Hello all. First time posting here, so please let me know if I'm missing something. Any help is GREATLY appreciated!
Problem I'm having:
1) Clicking on Google searches will sometimes redirect me to rle822x.cn -based urls, then to a random search engine. I don't seem to have this problem with the Yahoo search engine.
2) Every now and then I'll get a random website opening up also, even though I haven't clicked on anything.
3) Just recently, it's started redirecting to a67990067.cn - based URLs, too.
4) Sometimes, I'll also get a Java popup, like Java has been started, when this happens.
5) Another odd thing is that google.com doesn't take me to the google search page anymore, but to iGoogle. Not sure why, or if this has anything to do with anything. I know that Google's been doing this before, and I might have had a script that prevented it that is now being interfered with.
6) JUST NOW, after connecting to the internet, my computer slowed to a crawl and eventually gave me a black screen. I hard reset the computer and rebooted in safemode.
Please note that the GMER log is from BEFORE the hard reboot, while the OTL log is from AFTER (I reran OTL because I lost the log in having to reboot). The second time I ran OTL, it didn't pop up the Extras.txt, but there was a file on my desktop, and that's what I attached. I don't know if it's from the first time I ran OTL (before the hard reboot) or after.
I have gone through every reputable spyware scanner I can find, as well as through the Malware and Spyware Cleaning Guide (complete with AVG and online ESET scans that came up clean), and still haven't fixed the problem. Please help!
Updated MBAM did not find any infections. It didn't seem to produce a log, so I haven't posted one.
GMER log:
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-21 08:06:27
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\Becky\AppData\Local\Temp\kwrdipoc.sys
---- System - GMER 1.0.15 ----
INT 0x62 ? 86E24BF8
INT 0x72 ? 86E24BF8
INT 0x82 ? 8531CBF8
INT 0x82 ? 8531CBF8
INT 0x82 ? 86E24BF8
INT 0x82 ? 8531CBF8
INT 0x92 ? 86E24BF8
INT 0x92 ? 86E24BF8
INT 0xA2 ? 86E24BF8
INT 0xB2 ? 8531BBF8
INT 0xB2 ? 8531BBF8
INT 0xB2 ? 8531BBF8
INT 0xB2 ? 8531BBF8
INT 0xB2 ? 8531BBF8
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 85CB01F8
Device \Driver\netbt \Device\NetBT_Tcpip_{415473BE-FD62-488E-8F0A-E9F7AAB485B8} 875A41F8
Device \Driver\volmgr \Device\VolMgrControl 8531E1F8
Device \Driver\usbuhci \Device\USBPDO-0 86CB51F8
Device \Driver\usbuhci \Device\USBPDO-1 86CB51F8
Device \Driver\usbehci \Device\USBPDO-2 86C151F8
Device \Driver\usbuhci \Device\USBPDO-3 86CB51F8
Device \Driver\usbuhci \Device\USBPDO-4 86CB51F8
Device \Driver\usbuhci \Device\USBPDO-5 86CB51F8
Device \Driver\usbuhci \Device\USBPDO-6 86CB51F8
Device \Driver\volmgr \Device\HarddiskVolume1 8531E1F8
Device \Driver\usbehci \Device\USBPDO-7 86C151F8
Device \Driver\volmgr \Device\HarddiskVolume2 8531E1F8
Device \Driver\cdrom \Device\CdRom0 86C291F8
Device \Driver\USBSTOR \Device\00000072 8765E1F8
Device \Driver\volmgr \Device\HarddiskVolume3 8531E1F8
Device \Driver\atapi \Device\Ide\IdePort0 85CAE1F8
Device \Driver\atapi \Device\Ide\IdePort1 85CAE1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 85CAE1F8
Device \Driver\msahci \Device\Ide\PciIde0Channel0 85CAF1F8
Device \Driver\msahci \Device\Ide\PciIde0Channel1 85CAF1F8
Device \Driver\USBSTOR \Device\00000073 8765E1F8
Device \Driver\volmgr \Device\HarddiskVolume4 8531E1F8
Device \Driver\netbt \Device\NetBT_Tcpip_{E05A3F79-9A2D-464B-A5E8-1D36ADF1F506} 875A41F8
Device \Driver\netbt \Device\NetBt_Wins_Export 875A41F8
Device \Driver\Smb \Device\NetbiosSmb 875A31F8
Device \Driver\iScsiPrt \Device\RaidPort0 86D2F1F8
Device \Driver\usbuhci \Device\USBFDO-0 86CB51F8
Device \Driver\usbuhci \Device\USBFDO-1 86CB51F8
Device \Driver\usbehci \Device\USBFDO-2 86C151F8
Device \Driver\usbuhci \Device\USBFDO-3 86CB51F8
Device \Driver\usbuhci \Device\USBFDO-4 86CB51F8
Device \Driver\usbuhci \Device\USBFDO-5 86CB51F8
Device \Driver\usbuhci \Device\USBFDO-6 86CB51F8
Device \Driver\usbehci \Device\USBFDO-7 86C151F8
Device \Driver\JMCR \Device\Scsi\JMCR1 86B711F8
Device \Driver\JMCR \Device\Scsi\JMCR2 86B711F8
Device \Driver\JMCR \Device\Scsi\JMCR3 86B711F8
Device \Driver\JMCR \Device\Scsi\JMCR4 86B711F8
Device \FileSystem\cdfs \Cdfs 859751F8
Device -> \Driver\atapi \Device\Harddisk0\DR0 85DBE856
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
---- Files - GMER 1.0.15 ----
File C:\Windows\system32\drivers\atapi.sys suspicious modification
---- EOF - GMER 1.0.15 ----
OTL log:
OTL logfile created on: 1/21/2010 6:45:18 PM - Run 2
OTL by OldTimer - Version 3.1.25.3 Folder = C:\Users\Becky\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18865)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 83.00% Memory free
6.00 Gb Paging File | 6.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69.52 Gb Total Space | 28.43 Gb Free Space | 40.89% Space Free | Partition Type: NTFS
Drive D: | 69.52 Gb Total Space | 10.48 Gb Free Space | 15.08% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: HAKKAI
Current User Name: Becky
Logged in as Administrator.
Current Boot Mode: SafeMode
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/01/20 23:01:36 | 00,546,816 | ---- | M] (OldTimer Tools) -- C:\Users\Becky\Desktop\OTL.exe
PRC - [2010/01/13 19:37:21 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/04/11 01:27:36 | 02,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/10 05:45:00 | 02,543,256 | ---- | M] (Just Great Software) -- C:\Program Files\EditPadLite\EditPadLite.exe
========== Modules (SafeList) ==========
MOD - [2010/01/20 23:01:36 | 00,546,816 | ---- | M] (OldTimer Tools) -- C:\Users\Becky\Desktop\OTL.exe
MOD - [2009/04/11 01:21:38 | 01,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - [2010/01/17 14:27:44 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/10/22 20:04:09 | 00,075,064 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\PnkBstrA.exe -- (PnkBstrA)
SRV - [2009/09/28 15:13:04 | 00,335,872 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\RadioGet\RGService.exe -- (RGService)
SRV - [2009/09/24 20:27:04 | 00,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Stopped] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/06/02 11:25:40 | 00,024,576 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008/04/23 13:22:38 | 00,440,872 | ---- | M] (Broadcom Corporation.) [Auto | Stopped] -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2008/04/07 00:42:24 | 00,050,424 | ---- | M] (NewTech InfoSystems, Inc.) [Auto | Stopped] -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe -- (NTIBackupSvc)
SRV - [2008/04/04 05:03:14 | 00,131,072 | ---- | M] () [Auto | Stopped] -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe -- (NTISchedulerSvc)
SRV - [2008/03/03 15:11:14 | 00,016,384 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Stopped] -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe -- (BUNAgentSvc)
SRV - [2008/01/20 21:23:32 | 00,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/06 18:15:28 | 00,110,592 | ---- | M] () [Auto | Stopped] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2007/11/06 15:22:26 | 00,092,792 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2007/10/18 01:37:04 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) [Auto | Stopped] -- C:\Windows\System32\drivers\XAudio.exe -- (XAudioService)
SRV - [2007/01/17 13:20:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2006/11/02 07:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\ehome\ehstart.dll -- (ehstart)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...m=extensa_4630z
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://white-aster.i...idth.org/read/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: [email protected]:3.5.20091115
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.4
FF - prefs.js..extensions.enabledItems: [email protected]:0.6.0.10
FF - prefs.js..extensions.enabledItems: {AE37D527-6604-461c-8102-975CF8053A2F}:0.5.3.1
FF - prefs.js..extensions.enabledItems: [email protected]:4.0.27.0
FF - prefs.js..extensions.enabledItems: [email protected]:0.4.1
FF - prefs.js..extensions.enabledItems: [email protected]:0.9.8
FF - prefs.js..extensions.enabledItems: {987311C6-B504-4aa2-90BF-60CC49808D42}:2.2
FF - prefs.js..extensions.enabledItems: {04b56b3f-c4f4-48ba-9ea1-30e04fb7d829}:2.6.20091103
FF - prefs.js..extensions.enabledItems: [email protected]:0.4.1.2
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.8
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.1
FF - prefs.js..extensions.enabledItems: {861c8868-e3dc-4dcb-ba2e-866901fc2be8}:1.3
FF - prefs.js..extensions.enabledItems: {A64F9D1E-FA5E-11DA-A187-6B94C2ED2B83}:1.0.2
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20091209.4
FF - prefs.js..extensions.enabledItems: {FDD8ECF0-451A-414D-8C8F-7B7F78B0ECD3}:1.3.5
FF - prefs.js..extensions.enabledItems: {ad4ee9e5-49c7-4589-acf3-db9fa76a95c9}:2.1.4
FF - prefs.js..extensions.enabledItems: [email protected]:1.64.4
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.39
FF - prefs.js..extensions.enabledItems: {20291fcc-1471-46c8-8213-0911f5ce6d66}:1.9.2
FF - prefs.js..extensions.enabledItems: {F645A8C9-E969-42D9-B3F3-F325537222FD}:1.1.6
FF - prefs.js..extensions.enabledItems: {5e594888-3e8e-47da-b2c6-b0b545112f84}:1.2.7
FF - prefs.js..extensions.enabledItems: {7a46f9fe-4818-4837-ae4a-39c53978ae99}:1.4.6
FF - prefs.js..extensions.enabledItems: SkipScreen@SkipScreen:0.3.20091214_AMO
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.7
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.2
FF - prefs.js..extensions.enabledItems: [email protected]:2.0b7.6
FF - prefs.js..extensions.enabledItems: [email protected]:1.8
FF - prefs.js..extensions.enabledItems: [email protected]:0.07
FF - prefs.js..extensions.enabledItems: {66871bd1-5ba2-4739-b485-2a15f5969bd8}:2.090608
FF - prefs.js..extensions.enabledItems: {4a1a0a40-7d27-11dd-ad8b-0800200c9a66}:1.2
FF - prefs.js..extensions.enabledItems: Office2007Black@JBBS:1.4.6
FF - prefs.js..extensions.enabledItems: {8181B740-5255-11D9-9FF6-0090995D2DCA}:0.8.09.07.17
FF - prefs.js..extensions.enabledItems: {359faf50-e061-11dd-ad8b-0800200c9a66}:2.0.3
FF - HKLM\software\mozilla\Flock 2.5.2\extensions\\Components: C:\Program Files\Flock\components
FF - HKLM\software\mozilla\Flock 2.5.2\extensions\\Plugins: C:\Program Files\Flock\plugins
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/16 20:57:35 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/13 19:37:24 | 00,000,000 | ---D | M]
[2009/08/14 21:31:03 | 00,000,000 | ---D | M] -- C:\Users\Becky\AppData\Roaming\Mozilla\Extensions
[2009/07/24 18:17:50 | 00,000,000 | ---D | M] (No name found) -- C:\Users\Becky\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2009/08/14 21:31:03 | 00,000,000 | ---D | M] (No name found) -- C:\Users\Becky\AppData\Roaming\Mozilla\Extensions\{a463f10c-3994-11da-9945-000d60ca027b}
[2009/04/25 13:44:48 | 00,000,000 | ---D | M] -- C:\Users\Becky\AppData\Roaming\Mozilla\Extensions\[email protected]
[2010/01/20 21:36:07 | 00,000,000 | ---D | M] -- C:\Users\Becky\AppData\Roaming\Mozilla\Firefox\Profiles\oiidp5ze.default\extensions
[2009/11/22 16:15:16 | 00,000,000 | ---D | M] (Custom Download Manager) -- C:\Users\Becky\AppData\Roaming\Mozilla\Firefox\Profiles\oiidp5ze.default\extensions\{04b56b3f-c4f4-48ba-9ea1-30e04fb7d829}
[2009/08/24 18:25:51 | 00,000,000 | ---D | M] (PermaTabs Mod) -- C:\Users\Becky\AppData\Roaming\Mozilla\Firefox\Profiles\oiidp5ze.default\extensions\{20291fcc-1471-46c8-8213-0911f5ce6d66}
[2010/01/19 21:43:18 | 00,000,000 | ---D | M] (Slickerfox) -- C:\Users\Becky\AppData\Roaming\Mozilla\Firefox\Profiles\oiidp5ze.default\extensions\{359faf50-e061-11dd-ad8b-0800200c9a66}
[2009/03/20 20:44:36 | 00,000,000 | ---D | M] (Slickerfox) -- C:\Users\Becky\AppData\Roaming\Mozilla\Firefox\Profiles\oiidp5ze.default\extensions\{359faf50-e061-11dd-ad8b-0800200c9a66}(143)
[2010/01/20 21:35:43 | 00,000,000 | ---D | M] (FoxyTunes) -- C:\Users\Becky\AppData\Roaming\Mozilla\Firefox\Profiles\oiidp5ze.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
[2009/10/28 22:11:18 | 00,000,000 | ---D | M] (Stylish) -- C:\Users\Becky\AppData\Roaming\Mozilla\Firefox\Profiles\oiidp5ze.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
[2009/12/18 23:09:06 | 00,000,000 | ---D | M] (MonoChrome) -- C:\Users\Becky\AppData\Roaming\Mozilla\Firefox\Profiles\oiidp5ze.default\extensions\{4a1a0a40-7d27-11dd-ad8b-0800200c9a66}
[2009/07/08 18:23:20 | 00,000,000 | ---D | M] (Save Image in Folder) -- C:\Users\Becky\AppData\Roaming\Mozilla\Firefox\Profiles\oiidp5ze.default\extensions\{5e594888-3e8e-47da-b2c6-b0b545112f84}
[2009/09/26 13:25:37 | 00,000,000 | ---D | M] (MidnightFox) -- C:\Users\Becky\AppData\Roaming\Mozilla\Firefox\Profiles\oiidp5ze.default\extensions\{66871bd1-5ba2-4739-b485-2a15f5969bd8}
[2009/11/10 21:36:34 | 00,000,000 | ---D | M] (History Submenus) -- C:\Users\Becky\AppData\Roaming\Mozilla\Firefox\Profiles\oiidp5ze.default\extensions\{7102aba3-045c-4ec2-b921-46d87636d84b}(20)
[2010/01/20 21:35:42 | 00,000,000 | ---D | M] (NoScript) -- C:\Users\Becky\AppData\Roaming\Mozilla\Firefox\Profiles\oiidp5ze.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/07/08 18:23:20 | 00,000,000 | ---D | M] (Save Link in Folder) -- C:\Users\Becky\AppData\Roaming\Mozilla\Firefox\Profiles\oiidp5ze.default\extensions\{7a46f9fe-4818-4837-ae4a-39c53978ae99}
[2009/09/26 13:26:45 | 00,000,000 | ---D | M] (Phoenity Modern) -- C:\Users\Becky\AppData\Roaming\Mozilla\Firefox\Profiles\oiidp5ze.default\extensions\{8181B740-5255-11D9-9FF6-0090995D2DCA}
[2009/03/22 10:58:22 | 00,000,000 | ---D | M] (File Title) -- C:\Users\Becky\AppData\Roaming\Mozilla\Firefox\Profiles\oiidp5ze.default\extensions\{861c8868-e3dc-4dcb-ba2e-866901fc2be8}
[2009/09/14 21:02:04 | 00,000,000 | ---D | M] (BugMeNot) -- C:\Users\Becky\AppData\Roaming\Mozilla\Firefox\Profiles\oiidp5ze.default\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}
[2010/01/06 19:05:04 | 00,000,000 | ---D | M] (No name found) -- C:\Users\Becky\AppData\Roaming\Mozilla\Firefox\Profiles\oiidp5ze.default\extensions\{A64F9D1E-FA5E-11DA-A187-6B94C2ED2B83}
[2010/01/18 19:39:56 | 00,000,000 | ---D | M] (No name found) -- C:\Users\Becky\AppData\Roaming\Mozilla\Firefox\Profiles\oiidp5ze.default\extensions\{ad4ee9e5-49c7-4589-acf3-db9fa76a95c9}
[2009/12/29 22:22:34 | 00,000,000 | ---D | M] (BBCode) -- C:\Users\Becky\AppData\Roaming\Mozilla\Firefox\Profiles\oiidp5ze.default\extensions\{AE37D527-6604-461c-8102-975CF8053A2F}
[2010/01/09 17:27:04 | 00,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Becky\AppData\Roaming\Mozilla\Firefox\Profiles\oiidp5ze.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/10/12 22:37:33 | 00,000,000 | ---D | M] (No name found) -- C:\Users\Becky\AppData\Roaming\Mozilla\Firefox\Profiles\oiidp5ze.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2010/01/18 19:39:56 | 00,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Becky\AppData\Roaming\Mozilla\Firefox\Profiles\oiidp5ze.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009/03/17 18:17:32 | 00,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Becky\AppData\Roaming\Mozilla\Firefox\Profiles\oiidp5ze.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}(145)
[2009/12/10 07:03:07 | 00,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Becky\AppData\Roaming\Mozilla\Firefox\Profiles\oiidp5ze.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/01/09 10:57:53 | 00,000,000 | ---D | M] (QuickRestart) -- C:\Users\Becky\AppData\Roaming\Mozilla\Firefox\Profiles\oiidp5ze.default\extensions\{F645A8C9-E969-42D9-B3F3-F325537222FD}
[2009/11/10 21:36:44 | 00,000,000 | ---D | M] (ScribeFire) -- C:\Users\Becky\AppData\Roaming\Mozilla\Firefox\Profiles\oiidp5ze.default\extensions\{F807FACD-E46A-4793-B345-D58CB177673C}(21)
[2009/09/13 20:09:39 | 00,000,000 | ---D | M] (IE View Lite) -- C:\Users\Becky\AppData\Roaming\Mozilla\Firefox\Profiles\oiidp5ze.default\extensions\{FDD8ECF0-451A-414D-8C8F-7B7F78B0ECD3}
[2009/12/29 22:22:35 | 00,000,000 | ---D | M] -- C:\Users\Becky\AppData\Roaming\Mozilla\Firefox\Profiles\oiidp5ze.default\extensions\[email protected]
[2009/03/19 18:51:56 | 00,000,000 | ---D | M] -- C:\Users\Becky\AppData\Roaming\Mozilla\Firefox\Profiles\oiidp5ze.default\extensions\autopager@mozilla(135).org
[2010/01/18 19:39:56 | 00,000,000 | ---D | M] -- C:\Users\Becky\AppData\Roaming\Mozilla\Firefox\Profiles\oiidp5ze.default\extensions\[email protected]
[2010/01/20 21:35:30 | 00,000,000 | ---D | M] -- C:\Users\Becky\AppData\Roaming\Mozilla\Firefox\Profiles\oiidp5ze.default\extensions\[email protected]
[2009/09/18 19:08:00 | 00,000,000 | ---D | M] -- C:\Users\Becky\AppData\Roaming\Mozilla\Firefox\Profiles\oiidp5ze.default\extensions\[email protected]
[2009/10/26 19:49:43 | 00,000,000 | ---D | M] -- C:\Users\Becky\AppData\Roaming\Mozilla\Firefox\Profiles\oiidp5ze.default\extensions\[email protected]
[2009/11/30 20:22:01 | 00,000,000 | ---D | M] -- C:\Users\Becky\AppData\Roaming\Mozilla\Firefox\Profiles\oiidp5ze.default\extensions\[email protected]
[2009/12/18 23:08:46 | 00,000,000 | ---D | M] -- C:\Users\Becky\AppData\Roaming\Mozilla\Firefox\Profiles\oiidp5ze.default\extensions\[email protected]
[2009/09/26 13:17:43 | 00,000,000 | ---D | M] -- C:\Users\Becky\AppData\Roaming\Mozilla\Firefox\Profiles\oiidp5ze.default\extensions\[email protected]
[2009/12/11 07:20:28 | 00,000,000 | ---D | M] -- C:\Users\Becky\AppData\Roaming\Mozilla\Firefox\Profiles\oiidp5ze.default\extensions\[email protected]
[2010/01/09 17:26:54 | 00,000,000 | ---D | M] -- C:\Users\Becky\AppData\Roaming\Mozilla\Firefox\Profiles\oiidp5ze.default\extensions\Office2007Black@JBBS
[2009/09/11 06:47:09 | 00,000,000 | ---D | M] -- C:\Users\Becky\AppData\Roaming\Mozilla\Firefox\Profiles\oiidp5ze.default\extensions\[email protected]
[2009/12/18 23:09:06 | 00,000,000 | ---D | M] -- C:\Users\Becky\AppData\Roaming\Mozilla\Firefox\Profiles\oiidp5ze.default\extensions\SkipScreen@SkipScreen
[2010/01/20 21:35:43 | 00,000,000 | ---D | M] -- C:\Users\Becky\AppData\Roaming\Mozilla\Firefox\Profiles\oiidp5ze.default\extensions\staged-xpis
[2009/03/21 13:03:28 | 00,000,000 | ---D | M] -- C:\Users\Becky\AppData\Roaming\Mozilla\Firefox\Profiles\oiidp5ze.default\extensions\support@lastpass(142).com
[2010/01/09 17:27:02 | 00,000,000 | ---D | M] -- C:\Users\Becky\AppData\Roaming\Mozilla\Firefox\Profiles\oiidp5ze.default\extensions\[email protected]
[2009/11/30 20:22:01 | 00,000,000 | ---D | M] -- C:\Users\Becky\AppData\Roaming\Mozilla\Firefox\Profiles\oiidp5ze.default\extensions\[email protected]
[2010/01/20 21:35:32 | 00,000,000 | ---D | M] -- C:\Users\Becky\AppData\Roaming\Mozilla\Firefox\Profiles\oiidp5ze.default\extensions\[email protected]\chrome\mozapps\extensions
[2009/10/25 08:04:11 | 00,000,909 | ---- | M] () -- C:\Users\Becky\AppData\Roaming\Mozilla\Firefox\Profiles\oiidp5ze.default\searchplugins\allrecipes.xml
[2010/01/17 23:34:13 | 00,006,079 | ---- | M] () -- C:\Users\Becky\AppData\Roaming\Mozilla\Firefox\Profiles\oiidp5ze.default\searchplugins\bugmenot.xml
[2010/01/20 19:56:18 | 00,001,979 | ---- | M] () -- C:\Users\Becky\AppData\Roaming\Mozilla\Firefox\Profiles\oiidp5ze.default\searchplugins\flickr-cc---deriv.xml
[2010/01/17 23:34:13 | 00,001,953 | ---- | M] () -- C:\Users\Becky\AppData\Roaming\Mozilla\Firefox\Profiles\oiidp5ze.default\searchplugins\mycroft-project.xml
[2010/01/20 19:56:18 | 00,001,284 | ---- | M] () -- C:\Users\Becky\AppData\Roaming\Mozilla\Firefox\Profiles\oiidp5ze.default\searchplugins\ncbi---pubmed.xml
[2010/01/20 19:56:18 | 00,002,267 | ---- | M] () -- C:\Users\Becky\AppData\Roaming\Mozilla\Firefox\Profiles\oiidp5ze.default\searchplugins\onelook.xml
[2010/01/17 23:34:13 | 00,002,351 | ---- | M] () -- C:\Users\Becky\AppData\Roaming\Mozilla\Firefox\Profiles\oiidp5ze.default\searchplugins\retailmenot.xml
[2009/07/26 18:07:49 | 00,004,345 | ---- | M] () -- C:\Users\Becky\AppData\Roaming\Mozilla\Firefox\Profiles\oiidp5ze.default\searchplugins\search-in-qtorrents.xml
[2010/01/20 19:56:18 | 00,001,455 | ---- | M] () -- C:\Users\Becky\AppData\Roaming\Mozilla\Firefox\Profiles\oiidp5ze.default\searchplugins\the-hype-machine.xml
[2010/01/20 21:36:07 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
O1 HOSTS File: ([2010/01/18 19:42:17 | 00,000,894 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll ()
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Copernic Desktop Search - Home Toolbar) - {4A1C6093-14F9-44D7-860E-5D265CFCA9D9} - C:\Program Files\Copernic Desktop Search\Toolbar\ToolbarContainer101000311.dll (Copernic Inc.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Bluetooth Connection Assistant] File not found
O4 - HKLM..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Copernic Desktop Search - Home] C:\Program Files\Copernic Desktop Search\DesktopSearchService.exe (Copernic Inc.)
O4 - HKCU..\Run: [deskangel.exe] C:\Program Files\DeskAngel\DeskAngel.exe ()
O4 - HKCU..\Run: [DeskTopmost] C:\Program Files\Desk Topmost\HotKey.exe (Bopsoft)
O4 - HKCU..\Run: [F.lux] C:\Users\Becky\Local Settings\Apps\F.lux\flux.exe ()
O4 - HKCU..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe ()
O4 - HKCU..\Run: [fsm] File not found
O4 - HKCU..\Run: [Google Update] C:\Users\Becky\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [RoboTask Lite] C:\Program Files\RoboTask Lite\RoboTaskLite.exe (Neowise)
O4 - HKCU..\Run: [SuperF4] C:\Program Files\SuperF4\SuperF4.exe (Stefan Sundin)
O4 - Startup: C:\Users\Becky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Find And Run Robot.lnk = C:\Program Files\FindAndRunRobot\FindAndRunRobot.exe (DonationCoder.com)
O4 - Startup: C:\Users\Becky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stickies.lnk = C:\Program Files\Stickies\stickies.exe (Zhorn Software)
O4 - Startup: C:\Users\Becky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Transfz.lnk = C:\Program Files\Transfz\transfz.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarCustomize = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSearchInternetInStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisablePersonalDirChange = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 4
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSecurityTab = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogOff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoThumbnail = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCABattery = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCANetwork = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAVolume = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarCustomize = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files\Free Download Manager\dllink.htm ()
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O15 - HKLM\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 64 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitd...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - AppInit_DLLs: (C:\Windows\System32\avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O22 - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files\Stardock\Fences\FencesMenu.dll (Stardock)
O24 - Desktop WallPaper: C:\Users\Becky\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Becky\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{c45498c3-31a6-11de-86c9-001eecd5763c}\Shell\AutoRun\command - "" = F:\lmmenu.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/01/20 21:34:27 | 00,000,000 | ---D | M]
NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
OTL cannot create restorepoints on Vista OSs!
========== Files/Folders - Created Within 14 Days ==========
[2010/01/21 07:16:29 | 00,000,000 | ---D | C] -- C:\Users\Becky\Desktop\Malware and Spyware Cleaning Guide_files
[2010/01/20 23:01:35 | 00,546,816 | ---- | C] (OldTimer Tools) -- C:\Users\Becky\Desktop\OTL.exe
[2010/01/20 22:56:08 | 00,000,000 | ---D | C] -- C:\Users\Becky\Desktop\gmer
[2010/01/20 22:32:44 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/01/20 22:29:44 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Becky\Desktop\erunt_setup.exe
[2010/01/20 22:24:04 | 00,439,808 | ---- | C] (OldTimer Tools) -- C:\Users\Becky\Desktop\TFC.exe
[2010/01/20 21:55:38 | 00,472,064 | ---- | C] ( ) -- C:\Users\Becky\Desktop\RootRepeal.exe
[2010/01/20 21:31:05 | 00,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2010/01/19 23:17:41 | 00,000,000 | ---D | C] -- C:\Windows\BDOSCAN8
[2010/01/19 21:26:59 | 00,000,000 | --SD | C] -- C:\ComboFix
[2010/01/19 21:26:30 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/01/19 21:08:17 | 00,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/01/19 21:08:17 | 00,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/01/19 21:08:17 | 00,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/01/19 21:07:55 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/01/19 21:03:05 | 00,000,000 | ---D | C] -- C:\Qoobox
[2010/01/19 20:58:09 | 00,000,000 | ---D | C] -- C:\SMCLpav
[2010/01/19 19:51:24 | 00,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/01/19 19:51:17 | 00,000,000 | ---D | C] -- C:\Users\Becky\AppData\Roaming\SUPERAntiSpyware.com
[2010/01/19 19:51:17 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/01/19 19:50:34 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/01/18 20:37:11 | 01,840,232 | ---- | C] (Trend Micro) -- C:\Users\Becky\Desktop\HousecallLauncher.exe
[2010/01/18 20:15:59 | 00,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/01/18 20:03:28 | 00,000,000 | ---D | C] -- C:\Users\Becky\SecurityScans
[2010/01/18 19:20:59 | 00,000,000 | ---D | C] -- C:\Program Files\Trojan Remover
[2010/01/18 19:15:03 | 00,000,000 | ---D | C] -- C:\Users\Becky\Documents\Simply Super Software
[2010/01/18 19:14:58 | 00,000,000 | ---D | C] -- C:\Users\Becky\AppData\Roaming\Simply Super Software
[2010/01/18 19:14:58 | 00,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2010/01/17 14:28:02 | 00,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/01/17 14:27:50 | 00,333,192 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/01/17 14:27:49 | 00,028,424 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/01/17 14:27:48 | 00,000,000 | ---D | C] -- C:\Windows\System32\drivers\Avg
[2010/01/17 10:39:12 | 00,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/01/17 10:39:12 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/01/17 10:27:44 | 00,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Users\Becky\Desktop\HijackThis.exe
[2010/01/17 01:23:01 | 00,000,000 | -H-D | C] -- C:\$AVG
[2010/01/17 01:20:08 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/01/17 01:20:07 | 00,000,000 | ---D | C] -- C:\ProgramData\avg9
[2010/01/16 21:57:36 | 00,000,000 | ---D | C] -- C:\ProgramData\Panda Security(86)
[2010/01/16 16:34:27 | 00,000,000 | ---D | C] -- C:\Users\Becky\Documents\ZScreen
[2010/01/16 16:33:35 | 00,000,000 | ---D | C] -- C:\Users\Becky\AppData\Local\ZScreen
[2010/01/14 23:28:54 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/01/14 23:13:08 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2010/01/14 23:04:14 | 00,000,000 | ---D | C] -- C:\Program Files\Glary Utilities(66)
[2010/01/14 21:39:48 | 00,000,000 | ---D | C] -- C:\Users\Becky\Library
[2010/01/14 21:39:48 | 00,000,000 | ---D | C] -- C:\Users\Becky\AppData\Roaming\Apple Computer
[2010/01/14 21:39:48 | 00,000,000 | ---D | C] -- C:\Users\Becky\AppData\Local\Apple Computer
[2010/01/14 21:39:47 | 00,000,000 | ---D | C] -- C:\Users\Becky\Documents\My BN eBooks
[2010/01/14 21:34:07 | 00,000,000 | ---D | C] -- C:\Users\Becky\AppData\Roaming\Barnes & Noble
[2010/01/14 21:34:03 | 00,000,000 | ---D | C] -- C:\Program Files\Barnes & Noble
[2010/01/14 21:33:00 | 14,447,864 | ---- | C] (Barnes & Noble, Inc.) -- C:\Users\Becky\Desktop\bndr2_setup_latest.exe
[2010/01/14 07:53:06 | 00,000,000 | ---D | C] -- C:\ProgramData\HF_PCA_1.00.00.0002
[2010/01/13 22:04:13 | 00,000,000 | ---D | C] -- C:\Users\Becky\AppData\Roaming\Wuala
[2010/01/12 22:43:57 | 00,000,000 | ---D | C] -- C:\Users\Becky\Documents\Calibre
[2010/01/12 22:41:57 | 00,000,000 | ---D | C] -- C:\Users\Becky\AppData\Roaming\calibre
[2010/01/12 22:40:51 | 00,000,000 | ---D | C] -- C:\Program Files\Calibre2
[2010/01/10 09:42:39 | 00,000,000 | ---D | C] -- C:\Users\Becky\Desktop\ddsfst1
[2010/01/08 22:58:28 | 00,000,000 | ---D | C] -- C:\Users\Becky\AppData\Roaming\7stacks
[2010/01/08 22:55:32 | 00,000,000 | ---D | C] -- C:\Program Files\7stacks
[2008/08/19 01:36:25 | 00,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
========== Files - Modified Within 14 Days ==========
[2010/01/21 18:42:45 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/01/21 18:34:00 | 07,340,032 | ---- | M] () -- C:\Users\Becky\ntuser.dat
[2010/01/21 18:28:26 | 00,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1149893053-3970098636-3872158995-1003UA.job
[2010/01/21 11:22:49 | 00,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/01/21 11:22:49 | 00,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/01/21 08:07:58 | 54,461,828 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/01/21 08:01:14 | 10,326,643 | ---- | M] () -- C:\Users\Becky\Desktop\7.rtf
[2010/01/21 07:42:32 | 00,152,401 | ---- | M] () -- C:\Users\Becky\Desktop\tdsskiller.zip
[2010/01/21 07:29:11 | 00,747,142 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/01/21 07:29:11 | 00,634,088 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/01/21 07:29:11 | 00,117,244 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/01/21 07:23:01 | 00,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2010/01/21 07:22:51 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/01/21 07:21:17 | 00,524,288 | -HS- | M] () -- C:\Users\Becky\ntuser.dat{a57d1a09-26a5-11de-b808-001eecd5763c}.TMContainer00000000000000000001.regtrans-ms
[2010/01/21 07:21:17 | 00,065,536 | -HS- | M] () -- C:\Users\Becky\ntuser.dat{a57d1a09-26a5-11de-b808-001eecd5763c}.TM.blf
[2010/01/21 07:20:37 | 03,595,517 | -H-- | M] () -- C:\Users\Becky\AppData\Local\IconCache.db
[2010/01/21 07:16:41 | 00,098,219 | ---- | M] () -- C:\Users\Becky\Desktop\Malware and Spyware Cleaning Guide.html
[2010/01/20 23:53:00 | 00,021,504 | ---- | M] () -- C:\Users\Becky\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/20 23:01:36 | 00,546,816 | ---- | M] (OldTimer Tools) -- C:\Users\Becky\Desktop\OTL.exe
[2010/01/20 23:00:02 | 00,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1149893053-3970098636-3872158995-1003Core.job
[2010/01/20 22:32:44 | 00,000,737 | ---- | M] () -- C:\Users\Becky\Desktop\NTREGOPT.lnk
[2010/01/20 22:32:44 | 00,000,718 | ---- | M] () -- C:\Users\Becky\Desktop\ERUNT.lnk
[2010/01/20 22:29:46 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Becky\Desktop\erunt_setup.exe
[2010/01/20 22:24:06 | 00,439,808 | ---- | M] (OldTimer Tools) -- C:\Users\Becky\Desktop\TFC.exe
[2010/01/20 22:12:44 | 00,000,000 | ---- | M] () -- C:\Users\Becky\Desktop\settings.dat
[2010/01/20 21:55:49 | 00,472,064 | ---- | M] ( ) -- C:\Users\Becky\Desktop\RootRepeal.exe
[2010/01/20 20:42:36 | 00,014,140 | ---- | M] () -- C:\Users\Becky\Desktop\mc20.png
[2010/01/20 20:35:54 | 00,019,251 | ---- | M] () -- C:\Users\Becky\Desktop\dwb.png
[2010/01/19 19:34:36 | 00,000,086 | ---- | M] () -- C:\Users\Becky\Desktop\A guide and tutorial on using ComboFix.url
[2010/01/19 19:28:35 | 07,520,288 | ---- | M] () -- C:\Users\Becky\Desktop\SUPERAntiSpyware.exe
[2010/01/19 18:52:46 | 00,142,495 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2010/01/19 08:25:09 | 00,000,131 | ---- | M] () -- C:\Users\Becky\Desktop\ESET - Eset Online Scanner.url
[2010/01/18 21:59:00 | 00,000,472 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/01/18 20:37:15 | 01,840,232 | ---- | M] (Trend Micro) -- C:\Users\Becky\Desktop\HousecallLauncher.exe
[2010/01/18 19:42:17 | 00,000,894 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/01/18 19:22:45 | 00,000,894 | ---- | M] () -- C:\Windows\System32\drivers\etc\HOSTS.TRB
[2010/01/17 14:28:02 | 00,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/01/17 14:27:51 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/01/17 14:27:49 | 00,113,461 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2010/01/17 14:27:49 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/01/17 14:27:48 | 06,061,540 | ---- | M] () -- C:\Windows\System32\drivers\Avg\avi7.avg
[2010/01/17 14:27:48 | 00,492,629 | ---- | M] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
[2010/01/17 10:27:45 | 00,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Users\Becky\Desktop\HijackThis.exe
[2010/01/16 10:19:50 | 00,069,042 | ---- | M] () -- C:\Users\Becky\Desktop\79958.pdf
[2010/01/15 23:05:36 | 00,919,348 | ---- | M] () -- C:\Users\Becky\Desktop\Wishbone.pdf
[2010/01/15 23:05:32 | 00,873,133 | ---- | M] () -- C:\Users\Becky\Desktop\7.pdf
[2010/01/15 23:05:26 | 00,241,355 | ---- | M] () -- C:\Users\Becky\Desktop\world.pdf
[2010/01/15 23:05:21 | 00,301,143 | ---- | M] () -- C:\Users\Becky\Desktop\hangedman.pdf
[2010/01/15 22:35:19 | 00,212,904 | ---- | M] () -- C:\Users\Becky\Desktop\cityofthedog.pdf
[2010/01/14 21:33:56 | 14,447,864 | ---- | M] (Barnes & Noble, Inc.) -- C:\Users\Becky\Desktop\bndr2_setup_latest.exe
[2010/01/11 08:00:22 | 00,001,373 | ---- | M] () -- C:\Users\Becky\Desktop\Documents.lnk
[2010/01/09 16:08:08 | 01,024,256 | ---- | M] () -- C:\Users\Becky\Desktop\79955.pdf
========== Files Created - No Company Name ==========
[2010/01/21 08:01:02 | 10,326,643 | ---- | C] () -- C:\Users\Becky\Desktop\7.rtf
[2010/01/21 07:42:30 | 00,152,401 | ---- | C] () -- C:\Users\Becky\Desktop\tdsskiller.zip
[2010/01/21 07:16:28 | 00,098,219 | ---- | C] () -- C:\Users\Becky\Desktop\Malware and Spyware Cleaning Guide.html
[2010/01/20 22:32:44 | 00,000,737 | ---- | C] () -- C:\Users\Becky\Desktop\NTREGOPT.lnk
[2010/01/20 22:32:44 | 00,000,718 | ---- | C] () -- C:\Users\Becky\Desktop\ERUNT.lnk
[2010/01/20 22:12:44 | 00,000,000 | ---- | C] () -- C:\Users\Becky\Desktop\settings.dat
[2010/01/20 20:40:27 | 00,014,140 | ---- | C] () -- C:\Users\Becky\Desktop\mc20.png
[2010/01/20 20:35:54 | 00,019,251 | ---- | C] () -- C:\Users\Becky\Desktop\dwb.png
[2010/01/19 21:08:17 | 00,261,632 | ---- | C] () -- C:\Windows\PEV.exe
[2010/01/19 21:08:17 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/01/19 21:08:17 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/01/19 21:08:17 | 00,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/01/19 21:08:17 | 00,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/01/19 19:34:36 | 00,000,086 | ---- | C] () -- C:\Users\Becky\Desktop\A guide and tutorial on using ComboFix.url
[2010/01/19 19:28:12 | 07,520,288 | ---- | C] () -- C:\Users\Becky\Desktop\SUPERAntiSpyware.exe
[2010/01/19 08:25:09 | 00,000,131 | ---- | C] () -- C:\Users\Becky\Desktop\ESET - Eset Online Scanner.url
[2010/01/18 19:15:03 | 00,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll
[2010/01/18 19:15:03 | 00,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll
[2010/01/18 19:15:03 | 00,075,264 | ---- | C] () -- C:\Windows\System32\unacev2.dll
[2010/01/18 19:15:02 | 00,153,088 | ---- | C] () -- C:\Windows\System32\unrar3.dll
[2010/01/17 14:27:49 | 00,113,461 | ---- | C] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2010/01/17 14:27:48 | 54,461,828 | ---- | C] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/01/17 14:27:48 | 06,061,540 | ---- | C] () -- C:\Windows\System32\drivers\Avg\avi7.avg
[2010/01/17 14:27:48 | 00,492,629 | ---- | C] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
[2010/01/17 14:27:48 | 00,142,495 | ---- | C] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2010/01/16 10:19:50 | 00,069,042 | ---- | C] () -- C:\Users\Becky\Desktop\79958.pdf
[2010/01/15 23:05:31 | 00,919,348 | ---- | C] () -- C:\Users\Becky\Desktop\Wishbone.pdf
[2010/01/15 23:05:27 | 00,873,133 | ---- | C] () -- C:\Users\Becky\Desktop\7.pdf
[2010/01/15 23:05:24 | 00,241,355 | ---- | C] () -- C:\Users\Becky\Desktop\world.pdf
[2010/01/15 23:05:20 | 00,301,143 | ---- | C] () -- C:\Users\Becky\Desktop\hangedman.pdf
[2010/01/15 22:35:18 | 00,212,904 | ---- | C] () -- C:\Users\Becky\Desktop\cityofthedog.pdf
[2010/01/09 16:08:05 | 01,024,256 | ---- | C] () -- C:\Users\Becky\Desktop\79955.pdf
[2009/12/29 20:38:05 | 00,000,071 | ---- | C] () -- C:\Windows\Parameters.ini
[2009/11/13 20:57:37 | 00,001,198 | ---- | C] () -- C:\Windows\runit.ini
[2009/10/25 13:25:43 | 00,002,622 | ---- | C] () -- C:\Users\Becky\AppData\Roaming\SerialClonerPrefs
[2009/10/11 14:56:36 | 00,000,760 | ---- | C] () -- C:\Users\Becky\AppData\Roaming\setup_ldm.iss
[2009/10/11 10:26:31 | 00,000,148 | ---- | C] () -- C:\Windows\rss.INI
[2009/09/13 12:03:35 | 00,000,093 | ---- | C] () -- C:\Users\Becky\AppData\Local\fusioncache.dat
[2009/09/05 21:21:06 | 00,000,175 | ---- | C] () -- C:\Windows\cedt.INI
[2009/09/04 19:53:38 | 00,000,267 | ---- | C] () -- C:\Users\Becky\AppData\Roaming\BlazeTextTools.xml
[2009/08/14 20:38:44 | 00,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009/07/31 17:47:41 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/07/26 11:50:46 | 00,000,109 | ---- | C] () -- C:\Windows\Papel.ini
[2009/07/04 18:01:31 | 00,745,472 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/07/04 18:01:31 | 00,440,320 | ---- | C] () -- C:\Windows\System32\x264vfw.dll
[2009/07/04 18:01:31 | 00,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/07/03 20:05:43 | 00,139,456 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009/06/21 09:58:12 | 00,000,412 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2009/05/31 19:07:05 | 00,020,520 | ---- | C] () -- C:\Program Files\init.dat
[2009/05/29 20:19:40 | 00,721,904 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009/05/04 19:44:35 | 00,138,056 | ---- | C] () -- C:\Users\Becky\AppData\Roaming\PnkBstrK.sys
[2009/04/11 08:38:27 | 00,000,140 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/03/29 22:12:37 | 00,000,058 | ---- | C] () -- C:\Users\Becky\AppData\Local\DonationCoder_LaunchBarCommander_InstallInfo.dat
[2009/03/29 21:50:27 | 00,021,504 | ---- | C] () -- C:\Users\Becky\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/28 23:31:08 | 00,000,600 | ---- | C] () -- C:\Users\Becky\AppData\Local\PUTTY.RND
[2009/01/05 15:44:10 | 00,000,453 | ---- | C] () -- C:\Windows\bdoscandellang.ini
[2008/12/04 10:26:15 | 00,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2008/12/04 10:26:15 | 00,000,036 | ---- | C] () -- C:\Windows\PidList.ini
[2008/08/19 01:35:09 | 00,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1527.dll
[2008/08/19 01:33:49 | 00,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008/08/19 01:33:49 | 00,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008/08/19 01:28:11 | 00,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2008/08/19 01:16:48 | 00,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2007/11/06 15:19:28 | 00,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2006/11/02 07:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005/10/27 20:09:58 | 00,015,649 | ---- | C] () -- C:\Windows\System32\mingwm10.dll
[2001/12/26 18:12:30 | 00,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/11/14 15:56:00 | 01,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[2001/09/04 01:46:38 | 00,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/30 18:33:56 | 00,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/24 00:04:36 | 00,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
========== LOP Check ==========
[2009/05/03 00:10:57 | 00,000,000 | -HSD | M] -- C:\Users\Becky\AppData\Roaming\.#
[2010/01/08 22:58:28 | 00,000,000 | ---D | M] -- C:\Users\Becky\AppData\Roaming\7stacks
[2009/03/09 17:04:24 | 00,000,000 | ---D | M] -- C:\Users\Becky\AppData\Roaming\Acer
[2009/04/18 16:13:11 | 00,000,000 | ---D | M] -- C:\Users\Becky\AppData\Roaming\Amazon
[2009/06/19 07:05:18 | 00,000,000 | ---D | M] -- C:\Users\Becky\AppData\Roaming\ArcticLine
[2009/12/22 22:46:09 | 00,000,000 | ---D | M] -- C:\Users\Becky\AppData\Roaming\Artweaver
[2009/06/01 19:29:52 | 00,000,000 | ---D | M] -- C:\Users\Becky\AppData\Roaming\Aveyond II
[2010/01/14 21:34:07 | 00,000,000 | ---D | M] -- C:\Users\Becky\AppData\Roaming\Barnes & Noble
[2009/09/26 18:31:11 | 00,000,000 | ---D | M] -- C:\Users\Becky\AppData\Roaming\Batovi
[2009/09/22 19:42:12 | 00,000,000 | ---D | M] -- C:\Users\Becky\AppData\Roaming\Blaze
[2009/06/09 20:04:50 | 00,000,000 | ---D | M] -- C:\Users\Becky\AppData\Roaming\BMG
[2010/01/12 23:15:20 | 00,000,000 | ---D | M] -- C:\Users\Becky\AppData\Roaming\calibre
[2009/08/09 14:30:04 | 00,000,000 | ---D | M] -- C:\Users\Becky\AppData\Roaming\Canon
[2009/10/24 17:07:54 | 00,000,000 | ---D | M] -- C:\Users\Becky\AppData\Roaming\com.livebrush.2205ABAA7E8202CDC1251B1FA1E879364B7BAB52.1
[2009/06/26 19:32:54 | 00,000,000 | ---D | M] -- C:\Users\Becky\AppData\Roaming\CometNetwork
[2009/04/24 22:37:44 | 00,000,000 | ---D | M] -- C:\Users\Becky\AppData\Roaming\Copernic
[2009/04/03 19:43:17 | 00,000,000 | ---D | M] -- C:\Users\Becky\AppData\Roaming\Direct Folders
[2009/12/06 21:20:56 | 00,000,000 | ---D | M] -- C:\Users\Becky\AppData\Roaming\Doit.im.2A4FBC65A8766CA36EFEAC67D621E1CEDF0FC84D.1
[2009/03/29 22:12:37 | 00,000,000 | ---D | M] -- C:\Users\Becky\AppData\Roaming\DonationCoder
[2010/01/17 10:26:09 | 00,000,000 | ---D | M] -- C:\Users\Becky\AppData\Roaming\Dropbox
[2009/05/31 21:55:36 | 00,000,000 | ---D | M] -- C:\Users\Becky\AppData\Roaming\EternalEden
[2009/06/23 21:20:17 | 00,000,000 | ---D | M] -- C:\Users\Becky\AppData\Roaming\FarrWindowsSearch
[2009/11/22 11:45:19 | 00,000,000 | ---D | M] -- C:\Users\Becky\AppData\Roaming\FileZilla
[2010/01/21 18:38:11 | 00,000,000 | ---D | M] -- C:\Users\Becky\AppData\Roaming\Free Download Manager
[2009/07/07 21:50:26 | 00,000,000 | ---D | M] -- C:\Users\Becky\AppData\Roaming\GlarySoft
[2009/06/21 16:20:12 | 00,000,000 | ---D | M] -- C:\Users\Becky\AppData\Roaming\GraphPad Software
[2009/06/04 20:06:43 | 00,000,000 | ---D | M] -- C:\Users\Becky\AppData\Roaming\gtk-2.0
[2009/03/09 22:31:21 | 00,000,000 | ---D | M] -- C:\Users\Becky\AppData\Roaming\Hulubulu
[2010/01/17 10:13:48 | 00,000,000 | ---D | M] -- C:\Users\Becky\AppData\Roaming\IrfanView
[2009/03/28 22:48:30 | 00,000,000 | ---D | M] -- C:\Users\Becky\AppData\Roaming\IsolatedStorage
[2009/04/19 21:27:26 | 00,000,000 | ---D | M] -- C:\Users\Becky\AppData\Roaming\JGsoft
[2009/09/23 20:36:39 | 00,000,000 | ---D | M] -- C:\Users\Becky\AppData\Roaming\KompoZer
[2009/06/01 20:50:16 | 00,000,000 | ---D | M] -- C:\Users\Becky\AppData\Roaming\LaxiusForce
[2009/03/09 17:04:20 | 00,000,000 | ---D | M] -- C:\Users\Becky\AppData\Roaming\Leadertech
[2009/10/01 22:16:30 | 00,000,000 | ---D | M] -- C:\Users\Becky\AppData\Roaming\LopeSoft
[2010/01/17 10:13:48 | 00,000,000 | ---D | M] -- C:\Users\Becky\AppData\Roaming\Mp3tag
[2009/10/22 19:57:33 | 00,000,000 | ---D | M] -- C:\Users\Becky\AppData\Roaming\OOo4Kids
[2009/05/01 23:17:28 | 00,000,000 | ---D | M] -- C:\Users\Becky\AppData\Roaming\OpenOffice.org
[2010/01/19 20:58:21 | 00,000,000 | ---D | M] -- C:\Users\Becky\AppData\Roaming\Panda Security
[2009/12/06 21:22:39 | 00,000,000 | ---D | M] -- C:\Users\Becky\AppData\Roaming\PhiTodo.3B3629BD028127543EA8A5398070EB87B546B2BE.1
[2009/03/26 21:38:30 | 00,000,000 | ---D | M] -- C:\Users\Becky\AppData\Roaming\PlayFirst
[2009/11/13 21:10:15 | 00,000,000 | ---D | M] -- C:\Users\Becky\AppData\Roaming\runic games
[2009/06/21 09:58:04 | 00,000,000 | ---D | M] -- C:\Users\Becky\AppData\Roaming\ScanSoft
[2009/10/25 13:25:43 | 00,000,000 | ---D | M] -- C:\Users\Becky\AppData\Roaming\SerialCloner
[2009/03/22 15:30:51 | 00,000,000 | ---D | M] -- C:\Users\Becky\AppData\Roaming\Serif
[2009/10/20 21:06:18 | 00,000,000 | ---D | M] -- C:\Users\Becky\AppData\Roaming\signo
[2010/01/18 19:20:59 | 00,000,000 | ---D | M] -- C:\Users\Becky\AppData\Roaming\Simply Super Software
[2009/07/12 15:55:55 | 00,000,000 | ---D | M] -- C:\Users\Becky\AppData\Roaming\SMOz
[2010/01/17 10:13:48 | 00,000,000 | ---D | M] -- C:\Users\Becky\AppData\Roaming\Software Informer
[2009/11/28 20:01:33 | 00,000,000 | ---D | M] -- C:\Users\Becky\AppData\Roaming\Spacejock Software
[2010/01/13 22:33:55 | 00,000,000 | ---D | M] -- C:\Users\Becky\AppData\Roaming\SpiderOak
[2009/05/29 20:54:51 | 00,000,000 | ---D | M] -- C:\Users\Becky\AppData\Roaming\StarBurn
[2009/09/01 19:08:24 | 00,000,000 | ---D | M] -- C:\Users\Becky\AppData\Roaming\Stardock
[2010/01/21 07:26:02 | 00,000,000 | ---D | M] -- C:\Users\Becky\AppData\Roaming\stickies
[2009/10/16 22:27:06 | 00,000,000 | ---D | M] -- C:\Users\Becky\AppData\Roaming\Sublime Text
[2009/05/02 13:27:01 | 00,000,000 | ---D | M] -- C:\Users\Becky\AppData\Roaming\Technology Lighthouse
[2009/06/19 22:05:30 | 00,000,000 | ---D | M] -- C:\Users\Becky\AppData\Roaming\TeraCopy
[2009/03/16 20:14:56 | 00,000,000 | ---D | M] -- C:\Users\Becky\AppData\Roaming\TheLastRipper
[2009/07/24 18:17:50 | 00,000,000 | ---D | M] -- C:\Users\Becky\AppData\Roaming\Thunderbird
[2009/08/08 14:20:31 | 00,000,000 | ---D | M] -- C:\Users\Becky\AppData\Roaming\tidysongs15.27F6A35B76E5883BF9E6FEE514586561E60595CA.1
[2009/06/09 21:02:42 | 00,000,000 | ---D | M] -- C:\Users\Becky\AppData\Roaming\Tracker Software
[2009/12/21 18:44:02 | 00,000,000 | ---D | M] -- C:\Users\Becky\AppData\Roaming\Transfz
[2009/05/03 16:18:09 | 00,000,000 | ---D | M] -- C:\Users\Becky\AppData\Roaming\TreeDBNotes 3
[2009/05/01 23:01:06 | 00,000,000 | ---D | M] -- C:\Users\Becky\AppData\Roaming\TreeSheetsdbs
[2009/09/21 22:42:41 | 00,000,000 | ---D | M] -- C:\Users\Becky\AppData\Roaming\Trellian
[2009/11/22 12:19:02 | 00,000,000 | ---D | M] -- C:\Users\Becky\AppData\Roaming\uTorrent
[2010/01/14 23:04:38 | 00,000,000 | ---D | M] -- C:\Users\Becky\AppData\Roaming\Wuala
[2009/03/29 12:34:33 | 00,000,000 | ---D | M] -- C:\Users\Becky\AppData\Roaming\Zoundry
[2010/01/18 21:59:00 | 00,000,472 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2010/01/21 07:21:23 | 00,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< MD5 for: AGP440.SYS >
[2008/01/20 21:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/20 21:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/20 21:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/20 21:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/20 21:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 04:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
< MD5 for: ATAPI.SYS >
[2010/01/21 08:47:35 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 01:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 01:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/20 21:23:00 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/20 21:23:00 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 04:49:36 | 00,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
< MD5 for: CNGAUDIT.DLL >
[2006/11/02 04:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 04:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
< MD5 for: IASTORV.SYS >
[2008/01/20 21:23:23 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008/01/20 21:23:23 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/20 21:23:23 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 04:51:25 | 00,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
< MD5 for: NETLOGON.DLL >
[2009/04/11 01:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 01:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/20 21:24:05 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
< MD5 for: NVSTOR.SYS >
[2006/11/02 04:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/20 21:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/20 21:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/20 21:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
< MD5 for: SCECLI.DLL >
[2008/01/20 21:24:50 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009/04/11 01:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/11 01:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\Tasks\*.job /lockedfiles >
========== Alternate Data Streams ==========
@Alternate Data Stream - 209 bytes -> C:\ProgramData\TEMP:B1FBBD09
@Alternate Data Stream - 192 bytes -> C:\ProgramData\TEMP:77423EAD
@Alternate Data Stream - 177 bytes -> C:\ProgramData\TEMP:3B881C43
@Alternate Data Stream - 170 bytes -> C:\ProgramData\TEMP:0766416E
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:CB0AACC9
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5C321E34
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:A4076A3B
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:284D1EE4
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:663B62CA
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:DFC5A2B2
< End of report >
OTL Extras logfile created on: 1/21/2010 8:08:32 AM - Run 1
OTL by OldTimer - Version 3.1.25.3 Folder = C:\Users\Becky\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18865)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 58.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69.52 Gb Total Space | 26.84 Gb Free Space | 38.60% Space Free | Partition Type: NTFS
Drive D: | 69.52 Gb Total Space | 10.48 Gb Free Space | 15.08% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: HAKKAI
Current User Name: Becky
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.txt [@ = txtfile] -- C:\Program Files\EditPadLite\EditPadLite.exe (Just Great Software)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1149893053-3970098636-3872158995-1003]
"EnableNotifications" = 1
"EnableNotificationsRef" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{28ADEDE1-A4D5-42D8-9B05-BF7C283C4061}" = lport=22459 | protocol=6 | dir=in | name=spport |
"{28ADEDE1-A4D5-42D8-9B05-BF7C283C4062}" = lport=22459 | protocol=6 | dir=out | name=spport |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0961EB46-2747-425E-AB47-9C7AAE132EBC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0E70AA08-4956-4F43-A483-8F69B780D548}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0E8913B3-42F1-4099-86CD-D3C081A2C36E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0E9A3660-69A8-4CB8-A2E4-E505D12AFAE3}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{19015552-E1DA-4F23-B74F-24A5D9630AA3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{192B1262-C3B4-4840-BCDD-F562EE75119C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1CB85B05-610E-4CC8-8F52-DE0C6D044C98}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2452F407-ADEB-4E39-941A-7FDE0D067519}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{28ADEDE1-A4D5-42D8-9B05-BF7C283C4059}" = protocol=6 | dir=in | app=c:\windows\system32\svchost.exe |
"{28ADEDE1-A4D5-42D8-9B05-BF7C283C4060}" = protocol=6 | dir=out | app=c:\windows\system32\svchost.exe |
"{29B98F52-F670-48B1-937B-5FA9DB0988CE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2D844B14-6D42-413C-9363-7DFD4767C477}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2EE6F0C6-56A3-4307-85BC-9B296B4D00C2}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{41FBD61C-4BE4-421C-9E60-A65591F69AB0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{452837CF-41C5-4693-8A08-E12A56D0342C}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"{46E1331E-CA9B-451A-BBD7-81FEB277DAC1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{50CB3BED-FB15-4CEF-A97A-4A9F067933C7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{59BC6B42-2340-4A60-B572-0E344BD3A5E7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5BC8425E-9A93-4EB7-9F3A-9FA97FED6CB4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5FD7B70A-D0BD-4D1C-BED9-D51D44854962}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5FE9278A-4D25-40A8-A39E-6D6F4FD3B262}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6452FA45-A268-4CD5-A1A1-C3B705F9A22D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{70C24CC6-B852-4EA9-8AE2-95CC0A60C6AE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{742AB0D0-86F6-4823-90D3-42F790841BF4}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{82D36C45-A868-4758-87A5-4421ECA182BE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8B18731D-652D-49A3-80DD-DBC4AF351725}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9ABDD1D5-8A00-4AD9-A46F-BF2F3ABE413D}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{9ED0F282-D137-4753-B22C-4049CF478D04}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9EF33390-573A-4E12-8B93-86FA5B71F37D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A77A8D9E-5382-4E42-8ADD-A6E7A04C22F8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AA8114F8-CDED-4517-9601-148665947523}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AC4DA46A-53F0-4038-8926-81303525F171}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B1641EAE-8606-4AB4-AAF2-80CB2BD92557}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B72D50CC-F0EC-4BB5-8E65-46FC59EB101E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B980CD95-EA66-4AD9-A7D0-76C530C1CB90}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DB4D074F-ED71-4130-967A-0693CA39942F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E0E37EA6-85E9-409F-8BD9-D3C2D6B330F9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F2F79AD8-2F66-4B5F-95FB-837339C84646}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{F5941201-99B5-4268-9C42-9763DCF88649}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F7F2057B-E9EE-4A08-B8B4-9AD3F255DE4A}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"TCP Query User{2EB1764A-6C59-403E-BBB4-0C00E3ED9067}C:\program files\kiteplayer\kiteplayer\kiteplayer.exe" = protocol=6 | dir=in | app=c:\program files\kiteplayer\kiteplayer\kiteplayer.exe |
"TCP Query User{3F071C98-E3BF-40BF-ADB7-5C98258CA6AF}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"TCP Query User{6E3320F6-F05F-4536-9635-7A090DC1AC2F}C:\program files\shock utility\shocksticker\shocksticker.exe" = protocol=6 | dir=in | app=c:\program files\shock utility\shocksticker\shocksticker.exe |
"TCP Query User{791E8174-58BB-4A82-99CA-FBE8F78F9ECC}C:\users\becky\desktop\utorrent.exe" = protocol=6 | dir=in | app=c:\users\becky\desktop\utorrent.exe |
"TCP Query User{A81B59EF-86DF-48FC-A35F-AC6981C60771}C:\program files\free music zilla\fmzilla.exe" = protocol=6 | dir=in | app=c:\program files\free music zilla\fmzilla.exe |
"TCP Query User{B90F2C6E-D48B-4B55-8BC2-9DFFFE759400}C:\users\becky\appdata\roaming\wuala\wuala.exe" = protocol=6 | dir=in | app=c:\users\becky\appdata\roaming\wuala\wuala.exe |
"TCP Query User{DA628182-99BB-4739-9997-A22A275B25F6}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{DEDA5AAC-244F-46B5-9866-BF0E7D843865}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{1AF2655B-04F2-4E72-9ECA-71A676A054D6}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"UDP Query User{353D226A-9E3A-4D78-9491-2C6A31E948F7}C:\program files\free music zilla\fmzilla.exe" = protocol=17 | dir=in | app=c:\program files\free music zilla\fmzilla.exe |
"UDP Query User{3C41573D-84D1-4279-B17B-0F9C1EB02BE1}C:\users\becky\desktop\utorrent.exe" = protocol=17 | dir=in | app=c:\users\becky\desktop\utorrent.exe |
"UDP Query User{4654AD53-DE86-47D9-96BB-397ED28193B0}C:\program files\shock utility\shocksticker\shocksticker.exe" = protocol=17 | dir=in | app=c:\program files\shock utility\shocksticker\shocksticker.exe |
"UDP Query User{77E62E79-08AA-42FB-894A-2BDD73DE9080}C:\users\becky\appdata\roaming\wuala\wuala.exe" = protocol=17 | dir=in | app=c:\users\becky\appdata\roaming\wuala\wuala.exe |
"UDP Query User{7D38A9F8-6AD7-41BE-B861-34EC1875A9D8}C:\program files\kiteplayer\kiteplayer\kiteplayer.exe" = protocol=17 | dir=in | app=c:\program files\kiteplayer\kiteplayer\kiteplayer.exe |
"UDP Query User{B89FA75D-895C-41E4-BC27-56F4527F9B28}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{BBCC78EB-D7FD-4A4C-BD7F-2929F3DB6F43}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.6400
"{10CD364B-FFCC-48BE-B469-B9622A033075}" = Fences
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP470_series" = Canon MP470 series
"{1235083F-52F9-44CC-9DF5-F9B7802BB9B7}" = ISO Recorder
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java 6 Update 17
"{28C94A34-BE03-4EE0-9692-0499577D3838}" = Livebrush Lite
"{4D8B25F4-855F-4D39-9486-4DCC3AAB3436}_is1" = RoboTask Lite 3.0
"{53AD2725-3987-4FE6-B4E0-D4F4E43DE7A0}" = OpenOffice.org 3.0
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{627F29F8-D860-4009-AC79-7D5555597936}" = Signo
"{6B34251B-AB68-4b47-AA5E-09B50EFE41A0}" = Battlefield Heroes (PTE)
"{7243DE6E-F9EA-4DE2-9B29-6163CD375EBF}" = calibre
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{867A28FF-872D-4177-A457-E3636EA03F69}" = GraphPad Prism 5 Viewer
"{8D273DE5-ABFA-4BD0-A9D7-EE9C971438C4}_is1" = PDF-Viewer
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CB3F842-DAF1-414A-B65B-AE8A7EDE4985}_is1" = TubeMaster++ 1.5
"{9DA8FB24-AC71-4C4B-B10B-9675FAA45733}" = LJ-SecInstall
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A212E6C2-20F7-4A8E-BD8E-DC3EE7483FA2}" = PRS-500 USB driver
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A64A5576-D862-44F8-89DC-2B17FCC9B86E}" = Broadcom Gigabit Integrated Controller
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam 2.0.8
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{CF91A5A9-F10D-433D-A677-9505B84EAF1B}" = Stardock Impulse
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D9B5F278-904D-4AA8-A5C8-37BFD91AAD38}" = MetatOGGer
"{DEE88727-779B-47A9-ACEF-F87CA5F92A65}" = ScanSoft OmniPage SE 4
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = AusLogics Disk Defrag
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{EEC010D0-1252-4E1D-BAD9-F1B8F414535C}" = PL-2303 Vista Driver Installer
"{EF6E933E-760B-40EA-8E00-E6DE3482F472}_is1" = 7stacks 1.5 beta 1
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6C84ED7-9CAC-423b-9E00-C9BFAFBD0593}_is1" = RadioGet 1.3.8
"75070B1806113224B16C70296B90DD1AD8A53479" = Windows Driver Package - Sony Corporation (PRSUSB) USB (08/08/2006 1.0.03.08080)
"Acer Assist" = Acer Assist
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AFE37E47-37E7-435a-A665-729806B98AEF_is1" = PTFB Pro 3.6.0.1
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.3
"AVG9Uninstall" = AVG Free 9.0
"BFGC" = Big Fish Games Client
"BFG-Plants vs. Zombies" = Plants vs. Zombies
"BN_DesktopReader" = Barnes & Noble Desktop Reader
"Canon MP470 series User Registration" = Canon MP470 series User Registration
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"CleanMem1.3.0" = CleanMem
"CNXT_MODEM_HDAUDIO_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"com.livebrush.2205ABAA7E8202CDC1251B1FA1E879364B7BAB52.1" = Livebrush Lite
"CopernicDesktopSearch2" = Copernic Desktop Search - Home
"Desk Topmost_is1" = Desk Topmost 1.00
"DeskAngel" = DeskAngel 2.2.1.27
"doPDF 6 printer_is1" = doPDF 6.3 printer
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"EditPad Lite" = Just Great Software EditPad Lite 6.4.5
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"Eternal Eden Free Trial_is1" = Eternal Eden Free Trial
"ExtractNow_is1" = ExtractNow
"Fences" = Fences
"Find and Run Robot_is1" = Find+Run Robot 2.66.01
"Folder Marker_is1" = Folder Marker Home v 3.0
"FoxyTunesForFirefox" = FoxyTunes for Firefox
"Free Download Manager_is1" = Free Download Manager 2.1
"HDMI" = Intel® Graphics Media Accelerator Driver
"InfoTag Magic 1.0" = InfoTag Magic 1.0
"IrfanView" = IrfanView (remove only)
"Laxius Force Free Trial_is1" = Laxius Force Free Trial
"ljArchive" = ljArchive
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaMonkey_is1" = MediaMonkey 3.0
"MetatOGGer" = MetatOGGer
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MMConvert_is1" = MMConvert 1.0.5.236 Beta
"Mozilla ActiveX Control v1.7.12" = Mozilla ActiveX Control v1.7.12
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"MP3Diags" = MP3 Diags
"Mp3tag" = Mp3tag v2.45
"NavRoad HTML Viewer_is1" = NavRoad v7.00
"NCU-Parwez-DeinstKey" = NCU
"OpenAL" = OpenAL
"pdfsam" = pdfsam
"PeerGuardian_is1" = PeerGuardian 2.0
"PhotoFiltre" = PhotoFiltre
"PunkBusterSvc" = PunkBuster Services
"Q10" = Q10 Editor
"Revo Uninstaller" = Revo Uninstaller 1.85
"RoughDraft" = RoughDraft 3.0
"Runic Games Torchlight" = Torchlight
"SDEFree_is1" = SkyDrive Explorer 1.0 Beta
"Semagic" = Semagic (remove only)
"Software Informer_is1" = Software Informer 1.0 BETA
"SpiderOak" = SpiderOak
"SpywareBlaster_is1" = SpywareBlaster 4.2
"StarBurn(GiveAwayOfTheDay)_is1" = StarBurn(GiveAwayOfTheDay) Version 12 (Build 0x20090527)
"Stardock Impulse" = Stardock Impulse
"Stickies 6.7a" = Stickies 6.7a
"Sublime Text_is1" = Sublime Text 1.2.2
"SuperF4" = SuperF4
"The KMPlayer" = The KMPlayer (remove only)
"tintii" = indii.org/tintii
"Transfz" = Transfz 1.22 BETA
"TreeDBNotes 3" = TreeDBNotes 3
"Trojan Remover_is1" = Trojan Remover 6.8.1
"Unlocker" = Unlocker 1.8.7
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinPcapInst" = WinPcap 4.0.2
"yWriter5_is1" = yWriter5
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0D025345-1033-4F35-A5CE-68CDCDE6CC03}" = Evernote
"Dropbox" = Dropbox
"f740c7c8e17bc1c1" = thoughtex
"FileZilla Client" = FileZilla Client 3.2.2.1
"Flux" = F.lux
"Google Chrome" = Google Chrome
"Spirits of Metropolis v1.10" = Spirits of Metropolis v1.10
"WinDirStat" = WinDirStat 1.1.2
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 1/14/2010 11:36:22 PM | Computer Name = Hakkai | Source = VSS | ID = 8194
Description =
Error - 1/14/2010 11:40:05 PM | Computer Name = Hakkai | Source = MsiInstaller | ID = 10005
Description =
Error - 1/14/2010 11:40:33 PM | Computer Name = Hakkai | Source = VSS | ID = 8194
Description =
Error - 1/14/2010 11:42:02 PM | Computer Name = Hakkai | Source = VSS | ID = 8194
Description =
Error - 1/14/2010 11:46:10 PM | Computer Name = Hakkai | Source = VSS | ID = 8194
Description =
Error - 1/14/2010 11:50:07 PM | Computer Name = Hakkai | Source = Application Error | ID = 1000
Description = Faulting application Explorer.EXE, version 6.0.6002.18005, time stamp
0x49e01da5, faulting module DesktopDock.dll, version 1.0.0.0, time stamp 0x4ac5327d,
exception code 0xc0000005, fault offset 0x0004388d, process id 0xb54, application
start time 0x01ca94461f92e0c5.
Error - 1/14/2010 11:56:29 PM | Computer Name = Hakkai | Source = VSS | ID = 8194
Description =
Error - 1/14/2010 11:57:32 PM | Computer Name = Hakkai | Source = VSS | ID = 8194
Description =
Error - 1/15/2010 12:02:02 AM | Computer Name = Hakkai | Source = WinMgmt | ID = 10
Description =
Error - 1/15/2010 12:09:33 AM | Computer Name = Hakkai | Source = VSS | ID = 8194
Description =
[ System Events ]
Error - 6/29/2009 7:43:59 AM | Computer Name = Hakkai | Source = HTTP | ID = 15016
Description =
Error - 6/29/2009 7:45:28 AM | Computer Name = Hakkai | Source = Service Control Manager | ID = 7026
Description =
Error - 6/29/2009 7:06:10 PM | Computer Name = Hakkai | Source = Service Control Manager | ID = 7034
Description =
Error - 7/1/2009 12:07:08 PM | Computer Name = Hakkai | Source = HTTP | ID = 15016
Description =
Error - 7/1/2009 12:08:41 PM | Computer Name = Hakkai | Source = Service Control Manager | ID = 7026
Description =
Error - 7/1/2009 8:42:10 PM | Computer Name = Hakkai | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X SD/MMC Host Controller' (PCI\VEN_197B&DEV_2382&SUBSYS_013B1025&REV_00\4&22c97ca2&0&00E4)
disappeared from the system without first being prepared for removal.
Error - 7/1/2009 8:42:10 PM | Computer Name = Hakkai | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X SD Host Controller' (PCI\VEN_197B&DEV_2381&SUBSYS_013B1025&REV_00\4&22c97ca2&0&02E4)
disappeared from the system without first being prepared for removal.
Error - 7/1/2009 8:42:10 PM | Computer Name = Hakkai | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X MS Host Controller' (PCI\VEN_197B&DEV_2383&SUBSYS_013B1025&REV_00\4&22c97ca2&0&03E4)
disappeared from the system without first being prepared for removal.
Error - 7/1/2009 8:42:10 PM | Computer Name = Hakkai | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X xD Host Controller' (PCI\VEN_197B&DEV_2384&SUBSYS_013B1025&REV_00\4&22c97ca2&0&04E4)
disappeared from the system without first being prepared for removal.
Error - 7/2/2009 7:49:12 AM | Computer Name = Hakkai | Source = HTTP | ID = 15016
Description =
< End of report >