/12 09:26:09 | 16,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Administrator\Desktop\setup-spybotsd162.exe
[2009/04/12 09:00:26 | 00,000,510 | ---- | M] () -- C:\WINDOWS\tasks\Malwarebytes' Scheduled Update for Administrator.job
[2009/04/11 10:37:03 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/04/11 08:10:57 | 00,000,413 | ---- | M] () -- C:\WINDOWS\ViewNX.INI
[2009/04/11 08:07:18 | 00,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdw.DAT
[2009/04/08 20:30:00 | 00,059,392 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/06 14:12:00 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/04/06 08:31:50 | 00,477,846 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/06 08:31:50 | 00,406,328 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/06 08:31:50 | 00,063,528 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/04 08:53:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/04/03 05:12:22 | 00,002,497 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Microsoft Office Word 2003.lnk
[2009/04/01 09:32:49 | 00,287,875 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/03/30 18:25:22 | 00,007,668 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\drivers\RKREVEAL150.SYS
[2009/03/30 13:09:41 | 00,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/03/30 13:03:47 | 00,000,686 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/03/30 12:49:56 | 05,455,872 | ---- | M] () -- C:\WINDOWS\System32\YLVGZEECR
[2009/03/30 12:34:10 | 00,000,000 | ---- | M] () -- C:\Documents
[2009/03/30 11:40:36 | 05,455,872 | ---- | M] () -- C:\WINDOWS\System32\HJGNTUGOS
[2009/03/29 21:10:38 | 00,632,514 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\iS3_rebate.pdf
[2009/03/29 18:54:37 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk
[2009/03/25 16:55:54 | 00,001,520 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\UseNeXT.lnk
[2009/03/25 10:24:34 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/03/19 09:40:14 | 00,017,408 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\SZIO5.dll
[2009/03/19 09:39:14 | 00,294,912 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\SZBase5.dll
[2009/03/19 09:38:48 | 00,540,672 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\SZComp5.dll
========== LOP Check ==========
[2009/03/29 17:45:06 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Administrator\Application Data
[2009/03/03 10:26:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2007/10/09 16:38:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\AdobeUM
[2007/10/09 09:09:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Ahead
[2009/02/16 11:51:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Apple Computer
[2009/02/22 11:25:33 | 00,000,000 | R--D | M] -- C:\Documents and Settings\Administrator\Application Data\Brother
[2007/10/08 09:34:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\CyberLink
[2008/05/05 13:49:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DivX
[2008/04/07 11:52:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\EBookSys
[2008/11/07 11:02:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Fronoh
[2009/03/30 18:21:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\HouseCall 6.6
[2007/10/06 12:10:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Identities
[2007/10/06 12:38:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InstallShield
[2007/11/06 11:42:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2008/11/24 11:49:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2008/11/24 08:47:49 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2008/06/02 15:25:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Nero
[2008/09/07 17:21:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\NeroDigital™
[2007/12/05 09:21:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\NewzToolz
[2008/12/13 13:22:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Nikon
[2008/06/21 10:18:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Nokia
[2007/10/07 16:26:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Ovusoft
[2008/06/21 10:17:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PC Suite
[2008/02/25 11:24:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Real
[2008/10/08 14:14:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Snapfish
[2007/12/13 12:10:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SpinTop
[2007/10/08 13:55:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Sun
[2008/03/29 19:43:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Uniblue
[2009/04/13 06:31:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\UseNeXT
[2008/06/07 08:39:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\vlc
[2009/04/10 19:01:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Vso
[2009/03/29 19:56:02 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2008/12/27 11:53:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2008/07/25 18:58:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{53608B89-D534-4FA6-B348-02EF7D3C693C}
[2009/03/30 13:09:42 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[2007/10/07 19:33:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2007/10/06 13:08:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ahead
[2008/12/27 11:51:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2008/12/27 11:52:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2008/11/24 08:47:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg8
[2008/09/14 15:26:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Brother
[2007/10/08 09:34:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2008/06/06 13:04:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DVD Shrink
[2008/10/23 13:16:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2008/09/14 15:29:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2007/12/22 16:22:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Knowledge Adventure
[2008/08/19 09:11:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2008/11/24 11:49:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/09/15 17:55:54 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2008/06/02 15:23:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nero
[2008/10/23 13:15:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
[2007/10/16 14:06:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\nView_Profiles
[2009/02/24 09:54:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Opdicom
[2008/11/03 09:31:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2008/06/21 10:24:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2008/09/14 15:51:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Playrix Entertainment
[2008/09/14 15:29:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2009/04/10 15:45:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2007/12/13 12:12:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpinTopV1004
[2009/04/12 10:00:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/04/13 08:53:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2008/10/23 13:15:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SystemConfiguration
[2009/03/21 09:57:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/10/23 13:16:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tuner
[2008/10/23 13:16:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2007/10/08 09:04:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2007/10/09 12:34:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2009/04/06 14:12:00 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2009/04/04 08:53:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2006/02/28 22:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/04/12 09:00:26 | 00,000,510 | ---- | M] () -- C:\WINDOWS\Tasks\Malwarebytes' Scheduled Update for Administrator.job
[2009/04/13 07:35:10 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D34167E3
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B6C77675
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:621BEE66
< End of report >
OTListIt Extras logfile created on: 4/13/2009 8:56:02 AM - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.30 Gb Available Physical Memory | 65.20% Memory free
3.85 Gb Paging File | 3.46 Gb Available in Paging File | 89.90% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 69.65 Gb Free Space | 23.37% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 3.73 Gb Total Space | 3.60 Gb Free Space | 96.56% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: COMPUTER1
Current User Name: Administrator
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"54925:UDP" = 54925:UDP:*:Enabled:Brother Network Scanner
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 (Microsoft Corporation)
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 (Microsoft Corporation)
C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer (LimeWire)
C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe File not found
C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe File not found
C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe File not found
C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire (Lime Wire, LLC)
C:\Program Files\Binary-House\MagicWhiteboard\MagicWhiteboard.exe:*:Disabled:Magic Whiteboard File not found
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test (Microsoft Corporation)
C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App (Microsoft Corporation)
C:\Program Files\Brother\Brmfl07a\FAXRX.exe:*:Enabled:FAXRX.EXE (Brother Industries Ltd.)
C:\WINDOWS\system32\drivers\svchost.exe:*:Disabled:svchost File not found
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware (Malwarebytes Corporation)
C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour (Apple Inc.)
C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes (Apple Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0609D0AF-1382-42BE-81DB-CF30F8B0F6E2}" = Serif PhotoPlus 6.0
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Multimedia Launcher
"{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{332CC6BF-E6C7-48EE-BA3D-435E576AD67F}" = PaperPort Image Printer
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3716C0FF-CB5C-4EF3-A944-11F02A7830F3}" = OpdiTracker
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{6094AB91-4CC8-498E-9DFF-134CC0B159DE}" = PC Connectivity Solution
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = MSIDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.2.1.55b
"{7A5E68D5-DEA7-4067-B191-B4AE756C057B}" = STOPzilla
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{91510409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{95120000-0052-0409-0000-0000000FF1CE}" = Microsoft Office Visio Viewer 2007
"{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}" = Brother MFL-Pro Suite
"{AC76BA86-7AD7-1033-7B44-A70800000002}" = Adobe Reader 7.0.8
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B6C89654-A6A2-477C-873B-724EC1C56407}" = ScanSoft PaperPort 11
"{B97CF5C3-0487-11D8-A36E-0050BAE317E1}" = DVD Solution
"{BB406CEB-6207-4512-9BB2-89950DC9D6B6}_is1" = ConvertXtoDVD 2.2.3.258
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D6D5CB84-0E6E-4E69-B300-C690B6911033}" = Nero 8
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{F007CBCE-D714-4C0B-8CE9-9B0D78116468}" = ViewNX
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime
"{FB3BE405-6BF0-490A-84B3-00611385EA0D}" = Common-Use Signing Interface
"4 Elements" = 4 Elements
"ABBYY FineReader 4.0 Sprint" = ABBYY FineReader 4.0 Sprint
"AC3Filter" = AC3Filter (remove only)
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Ad-Aware" = Ad-Aware
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player
"Amazing Adventures The Lost Tomb" = Amazing Adventures The Lost Tomb
"AVI Video Joiner_is1" = AVI Video Joiner 1.2
"Common-Use Signing Interface" = Common-Use Signing Interface
"Cool MP3 Splitter_is1" = Cool MP3 Splitter 2.0
"DV Capture_is1" = DV Capture 1.0
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"EsetOnlineScanner" = ESET Online Scanner
"e-tax 2008" = e-tax 2008
"F064B256B4A20996EA9E333B5E0F14B61AB3333D" = Windows Driver Package - Nokia (WUDFRd) WPD (03/19/2007 6.83.31.1)
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"LimeWire" = LimeWire 4.18.8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"RealPlayer 6.0" = RealPlayer
"RegistryBooster 2_is1" = Uniblue RegistryBooster 2
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Taking Charge of Your Fertility Software" = Taking Charge of Your Fertility Software
"Tax Withheld Calculator" = Tax Withheld Calculator
"Trend Micro HouseCall 6.6" = HouseCall 6.6
"UseNeXT_is1" = UseNeXT
"VLC media player" = VideoLAN VLC media player 0.8.1
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 4/16/2008 5:53:00 AM | Computer Name = USER-E7AD2CB662 | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module srsvc.dll, version 5.1.2600.2180, fault address 0x00019ffe.
Error - 4/21/2008 1:54:44 AM | Computer Name = USER-E7AD2CB662 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16640, faulting
module unknown, version 0.0.0.0, fault address 0x059500ff.
[ System Events ]
Error - 3/5/2009 4:56:47 PM | Computer Name = COMPUTER1 | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
USER-95A5E549B4 that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{474B161A-993. The master browser is stopping or an election is being
forced.
Error - 3/5/2009 5:05:33 PM | Computer Name = COMPUTER1 | Source = BROWSER | ID = 8032
Description = The browser service has failed to retrieve the backup list too many
times on transport \Device\NetBT_Tcpip_{474B161A-993C-4ED2-B445-CB49019E2918}. The
backup browser is stopping.
Error - 3/7/2009 11:11:21 PM | Computer Name = COMPUTER1 | Source = BROWSER | ID = 8032
Description = The browser service has failed to retrieve the backup list too many
times on transport \Device\NetBT_Tcpip_{474B161A-993C-4ED2-B445-CB49019E2918}. The
backup browser is stopping.
Error - 3/8/2009 7:42:30 AM | Computer Name = COMPUTER1 | Source = System Error | ID = 1003
Description = Error code 000000ca, parameter1 00000001, parameter2 88fd3788, parameter3
8905dc68, parameter4 00000000.
Error - 3/8/2009 4:15:44 PM | Computer Name = COMPUTER1 | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
USER-95A5E549B4 that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{474B161A-993. The master browser is stopping or an election is being
forced.
Error - 3/8/2009 4:19:08 PM | Computer Name = COMPUTER1 | Source = BROWSER | ID = 8032
Description = The browser service has failed to retrieve the backup list too many
times on transport \Device\NetBT_Tcpip_{474B161A-993C-4ED2-B445-CB49019E2918}. The
backup browser is stopping.
Error - 3/9/2009 5:10:44 AM | Computer Name = COMPUTER1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service NMIndexingService
with arguments "" in order to run the server: {E8933C4B-2C90-4A04-A677-E958D9509F1A}
Error - 3/9/2009 5:10:44 AM | Computer Name = COMPUTER1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service NMIndexingService
with arguments "" in order to run the server: {E8933C4B-2C90-4A04-A677-E958D9509F1A}
Error - 3/12/2009 3:44:44 PM | Computer Name = COMPUTER1 | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
USER-95A5E549B4 that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{474B161A-993. The master browser is stopping or an election is being
forced.
Error - 3/12/2009 3:49:51 PM | Computer Name = COMPUTER1 | Source = BROWSER | ID = 8032
Description = The browser service has failed to retrieve the backup list too many
times on transport \Device\NetBT_Tcpip_{474B161A-993C-4ED2-B445-CB49019E2918}. The
backup browser is stopping.
< End of report >
GMER 1.0.15.14966 - http://www.gmer.net
Rootkit scan 2009-04-13 09:41:25
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.15 ----
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xBA91887E]
SSDT \??\C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes' Anti-Malware/Malwarebytes Corporation) ZwCreateSection [0xB5B43FE0]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xBA918C10]
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\RUNDLL32.EXE[500] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10003658
.text C:\WINDOWS\system32\RUNDLL32.EXE[500] ws2_32.dll!connect 71AB406A 5 Bytes JMP 100035A0
.text C:\WINDOWS\system32\RUNDLL32.EXE[500] ws2_32.dll!send 71AB428A 5 Bytes JMP 10002E84
.text C:\WINDOWS\system32\RUNDLL32.EXE[500] ws2_32.dll!WSARecv 71AB4318 5 Bytes JMP 100026A0
.text C:\WINDOWS\system32\RUNDLL32.EXE[500] ws2_32.dll!recv 71AB615A 5 Bytes JMP 10002624
.text C:\WINDOWS\system32\RUNDLL32.EXE[500] ws2_32.dll!WSASend 71AB6233 5 Bytes JMP 10003554
.text C:\WINDOWS\system32\nvsvc32.exe[552] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10833658
.text C:\WINDOWS\system32\nvsvc32.exe[552] ws2_32.dll!connect 71AB406A 5 Bytes JMP 108335A0
.text C:\WINDOWS\system32\nvsvc32.exe[552] ws2_32.dll!send 71AB428A 5 Bytes JMP 10832E84
.text C:\WINDOWS\system32\nvsvc32.exe[552] ws2_32.dll!WSARecv 71AB4318 5 Bytes JMP 108326A0
.text C:\WINDOWS\system32\nvsvc32.exe[552] ws2_32.dll!recv 71AB615A 5 Bytes JMP 10832624
.text C:\WINDOWS\system32\nvsvc32.exe[552] ws2_32.dll!WSASend 71AB6233 5 Bytes JMP 10833554
.text C:\WINDOWS\system32\svchost.exe[608] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10003658
.text C:\WINDOWS\system32\svchost.exe[608] ws2_32.dll!connect 71AB406A 5 Bytes JMP 100035A0
.text C:\WINDOWS\system32\svchost.exe[608] ws2_32.dll!send 71AB428A 5 Bytes JMP 10002E84
.text C:\WINDOWS\system32\svchost.exe[608] ws2_32.dll!WSARecv 71AB4318 5 Bytes JMP 100026A0
.text C:\WINDOWS\system32\svchost.exe[608] ws2_32.dll!recv 71AB615A 5 Bytes JMP 10002624
.text C:\WINDOWS\system32\svchost.exe[608] ws2_32.dll!WSASend 71AB6233 5 Bytes JMP 10003554
.text C:\WINDOWS\system32\winlogon.exe[788] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10003658
.text C:\WINDOWS\system32\winlogon.exe[788] WS2_32.dll!connect 71AB406A 5 Bytes JMP 100035A0
.text C:\WINDOWS\system32\winlogon.exe[788] WS2_32.dll!send 71AB428A 5 Bytes JMP 10002E84
.text C:\WINDOWS\system32\winlogon.exe[788] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 100026A0
.text C:\WINDOWS\system32\winlogon.exe[788] WS2_32.dll!recv 71AB615A 5 Bytes JMP 10002624
.text C:\WINDOWS\system32\winlogon.exe[788] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 10003554
.text C:\WINDOWS\system32\lsass.exe[844] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10003658
.text C:\WINDOWS\system32\lsass.exe[844] WS2_32.dll!connect 71AB406A 5 Bytes JMP 100035A0
.text C:\WINDOWS\system32\lsass.exe[844] WS2_32.dll!send 71AB428A 5 Bytes JMP 10002E84
.text C:\WINDOWS\system32\lsass.exe[844] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 100026A0
.text C:\WINDOWS\system32\lsass.exe[844] WS2_32.dll!recv 71AB615A 5 Bytes JMP 10002624
.text C:\WINDOWS\system32\lsass.exe[844] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 10003554
.text C:\WINDOWS\RTHDCPL.EXE[908] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10003658
.text C:\WINDOWS\RTHDCPL.EXE[908] ws2_32.dll!connect 71AB406A 5 Bytes JMP 100035A0
.text C:\WINDOWS\RTHDCPL.EXE[908] ws2_32.dll!send 71AB428A 5 Bytes JMP 10002E84
.text C:\WINDOWS\RTHDCPL.EXE[908] ws2_32.dll!WSARecv 71AB4318 5 Bytes JMP 100026A0
.text C:\WINDOWS\RTHDCPL.EXE[908] ws2_32.dll!recv 71AB615A 5 Bytes JMP 10002624
.text C:\WINDOWS\RTHDCPL.EXE[908] ws2_32.dll!WSASend 71AB6233 5 Bytes JMP 10003554
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10003658
.text C:\WINDOWS\system32\svchost.exe[1012] ws2_32.dll!connect 71AB406A 5 Bytes JMP 100035A0
.text C:\WINDOWS\system32\svchost.exe[1012] ws2_32.dll!send 71AB428A 5 Bytes JMP 10002E84
.text C:\WINDOWS\system32\svchost.exe[1012] ws2_32.dll!WSARecv 71AB4318 5 Bytes JMP 100026A0
.text C:\WINDOWS\system32\svchost.exe[1012] ws2_32.dll!recv 71AB615A 5 Bytes JMP 10002624
.text C:\WINDOWS\system32\svchost.exe[1012] ws2_32.dll!WSASend 71AB6233 5 Bytes JMP 10003554
.text C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe[1076] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10023658
.text C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe[1076] WS2_32.dll!connect 71AB406A 5 Bytes JMP 100235A0
.text C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe[1076] WS2_32.dll!send 71AB428A 5 Bytes JMP 10022E84
.text C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe[1076] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 100226A0
.text C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe[1076] WS2_32.dll!recv 71AB615A 5 Bytes JMP 10022624
.text C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe[1076] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 10023554
.text C:\WINDOWS\System32\svchost.exe[1288] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10003658
.text C:\WINDOWS\System32\svchost.exe[1288] ws2_32.dll!connect 71AB406A 5 Bytes JMP 100035A0
.text C:\WINDOWS\System32\svchost.exe[1288] ws2_32.dll!send 71AB428A 5 Bytes JMP 10002E84
.text C:\WINDOWS\System32\svchost.exe[1288] ws2_32.dll!WSARecv 71AB4318 5 Bytes JMP 100026A0
.text C:\WINDOWS\System32\svchost.exe[1288] ws2_32.dll!recv 71AB615A 5 Bytes JMP 10002624
.text C:\WINDOWS\System32\svchost.exe[1288] ws2_32.dll!WSASend 71AB6233 5 Bytes JMP 10003554
.text C:\WINDOWS\system32\svchost.exe[1548] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 00BD55A0 C:\Program Files\Common Files\iS3\Anti-Spyware\SGPRXY.DLL (STOPzilla Support Library/iS3, Inc.)
.text C:\WINDOWS\system32\svchost.exe[1548] WS2_32.dll!gethostbyname 71AB4FD4 5 Bytes JMP 00BD52B0 C:\Program Files\Common Files\iS3\Anti-Spyware\SGPRXY.DLL (STOPzilla Support Library/iS3, Inc.)
.text C:\WINDOWS\system32\spoolsv.exe[1708] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10003658
.text C:\WINDOWS\system32\spoolsv.exe[1708] ws2_32.dll!connect 71AB406A 5 Bytes JMP 100035A0
.text C:\WINDOWS\system32\spoolsv.exe[1708] ws2_32.dll!send 71AB428A 5 Bytes JMP 10002E84
.text C:\WINDOWS\system32\spoolsv.exe[1708] ws2_32.dll!WSARecv 71AB4318 5 Bytes JMP 100026A0
.text C:\WINDOWS\system32\spoolsv.exe[1708] ws2_32.dll!recv 71AB615A 5 Bytes JMP 10002624
.text C:\WINDOWS\system32\spoolsv.exe[1708] ws2_32.dll!WSASend 71AB6233 5 Bytes JMP 10003554
.text C:\Program Files\Brother\Brmfcmon\BrMfimon.exe[2004] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10023658
.text C:\Program Files\Brother\Brmfcmon\BrMfimon.exe[2004] ws2_32.dll!connect 71AB406A 5 Bytes JMP 100235A0
.text C:\Program Files\Brother\Brmfcmon\BrMfimon.exe[2004] ws2_32.dll!send 71AB428A 5 Bytes JMP 10022E84
.text C:\Program Files\Brother\Brmfcmon\BrMfimon.exe[2004] ws2_32.dll!WSARecv 71AB4318 5 Bytes JMP 100226A0
.text C:\Program Files\Brother\Brmfcmon\BrMfimon.exe[2004] ws2_32.dll!recv 71AB615A 5 Bytes JMP 10022624
.text C:\Program Files\Brother\Brmfcmon\BrMfimon.exe[2004] ws2_32.dll!WSASend 71AB6233 5 Bytes JMP 10023554
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2176] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10003658
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2176] ws2_32.dll!connect 71AB406A 5 Bytes JMP 100035A0
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2176] ws2_32.dll!send 71AB428A 5 Bytes JMP 10002E84
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2176] ws2_32.dll!WSARecv 71AB4318 5 Bytes JMP 100026A0
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2176] ws2_32.dll!recv 71AB615A 5 Bytes JMP 10002624
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2176] ws2_32.dll!WSASend 71AB6233 5 Bytes JMP 10003554
.text C:\WINDOWS\System32\alg.exe[2220] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 009255A0 C:\Program Files\Common Files\iS3\Anti-Spyware\SGPRXY.DLL (STOPzilla Support Library/iS3, Inc.)
.text C:\WINDOWS\System32\alg.exe[2220] WS2_32.dll!gethostbyname 71AB4FD4 5 Bytes JMP 009252B0 C:\Program Files\Common Files\iS3\Anti-Spyware\SGPRXY.DLL (STOPzilla Support Library/iS3, Inc.)
.text C:\Program Files\iTunes\iTunesHelper.exe[2352] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10013658
.text C:\Program Files\iTunes\iTunesHelper.exe[2352] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 01DE55A0 C:\Program Files\Common Files\iS3\Anti-Spyware\SGPRXY.DLL (STOPzilla Support Library/iS3, Inc.)
.text C:\Program Files\iTunes\iTunesHelper.exe[2352] WS2_32.dll!connect 71AB406A 5 Bytes JMP 100135A0
.text C:\Program Files\iTunes\iTunesHelper.exe[2352] WS2_32.dll!send 71AB428A 5 Bytes JMP 10012E84
.text C:\Program Files\iTunes\iTunesHelper.exe[2352] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 100126A0
.text C:\Program Files\iTunes\iTunesHelper.exe[2352] WS2_32.dll!gethostbyname 71AB4FD4 5 Bytes JMP 01DE52B0 C:\Program Files\Common Files\iS3\Anti-Spyware\SGPRXY.DLL (STOPzilla Support Library/iS3, Inc.)
.text C:\Program Files\iTunes\iTunesHelper.exe[2352] WS2_32.dll!recv 71AB615A 5 Bytes JMP 10012624
.text C:\Program Files\iTunes\iTunesHelper.exe[2352] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 10013554
.text C:\WINDOWS\System32\svchost.exe[2360] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10003658
.text C:\WINDOWS\System32\svchost.exe[2360] ws2_32.dll!connect 71AB406A 5 Bytes JMP 100035A0
.text C:\WINDOWS\System32\svchost.exe[2360] ws2_32.dll!send 71AB428A 5 Bytes JMP 10002E84
.text C:\WINDOWS\System32\svchost.exe[2360] ws2_32.dll!WSARecv 71AB4318 5 Bytes JMP 100026A0
.text C:\WINDOWS\System32\svchost.exe[2360] ws2_32.dll!recv 71AB615A 5 Bytes JMP 10002624
.text C:\WINDOWS\System32\svchost.exe[2360] ws2_32.dll!WSASend 71AB6233 5 Bytes JMP 10003554
.text C:\WINDOWS\system32\ctfmon.exe[2432] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10003658
.text C:\WINDOWS\system32\ctfmon.exe[2432] ws2_32.dll!connect 71AB406A 5 Bytes JMP 100035A0
.text C:\WINDOWS\system32\ctfmon.exe[2432] ws2_32.dll!send 71AB428A 5 Bytes JMP 10002E84
.text C:\WINDOWS\system32\ctfmon.exe[2432] ws2_32.dll!WSARecv 71AB4318 5 Bytes JMP 100026A0
.text C:\WINDOWS\system32\ctfmon.exe[2432] ws2_32.dll!recv 71AB615A 5 Bytes JMP 10002624
.text C:\WINDOWS\system32\ctfmon.exe[2432] ws2_32.dll!WSASend 71AB6233 5 Bytes JMP 10003554
.text C:\WINDOWS\Explorer.EXE[3392] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10003658
.text C:\WINDOWS\Explorer.EXE[3392] ws2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 01DE55A0 C:\Program Files\Common Files\iS3\Anti-Spyware\SGPRXY.DLL (STOPzilla Support Library/iS3, Inc.)
.text C:\WINDOWS\Explorer.EXE[3392] ws2_32.dll!connect 71AB406A 5 Bytes JMP 100035A0
.text C:\WINDOWS\Explorer.EXE[3392] ws2_32.dll!send 71AB428A 5 Bytes JMP 10002E84
.text C:\WINDOWS\Explorer.EXE[3392] ws2_32.dll!WSARecv 71AB4318 5 Bytes JMP 100026A0
.text C:\WINDOWS\Explorer.EXE[3392] ws2_32.dll!gethostbyname 71AB4FD4 5 Bytes JMP 01DE52B0 C:\Program Files\Common Files\iS3\Anti-Spyware\SGPRXY.DLL (STOPzilla Support Library/iS3, Inc.)
.text C:\WINDOWS\Explorer.EXE[3392] ws2_32.dll!recv 71AB615A 5 Bytes JMP 10002624
.text C:\WINDOWS\Explorer.EXE[3392] ws2_32.dll!WSASend 71AB6233 5 Bytes JMP 10003554
.text C:\Program Files\Messenger\msmsgs.exe[3556] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10003658
.text C:\Program Files\Messenger\msmsgs.exe[3556] WS2_32.dll!connect 71AB406A 5 Bytes JMP 100035A0
.text C:\Program Files\Messenger\msmsgs.exe[3556] WS2_32.dll!send 71AB428A 5 Bytes JMP 10002E84
.text C:\Program Files\Messenger\msmsgs.exe[3556] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 100026A0
.text C:\Program Files\Messenger\msmsgs.exe[3556] WS2_32.dll!recv 71AB615A 5 Bytes JMP 10002624
.text C:\Program Files\Messenger\msmsgs.exe[3556] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 10003554
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Program Files\Messenger\msmsgs.exe[3556] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [63403C90] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3556] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [63403B10] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3556] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!ExitProcess] [63403AC0] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3556] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [63403C30] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3556] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [63403B70] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3556] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [63403B10] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3556] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [63403C90] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3556] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [63403B10] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3556] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [63403B70] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3556] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [63403C90] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3556] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [63403B10] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3556] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [63403B70] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3556] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [63403C90] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3556] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [63403C30] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3556] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [63403B10] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3556] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [63403C90] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3556] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [63403B70] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3556] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [63403C30] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3556] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [63403B10] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3556] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [63403C90] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3556] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [63403B70] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3556] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [63403C90] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3556] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [63403B10] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3556] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [63403B10] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3556] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [63403C90] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3556] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [63403C90] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3556] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [63403B10] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3556] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [63403B70] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3556] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [63403C30] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3556] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [63403BD0] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3556] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [63403BD0] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3556] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [63403C30] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3556] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [63403B70] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3556] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [63403B10] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3556] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [63403C90] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3556] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!ExitProcess] [63403AC0] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3556] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [63403B10] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3556] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [63403B70] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3556] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [63403C90] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3556] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [63403C30] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3556] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [63403BD0] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3556] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [63403B70] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3556] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [63403B10] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3556] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [63403C90] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3556] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [63403B70] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3556] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [63403C30] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3556] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [63403C90] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3556] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [63403B10] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3556] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [63403C90] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3556] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [63403B10] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3556] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [63403C90] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3556] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [63403B10] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3556] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [63403BD0] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3556] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [63403C30] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3556] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [63403B70] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3556] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [63403BD0] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3556] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [63403C90] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3556] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [63403B10] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\ControlSet002\Control\Print@MajorVersion 2
Reg HKLM\SYSTEM\ControlSet002\Control\Print@MinorVersion 0
Reg HKLM\SYSTEM\ControlSet002\Control\Print@PriorityClass 0
Reg HKLM\SYSTEM\ControlSet002\Control\Print@BeepEnabled 0
Reg HKLM\SYSTEM\ControlSet002\Control\Print@PortThreadPriority 0
Reg HKLM\SYSTEM\ControlSet002\Control\Print@SchedulerThreadPriority 0
---- EOF - GMER 1.0.15 ----
OTListIt logfile created on: 4/13/2009 8:56:02 AM - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.30 Gb Available Physical Memory | 65.20% Memory free
3.85 Gb Paging File | 3.46 Gb Available in Paging File | 89.90% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 69.65 Gb Free Space | 23.37% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 3.73 Gb Total Space | 3.60 Gb Free Space | 96.56% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: COMPUTER1
Current User Name: Administrator
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On
========== Processes (SafeList) ==========
PRC - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe (iS3, Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\WINDOWS\system32\IoctlSvc.exe (Prolific Technology Inc.)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
PRC - C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
PRC - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\Opdicom\OpdiTracker\OptT3STA.exe (Opdicom Pty. Ltd.)
PRC - C:\Program Files\Brother\Brmfcmon\BrMfimon.exe (Brother Industries, Ltd.)
PRC - C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\Administrator\Desktop\OTListIt2.exe (OldTimer Tools)
========== Win32 Services (SafeList) ==========
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (HOAHC [Disabled | Stopped]) -- File not found
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (Lavasoft Ad-Aware Service [Auto | Stopped]) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (LTMFHDZGS [Disabled | Stopped]) -- File not found
SRV - (MBAMService [Auto | Running]) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (Nero BackItUp Scheduler 3 [Disabled | Stopped]) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe (Nero AG)
SRV - (NMIndexingService [Disabled | Stopped]) -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe (Nero AG)
SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (PLFlash DeviceIoControl Service [Auto | Running]) -- C:\WINDOWS\system32\IoctlSvc.exe (Prolific Technology Inc.)
SRV - (RHPSTWWURJS [Disabled | Stopped]) -- File not found
SRV - (ServiceLayer [On_Demand | Stopped]) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (szserver [Auto | Running]) -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe (iS3, Inc.)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (61883 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\61883.sys (Microsoft Corporation)
DRV - (Avc [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\avc.sys (Microsoft Corporation)
DRV - (gdrv [On_Demand | Stopped]) -- C:\WINDOWS\gdrv.sys (Windows ® 2000 DDK provider)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (JGOGO [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\JGOGO.sys (JMicron )
DRV - (JRAID [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\jraid.sys (JMicron Technology Corp.)
DRV - (Lbd [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (MBAMProtector [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (MSDV [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\msdv.sys (Microsoft Corporation)
DRV - (MTDVC2 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\mtdv2ku2.sys (Matsushita Electric Industrial Co., Ltd.)
DRV - (MTDVC2_ENUM [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\mtdv2ks2.sys (Matsushita Electric Industrial Co., Ltd.)
DRV - (nm [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\NMnt.sys (Microsoft Corporation)
DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (pavboot [Boot | Running]) -- C:\WINDOWS\system32\drivers\pavboot.sys (Panda Security, S.L.)
DRV - (pcouffin [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\pcouffin.sys (VSO Software)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (RTLE8023xp [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SQTECH913D [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\Capt913D.sys (Service & Quality Technology.)
DRV - (StillCam [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\serscan.sys (Microsoft Corporation)
DRV - (szkg5 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\szkg.sys (iS3 Inc.)
DRV - (tmcomm [Auto | Running]) -- C:\WINDOWS\system32\drivers\tmcomm.sys (Trend Micro Inc.)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.)
========== Standard Registry (All) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bigpond.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
O1 HOSTS File: (287875 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.123haustiereundmehr.com
O1 - Hosts: 127.0.0.1 123haustiereundmehr.com
O1 - Hosts: 9921 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (STOPzilla Browser Helper Object) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll (iS3, Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
O4 - HKLM..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot (Gigabyte Technology Corp.)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [Alcmtr] ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun (Brother Industries, Ltd.)
O4 - HKLM..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" (Nuance Communications, Inc.)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /install ()
O4 - HKLM..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini (Nuance Communications, Inc.)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [PowerBar] File not found
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Start OpdiTracker.lnk = C:\Program Files\Opdicom\OpdiTracker\OptT3STA.exe (Opdicom Pty. Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [Tcpip] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [NTDS] - C:\WINDOWS\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [Network Location Awareness (NLA) Namespace] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O15 - HKLM\..Trusted Domains: 50 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} http://edownload.grisoft.cz/ewidoOnlineScan.cab (ewidoOnlineScan Control)
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/buxus/docs/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Filter: - application/octet-stream - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-complus - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-msdownload - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - Class Install Handler - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - lzdhtml - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/webviewhtml - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\system32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\system32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\system32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\system32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\system32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\system32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\system32\WlNotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\system32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O27 - HKLM IFEO\Your Image File Name Here without a path: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\system32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\system32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\system32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\system32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O33 - MountPoints2\{a4300532-9968-11dc-9169-001a4d4e13bf}\Shell - "" = Autorun
O33 - MountPoints2\{a4300532-9968-11dc-9169-001a4d4e13bf}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a4300532-9968-11dc-9169-001a4d4e13bf}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\Shell32.DLL -- [2008/07/03 23:16:57 | 08,454,656 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{a4300532-9968-11dc-9169-001a4d4e13bf}\Shell\Open\command - "" = E:\regsvr.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
========== Files/Folders - Created Within 30 Days ==========
[2009/04/13 08:53:41 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTListIt2.exe
[2009/04/13 08:52:12 | 00,360,002 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\dds.scr
[2009/04/13 07:35:12 | 00,000,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2009/04/12 10:04:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\My Received Files
[2009/04/02 08:00:34 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Administrator\Desktop\setup-spybotsd162.exe
[2009/03/31 06:50:54 | 00,000,000 | ---D | C] -- C:\fsaua.data
[2009/03/30 18:25:22 | 00,007,668 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\drivers\RKREVEAL150.SYS
[2009/03/30 15:56:54 | 00,000,000 | ---D | C] -- C:\Program Files\EsetOnlineScanner
[2009/03/30 13:18:52 | 00,015,688 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/03/30 13:12:45 | 00,064,160 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/03/30 13:12:36 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/03/30 13:09:41 | 00,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/03/30 13:09:37 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2009/03/30 12:49:54 | 05,455,872 | ---- | C] () -- C:\WINDOWS\System32\YLVGZEECR
[2009/03/30 12:32:44 | 00,000,000 | ---- | C] () -- C:\Documents
[2009/03/30 11:40:35 | 05,455,872 | ---- | C] () -- C:\WINDOWS\System32\HJGNTUGOS
[2009/03/29 22:44:25 | 00,208,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\muweb.dll
[2009/03/29 21:10:30 | 00,632,514 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\iS3_rebate.pdf
[2009/03/29 19:56:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2009/03/29 19:55:09 | 00,000,000 | ---D | C] -- C:\Program Files\STOPzilla!
[2009/03/29 19:55:09 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2009/03/29 19:55:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2009/03/29 18:54:37 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk
[2009/03/29 18:54:37 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/03/29 17:46:27 | 00,138,384 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2009/03/29 17:45:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\HouseCall 6.6
[2009/03/29 17:33:23 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[2009/03/19 09:40:14 | 00,017,408 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\SZIO5.dll
[2009/03/19 09:39:14 | 00,294,912 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\SZBase5.dll
[2009/03/19 09:38:48 | 00,540,672 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\SZComp5.dll
[2008/11/07 11:02:15 | 00,000,003 | ---- | C] () -- C:\WINDOWS\System32\msrctp.ini
[2008/10/23 16:34:57 | 00,000,413 | ---- | C] () -- C:\WINDOWS\ViewNX.INI
[2008/09/20 07:57:34 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/09/20 07:55:10 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/09/20 07:55:10 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/09/20 07:54:18 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/09/14 15:31:40 | 00,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2008/09/14 15:31:40 | 00,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2008/09/14 15:31:22 | 00,000,094 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2008/09/14 15:31:21 | 00,000,226 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2008/09/14 15:30:30 | 00,000,086 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini
[2008/09/14 15:30:28 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2008/09/14 15:29:11 | 00,032,041 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2008/05/05 18:32:22 | 00,000,044 | ---- | C] () -- C:\WINDOWS\liveup.ini
[2008/02/11 08:39:26 | 00,253,952 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLA.dll
[2008/02/11 08:39:18 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLW.dll
[2008/02/08 12:53:46 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerLang.dll
[2008/01/14 14:29:20 | 00,000,066 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/01/09 14:01:48 | 00,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2007/12/22 16:23:02 | 00,000,000 | ---- | C] () -- C:\WINDOWS\ka.ini
[2007/11/19 12:58:31 | 00,000,047 | ---- | C] () -- C:\WINDOWS\Userinfo.ini
[2007/11/19 12:53:43 | 00,000,029 | ---- | C] () -- C:\WINDOWS\fcx001.ini
[2007/11/15 07:31:50 | 00,000,000 | ---- | C] () -- C:\WINDOWS\WATCH.INI
[2007/10/21 20:54:59 | 00,000,329 | ---- | C] () -- C:\WINDOWS\ULEAD32.INI
[2007/10/08 14:24:00 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/10/08 09:33:06 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/10/07 12:00:20 | 00,372,736 | R--- | C] () -- C:\WINDOWS\System32\hpzidi01.dll
[2007/10/07 12:00:20 | 00,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2007/07/27 13:49:02 | 00,225,355 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiW.dll
[2007/07/27 13:49:02 | 00,196,683 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiA.dll
[2007/05/11 08:03:00 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/05/11 08:03:00 | 01,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/05/11 08:03:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/05/11 08:03:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/05/11 08:03:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/02/28 22:00:00 | 00,000,686 | ---- | C] () -- C:\WINDOWS\win.ini
[2006/02/28 22:00:00 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[2005/12/05 18:25:22 | 00,139,264 | ---- | C] () -- C:\WINDOWS\System32\lnod32umc.dll
[2005/12/05 11:37:10 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\lnod32upd.dll
========== Files - Modified Within 30 Days ==========
[3 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2009/04/13 08:55:05 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTListIt2.exe
[2009/04/13 08:42:00 | 00,360,002 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\dds.scr
[2009/04/13 07:39:25 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/13 07:35:12 | 00,000,240 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2009/04/13 07:35:10 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/13 07:35:07 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/12 09:26:09 | 16,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Administrator\Desktop\setup-spybotsd162.exe
[2009/04/12 09:00:26 | 00,000,510 | ---- | M] () -- C:\WINDOWS\tasks\Malwarebytes' Scheduled Update for Administrator.job
[2009/04/11 10:37:03 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/04/11 08:10:57 | 00,000,413 | ---- | M] () -- C:\WINDOWS\ViewNX.INI
[2009/04/11 08:07:18 | 00,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdw.DAT
[2009/04/08 20:30:00 | 00,059,392 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/06 14:12:00 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/04/06 08:31:50 | 00,477,846 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/06 08:31:50 | 00,406,328 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/06 08:31:50 | 00,063,528 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/04 08:53:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/04/03 05:12:22 | 00,002,497 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Microsoft Office Word 2003.lnk
[2009/04/01 09:32:49 | 00,287,875 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/03/30 18:25:22 | 00,007,668 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\drivers\RKREVEAL150.SYS
[2009/03/30 13:09:41 | 00,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/03/30 13:03:47 | 00,000,686 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/03/30 12:49:56 | 05,455,872 | ---- | M] () -- C:\WINDOWS\System32\YLVGZEECR
[2009/03/30 12:34:10 | 00,000,000 | ---- | M] () -- C:\Documents
[2009/03/30 11:40:36 | 05,455,872 | ---- | M] () -- C:\WINDOWS\System32\HJGNTUGOS
[2009/03/29 21:10:38 | 00,632,514 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\iS3_rebate.pdf
[2009/03/29 18:54:37 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk
[2009/03/25 16:55:54 | 00,001,520 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\UseNeXT.lnk
[2009/03/25 10:24:34 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/03/19 09:40:14 | 00,017,408 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\SZIO5.dll
[2009/03/19 09:39:14 | 00,294,912 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\SZBase5.dll
[2009/03/19 09:38:48 | 00,540,672 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\SZComp5.dll
========== LOP Check ==========
[2009/03/29 17:45:06 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Administrator\Application Data
[2009/03/03 10:26:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2007/10/09 16:38:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\AdobeUM
[2007/10/09 09:09:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Ahead
[2009/02/16 11:51:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Apple Computer
[2009/02/22 11:25:33 | 00,000,000 | R--D | M] -- C:\Documents and Settings\Administrator\Application Data\Brother
[2007/10/08 09:34:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\CyberLink
[2008/05/05 13:49:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DivX
[2008/04/07 11:52:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\EBookSys
[2008/11/07 11:02:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Fronoh
[2009/03/30 18:21:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\HouseCall 6.6
[2007/10/06 12:10:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Identities
[2007/10/06 12:38:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InstallShield
[2007/11/06 11:42:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2008/11/24 11:49:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2008/11/24 08:47:49 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2008/06/02 15:25:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Nero
[2008/09/07 17:21:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\NeroDigital™
[2007/12/05 09:21:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\NewzToolz
[2008/12/13 13:22:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Nikon
[2008/06/21 10:18:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Nokia
[2007/10/07 16:26:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Ovusoft
[2008/06/21 10:17:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PC Suite
[2008/02/25 11:24:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Real
[2008/10/08 14:14:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Snapfish
[2007/12/13 12:10:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SpinTop
[2007/10/08 13:55:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Sun
[2008/03/29 19:43:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Uniblue
[2009/04/13 06:31:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\UseNeXT
[2008/06/07 08:39:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\vlc
[2009/04/10 19:01:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Vso
[2009/03/29 19:56:02 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2008/12/27 11:53:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2008/07/25 18:58:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{53608B89-D534-4FA6-B348-02EF7D3C693C}
[2009/03/30 13:09:42 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[2007/10/07 19:33:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2007/10/06 13:08:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ahead
[2008/12/27 11:51:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2008/12/27 11:52:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2008/11/24 08:47:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg8
[2008/09/14 15:26:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Brother
[2007/10/08 09:34:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2008/06/06 13:04:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DVD Shrink
[2008/10/23 13:16:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2008/09/14 15:29:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2007/12/22 16:22:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Knowledge Adventure
[2008/08/19 09:11:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2008/11/24 11:49:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/09/15 17:55:54 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2008/06/02 15:23:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nero
[2008/10/23 13:15:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
[2007/10/16 14:06:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\nView_Profiles
[2009/02/24 09:54:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Opdicom
[2008/11/03 09:31:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2008/06/21 10:24:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2008/09/14 15:51:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Playrix Entertainment
[2008/09/14 15:29:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2009/04/10 15:45:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2007/12/13 12:12:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpinTopV1004
[2009/04/12 10:00:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/04/13 08:53:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2008/10/23 13:15:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SystemConfiguration
[2009/03/21 09:57:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/10/23 13:16:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tuner
[2008/10/23 13:16:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2007/10/08 09:04:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2007/10/09 12:34:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2009/04/06 14:12:00 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2009/04/04 08:53:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2006/02/28 22:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/04/12 09:00:26 | 00,000,510 | ---- | M] () -- C:\WINDOWS\Tasks\Malwarebytes' Scheduled Update for Administrator.job
[2009/04/13 07:35:10 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D34167E3
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B6C77675
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:621BEE66
< End of report >
OTListIt Extras logfile created on: 4/13/2009 8:56:02 AM - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.30 Gb Available Physical Memory | 65.20% Memory free
3.85 Gb Paging File | 3.46 Gb Available in Paging File | 89.90% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 69.65 Gb Free Space | 23.37% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 3.73 Gb Total Space | 3.60 Gb Free Space | 96.56% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: COMPUTER1
Current User Name: Administrator
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"54925:UDP" = 54925:UDP:*:Enabled:Brother Network Scanner
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 (Microsoft Corporation)
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 (Microsoft Corporation)
C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer (LimeWire)
C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe File not found
C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe File not found
C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe File not found
C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire (Lime Wire, LLC)
C:\Program Files\Binary-House\MagicWhiteboard\MagicWhiteboard.exe:*:Disabled:Magic Whiteboard File not found
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test (Microsoft Corporation)
C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App (Microsoft Corporation)
C:\Program Files\Brother\Brmfl07a\FAXRX.exe:*:Enabled:FAXRX.EXE (Brother Industries Ltd.)
C:\WINDOWS\system32\drivers\svchost.exe:*:Disabled:svchost File not found
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware (Malwarebytes Corporation)
C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour (Apple Inc.)
C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes (Apple Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0609D0AF-1382-42BE-81DB-CF30F8B0F6E2}" = Serif PhotoPlus 6.0
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Multimedia Launcher
"{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{332CC6BF-E6C7-48EE-BA3D-435E576AD67F}" = PaperPort Image Printer
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3716C0FF-CB5C-4EF3-A944-11F02A7830F3}" = OpdiTracker
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{6094AB91-4CC8-498E-9DFF-134CC0B159DE}" = PC Connectivity Solution
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = MSIDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.2.1.55b
"{7A5E68D5-DEA7-4067-B191-B4AE756C057B}" = STOPzilla
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{91510409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{95120000-0052-0409-0000-0000000FF1CE}" = Microsoft Office Visio Viewer 2007
"{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}" = Brother MFL-Pro Suite
"{AC76BA86-7AD7-1033-7B44-A70800000002}" = Adobe Reader 7.0.8
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B6C89654-A6A2-477C-873B-724EC1C56407}" = ScanSoft PaperPort 11
"{B97CF5C3-0487-11D8-A36E-0050BAE317E1}" = DVD Solution
"{BB406CEB-6207-4512-9BB2-89950DC9D6B6}_is1" = ConvertXtoDVD 2.2.3.258
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D6D5CB84-0E6E-4E69-B300-C690B6911033}" = Nero 8
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{F007CBCE-D714-4C0B-8CE9-9B0D78116468}" = ViewNX
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime
"{FB3BE405-6BF0-490A-84B3-00611385EA0D}" = Common-Use Signing Interface
"4 Elements" = 4 Elements
"ABBYY FineReader 4.0 Sprint" = ABBYY FineReader 4.0 Sprint
"AC3Filter" = AC3Filter (remove only)
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Ad-Aware" = Ad-Aware
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player
"Amazing Adventures The Lost Tomb" = Amazing Adventures The Lost Tomb
"AVI Video Joiner_is1" = AVI Video Joiner 1.2
"Common-Use Signing Interface" = Common-Use Signing Interface
"Cool MP3 Splitter_is1" = Cool MP3 Splitter 2.0
"DV Capture_is1" = DV Capture 1.0
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"EsetOnlineScanner" = ESET Online Scanner
"e-tax 2008" = e-tax 2008
"F064B256B4A20996EA9E333B5E0F14B61AB3333D" = Windows Driver Package - Nokia (WUDFRd) WPD (03/19/2007 6.83.31.1)
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"LimeWire" = LimeWire 4.18.8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"RealPlayer 6.0" = RealPlayer
"RegistryBooster 2_is1" = Uniblue RegistryBooster 2
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Taking Charge of Your Fertility Software" = Taking Charge of Your Fertility Software
"Tax Withheld Calculator" = Tax Withheld Calculator
"Trend Micro HouseCall 6.6" = HouseCall 6.6
"UseNeXT_is1" = UseNeXT
"VLC media player" = VideoLAN VLC media player 0.8.1
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 4/16/2008 5:53:00 AM | Computer Name = USER-E7AD2CB662 | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module srsvc.dll, version 5.1.2600.2180, fault address 0x00019ffe.
Error - 4/21/2008 1:54:44 AM | Computer Name = USER-E7AD2CB662 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16640, faulting
module unknown, version 0.0.0.0, fault address 0x059500ff.
[ System Events ]
Error - 3/5/2009 4:56:47 PM | Computer Name = COMPUTER1 | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
USER-95A5E549B4 that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{474B161A-993. The master browser is stopping or an election is being
forced.
Error - 3/5/2009 5:05:33 PM | Computer Name = COMPUTER1 | Source = BROWSER | ID = 8032
Description = The browser service has failed to retrieve the backup list too many
times on transport \Device\NetBT_Tcpip_{474B161A-993C-4ED2-B445-CB49019E2918}. The
backup browser is stopping.
Error - 3/7/2009 11:11:21 PM | Computer Name = COMPUTER1 | Source = BROWSER | ID = 8032
Description = The browser service has failed to retrieve the backup list too many
times on transport \Device\NetBT_Tcpip_{474B161A-993C-4ED2-B445-CB49019E2918}. The
backup browser is stopping.
Error - 3/8/2009 7:42:30 AM | Computer Name = COMPUTER1 | Source = System Error | ID = 1003
Description = Error code 000000ca, parameter1 00000001, parameter2 88fd3788, parameter3
8905dc68, parameter4 00000000.
Error - 3/8/2009 4:15:44 PM | Computer Name = COMPUTER1 | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
USER-95A5E549B4 that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{474B161A-993. The master browser is stopping or an election is being
forced.
Error - 3/8/2009 4:19:08 PM | Computer Name = COMPUTER1 | Source = BROWSER | ID = 8032
Description = The browser service has failed to retrieve the backup list too many
times on transport \Device\NetBT_Tcpip_{474B161A-993C-4ED2-B445-CB49019E2918}. The
backup browser is stopping.
Error - 3/9/2009 5:10:44 AM | Computer Name = COMPUTER1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service NMIndexingService
with arguments "" in order to run the server: {E8933C4B-2C90-4A04-A677-E958D9509F1A}
Error - 3/9/2009 5:10:44 AM | Computer Name = COMPUTER1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service NMIndexingService
with arguments "" in order to run the server: {E8933C4B-2C90-4A04-A677-E958D9509F1A}
Error - 3/12/2009 3:44:44 PM | Computer Name = COMPUTER1 | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
USER-95A5E549B4 that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{474B161A-993. The master browser is stopping or an election is being
forced.
Error - 3/12/2009 3:49:51 PM | Computer Name = COMPUTER1 | Source = BROWSER | ID = 8032
Description = The browser service has failed to retrieve the backup list too many
times on transport \Device\NetBT_Tcpip_{474B161A-993C-4ED2-B445-CB49019E2918}. The
backup browser is stopping.
< End of report >
GMER 1.0.15.14966 - http://www.gmer.net
Rootkit scan 2009-04-13 09:41:25
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.15 ----
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xBA91887E]
SSDT \??\C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes' Anti-Malware/Malwarebytes Corporation) ZwCreateSection [0xB5B43FE0]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xBA918C10]
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\RUNDLL32.EXE[500] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10003658
.text C:\WINDOWS\system32\RUNDLL32.EXE[500] ws2_32.dll!connect 71AB406A 5 Bytes JMP 100035A0
.text C:\WINDOWS\system32\RUNDLL32.EXE[500] ws2_32.dll!send 71AB428A 5 Bytes JMP 10002E84
.text C:\WINDOWS\system32\RUNDLL32.EXE[500] ws2_32.dll!WSARecv 71AB4318 5 Bytes JMP 100026A0
.text C:\WINDOWS\system32\RUNDLL32.EXE[500] ws2_32.dll!recv 71AB615A 5 Bytes JMP 10002624
.text C:\WINDOWS\system32\RUNDLL32.EXE[500] ws2_32.dll!WSASend 71AB6233 5 Bytes JMP 10003554
.text C:\WINDOWS\system32\nvsvc32.exe[552] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10833658
.text C:\WINDOWS\system32\nvsvc32.exe[552] ws2_32.dll!connect 71AB406A 5 Bytes JMP 108335A0
.text C:\WINDOWS\system32\nvsvc32.exe[552] ws2_32.dll!send 71AB428A 5 Bytes JMP 10832E84
.text C:\WINDOWS\system32\nvsvc32.exe[552] ws2_32.dll!WSARecv 71AB4318 5 Bytes JMP 108326A0
.text C:\WINDOWS\system32\nvsvc32.exe[552] ws2_32.dll!recv 71AB615A 5 Bytes JMP 10832624
.text C:\WINDOWS\system32\nvsvc32.exe[552] ws2_32.dll!WSASend 71AB6233 5 Bytes JMP 10833554
.text C:\WINDOWS\system32\svchost.exe[608] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10003658
.text C:\WINDOWS\system32\svchost.exe[608] ws2_32.dll!connect 71AB406A 5 Bytes JMP 100035A0
.text C:\WINDOWS\system32\svchost.exe[608] ws2_32.dll!send 71AB428A 5 Bytes JMP 10002E84
.text C:\WINDOWS\system32\svchost.exe[608] ws2_32.dll!WSARecv 71AB4318 5 Bytes JMP 100026A0
.text C:\WINDOWS\system32\svchost.exe[608] ws2_32.dll!recv 71AB615A 5 Bytes JMP 10002624
.text C:\WINDOWS\system32\svchost.exe[608] ws2_32.dll!WSASend 71AB6233 5 Bytes JMP 10003554
.text C:\WINDOWS\system32\winlogon.exe[788] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10003658
.text C:\WINDOWS\system32\winlogon.exe[788] WS2_32.dll!connect 71AB406A 5 Bytes JMP 100035A0
.text C:\WINDOWS\system32\winlogon.exe[788] WS2_32.dll!send 71AB428A 5 Bytes JMP 10002E84
.text C:\WINDOWS\system32\winlogon.exe[788] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 100026A0
.text C:\WINDOWS\system32\winlogon.exe[788] WS2_32.dll!recv 71AB615A 5 Bytes JMP 10002624
.text C:\WINDOWS\system32\winlogon.exe[788] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 10003554
.text C:\WINDOWS\system32\lsass.exe[844] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10003658
.text C:\WINDOWS\system32\lsass.exe[844] WS2_32.dll!connect 71AB406A 5 Bytes JMP 100035A0
.text C:\WINDOWS\system32\lsass.exe[844] WS2_32.dll!send 71AB428A 5 Bytes JMP 10002E84
.text C:\WINDOWS\system32\lsass.exe[844] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 100026A0
.text C:\WINDOWS\system32\lsass.exe[844] WS2_32.dll!recv 71AB615A 5 Bytes JMP 10002624
.text C:\WINDOWS\system32\lsass.exe[844] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 10003554
.text C:\WINDOWS\RTHDCPL.EXE[908] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10003658
.text C:\WINDOWS\RTHDCPL.EXE[908] ws2_32.dll!connect 71AB406A 5 Bytes JMP 100035A0
.text C:\WINDOWS\RTHDCPL.EXE[908] ws2_32.dll!send 71AB428A 5 Bytes JMP 10002E84
.text C:\WINDOWS\RTHDCPL.EXE[908] ws2_32.dll!WSARecv 71AB4318 5 Bytes JMP 100026A0
.text C:\WINDOWS\RTHDCPL.EXE[908] ws2_32.dll!recv 71AB615A 5 Bytes JMP 10002624
.text C:\WINDOWS\RTHDCPL.EXE[908] ws2_32.dll!WSASend 71AB6233 5 Bytes JMP 10003554
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10003658
.text C:\WINDOWS\system32\svchost.exe[1012] ws2_32.dll!connect 71AB406A 5 Bytes JMP 100035A0
.text C:\WINDOWS\system32\svchost.exe[1012] ws2_32.dll!send 71AB428A 5 Bytes JMP 10002E84
.text C:\WINDOWS\system32\svchost.exe[1012] ws2_32.dll!WSARecv 71AB4318 5 Bytes JMP 100026A0
.text C:\WINDOWS\system32\svchost.exe[1012] ws2_32.dll!recv 71AB615A 5 Bytes JMP 10002624
.text C:\WINDOWS\system32\svchost.exe[1012] ws2_32.dll!WSASend 71AB6233 5 Bytes JMP 10003554
.text C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe[1076] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10023658
.text C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe[1076] WS2_32.dll!connect 71AB406A 5 Bytes JMP 100235A0
.text C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe[1076] WS2_32.dll!send 71AB428A 5 Bytes JMP 10022E84
.text C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe[1076] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 100226A0
.text C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe[1076] WS2_32.dll!recv 71AB615A 5 Bytes JMP 10022624
.text C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe[1076] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 10023554
.text C:\WINDOWS\System32\svchost.exe[1288] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10003658
.text C:\WINDOWS\System32\svchost.exe[1288] ws2_32.dll!connect 71AB406A 5 Bytes JMP 100035A0
.text C:\WINDOWS\System32\svchost.exe[1288] ws2_32.dll!send 71AB428A 5 Bytes JMP 10002E84
.text C:\WINDOWS\System32\svchost.exe[1288] ws2_32.dll!WSARecv 71AB4318 5 Bytes JMP 100026A0
.text C:\WINDOWS\System32\svchost.exe[1288] ws2_32.dll!recv 71AB615A 5 Bytes JMP 10002624
.text C:\WINDOWS\System32\svchost.exe[1288] ws2_32.dll!WSASend 71AB6233 5 Bytes JMP 10003554
.text C:\WINDOWS\system32\svchost.exe[1548] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 00BD55A0 C:\Program Files\Common Files\iS3\Anti-Spyware\SGPRXY.DLL (STOPzilla Support Library/iS3, Inc.)
.text C:\WINDOWS\system32\svchost.exe[1548] WS2_32.dll!gethostbyname 71AB4FD4 5 Bytes JMP 00BD52B0 C:\Program Files\Common Files\iS3\Anti-Spyware\SGPRXY.DLL (STOPzilla Support Library/iS3, Inc.)
.text C:\WINDOWS\system32\spoolsv.exe[1708] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10003658
.text C:\WINDOWS\system32\spoolsv.exe[1708] ws2_32.dll!connect 71AB406A 5 Bytes JMP 100035A0
.text C:\WINDOWS\system32\spoolsv.exe[1708] ws2_32.dll!send 71AB428A 5 Bytes JMP 10002E84
.text C:\WINDOWS\system32\spoolsv.exe[1708] ws2_32.dll!WSARecv 71AB4318 5 Bytes JMP 100026A0
.text C:\WINDOWS\system32\spoolsv.exe[1708] ws2_32.dll!recv 71AB615A 5 Bytes JMP 10002624
.text C:\WINDOWS\system32\spoolsv.exe[1708] ws2_32.dll!WSASend 71AB6233 5 Bytes JMP 10003554
.text C:\Program Files\Brother\Brmfcmon\BrMfimon.exe[2004] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10023658
.text C:\Program Files\Brother\Brmfcmon\BrMfimon.exe[2004] ws2_32.dll!connect 71AB406A 5 Bytes JMP 100235A0
.text C:\Program Files\Brother\Brmfcmon\BrMfimon.exe[2004] ws2_32.dll!send 71AB428A 5 Bytes JMP 10022E84
.text C:\Program Files\Brother\Brmfcmon\BrMfimon.exe[2004] ws2_32.dll!WSARecv 71AB4318 5 Bytes JMP 100226A0
.text C:\Program Files\Brother\Brmfcmon\BrMfimon.exe[2004] ws2_32.dll!recv 71AB615A 5 Bytes JMP 10022624
.text C:\Program Files\Brother\Brmfcmon\BrMfimon.exe[2004] ws2_32.dll!WSASend 71AB6233 5 Bytes JMP 10023554
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2176] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10003658
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2176] ws2_32.dll!connect 71AB406A 5 Bytes JMP 100035A0
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2176] ws2_32.dll!send 71AB428A 5 Bytes JMP 10002E84
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2176] ws2_32.dll!WSARecv 71AB4318 5 Bytes JMP 100026A0
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2176] ws2_32.dll!recv 71AB615A 5 Bytes JMP 10002624
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2176] ws2_32.dll!WSASend 71AB6233 5 Bytes JMP 10003554
.text C:\WINDOWS\System32\alg.exe[2220] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 009255A0 C:\Program Files\Common Files\iS3\Anti-Spyware\SGPRXY.DLL (STOPzilla Support Library/iS3, Inc.)
.text C:\WINDOWS\System32\alg.exe[2220] WS2_32.dll!gethostbyname 71AB4FD4 5 Bytes JMP 009252B0 C:\Program Files\Common Files\iS3\Anti-Spyware\SGPRXY.DLL (STOPzilla Support Library/iS3, Inc.)
.text C:\Program Files\iTunes\iTunesHelper.exe[2352] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10013658
.text C:\Program Files\iTunes\iTunesHelper.exe[2352] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 01DE55A0 C:\Program Files\Common Files\iS3\Anti-Spyware\SGPRXY.DLL (STOPzilla Support Library/iS3, Inc.)
.text C:\Program Files\iTunes\iTunesHelper.exe[2352] WS2_32.dll!connect 71AB406A 5 Bytes JMP 100135A0
.text C:\Program Files\iTunes\iTunesHelper.exe[2352] WS2_32.dll!send 71AB428A 5 Bytes JMP 10012E84
.text C:\Program Files\iTunes\iTunesHelper.exe[2352] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 100126A0
.text C:\Program Files\iTunes\iTunesHelper.exe[2352] WS2_32.dll!gethostbyname 71AB4FD4 5 Bytes JMP 01DE52B0 C:\Program Files\Common Files\iS3\Anti-Spyware\SGPRXY.DLL (STOPzilla Support Library/iS3, Inc.)
.text C:\Program Files\iTunes\iTunesHelper.exe[2352] WS2_32.dll!recv 71AB615A 5 Bytes JMP 10012624
.text C:\Program Files\iTunes\iTunesHelper.exe[2352] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 10013554
.text C:\WINDOWS\System32\svchost.exe[2360] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10003658
.text C:\WINDOWS\System32\svchost.exe[2360] ws2_32.dll!connect 71AB406A 5 Bytes JMP 100035A0
.text C:\WINDOWS\System32\svchost.exe[2360] ws2_32.dll!send 71AB428A 5 Bytes JMP 10002E84
.text C:\WINDOWS\System32\svchost.exe[2360] ws2_32.dll!WSARecv 71AB4318 5 Bytes JMP 100026A0
.text C:\WINDOWS\System32\svchost.exe[2360] ws2_32.dll!recv 71AB615A 5 Bytes JMP 10002624
.text C:\WINDOWS\System32\svchost.exe[2360] ws2_32.dll!WSASend 71AB6233 5 Bytes JMP 10003554
.text C:\WINDOWS\system32\ctfmon.exe[2432] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10003658
.text C:\WINDOWS\system32\ctfmon.exe[2432] ws2_32.dll!connect 71AB406A 5 Bytes JMP 100035A0
.text C:\WINDOWS\system32\ctfmon.exe[2432] ws2_32.dll!send 71AB428A 5 Bytes JMP 10002E84
.text C:\WINDOWS\system32\ctfmon.exe[2432] ws2_32.dll!WSARecv 71AB4318 5 Bytes JMP 100026A0
.text C:\WINDOWS\system32\ctfmon.exe[2432] ws2_32.dll!recv 71AB615A 5 Bytes JMP 10002624
.text C:\WINDOWS\system32\ctfmon.exe[2432] ws2_32.dll!WSASend 71AB6233 5 Bytes JMP 10003554
.text C:\WINDOWS\Explorer.EXE[3392] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10003658
.text C:\WINDOWS\Explorer.EXE[3392] ws2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 01DE55A0 C:\Program Files\Common Files\iS3\Anti-Spyware\SGPRXY.DLL (STOPzilla Support Library/iS3, Inc.)
.text C:\WINDOWS\Explorer.EXE[3392] ws2_32.dll!connect 71AB406A 5 Bytes JMP 100035A0
.text C:\WINDOWS\Explorer.EXE[3392] ws2_32.dll!send 71AB428A 5 Bytes JMP 10002E84
.text C:\WINDOWS\Explorer.EXE[3392] ws2_32.dll!WSARecv 71AB4318 5 Bytes JMP 100026A0
.text C:\WINDOWS\Explorer.EXE[3392] ws2_32.dll!gethostbyname 71AB4FD4 5 Bytes JMP 01DE52B0 C:\Program Files\Common Files\iS3\Anti-Spyware\SGPRXY.DLL (STOPzilla Support Library/iS3, Inc.)
.text C:\WINDOWS\Explorer.EXE[3392] ws2_32.dll!recv 71AB615A 5 Bytes JMP 10002624
.text C:\WINDOWS\Explorer.EXE[3392] ws2_32.dll!WSASend 71AB6233 5 Bytes JMP 10003554
.text C:\Program Files\Messenger\msmsgs.exe[3556] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10003658
.text C:\Program Files\Messenger\msmsgs.exe[3556] WS2_32.dll!connect 71AB406A 5 Bytes JMP 100035A0
.text C:\Program Files\Messenger\msmsgs.exe[3556] WS2_32.dll!send 71AB428A 5 Bytes JMP 10002E84
.text C:\Program Files\Messenger\msmsgs.exe[3556] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 100026A0
.text C:\Program Files\Messenger\msmsgs.exe[3556] WS2_32.dll!recv 71AB615A 5 Bytes JMP 10002624
.text C:\Program Files\Messenger\msmsgs.exe[3556] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 10003554
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Program Files\Messenger\msmsgs.exe[3556] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [63403C90] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3556] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [63403B10] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3556] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!ExitProcess] [63403AC0] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3556] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [63403C30] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3556] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [63403B70] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3556] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [63403B10] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3556] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [63403C90] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3556] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [63403B10] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3556] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [63403B70] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3556] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [63403C90] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3556] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [63403B10] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3556] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [63403B70] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3556] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [63403C90] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3556] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [63403C30] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3556] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [63403B10] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3556] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [63403C90] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3556] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [63403B70] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3556] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [63403C30] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3556] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [63403B10] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3556] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [63403C90] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3556] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [63403B70] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3556] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [63403C90] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3556] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [63403B10] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3556] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [63403B10] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3556] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [63403C90] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3556] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [63403C90] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3556] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [63403B10] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3556] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [63403B70] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3556] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [63403C30] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3556] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [63403BD0] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3556] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [63403BD0] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3556] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [63403C30] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3556] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [63403B70] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3556] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [63403B10] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3556] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [63403C90] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3556] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!ExitProcess] [63403AC0] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3556] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [63403B10] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3556] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [63403B70] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3556] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [63403C90] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3556] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [63403C30] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3556] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [63403BD0] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3556] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [63403B70] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3556] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [63403B10] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3556] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [63403C90] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3556] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [63403B70] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3556] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [63403C30] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3556] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [63403C90] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3556] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [63403B10] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3556] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [63403C90] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3556] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [63403B10] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3556] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [63403C90] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3556] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [63403B10] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3556] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [63403BD0] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3556] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [63403C30] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3556] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [63403B70] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3556] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [63403BD0] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3556] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [63403C90] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3556] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [63403B10] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\ControlSet002\Control\Print@MajorVersion 2
Reg HKLM\SYSTEM\ControlSet002\Control\Print@MinorVersion 0
Reg HKLM\SYSTEM\ControlSet002\Control\Print@PriorityClass 0
Reg HKLM\SYSTEM\ControlSet002\Control\Print@BeepEnabled 0
Reg HKLM\SYSTEM\ControlSet002\Control\Print@PortThreadPriority 0
Reg HKLM\SYSTEM\ControlSet002\Control\Print@SchedulerThreadPriority 0
---- EOF - GMER 1.0.15 ----
Hi,
The forums are really busy, that explains why logs get behind. If you still need some help, then please update your mbam (update tab > check for update), rescan and post the log in your next reply together with a new HijackThislog.
Then I'll take a look.
Also, the reason why your thread was most probably overlooked is because you replied in your own thread. The helpers always look at the threads with 0 replies first. In case there are more replies, then we assume that someone is already helping.
That's why, If no one hasn't replied yet and you want to add more information, it's better to edit your existing post then.
The forums are really busy, that explains why logs get behind. If you still need some help, then please update your mbam (update tab > check for update), rescan and post the log in your next reply together with a new HijackThislog.
Then I'll take a look.
Also, the reason why your thread was most probably overlooked is because you replied in your own thread. The helpers always look at the threads with 0 replies first. In case there are more replies, then we assume that someone is already helping.
That's why, If no one hasn't replied yet and you want to add more information, it's better to edit your existing post then.
Hi miekiemoes,
Thanks for the reply. The problem seems to be resolved and my scans are coming up clean, so fingers crossed. Thanks for the info regarding the best way to add to a post, hopefully I won't need to post again, all the best.
Thanks for the reply. The problem seems to be resolved and my scans are coming up clean, so fingers crossed. Thanks for the info regarding the best way to add to a post, hopefully I won't need to post again, all the best.
Hi,
Thanks for letting us know.
Just make sure this won't happen again, so Please read my Prevention page with lots of info and tips how to prevent this in the future.
And if you want to improve speed/system performance after malware removal, take a look here.
Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan.
Happy Surfing again!
Thanks for letting us know.
Just make sure this won't happen again, so Please read my Prevention page with lots of info and tips how to prevent this in the future.
And if you want to improve speed/system performance after malware removal, take a look here.
Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan.
Happy Surfing again!
Since this issue appears resolved ... this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.
Everyone else please begin a New Topic.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.
Everyone else please begin a New Topic.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.