[emily6238]

Hi,

This problem has been on going for few days already. I run KAV when I noticed that my laptop was infected. It removed some viruses and trojans. After that the scans were clean. And it appears again after which I can't update my KAV.

I opened msconfig and noticed a lot of startups created by a virus that was removed by KAV. I deleted those startup from regedit and I can update my KAV again. Then, I switched to my AdAware to scan and it cleaned out lots of things. But it didn't solve my problem. I can't go to AV websites and my internet speed is slow. Trojans were detected but cant be terminated. When I run scans, it showed nothing but I'm sure something serious is going on still. I gave up on trying to fix it myself cause obviously I can't this time.

I tried to follow the guide, I did the TFC, ERUNT and GMER. GMER crashed with blue screen (scared the xxxx out of me)and I didn't proceed with OTL cause I'm not sure I should (in case I got another blue screen).

Please guide me.

Edited by emily6238, 12 June 2010 - 05:00 PM.

[Advertisements]

Hello emily6238 and welcome to Geeks to Go! It will be very helpful if you follow these guidelines:

• Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.” Absence of symptoms does not mean your machine is clean!
• Please do not run any scans or install/uninstall any applications without being directed to do so.
• Please follow my instructions carefully and in the order they are posted.
• Any colored text in my posts indicates a clickable link.
• You should print any instructions I give you for ease of use and reference.
• If you have any questions at all, please stop and ask before proceeding.

Go ahead and run OTL:

Download OTL to your desktop.

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output.
• Under the Custom Scan box paste this in:
  netsvcs
  drivers32
  %SYSTEMDRIVE%\*.*
  %systemroot%\*. /mp /s
  CREATERESTOREPOINT
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\Tasks\*.job /lockedfiles
  %systemroot%\System32\config\*.sav
  
  
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and include them in your next post.

Try GMER one more time, but this time check only Sections and C:\

Please include the following in your next post:

• OTL and OTL Extras logs
• GMER log

[RPMcMurphy]

Hello emily6238 and welcome to Geeks to Go! It will be very helpful if you follow these guidelines:

• Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.” Absence of symptoms does not mean your machine is clean!
• Please do not run any scans or install/uninstall any applications without being directed to do so.
• Please follow my instructions carefully and in the order they are posted.
• Any colored text in my posts indicates a clickable link.
• You should print any instructions I give you for ease of use and reference.
• If you have any questions at all, please stop and ask before proceeding.

Go ahead and run OTL:

Download OTL to your desktop.

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output.
• Under the Custom Scan box paste this in:
  netsvcs
  drivers32
  %SYSTEMDRIVE%\*.*
  %systemroot%\*. /mp /s
  CREATERESTOREPOINT
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\Tasks\*.job /lockedfiles
  %systemroot%\System32\config\*.sav
  
  
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and include them in your next post.

Try GMER one more time, but this time check only Sections and C:\

Please include the following in your next post:

• OTL and OTL Extras logs
• GMER log

[emily6238]

GMER
My "windows" is on I:\, should I change to that or still stick with C:\.



OTL logfile created on: 13-Jun-10 11:49:01 AM - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = I:\Users\Emily\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 53.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = I: | %SystemRoot% = I:\Windows | %ProgramFiles% = I:\Program Files
Drive C: | 303.22 Mb Total Space | 195.79 Mb Free Space | 64.57% Space Free | Partition Type: NTFS
Drive D: | 29.77 Gb Total Space | 20.18 Gb Free Space | 67.76% Space Free | Partition Type: NTFS
Drive E: | 4.38 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
Drive G: | 12.09 Gb Total Space | 2.33 Gb Free Space | 19.27% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
Drive I: | 69.57 Gb Total Space | 27.59 Gb Free Space | 39.65% Space Free | Partition Type: NTFS
Drive W: | 465.65 Gb Total Space | 237.85 Gb Free Space | 51.08% Space Free | Partition Type: FAT32

Computer Name: EMILY-EDEN
Current User Name: Emily
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - I:\Users\Emily\Desktop\OTL.exe (OldTimer Tools)
PRC - I:\Users\Emily\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - I:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - I:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - I:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe (Kaspersky Lab)
PRC - I:\Windows\explorer.exe (Microsoft Corporation)
PRC - I:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - I:\Windows\System32\sc.exe (Microsoft Corporation)
PRC - I:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - I:\Windows\System32\audiodg.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - I:\Users\Emily\Desktop\OTL.exe (OldTimer Tools)
MOD - I:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - I:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - I:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - I:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - I:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - I:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - I:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - I:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - I:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - I:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
MOD - I:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - I:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (Lavasoft Ad-Aware Service) -- I:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (AVP) -- I:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe (Kaspersky Lab)
SRV - (WwanSvc) -- I:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- I:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- I:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- I:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- I:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- I:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- I:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- I:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- I:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- I:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- I:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- I:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- I:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- I:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- I:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- I:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- I:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- I:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX Installer (AxInstSV) -- I:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- I:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- I:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- I:\Program Files\WinPcap\rpcapd.exe (CACE Technologies)
SRV - (WcesComm) -- I:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- I:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (KLIF) -- I:\Windows\System32\drivers\klif.sys (Kaspersky Lab)
DRV - (KLIM6) -- I:\Windows\System32\drivers\klim6.sys (Kaspersky Lab)
DRV - (klbg) -- I:\Windows\system32\drivers\klbg.sys (Kaspersky Lab)
DRV - (klmouflt) -- I:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (Lbd) -- I:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (igfx) -- I:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (pwdrvio) -- I:\Windows\System32\pwdrvio.sys ()
DRV - (pwdspio) -- I:\Windows\System32\pwdspio.sys ()
DRV - (kl1) -- I:\Windows\System32\drivers\kl1.sys (Kaspersky Lab)
DRV - (cmdide) -- I:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- I:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- I:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- I:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- I:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- I:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- I:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- I:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- I:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- I:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- I:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- I:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- I:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- I:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- I:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- I:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (KSecPkg) -- I:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (LSI_SCSI) -- I:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- I:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- I:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- I:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- I:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- I:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- I:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- I:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- I:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- I:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- I:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vmbus) -- I:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (vhdmp) -- I:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (storflt) -- I:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (vdrvroot) -- I:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (storvsc) -- I:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (WIMMount) -- I:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- I:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- I:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- I:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- I:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- I:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- I:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- I:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- I:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- I:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- I:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (WSDScan) -- I:\Windows\System32\drivers\WSDScan.sys (Microsoft Corporation)
DRV - (rdpbus) -- I:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- I:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- I:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- I:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- I:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwifibus) -- I:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- I:\Windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- I:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (WINUSB) -- I:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- I:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- I:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- I:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- I:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- I:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (s3cap) -- I:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- I:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (discache) -- I:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (HidBatt) -- I:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- I:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- I:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- I:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- I:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- I:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- I:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- I:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- I:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (smserial) -- I:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (yukonw7) -- I:\Windows\System32\drivers\yk62x86.sys (Marvell)
DRV - (netw5v32) Intel® -- I:\Windows\System32\drivers\netw5v32.sys (Intel Corporation)
DRV - (b57nd60x) -- I:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- I:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- I:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (SCDEmu) -- I:\Windows\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (RTSTOR) -- I:\Windows\System32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.)
DRV - (LUsbFilt) -- I:\Windows\System32\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV - (NPF) -- I:\Windows\System32\drivers\npf.sys (CACE Technologies)
DRV - (DgiVecp) -- I:\Windows\System32\drivers\DGIVECP.SYS (Samsung Electronics Co., Ltd.)
DRV - (NOWMEMDF) -- I:\Windows\System32\nowmemdf.sys (©NOWCOM)
DRV - (ASPI) -- I:\Windows\System32\drivers\ASPI32.SYS (Adaptec)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://kan.pps.tv/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 83 65 7B 45 BF C5 CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.google.com.my/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.5.3

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: I:\Program Files\Real\RealPlayer\browserrecord [2009-10-10 21:21:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: G:\Program Files\Mozilla Firefox\components [2010-04-12 18:04:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: G:\Program Files\Mozilla Firefox\plugins [2010-05-01 04:33:31 | 000,000,000 | ---D | M]

[2010-01-16 22:35:46 | 000,000,000 | ---D | M] -- I:\Users\Emily\AppData\Roaming\Mozilla\Extensions
[2010-01-16 22:35:46 | 000,000,000 | ---D | M] (No name found) -- I:\Users\Emily\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010-05-01 04:33:48 | 000,000,000 | ---D | M] -- I:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\nbns3y45.default\extensions
[2010-01-16 18:31:34 | 000,000,000 | ---D | M] (No name found) -- I:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\nbns3y45.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2009-11-04 00:00:16 | 000,000,000 | ---D | M] (Gmail Notifier) -- I:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\nbns3y45.default\extensions\{44d0a1b4-9c90-4f86-ac92-8680b5d6549e}
[2009-11-08 18:45:24 | 000,000,000 | ---D | M] -- I:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\nbns3y45.default\extensions\[email protected]
[2010-04-14 00:11:25 | 000,000,000 | ---D | M] -- I:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\nbns3y45.default\extensions\[email protected]

O1 HOSTS File: ([2010-06-13 06:16:57 | 000,000,824 | ---- | M]) - I:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.Brenz.pl
O2 - BHO: (ThunderAtOnce Class) - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - G:\Program Files\HHH\Thunder\ComDlls\TDAtOnce.dll (Thunder Networking Technologies,LTD)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - I:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - I:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - I:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: () - {7426C803-F077-43A3-A6EE-EE12D24814DA} - File not found
O2 - BHO: (Thunder Browser Helper) - {889D2FEB-5411-4565-8998-1DD2C5261283} - I:\Users\Emily\AppData\Local\Temp\Rar$EX05.380\Thunder\ComDlls\xunleiBHO_Now.dll File not found
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - I:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {10CECF4F-A96E-4803-8AC2-F565FB29FF47} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [avp] I:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\RunOnceEx: [del] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - G:\Program Files\Microsoft Office 2007\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: @I:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - I:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @I:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - I:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - I:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\Program Files\Microsoft Office 2007\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - I:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O13 - gopher Prefix: missing
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://supportapj.de...r/SysProExe.CAB (WMI Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {A22B8FD2-4CAA-4EFB-82F7-680CD656D9B0} http://www.gogobox.c...GNowStarter.cab (NowStarter Control)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - I:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - I:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (I:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - I:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\mzvkbd3.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (explorer.exe) - I:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (I:\Windows\fakygak.exe) - I:\Windows\fakygak.exe File not found
O20 - HKLM Winlogon: UserInit - (I:\Program Files\Internet Explorer\fakygak.exe) - I:\Program Files\Internet Explorer\fakygak.exe ()
O20 - HKLM Winlogon: UserInit - (I:\Program Files\Movie Maker\fakygak.exe) - I:\Program Files\Movie Maker\fakygak.exe File not found
O20 - HKLM Winlogon: UserInit - (I:\Windows\xmekufu.exe) - I:\Windows\xmekufu.exe ()
O20 - HKLM Winlogon: UserInit - (I:\Program Files\Internet Explorer\xmekufu.exe) - I:\Program Files\Internet Explorer\xmekufu.exe ()
O20 - HKLM Winlogon: UserInit - (I:\Program Files\Movie Maker\xmekufu.exe) - I:\Program Files\Movie Maker\xmekufu.exe File not found
O20 - HKLM Winlogon: UserInit - (I:\Windows\esoagyvs.exe) - I:\Windows\esoagyvs.exe File not found
O20 - HKLM Winlogon: UserInit - (I:\Program Files\Internet Explorer\esoagyvs.exe) - I:\Program Files\Internet Explorer\esoagyvs.exe ()
O20 - HKLM Winlogon: UserInit - (I:\Program Files\Movie Maker\esoagyvs.exe) - I:\Program Files\Movie Maker\esoagyvs.exe File not found
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - I:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - I:\Windows\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\klogon: DllName - I:\Windows\system32\klogon.dll - I:\Windows\System32\klogon.dll (Kaspersky Lab)
O20 - Winlogon\Notify\thpkxuex: DllName - unknown - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - I:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-06-11 05:42:20 | 000,000,024 | ---- | M] () - I:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009-08-06 00:26:24 | 000,000,040 | -H-- | M] () - I:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2008-04-01 13:53:24 | 000,000,071 | -H-- | M] () - W:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2008-06-27 10:49:30 | 000,000,000 | -H-D | M] - W:\autorun -- [ FAT32 ]
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\autorun.exe -- File not found
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\DVDCheck.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - I:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - I:\Windows\System32\ias [2009-07-14 10:37:08 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - I:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - I:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - I:\Windows\System32\bdesvc.dll (Microsoft Corporation)

Drivers32: msacm.ac3acm - I:\Windows\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - I:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - I:\Windows\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.siren - I:\Windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: VIDC.ACDV - ACDV.dll File not found
Drivers32: vidc.cvid - I:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIVX - I:\Windows\System32\divx.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - I:\Windows\System32\ff_vfw.dll ()
Drivers32: vidc.VP60 - I:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - I:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.XVID - I:\Windows\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - I:\Windows\System32\yv12vfw.dll (www.helixcommunity.org)

========== Files/Folders - Created Within 90 Days ==========

[2010-06-13 06:40:02 | 000,000,000 | ---D | C] -- I:\Windows\ERDNT
[2010-06-13 06:36:58 | 000,000,000 | ---D | C] -- I:\Program Files\ERUNT
[2010-06-13 06:09:48 | 000,602,112 | ---- | C] (OldTimer Tools) -- I:\Users\Emily\Desktop\OTL.exe
[2010-06-12 18:42:17 | 000,000,000 | ---D | C] -- I:\Users\Emily\AppData\Local\Google
[2010-06-10 12:12:17 | 000,000,000 | ---D | C] -- I:\Windows\System32\tmp
[2010-06-10 12:09:51 | 000,000,000 | -HSD | C] -- I:\Windows\System32\%APPDATA%
[2010-06-08 10:53:28 | 000,000,000 | -H-D | C] -- I:\ProgramData\CanonBJ
[2010-06-01 15:40:08 | 000,000,000 | ---D | C] -- I:\Users\Emily\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2010-06-01 15:40:04 | 000,000,000 | ---D | C] -- I:\Program Files\TweetDeck
[2010-06-01 15:40:01 | 000,000,000 | ---D | C] -- I:\Program Files\Common Files\Adobe AIR
[2010-05-30 00:50:56 | 000,000,000 | ---D | C] -- I:\Users\Emily\Desktop\48x49_icons
[2010-05-24 17:23:46 | 105,090,560 | ---- | C] (Fyrrion Blog ) -- I:\Users\Emily\Desktop\Mall-a-Palooza.exe
[2010-05-18 17:12:09 | 000,000,000 | ---D | C] -- I:\Users\Emily\Documents\LDW
[2010-05-18 17:10:35 | 000,000,000 | ---D | C] -- I:\Program Files\Virtual Villagers 4 - The Tree of Life
[2010-05-09 23:24:31 | 000,000,000 | ---D | C] -- I:\Users\Emily\Documents\My eBooks
[2010-05-09 23:24:31 | 000,000,000 | ---D | C] -- I:\Users\Emily\AppData\Roaming\Mobipocket
[2010-05-09 23:24:20 | 000,000,000 | ---D | C] -- I:\Program Files\Mobipocket.com
[2010-05-03 00:01:54 | 000,000,000 | ---D | C] -- I:\Users\Emily\Desktop\Paragon.Software.SlovoEd.Dictionary.v7.0.Build.4614.93.Multilingual.XScale.
WM05.WM06.Cracked-COREPDA-amivoytec
[2010-04-30 19:58:34 | 000,000,000 | R--D | C] -- I:\Users\Emily\Documents\Scanned Documents
[2010-04-30 19:58:34 | 000,000,000 | ---D | C] -- I:\Users\Emily\Documents\Fax
[2010-04-25 22:55:24 | 000,000,000 | ---D | C] -- I:\ProgramData\WLInstaller
[2010-04-24 13:36:39 | 000,000,000 | ---D | C] -- I:\ProgramData\Sony Corporation
[2010-04-24 13:36:39 | 000,000,000 | ---D | C] -- I:\Program Files\Sony
[2010-04-06 15:31:25 | 000,000,000 | ---D | C] -- I:\Users\Emily\AppData\Roaming\GOA
[2010-04-06 15:31:25 | 000,000,000 | ---D | C] -- I:\ProgramData\GOA
[2010-04-06 10:54:23 | 000,000,000 | ---D | C] -- I:\Windows\Little Folk Of Faery
[2010-04-06 10:54:23 | 000,000,000 | ---D | C] -- I:\Program Files\Little Folk Of Faery
[2010-04-01 12:12:17 | 000,000,000 | ---D | C] -- I:\Users\Emily\Desktop\Ringtone and Pics
[2010-03-30 01:28:38 | 000,000,000 | ---D | C] -- I:\Windows\Minidump
[2010-03-23 14:02:39 | 000,000,000 | ---D | C] -- I:\Users\Emily\Documents\EndNote
[2010-03-22 23:03:39 | 000,000,000 | ---D | C] -- I:\Users\Emily\Desktop\Rotaract
[2010-03-17 18:44:51 | 000,000,000 | ---D | C] -- I:\Users\Emily\AppData\Roaming\QuosaDDM
[2010-03-15 20:34:39 | 000,000,000 | -H-D | C] -- I:\Users\Emily\Desktop\[Originals]
[1 I:\Users\Emily\Documents\*.tmp files -> I:\Users\Emily\Documents\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010-06-13 11:53:39 | 000,860,672 | ---- | M] () -- I:\Windows\System32\drivers\gyxkwmj.sys
[2010-06-13 11:50:29 | 003,407,872 | -HS- | M] () -- I:\Users\Emily\NTUSER.DAT
[2010-06-13 11:20:00 | 000,000,908 | ---- | M] () -- I:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-323099367-2549888400-3619436245-1001UA.job
[2010-06-13 06:37:14 | 000,000,903 | ---- | M] () -- I:\Users\Emily\Desktop\NTREGOPT.lnk
[2010-06-13 06:37:12 | 000,000,884 | ---- | M] () -- I:\Users\Emily\Desktop\ERUNT.lnk
[2010-06-13 06:22:21 | 000,010,016 | -H-- | M] () -- I:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010-06-13 06:22:21 | 000,010,016 | -H-- | M] () -- I:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010-06-13 06:17:09 | 000,000,006 | -H-- | M] () -- I:\Windows\tasks\SA.DAT
[2010-06-13 06:16:50 | 000,067,584 | --S- | M] () -- I:\Windows\bootstat.dat
[2010-06-13 06:16:48 | 1602,760,704 | -HS- | M] () -- I:\hiberfil.sys
[2010-06-13 06:16:47 | 236,424,641 | ---- | M] () -- I:\Windows\MEMORY.DMP
[2010-06-13 06:11:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- I:\Users\Emily\Desktop\OTL.exe
[2010-06-13 04:38:02 | 000,028,302 | ---- | M] () -- I:\Windows\System32\cid_store.dat
[2010-06-13 04:34:39 | 000,000,026 | ---- | M] () -- I:\Windows\System32\xlhcc.dat
[2010-06-13 02:50:08 | 000,002,346 | ---- | M] () -- I:\Users\Emily\Desktop\Google Chrome.lnk
[2010-06-12 23:41:29 | 000,001,933 | ---- | M] () -- I:\Windows\psnetwork.ini
[2010-06-12 23:41:27 | 000,001,148 | ---- | M] () -- I:\Windows\powerplayer.ini
[2010-06-12 23:39:21 | 000,000,060 | ---- | M] () -- I:\Windows\MediaList.ini
[2010-06-12 23:32:32 | 000,000,095 | ---- | M] () -- I:\Windows\PCDNSetting.ini
[2010-06-12 23:28:16 | 000,000,140 | ---- | M] () -- I:\Windows\powerlist.ini
[2010-06-12 22:47:47 | 000,285,109 | ---- | M] () -- I:\Users\Emily\Desktop\speedtest-klserver.jpg
[2010-06-12 22:45:03 | 000,284,141 | ---- | M] () -- I:\Users\Emily\Desktop\speedtest-singaporeserver.jpg
[2010-06-12 21:58:07 | 000,000,856 | ---- | M] () -- I:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-323099367-2549888400-3619436245-1001Core.job
[2010-06-12 21:21:32 | 000,345,088 | ---- | M] () -- I:\Windows\wutiva_upd.exe
[2010-06-12 19:13:14 | 000,000,810 | ---- | M] () -- I:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010-06-12 19:08:39 | 000,345,088 | ---- | M] () -- I:\Windows\xmekufu.exe
[2010-06-12 18:18:42 | 000,000,434 | ---- | M] () -- I:\Windows\tasks\At1.job
[2010-06-11 10:37:49 | 000,717,892 | ---- | M] () -- I:\Windows\System32\PerfStringBackup.INI
[2010-06-11 10:37:49 | 000,618,264 | ---- | M] () -- I:\Windows\System32\perfh009.dat
[2010-06-11 10:37:49 | 000,104,546 | ---- | M] () -- I:\Windows\System32\perfc009.dat
[2010-06-09 23:36:16 | 000,327,074 | ---- | M] () -- I:\Users\Emily\Loco_Roco_3d_Wallpaper_by_kheng.jpg
[2010-06-09 01:19:15 | 000,022,879 | ---- | M] () -- I:\Users\Emily\Documents\Histopat Cyto FULL.docx
[2010-06-07 17:33:24 | 000,525,643 | ---- | M] () -- I:\Users\Emily\IMAG0154-2.jpg
[2010-06-04 01:53:29 | 001,655,903 | ---- | M] () -- I:\Users\Emily\Documents\HUP revision FULL.docx
[2010-06-03 14:41:50 | 000,021,422 | ---- | M] () -- I:\Users\Emily\Documents\HUP Past Year.docx
[2010-06-01 15:40:04 | 000,000,860 | ---- | M] () -- I:\Users\Public\Desktop\TweetDeck.lnk
[2010-05-27 09:27:51 | 000,018,850 | ---- | M] () -- I:\Users\Emily\Documents\HUP.docx
[2010-05-26 23:00:16 | 000,000,162 | -H-- | M] () -- I:\Users\Emily\Documents\~$HUP.docx
[2010-05-24 16:12:26 | 000,054,156 | -H-- | M] () -- I:\Windows\QTFont.qfn
[2010-05-24 16:12:26 | 000,001,409 | ---- | M] () -- I:\Windows\QTFont.for
[2010-05-22 01:20:08 | 000,179,281 | ---- | M] () -- I:\Users\Emily\Documents\Pharmaco Lab 5.docx
[2010-05-18 17:10:57 | 000,002,292 | ---- | M] () -- I:\Users\Emily\Desktop\Virtual Villagers 4 - The Tree of Life.lnk
[2010-05-17 00:19:24 | 000,012,112 | ---- | M] () -- I:\Users\Emily\Documents\Draft speech red bull.docx
[2010-05-13 03:15:15 | 000,020,823 | ---- | M] () -- I:\Users\Emily\Documents\MBB Assignment 2.docx
[2010-05-10 12:38:39 | 000,113,933 | ---- | M] () -- I:\Windows\System32\drivers\klin.dat
[2010-05-10 12:38:21 | 000,097,549 | ---- | M] () -- I:\Windows\System32\drivers\klick.dat
[2010-05-09 23:24:22 | 000,003,061 | ---- | M] () -- I:\Users\Emily\Desktop\Mobipocket Reader.lnk
[2010-05-06 12:10:29 | 000,039,479 | ---- | M] () -- I:\Users\Emily\Documents\Pharmaco Lab 4.docx
[2010-04-30 09:44:04 | 000,019,273 | ---- | M] () -- I:\Users\Emily\Documents\Patholog assg - cervical cancer.docx
[2010-04-29 09:27:50 | 000,010,608 | ---- | M] () -- I:\Users\Emily\Documents\Patapon army stat.xlsx
[2010-04-26 09:37:39 | 000,040,895 | ---- | M] () -- I:\Users\Emily\Documents\Pharmaco Lab 3.docx
[2010-04-22 18:47:14 | 000,030,648 | ---- | M] () -- I:\Users\Emily\dsopulence.jpg
[2010-04-22 18:47:01 | 000,029,535 | ---- | M] () -- I:\Users\Emily\dsreserve.jpg
[2010-04-22 18:46:43 | 000,030,848 | ---- | M] () -- I:\Users\Emily\dsextravagance2.jpg
[2010-04-22 18:41:50 | 000,039,556 | ---- | M] () -- I:\Users\Emily\dsruby.jpg
[2010-04-22 18:37:43 | 000,034,584 | ---- | M] () -- I:\Users\Emily\cozu-meltedinthesun.jpg
[2010-04-22 18:32:55 | 000,028,762 | ---- | M] () -- I:\Users\Emily\thinkmerrypinkmerry.jpg
[2010-04-21 06:58:51 | 105,090,560 | ---- | M] (Fyrrion Blog ) -- I:\Users\Emily\Desktop\Mall-a-Palooza.exe
[2010-04-15 01:37:11 | 000,014,725 | ---- | M] () -- I:\Users\Emily\Documents\Draft for Warfarin.docx
[2010-04-15 00:06:13 | 000,046,252 | ---- | M] () -- I:\Users\Emily\Documents\Pharmaco Lab 2.docx
[2010-04-06 10:56:19 | 000,002,046 | ---- | M] () -- I:\Users\Emily\Desktop\Little Folk Of Faery.lnk
[2010-04-02 01:44:45 | 000,032,303 | ---- | M] () -- I:\Users\Emily\Documents\Assignment Lit Rev.docx
[2010-03-29 17:38:26 | 000,000,162 | -H-- | M] () -- I:\Users\Emily\Documents\~$signment Lit Rev.docx
[2010-03-28 02:47:57 | 000,000,028 | ---- | M] () -- I:\Windows\msgtn.ini
[2010-03-26 01:57:03 | 000,051,528 | ---- | M] () -- I:\Users\Emily\Documents\Pharmaco Lab 1.docx
[2010-03-25 11:01:20 | 000,001,976 | ---- | M] () -- I:\Users\Emily\Desktop\Shortcut to IKEA Home Planner.exe.lnk
[2010-03-23 22:13:16 | 000,001,751 | ---- | M] () -- I:\Users\Public\Desktop\Adobe Reader 8.lnk
[2010-03-22 20:50:48 | 000,012,518 | ---- | M] () -- I:\Users\Emily\IMAG0007-e2.jpg
[2010-03-21 21:20:47 | 000,001,246 | ---- | M] () -- I:\Windows\System32\Cloning-and-expression-of-an--amylase-encoding-gene-from-the-hyperthermophilic-archaebacterium-Thermococcus-hydrothermalis-and-biochemical-characterisation-of-the-recombinant-enzyme_2000_FEMS-Microbio.lnk
[2010-03-15 20:34:39 | 000,595,914 | ---- | M] () -- I:\Users\Emily\IMAG0007-e.jpg
[1 I:\Users\Emily\Documents\*.tmp files -> I:\Users\Emily\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010-06-13 06:37:14 | 000,000,903 | ---- | C] () -- I:\Users\Emily\Desktop\NTREGOPT.lnk
[2010-06-13 06:37:12 | 000,000,884 | ---- | C] () -- I:\Users\Emily\Desktop\ERUNT.lnk
[2010-06-13 06:13:13 | 236,424,641 | ---- | C] () -- I:\Windows\MEMORY.DMP
[2010-06-13 06:11:05 | 000,324,096 | ---- | C] () -- I:\Users\Emily\Desktop\gmer.exe
[2010-06-12 22:45:03 | 000,284,141 | ---- | C] () -- I:\Users\Emily\Desktop\speedtest-singaporeserver.jpg
[2010-06-12 22:42:13 | 000,285,109 | ---- | C] () -- I:\Users\Emily\Desktop\speedtest-klserver.jpg
[2010-06-12 21:21:32 | 000,345,088 | ---- | C] () -- I:\Windows\wutiva_upd.exe
[2010-06-12 21:16:09 | 000,002,346 | ---- | C] () -- I:\Users\Emily\Desktop\Google Chrome.lnk
[2010-06-12 21:15:54 | 000,000,908 | ---- | C] () -- I:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-323099367-2549888400-3619436245-1001UA.job
[2010-06-12 21:15:54 | 000,000,856 | ---- | C] () -- I:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-323099367-2549888400-3619436245-1001Core.job
[2010-06-12 19:13:14 | 000,000,810 | ---- | C] () -- I:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010-06-12 19:08:49 | 000,345,088 | ---- | C] () -- I:\Windows\xmekufu.exe
[2010-06-09 23:36:14 | 000,327,074 | ---- | C] () -- I:\Users\Emily\Loco_Roco_3d_Wallpaper_by_kheng.jpg
[2010-06-07 19:29:26 | 000,022,879 | ---- | C] () -- I:\Users\Emily\Documents\Histopat Cyto FULL.docx
[2010-06-07 17:27:16 | 000,525,643 | ---- | C] () -- I:\Users\Emily\IMAG0154-2.jpg
[2010-06-03 13:24:08 | 001,655,903 | ---- | C] () -- I:\Users\Emily\Documents\HUP revision FULL.docx
[2010-06-02 22:51:52 | 000,021,422 | ---- | C] () -- I:\Users\Emily\Documents\HUP Past Year.docx
[2010-06-01 15:40:04 | 000,000,860 | ---- | C] () -- I:\Users\Public\Desktop\TweetDeck.lnk
[2010-05-26 23:00:16 | 000,000,162 | -H-- | C] () -- I:\Users\Emily\Documents\~$HUP.docx
[2010-05-26 23:00:15 | 000,018,850 | ---- | C] () -- I:\Users\Emily\Documents\HUP.docx
[2010-05-24 16:12:26 | 000,054,156 | -H-- | C] () -- I:\Windows\QTFont.qfn
[2010-05-24 16:12:26 | 000,001,409 | ---- | C] () -- I:\Windows\QTFont.for
[2010-05-19 09:06:34 | 000,179,281 | ---- | C] () -- I:\Users\Emily\Documents\Pharmaco Lab 5.docx
[2010-05-18 17:10:56 | 000,002,292 | ---- | C] () -- I:\Users\Emily\Desktop\Virtual Villagers 4 - The Tree of Life.lnk
[2010-05-17 00:19:23 | 000,012,112 | ---- | C] () -- I:\Users\Emily\Documents\Draft speech red bull.docx
[2010-05-11 18:36:07 | 000,020,823 | ---- | C] () -- I:\Users\Emily\Documents\MBB Assignment 2.docx
[2010-05-09 23:24:22 | 000,003,061 | ---- | C] () -- I:\Users\Emily\Desktop\Mobipocket Reader.lnk
[2010-05-01 21:06:16 | 000,039,479 | ---- | C] () -- I:\Users\Emily\Documents\Pharmaco Lab 4.docx
[2010-04-30 00:50:51 | 000,019,273 | ---- | C] () -- I:\Users\Emily\Documents\Patholog assg - cervical cancer.docx
[2010-04-28 00:45:40 | 000,010,608 | ---- | C] () -- I:\Users\Emily\Documents\Patapon army stat.xlsx
[2010-04-26 00:20:47 | 000,040,895 | ---- | C] () -- I:\Users\Emily\Documents\Pharmaco Lab 3.docx
[2010-04-22 18:47:13 | 000,030,648 | ---- | C] () -- I:\Users\Emily\dsopulence.jpg
[2010-04-22 18:47:00 | 000,029,535 | ---- | C] () -- I:\Users\Emily\dsreserve.jpg
[2010-04-22 18:46:42 | 000,030,848 | ---- | C] () -- I:\Users\Emily\dsextravagance2.jpg
[2010-04-22 18:41:50 | 000,039,556 | ---- | C] () -- I:\Users\Emily\dsruby.jpg
[2010-04-22 18:37:43 | 000,034,584 | ---- | C] () -- I:\Users\Emily\cozu-meltedinthesun.jpg
[2010-04-22 18:32:55 | 000,028,762 | ---- | C] () -- I:\Users\Emily\thinkmerrypinkmerry.jpg
[2010-04-15 01:37:10 | 000,014,725 | ---- | C] () -- I:\Users\Emily\Documents\Draft for Warfarin.docx
[2010-04-13 23:59:16 | 000,046,252 | ---- | C] () -- I:\Users\Emily\Documents\Pharmaco Lab 2.docx
[2010-04-06 10:56:19 | 000,002,046 | ---- | C] () -- I:\Users\Emily\Desktop\Little Folk Of Faery.lnk
[2010-03-29 17:38:26 | 000,000,162 | -H-- | C] () -- I:\Users\Emily\Documents\~$signment Lit Rev.docx
[2010-03-25 11:01:20 | 000,001,976 | ---- | C] () -- I:\Users\Emily\Desktop\Shortcut to IKEA Home Planner.exe.lnk
[2010-03-24 17:01:59 | 000,051,528 | ---- | C] () -- I:\Users\Emily\Documents\Pharmaco Lab 1.docx
[2010-03-22 20:39:16 | 000,012,518 | ---- | C] () -- I:\Users\Emily\IMAG0007-e2.jpg
[2010-03-22 00:42:50 | 000,032,303 | ---- | C] () -- I:\Users\Emily\Documents\Assignment Lit Rev.docx
[2010-03-17 19:02:14 | 000,001,246 | ---- | C] () -- I:\Windows\System32\Cloning-and-expression-of-an--amylase-encoding-gene-from-the-hyperthermophilic-archaebacterium-Thermococcus-hydrothermalis-and-biochemical-characterisation-of-the-recombinant-enzyme_2000_FEMS-Microbio.lnk
[2010-03-15 20:32:20 | 000,595,914 | ---- | C] () -- I:\Users\Emily\IMAG0007-e.jpg
[2010-02-08 19:58:11 | 000,000,028 | ---- | C] () -- I:\Windows\msgtn.ini
[2010-01-19 12:23:29 | 000,140,288 | ---- | C] () -- I:\Windows\System32\igfxtvcx.dll
[2010-01-08 22:12:36 | 000,860,672 | ---- | C] () -- I:\Windows\System32\drivers\gyxkwmj.sys
[2009-12-23 08:22:22 | 000,005,803 | ---- | C] () -- I:\Windows\System32\z8372v5ru94c.dll
[2009-12-12 01:30:37 | 000,000,095 | ---- | C] () -- I:\Windows\PCDNSetting.ini
[2009-12-12 01:29:11 | 000,000,140 | ---- | C] () -- I:\Windows\powerlist.ini
[2009-12-12 01:29:11 | 000,000,060 | ---- | C] () -- I:\Windows\MediaList.ini
[2009-12-12 01:28:58 | 000,001,933 | ---- | C] () -- I:\Windows\psnetwork.ini
[2009-12-12 01:28:57 | 000,001,148 | ---- | C] () -- I:\Windows\powerplayer.ini
[2009-11-21 07:53:17 | 000,009,866 | ---- | C] () -- I:\Windows\System32\3f09threat18758z.dll
[2009-11-19 05:44:20 | 000,013,419 | ---- | C] () -- I:\Windows\System32\195cdownlzader13769.dll
[2009-11-08 17:32:14 | 000,000,023 | ---- | C] () -- I:\Windows\DownloadStudio.INI
[2009-11-08 17:17:36 | 000,000,033 | ---- | C] () -- I:\Windows\DownloadStudioScheduleMonitor.INI
[2009-11-06 21:39:26 | 000,007,217 | ---- | C] () -- I:\Windows\System32\18968s5z6b1.dll
[2009-11-06 11:17:43 | 000,010,174 | ---- | C] () -- I:\Windows\System32\359z29roj77c.dll
[2009-11-04 16:28:26 | 000,017,833 | ---- | C] () -- I:\Windows\509fsteal17z89.dll
[2009-11-04 16:28:26 | 000,015,959 | ---- | C] () -- I:\Windows\43b5t95efz315.dll
[2009-11-04 16:28:26 | 000,010,148 | ---- | C] () -- I:\Windows\131z9not-a-viru97b5.dll
[2009-11-04 16:28:26 | 000,007,148 | ---- | C] () -- I:\Windows\18852zor9534.dll
[2009-11-04 14:49:50 | 000,017,976 | ---- | C] () -- I:\Windows\15260not-9-vzru52c3.dll
[2009-11-04 14:49:50 | 000,017,575 | ---- | C] () -- I:\Windows\System32\35599orm7z0.dll
[2009-11-04 14:49:50 | 000,017,085 | ---- | C] () -- I:\Windows\System32\3fd9do5nl9azer996.dll
[2009-11-04 14:49:50 | 000,016,819 | ---- | C] () -- I:\Windows\25712viru54d9z.dll
[2009-11-04 14:49:50 | 000,014,462 | ---- | C] () -- I:\Windows\System32\22974not-5-virus1az.dll
[2009-11-04 14:49:50 | 000,014,071 | ---- | C] () -- I:\Windows\System32\7z7hackto5l379.dll
[2009-11-04 14:49:50 | 000,013,578 | ---- | C] () -- I:\Windows\395cthreatz2555.dll
[2009-11-04 14:49:50 | 000,011,698 | ---- | C] () -- I:\Windows\545z9orm685.dll
[2009-11-04 14:49:50 | 000,010,022 | ---- | C] () -- I:\Windows\5f1zdown9oader8445.dll
[2009-11-04 14:49:50 | 000,009,504 | ---- | C] () -- I:\Windows\115z9not-a-virus675.dll
[2009-11-04 14:49:50 | 000,009,310 | ---- | C] () -- I:\Windows\124not5z-virus529.dll
[2009-11-04 14:49:50 | 000,008,343 | ---- | C] () -- I:\Windows\System32\917sp9rsez546.dll
[2009-11-04 14:49:50 | 000,008,161 | ---- | C] () -- I:\Windows\10890hacktozl55.dll
[2009-11-04 14:49:50 | 000,006,684 | ---- | C] () -- I:\Windows\50398spambot59z.dll
[2009-11-04 14:49:50 | 000,005,432 | ---- | C] () -- I:\Windows\6b8bszarse2559.dll
[2009-11-04 14:49:50 | 000,004,173 | ---- | C] () -- I:\Windows\System32\1z5199ormba.dll
[2009-11-04 14:49:50 | 000,002,972 | ---- | C] () -- I:\Windows\System32\24999pa5se3226z.dll
[2009-11-04 14:49:50 | 000,002,579 | ---- | C] () -- I:\Windows\System32\98574tzoj55b.dll
[2009-11-04 14:49:49 | 000,012,582 | ---- | C] () -- I:\Windows\5e36thze51940.dll
[2009-11-04 14:49:49 | 000,009,192 | ---- | C] () -- I:\Windows\1896worz5b5.dll
[2009-11-04 14:49:47 | 000,012,115 | ---- | C] () -- I:\Windows\System32\4b6bs9yw5rez211.dll
[2009-11-04 14:49:47 | 000,010,679 | ---- | C] () -- I:\Windows\2834zp569e.dll
[2009-11-04 14:49:47 | 000,007,207 | ---- | C] () -- I:\Windows\System32\99b9thief151z.dll
[2009-11-04 14:49:47 | 000,005,704 | ---- | C] () -- I:\Windows\System32\39833h5cktool6b7z.dll
[2009-11-04 14:49:46 | 000,018,419 | ---- | C] () -- I:\Windows\62czv5r30659.dll
[2009-11-04 14:49:46 | 000,016,737 | ---- | C] () -- I:\Windows\System32\9zaspa9se2255.dll
[2009-11-04 14:49:46 | 000,010,938 | ---- | C] () -- I:\Windows\3590downlozder1516.dll
[2009-11-04 14:49:46 | 000,009,346 | ---- | C] () -- I:\Windows\System32\98dabacz5oor2492.dll
[2009-11-04 14:49:46 | 000,007,972 | ---- | C] () -- I:\Windows\System32\6fa95ackdoz92156.dll
[2009-11-04 14:49:46 | 000,004,340 | ---- | C] () -- I:\Windows\System32\zffa5hief259.dll
[2009-11-04 14:49:46 | 000,003,716 | ---- | C] () -- I:\Windows\5758znot-a-v9rus7e5.dll
[2009-11-04 14:49:46 | 000,003,366 | ---- | C] () -- I:\Windows\5952not9a5vzrus4a2.dll
[2009-11-04 14:49:46 | 000,002,988 | ---- | C] () -- I:\Windows\System32\26zbbackdo9r515.dll
[2009-10-28 00:22:46 | 000,004,305 | ---- | C] () -- I:\Windows\24509not-a-vi9uz1c6.dll
[2009-10-21 00:53:44 | 000,016,456 | ---- | C] () -- I:\Windows\System32\pwdrvio.sys
[2009-10-21 00:53:39 | 000,011,088 | ---- | C] () -- I:\Windows\System32\pwdspio.sys
[2009-10-20 23:36:51 | 000,011,961 | ---- | C] () -- I:\Windows\System32\93952wormz07.dll
[2009-10-20 19:50:36 | 000,168,448 | ---- | C] () -- I:\Windows\System32\unrar.dll
[2009-10-20 19:50:33 | 000,795,648 | ---- | C] () -- I:\Windows\System32\xvidcore.dll
[2009-10-20 19:50:33 | 000,130,048 | ---- | C] () -- I:\Windows\System32\xvidvfw.dll
[2009-10-20 19:50:32 | 003,596,288 | ---- | C] () -- I:\Windows\System32\qt-dx331.dll
[2009-10-20 19:50:31 | 000,057,344 | ---- | C] () -- I:\Windows\System32\ff_vfw.dll
[2009-10-20 19:50:31 | 000,000,547 | ---- | C] () -- I:\Windows\System32\ff_vfw.dll.manifest
[2009-10-19 23:20:50 | 000,017,698 | ---- | C] () -- I:\Windows\2f2zspyw9re1587.dll
[2009-10-19 11:29:40 | 000,018,261 | ---- | C] () -- I:\Windows\System32\292z5pyware2062.dll
[2009-10-16 00:42:41 | 000,005,951 | ---- | C] () -- I:\Windows\z5947wo9m572.dll
[2009-10-12 18:12:17 | 000,011,543 | ---- | C] () -- I:\Windows\System32\10a3backdooz4659.dll
[2009-10-05 21:03:41 | 000,002,872 | ---- | C] () -- I:\Windows\15420hackzoo94dd5.dll
[2009-10-05 09:44:01 | 000,004,896 | ---- | C] () -- I:\Windows\27657nzt9a-virus5c.dll
[2009-10-04 01:21:14 | 000,022,723 | ---- | C] () -- I:\Windows\System32\xrxg1l3.dll
[2009-09-27 05:27:34 | 000,002,872 | ---- | C] () -- I:\Windows\System32\19215spy456z.dll
[2009-09-23 19:56:10 | 000,004,285 | ---- | C] () -- I:\Windows\System32\16zt5reat122609.dll
[2009-09-22 19:46:54 | 000,002,824 | ---- | C] () -- I:\Windows\System32\7z535hief3091.dll
[2009-09-22 10:37:15 | 000,016,468 | ---- | C] () -- I:\Windows\System32\16955wormz84.dll
[2009-09-12 19:34:23 | 000,012,168 | ---- | C] () -- I:\Windows\System32\1z959ackdoor1095.dll
[2009-08-28 21:19:44 | 000,013,984 | ---- | C] () -- I:\Windows\5z319teal1931.dll
[2009-08-26 13:02:32 | 000,006,686 | ---- | C] () -- I:\Windows\System32\77afdo9nload5r18z8.dll
[2009-08-20 22:19:51 | 000,004,770 | ---- | C] () -- I:\Windows\15844zorm79d.dll
[2009-08-12 13:34:48 | 000,016,789 | ---- | C] () -- I:\Windows\System32\zff59hief442.dll
[2009-08-10 13:34:41 | 000,010,648 | ---- | C] () -- I:\Windows\457e5z9al2773.dll
[2009-08-09 09:48:58 | 000,009,154 | ---- | C] () -- I:\Windows\1d65zhie91085.dll
[2009-08-08 11:33:36 | 000,013,127 | ---- | C] () -- I:\Windows\System32\6392sparse257z.dll
[2009-07-29 02:35:26 | 000,016,278 | ---- | C] () -- I:\Windows\System32\z09thie52558.dll
[2009-07-25 07:53:19 | 000,011,480 | ---- | C] () -- I:\Windows\3144t5reat2990z.dll
[2009-07-23 17:05:05 | 000,015,833 | ---- | C] () -- I:\Windows\902eszywa5e2822.dll
[2009-07-23 15:44:53 | 000,005,916 | ---- | C] () -- I:\Windows\System32\25599worz455.dll
[2009-07-19 18:39:31 | 000,014,501 | ---- | C] () -- I:\Windows\4dczba59door1363.dll
[2009-07-17 05:56:58 | 000,017,744 | ---- | C] () -- I:\Windows\2e91add5arz3091.dll
[2009-07-14 21:20:56 | 000,017,875 | ---- | C] () -- I:\Windows\3a589tzal3016.dll
[2009-07-14 07:51:43 | 000,073,728 | ---- | C] () -- I:\Windows\System32\BthpanContextHandler.dll
[2009-07-14 07:42:10 | 000,064,000 | ---- | C] () -- I:\Windows\System32\BWContextHandler.dll
[2009-07-14 04:29:46 | 000,028,672 | ---- | C] () -- I:\Windows\System32\NSREG.DLL
[2009-07-04 18:13:48 | 000,005,707 | ---- | C] () -- I:\Windows\5951virzs696.dll
[2009-06-25 22:48:08 | 000,008,258 | ---- | C] () -- I:\Windows\System32\4991spz4165.dll
[2009-06-22 14:59:35 | 000,003,405 | ---- | C] () -- I:\Windows\System32\25869noz-a-5irus3a4.dll
[2009-06-20 01:25:14 | 000,012,036 | ---- | C] () -- I:\Windows\z414sp57f69.dll
[2009-06-16 03:52:25 | 000,009,186 | ---- | C] () -- I:\Windows\69z5ste9l1857.dll
[2009-06-11 19:16:38 | 000,010,190 | ---- | C] () -- I:\Windows\System32\49e7z5eal1951.dll
[2009-05-28 18:19:55 | 000,017,617 | ---- | C] () -- I:\Windows\2f52s9ezl2489.dll
[2009-05-25 02:35:29 | 000,014,494 | ---- | C] () -- I:\Windows\2150hackz9ol41e.dll
[2009-05-15 12:01:38 | 000,005,229 | ---- | C] () -- I:\Windows\15193not-a-vi95s4z.dll
[2009-05-11 21:59:13 | 000,016,317 | ---- | C] () -- I:\Windows\System32\550ethr5zt256939.dll
[2009-05-05 09:33:21 | 000,007,665 | ---- | C] () -- I:\Windows\System32\2azcspa5se6339.dll
[2009-04-23 16:00:57 | 000,008,938 | ---- | C] () -- I:\Windows\4696addwa5z2383.dll
[2009-04-22 11:34:00 | 000,004,007 | ---- | C] () -- I:\Windows\System32\232dspar5e569z.dll
[2009-04-17 15:59:20 | 000,015,896 | ---- | C] () -- I:\Windows\System32\azbth9ef1519.dll
[2009-04-17 13:54:27 | 000,015,511 | ---- | C] () -- I:\Windows\System32\567fthre5t9712z.dll
[2009-04-15 14:31:13 | 000,006,022 | ---- | C] () -- I:\Windows\System32\584z2troj7799.dll
[2009-04-04 09:52:19 | 000,016,365 | ---- | C] () -- I:\Windows\System32\1z940spam5ot455.dll
[2009-04-04 03:12:14 | 000,013,804 | ---- | C] () -- I:\Windows\System32\9f15vzr348.dll
[2009-03-20 04:16:52 | 000,008,294 | ---- | C] () -- I:\Windows\System32\1bd0spyware2549z.dll
[2009-03-18 06:03:25 | 000,013,027 | ---- | C] () -- I:\Windows\35ect9ze5t27719.dll
[2009-03-05 20:24:30 | 000,004,109 | ---- | C] () -- I:\Windows\211vi9z55.dll
[2009-03-01 13:42:49 | 000,017,848 | ---- | C] () -- I:\Windows\7585ziru9763.dll
[2009-02-25 13:29:59 | 000,003,410 | ---- | C] () -- I:\Windows\4zecthr9at50708.dll
[2009-02-24 07:48:58 | 000,005,542 | ---- | C] () -- I:\Windows\96bcdownloaderz675.dll
[2009-02-16 14:48:32 | 000,016,828 | ---- | C] () -- I:\Windows\System32\225stealz945.dll
[2009-02-11 03:15:05 | 000,008,436 | ---- | C] () -- I:\Windows\4b5sp5waze29.dll
[2009-02-06 04:09:23 | 000,007,250 | ---- | C] () -- I:\Windows\System32\9195spazbo966.dll
[2009-02-06 01:12:26 | 000,009,777 | ---- | C] () -- I:\Windows\553bbzckd9or1772.dll
[2009-01-21 18:32:49 | 000,016,081 | ---- | C] () -- I:\Windows\5b8f95ief294z.dll
[2009-01-20 22:03:58 | 000,012,370 | ---- | C] () -- I:\Windows\System32\95z95worm739.dll
[2009-01-11 22:07:25 | 000,003,048 | ---- | C] () -- I:\Windows\System32\20195troz2329.dll
[2009-01-08 06:14:47 | 000,003,786 | ---- | C] () -- I:\Windows\6129stzal5490.dll
[2009-01-02 17:27:34 | 000,003,173 | ---- | C] () -- I:\Windows\48595yzb.dll
[2008-12-26 15:51:28 | 000,014,656 | ---- | C] () -- I:\Windows\3809t5reatz0485.dll
[2008-12-25 02:54:04 | 000,002,790 | ---- | C] () -- I:\Windows\System32\2z4599roj592.dll
[2008-12-13 22:29:39 | 000,002,986 | ---- | C] () -- I:\Windows\98b3stez52515.dll
[2008-11-28 21:21:10 | 000,015,634 | ---- | C] () -- I:\Windows\System32\6e47a9z5are2203.dll
[2008-11-23 19:02:01 | 000,009,609 | ---- | C] () -- I:\Windows\25259z9t-a-virus3aa.dll
[2008-11-23 17:24:34 | 000,009,155 | ---- | C] () -- I:\Windows\System32\7a2ctzief5097.dll
[2008-11-19 22:55:17 | 000,003,910 | ---- | C] () -- I:\Windows\1159spa9b5t39z.dll
[2008-11-16 05:05:25 | 000,008,851 | ---- | C] () -- I:\Windows\7zcft9r5at22764.dll
[2008-11-12 20:56:52 | 000,017,995 | ---- | C] () -- I:\Windows\System32\729cz5r159.dll
[2008-11-10 15:27:31 | 000,005,873 | ---- | C] () -- I:\Windows\System32\9b2zaddwar51347.dll
[2008-10-27 00:13:02 | 000,013,563 | ---- | C] () -- I:\Windows\1z479s9y157.dll
[2008-10-24 05:15:05 | 000,009,604 | ---- | C] () -- I:\Windows\35e0d5wnzoader3292.dll
[2008-10-23 16:08:05 | 000,002,986 | ---- | C] () -- I:\Windows\System32\6538vir3z97.dll
[2008-10-22 00:01:48 | 000,017,427 | ---- | C] () -- I:\Windows\fc6zddwar52409.dll
[2008-10-12 14:56:00 | 000,006,439 | ---- | C] () -- I:\Windows\4cbz95ief2139.dll
[2008-10-11 06:02:52 | 000,014,578 | ---- | C] () -- I:\Windows\2z94backd9or2546.dll
[2008-10-04 07:41:33 | 000,013,273 | ---- | C] () -- I:\Windows\92810worz745.dll
[2008-10-03 11:29:00 | 000,013,866 | ---- | C] () -- I:\Windows\System32\9e54s5eal3033z.dll
[2008-09-27 15:57:25 | 000,010,018 | ---- | C] () -- I:\Windows\System32\552fspywarz309.dll
[2008-09-19 21:26:22 | 000,004,778 | ---- | C] () -- I:\Windows\11755n9t-a-viruz407.dll
[2008-09-10 16:50:49 | 000,015,894 | ---- | C] () -- I:\Windows\System32\93687zr5j2af.dll
[2008-09-07 12:07:29 | 000,013,408 | ---- | C] () -- I:\Windows\System32\1370znot-a-v9r5s222.dll
[2008-09-02 04:17:48 | 000,010,325 | ---- | C] () -- I:\Windows\System32\29029ha5kto9lz31.dll
[2008-08-27 02:40:48 | 000,016,379 | ---- | C] () -- I:\Windows\System32\6a65ad9waze25155.dll
[2008-08-24 05:35:13 | 000,015,184 | ---- | C] () -- I:\Windows\3723v951413z.dll
[2008-08-21 10:58:31 | 000,005,786 | ---- | C] () -- I:\Windows\129419ot-a5virus4z.dll
[2008-08-20 09:45:33 | 000,015,543 | ---- | C] () -- I:\Windows\ce9zhie51274.dll
[2008-08-09 23:13:55 | 000,016,307 | ---- | C] () -- I:\Windows\System32\3383tro9554z.dll
[2008-08-08 09:02:48 | 000,006,762 | ---- | C] () -- I:\Windows\System32\7a9cspyza591987.dll
[2008-07-27 22:45:38 | 000,011,332 | ---- | C] () -- I:\Windows\System32\157559ozm187.dll
[2008-07-20 21:07:08 | 000,016,233 | ---- | C] () -- I:\Windows\35b5addware9z9.dll
[2008-07-11 19:06:28 | 000,014,424 | ---- | C] () -- I:\Windows\7z6dt95ef1829.dll
[2008-07-05 09:54:11 | 000,014,253 | ---- | C] () -- I:\Windows\55699i52951z.dll
[2008-06-24 10:15:55 | 000,002,994 | ---- | C] () -- I:\Windows\System32\27532hzcktool2c69.dll
[2008-06-17 19:28:56 | 000,010,411 | ---- | C] () -- I:\Windows\System32\3z5609pambot1b6.dll
[2008-06-15 02:05:45 | 000,013,928 | ---- | C] () -- I:\Windows\System32\9z50v5r2824.dll
[2008-05-16 00:18:18 | 000,011,329 | ---- | C] () -- I:\Windows\1e4stzal5950.dll
[2008-05-10 08:13:15 | 000,005,187 | ---- | C] () -- I:\Windows\System32\1c8z9hrea515524.dll
[2008-05-02 07:43:48 | 000,002,649 | ---- | C] () -- I:\Windows\System32\61ezthr9at658.dll
[2008-04-29 01:14:47 | 000,003,067 | ---- | C] () -- I:\Windows\7595zir152.dll
[2008-04-26 01:06:48 | 000,010,864 | ---- | C] () -- I:\Windows\15097nzt-a-v95us563.dll
[2008-04-24 14:40:41 | 000,002,860 | ---- | C] () -- I:\Windows\1692zviru935c.dll
[2008-04-22 18:16:26 | 000,003,108 | ---- | C] () -- I:\Windows\31984hackt9ozc5.dll
[2008-04-21 00:50:11 | 000,008,653 | ---- | C] () -- I:\Windows\System32\5d8czparse11039.dll
[2008-04-04 17:31:39 | 000,014,875 | ---- | C] () -- I:\Windows\System32\50zest9a51998.dll
[2008-04-02 18:59:19 | 000,017,089 | ---- | C] () -- I:\Windows\389zspar5e2925.dll
[2008-03-25 17:22:16 | 000,017,832 | ---- | C] () -- I:\Windows\System32\15889ackdozr1283.dll
[2008-03-20 00:40:18 | 000,011,584 | ---- | C] () -- I:\Windows\642c5hzeat90196.dll
[2008-03-16 03:46:01 | 000,013,086 | ---- | C] () -- I:\Windows\System32\59azteal1521.dll
[2008-03-11 22:52:27 | 000,010,514 | ---- | C] () -- I:\Windows\91450zacktool555.dll
[2008-02-25 06:31:50 | 000,004,318 | ---- | C] () -- I:\Windows\31925ot-a-virzs598.dll
[2008-02-25 01:32:44 | 000,003,286 | ---- | C] () -- I:\Windows\System32\zb40back5oor9132.dll
[2008-02-20 16:49:32 | 000,009,818 | ---- | C] () -- I:\Windows\System32\6z62w9rm55d.dll
[2008-02-09 09:07:40 | 000,008,321 | ---- | C] () -- I:\Windows\System32\2z2a5pa9se804.dll
[2008-02-06 23:26:30 | 000,009,597 | ---- | C] () -- I:\Windows\69f6zp5rse409.dll
[2008-01-29 06:17:43 | 000,002,814 | ---- | C] () -- I:\Windows\29fthzef2159.dll
[2008-01-13 14:22:02 | 000,015,462 | ---- | C] () -- I:\Windows\4573doz95oader2603.dll
[2008-01-10 17:59:49 | 000,006,917 | ---- | C] () -- I:\Windows\System32\18631not5a-viru94z5.dll
[2008-01-10 11:33:14 | 000,003,066 | ---- | C] () -- I:\Windows\System32\5700hazktoo91005.dll
[2008-01-09 01:41:06 | 000,018,423 | ---- | C] () -- I:\Windows\z797threat17556.dll
[2008-01-03 07:52:00 | 000,005,819 | ---- | C] () -- I:\Windows\System32\zc29downloader1165.dll
[2007-11-07 04:19:28 | 000,053,299 | ---- | C] () -- I:\Windows\System32\pthreadVC.dll
[2007-09-12 23:54:48 | 000,141,180 | ---- | C] () -- I:\Windows\System32\xlive.dll.cat
[2007-03-23 17:35:26 | 000,022,723 | ---- | C] () -- I:\Windows\System32\xrxs1l3.dll
[2006-12-12 07:36:18 | 000,022,723 | ---- | C] () -- I:\Windows\System32\sugo2l3.dll
[2002-03-21 15:39:02 | 000,073,728 | ---- | C] () -- I:\Windows\System32\UNACEV2.DLL

========== LOP Check ==========

[2009-11-08 22:09:04 | 000,000,000 | ---D | M] -- I:\Users\Emily\AppData\Roaming\ACD Systems
[2009-10-17 19:15:40 | 000,000,000 | ---D | M] -- I:\Users\Emily\AppData\Roaming\casanova
[2010-03-22 23:41:56 | 000,000,000 | ---D | M] -- I:\Users\Emily\AppData\Roaming\EndNote
[2009-10-06 00:50:42 | 000,000,000 | ---D | M] -- I:\Users\Emily\AppData\Roaming\GameInvest
[2010-04-06 15:31:25 | 000,000,000 | ---D | M] -- I:\Users\Emily\AppData\Roaming\GOA
[2009-11-10 18:21:10 | 000,000,000 | ---D | M] -- I:\Users\Emily\AppData\Roaming\gtk-2.0
[2009-11-11 12:18:34 | 000,000,000 | ---D | M] -- I:\Users\Emily\AppData\Roaming\iWin
[2009-12-24 16:00:29 | 000,000,000 | ---D | M] -- I:\Users\Emily\AppData\Roaming\LockTime
[2009-10-06 23:57:17 | 000,000,000 | ---D | M] -- I:\Users\Emily\AppData\Roaming\Merscom
[2010-05-09 23:29:10 | 000,000,000 | ---D | M] -- I:\Users\Emily\AppData\Roaming\Mobipocket
[2009-11-08 18:39:32 | 000,000,000 | ---D | M] -- I:\Users\Emily\AppData\Roaming\Movies Extractor Scout LITE
[2010-03-14 15:46:05 | 000,000,000 | ---D | M] -- I:\Users\Emily\AppData\Roaming\Octoshape
[2009-10-10 13:58:14 | 000,000,000 | ---D | M] -- I:\Users\Emily\AppData\Roaming\Peace Craft
[2009-11-08 10:25:32 | 000,000,000 | ---D | M] -- I:\Users\Emily\AppData\Roaming\PlayFirst
[2009-10-14 16:27:16 | 000,000,000 | ---D | M] -- I:\Users\Emily\AppData\Roaming\Playrix Entertainment
[2010-06-12 23:32:28 | 000,000,000 | ---D | M] -- I:\Users\Emily\AppData\Roaming\PPStream
[2010-01-16 22:09:01 | 000,000,000 | ---D | M] -- I:\Users\Emily\AppData\Roaming\Sprite Software
[2010-01-16 22:35:44 | 000,000,000 | ---D | M] -- I:\Users\Emily\AppData\Roaming\Thunderbird
[2010-06-01 15:40:08 | 000,000,000 | ---D | M] -- I:\Users\Emily\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2009-11-07 02:13:39 | 000,000,000 | ---D | M] -- I:\Users\Emily\AppData\Roaming\Uniblue
[2010-06-12 18:18:42 | 000,000,434 | ---- | M] () -- I:\Windows\Tasks\At1.job
[2010-03-12 20:44:07 | 000,032,638 | ---- | M] () -- I:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009-06-11 05:42:20 | 000,000,024 | ---- | M] () -- I:\autoexec.bat
[2009-08-06 00:26:24 | 000,000,040 | -H-- | M] () -- I:\autorun.inf
[2009-07-14 09:38:58 | 000,383,562 | RHS- | M] () -- I:\bootmgr
[2009-11-04 01:27:21 | 000,008,192 | ---- | M] () -- I:\bootsect.lxe.bak
[2009-06-11 05:42:20 | 000,000,010 | ---- | M] () -- I:\config.sys
[2008-04-22 00:23:06 | 000,243,761 | -H-- | M] () -- I:\driveicondjgdesign.ico
[2009-11-04 01:27:20 | 000,383,592 | RHS- | M] () -- I:\gdrop
[2010-06-13 06:16:48 | 1602,760,704 | -HS- | M] () -- I:\hiberfil.sys
[2010-06-13 06:17:03 | 2137,018,368 | -HS- | M] () -- I:\pagefile.sys
[2009-05-17 23:00:36 | 1716,912,127 | ---- | M] () -- I:\rld-sim3.iso
[2009-11-04 01:27:20 | 000,171,136 | RHS- | M] () -- I:\xeldr

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009-07-14 09:15:50 | 001,386,496 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- I:\Windows\System32\msvbvm60.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >

========== Alternate Data Streams ==========

@Alternate Data Stream - 183 bytes -> I:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 150 bytes -> I:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 133 bytes -> I:\ProgramData\TEMP:9485E512
@Alternate Data Stream - 124 bytes -> I:\ProgramData\TEMP:CF1334B0
@Alternate Data Stream - 114 bytes -> I:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 107 bytes -> I:\ProgramData\TEMP:CB0FEE2B

< End of report >


OTL Extras logfile created on: 13-Jun-10 11:49:01 AM - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = I:\Users\Emily\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 53.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = I: | %SystemRoot% = I:\Windows | %ProgramFiles% = I:\Program Files
Drive C: | 303.22 Mb Total Space | 195.79 Mb Free Space | 64.57% Space Free | Partition Type: NTFS
Drive D: | 29.77 Gb Total Space | 20.18 Gb Free Space | 67.76% Space Free | Partition Type: NTFS
Drive E: | 4.38 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
Drive G: | 12.09 Gb Total Space | 2.33 Gb Free Space | 19.27% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
Drive I: | 69.57 Gb Total Space | 27.59 Gb Free Space | 39.65% Space Free | Partition Type: NTFS
Drive W: | 465.65 Gb Total Space | 237.85 Gb Free Space | 51.08% Space Free | Partition Type: FAT32

Computer Name: EMILY-EDEN
Current User Name: Emily
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- I:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- I:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- G:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.reg [@ = regfile] -- "%1"

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "G:\Program Files\Microsoft Office 2007\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "G:\Program Files\Microsoft Office 2007\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "G:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "G:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [open] -- "%1"
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee 11.0.Browse] -- "I:\Program Files\ACD Systems\ACDSee\11.0\ACDSeeQV11.exe" "%1" (ACD Systems)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"I:\Program Files\PPStream\PPStream.exe" = I:\Program Files\PPStream\PPStream.exe:*:Enabled:PPSÍøÂçµçÊÓ -- (PPStream Inc.)
"I:\Program Files\PPStream\PPSAP.exe" = I:\Program Files\PPStream\PPSAP.exe:*:Enabled:PPS ÍøÂç¼ÓËÙÆ÷ -- (PPStream Inc)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01A50E64-C180-A651-5729-96BF128289D0}" = TweetDeck
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 16
"{2F750C77-1FEC-44F9-88CC-2CE322EBD61E}" = Microsoft Games for Windows - LIVE Redistributable
"{300578F9-9EFF-4B93-9AB1-C0E5707EF463}" = ACDSee Photo Manager 2009
"{342126E1-173C-4585-BFBE-3EBDD20E3E9E}" = Mobipocket Reader 6.2
"{343EFA17-5BC5-44DA-924F-539ECBEFF68C}" = Viva Pinata
"{394BE3D9-7F57-4638-A8D1-1D88671913B7}" = Microsoft AppLocale
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{458544A1-1EDA-4D8F-A77D-A0738721A258}" = Application Suite
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{86B3F2D6-AC2B-4E88-8AE1-F2F77F781B0C}" = EndNote X3
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center
"{943B6738-4801-4982-90EC-0442EF7AEB16}" = Kaspersky Anti-Virus 2010
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AA468551-1794-42FE-B504-C41D75EEBDF2}_is1" = Partition Wizard Home Edition 4.1
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.4
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation®Network Downloader
"{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{BFD96B89-B769-4CD6-B11E-E79FFD46F067}" = QuickTime
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile Device Center Driver Update
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"Foxit Reader" = Foxit Reader
"GTK2-Runtime" = GTK2-Runtime
"HDMI" = Intel® Graphics Media Accelerator Driver
"IKEA Home Planner" = IKEA Home Planner
"InstallShield_{343EFA17-5BC5-44DA-924F-539ECBEFF68C}" = Viva Piñata
"InstallWIX_{943B6738-4801-4982-90EC-0442EF7AEB16}" = Kaspersky Anti-Virus 2010
"Kings Bounty Armored Princess_is1" = Kings Bounty Armored Princess
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.5.3 (Full)
"Little Folk Of Faery1.0" = Little Folk Of Faery
"Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)
"PowerISO" = PowerISO
"PPStream" = PPStream V2.6.86.8989 Final
"RealPlayer 6.0" = RealPlayer
"ResearchSoft Direct Export Helper" = ResearchSoft Direct Export Helper
"Revo Uninstaller" = Revo Uninstaller 1.75
"Shockwave" = Shockwave
"ST6UNST #1" = ScreenPrint32 v3.5
"TVWiz" = Intel® TV Wizard
"TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1" = TweetDeck
"Virtual Villagers 4 - The Tree of Life1.0" = Virtual Villagers 4 - The Tree of Life
"Windows Mobile Device Handbook" = Windows Mobile Resources
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.0.2
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Octoshape Streaming Services" = Octoshape Streaming Services

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11-Jun-10 12:30:44 PM | Computer Name = Emily-Eden | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "I:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "I:\Program
Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
of attribute "version" in element "assemblyIdentity" is invalid.

Error - 12-Jun-10 7:17:55 AM | Computer Name = Emily-Eden | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 12-Jun-10 7:18:38 AM | Computer Name = Emily-Eden | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 12-Jun-10 8:20:43 AM | Computer Name = Emily-Eden | Source = Google Update | ID = 20
Description =

Error - 12-Jun-10 9:20:41 AM | Computer Name = Emily-Eden | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 12-Jun-10 9:21:26 AM | Computer Name = Emily-Eden | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 12-Jun-10 5:48:02 PM | Computer Name = Emily-Eden | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 1.9.1.3726 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: da0 Start
Time: 01cb0a7222eff660 Termination Time: 31 Application Path: G:\Program Files\Mozilla
Firefox\firefox.exe Report Id: 0afd2e49-766c-11df-90b8-001c23317247

Error - 12-Jun-10 5:50:46 PM | Computer Name = Emily-Eden | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 1.9.1.3726 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: abc Start
Time: 01cb0a78f2d4991a Termination Time: 32 Application Path: G:\Program Files\Mozilla
Firefox\firefox.exe Report Id: 8235a694-766c-11df-90b8-001c23317247

Error - 12-Jun-10 7:31:15 PM | Computer Name = Emily-Eden | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "I:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "I:\Program
Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
of attribute "version" in element "assemblyIdentity" is invalid.

Error - 12-Jun-10 11:37:28 PM | Computer Name = Emily-Eden | Source = Application Hang | ID = 1002
Description = The program is-URTP5.tmp version 0.0.0.0 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: e0c Start
Time: 01cb0a7fb69d43fa Termination Time: 6 Application Path: I:\Users\Emily\AppData\Local\Temp\is-8HPE0.tmp\is-URTP5.tmp

Report
Id: ed6ce955-769c-11df-8316-001c23317247

[ System Events ]
Error - 12-Jun-10 6:13:34 PM | Computer Name = Emily-Eden | Source = Service Control Manager | ID = 7000
Description = The DgiVecp service failed to start due to the following error: %%20

Error - 12-Jun-10 6:13:34 PM | Computer Name = Emily-Eden | Source = Service Control Manager | ID = 7023
Description = The Intel® Wireless WiFi Link 5000 Series Adapter for Windows Vista
32 BitSupport service terminated with the following error: %%126

Error - 12-Jun-10 6:13:41 PM | Computer Name = Emily-Eden | Source = Service Control Manager | ID = 7000
Description = The SSPORT service failed to start due to the following error: %%2

Error - 12-Jun-10 6:13:41 PM | Computer Name = Emily-Eden | Source = Service Control Manager | ID = 7023
Description = The Function Discovery Resource Publication service terminated with
the following error: %%-2147014847

Error - 12-Jun-10 6:16:57 PM | Computer Name = Emily-Eden | Source = EventLog | ID = 6008
Description = The previous system shutdown at 6:15:09 AM on ?13/?6/?2010 was unexpected.

Error - 12-Jun-10 6:17:09 PM | Computer Name = Emily-Eden | Source = BugCheck | ID = 1001
Description =

Error - 12-Jun-10 6:17:09 PM | Computer Name = Emily-Eden | Source = Service Control Manager | ID = 7000
Description = The DgiVecp service failed to start due to the following error: %%20

Error - 12-Jun-10 6:17:09 PM | Computer Name = Emily-Eden | Source = Service Control Manager | ID = 7023
Description = The Intel® Wireless WiFi Link 5000 Series Adapter for Windows Vista
32 BitSupport service terminated with the following error: %%126

Error - 12-Jun-10 6:17:16 PM | Computer Name = Emily-Eden | Source = Service Control Manager | ID = 7000
Description = The SSPORT service failed to start due to the following error: %%2

Error - 12-Jun-10 6:17:16 PM | Computer Name = Emily-Eden | Source = Service Control Manager | ID = 7023
Description = The Function Discovery Resource Publication service terminated with
the following error: %%-2147014847


< End of report >

[RPMcMurphy]

Hi emily6238,

You can skip the GMER scan for now.

Your logs indicate that you are using cracks and/or keygens. We don't support software piracy on this forum so, while I’ll deal with your current problem, any further help will be based on you not being seen to involve yourself with such practices in the future. Using cracks or keygens is always a very high risk. When you install the cracked software, you are running executable files from dubious, unknown sources. You are in effect giving these sources access to information on your hard disk, and potential control over the operation of your computer.

Run OTL.exe

• Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
  
  

  :OTL
  O2 - BHO: (ThunderAtOnce Class) - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - G:\Program Files\HHH\Thunder\ComDlls\TDAtOnce.dll (Thunder Networking Technologies,LTD)
  O2 - BHO: (Thunder Browser Helper) - {889D2FEB-5411-4565-8998-1DD2C5261283} - I:\Users\Emily\AppData\Local\Temp\Rar$EX05.380\Thunder\ComDlls\xunleiBHO_Now.dll File not found
  O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
  O20 - HKLM Winlogon: UserInit - (I:\Windows\fakygak.exe) - I:\Windows\fakygak.exe File not found
  O20 - HKLM Winlogon: UserInit - (I:\Program Files\Internet Explorer\fakygak.exe) - I:\Program Files\Internet Explorer\fakygak.exe ()
  O20 - HKLM Winlogon: UserInit - (I:\Program Files\Movie Maker\fakygak.exe) - I:\Program Files\Movie Maker\fakygak.exe File not found
  O20 - HKLM Winlogon: UserInit - (I:\Windows\xmekufu.exe) - I:\Windows\xmekufu.exe ()
  O20 - HKLM Winlogon: UserInit - (I:\Program Files\Internet Explorer\xmekufu.exe) - I:\Program Files\Internet Explorer\xmekufu.exe ()
  O20 - HKLM Winlogon: UserInit - (I:\Program Files\Movie Maker\xmekufu.exe) - I:\Program Files\Movie Maker\xmekufu.exe File not found
  O20 - HKLM Winlogon: UserInit - (I:\Windows\esoagyvs.exe) - I:\Windows\esoagyvs.exe File not found
  O20 - HKLM Winlogon: UserInit - (I:\Program Files\Internet Explorer\esoagyvs.exe) - I:\Program Files\Internet Explorer\esoagyvs.exe ()
  O20 - HKLM Winlogon: UserInit - (I:\Program Files\Movie Maker\esoagyvs.exe) - I:\Program Files\Movie Maker\esoagyvs.exe File not found
  O20 - Winlogon\Notify\thpkxuex: DllName - unknown - File not found
  O33 - MountPoints2\F\Shell - "" = AutoRun
  O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\autorun.exe -- File not found
  O33 - MountPoints2\H\Shell - "" = AutoRun
  O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\DVDCheck.exe -- File not found
  [1 I:\Users\Emily\Documents\*.tmp files -> I:\Users\Emily\Documents\*.tmp -> ]
  [2010-06-12 19:08:39 | 000,345,088 | ---- | M] () -- I:\Windows\xmekufu.exe
  [2010-05-03 00:01:54 | 000,000,000 | ---D | C] -- I:\Users\Emily\Desktop\Paragon.Software.SlovoEd.Dictionary.v7.0.Build.4614.93.Multilingual.XScale.
  WM05.WM06.Cracked-COREPDA-amivoytec
  [2010-01-08 22:12:36 | 000,860,672 | ---- | C] () -- I:\Windows\System32\drivers\gyxkwmj.sys
  [2009-11-21 07:53:17 | 000,009,866 | ---- | C] () -- I:\Windows\System32\3f09threat18758z.dll
  [2009-11-19 05:44:20 | 000,013,419 | ---- | C] () -- I:\Windows\System32\195cdownlzader13769.dll
  [2009-11-06 21:39:26 | 000,007,217 | ---- | C] () -- I:\Windows\System32\18968s5z6b1.dll
  [2009-11-06 11:17:43 | 000,010,174 | ---- | C] () -- I:\Windows\System32\359z29roj77c.dll
  [2009-11-04 16:28:26 | 000,017,833 | ---- | C] () -- I:\Windows\509fsteal17z89.dll
  [2009-11-04 16:28:26 | 000,015,959 | ---- | C] () -- I:\Windows\43b5t95efz315.dll
  [2009-11-04 16:28:26 | 000,010,148 | ---- | C] () -- I:\Windows\131z9not-a-viru97b5.dll
  [2009-11-04 16:28:26 | 000,007,148 | ---- | C] () -- I:\Windows\18852zor9534.dll
  [2009-11-04 14:49:50 | 000,017,976 | ---- | C] () -- I:\Windows\15260not-9-vzru52c3.dll
  [2009-11-04 14:49:50 | 000,017,575 | ---- | C] () -- I:\Windows\System32\35599orm7z0.dll
  [2009-11-04 14:49:50 | 000,017,085 | ---- | C] () -- I:\Windows\System32\3fd9do5nl9azer996.dll
  [2009-11-04 14:49:50 | 000,016,819 | ---- | C] () -- I:\Windows\25712viru54d9z.dll
  [2009-11-04 14:49:50 | 000,014,462 | ---- | C] () -- I:\Windows\System32\22974not-5-virus1az.dll
  [2009-11-04 14:49:50 | 000,014,071 | ---- | C] () -- I:\Windows\System32\7z7hackto5l379.dll
  [2009-11-04 14:49:50 | 000,013,578 | ---- | C] () -- I:\Windows\395cthreatz2555.dll
  [2009-11-04 14:49:50 | 000,011,698 | ---- | C] () -- I:\Windows\545z9orm685.dll
  [2009-11-04 14:49:50 | 000,010,022 | ---- | C] () -- I:\Windows\5f1zdown9oader8445.dll
  [2009-11-04 14:49:50 | 000,009,504 | ---- | C] () -- I:\Windows\115z9not-a-virus675.dll
  [2009-11-04 14:49:50 | 000,009,310 | ---- | C] () -- I:\Windows\124not5z-virus529.dll
  [2009-11-04 14:49:50 | 000,008,343 | ---- | C] () -- I:\Windows\System32\917sp9rsez546.dll
  [2009-11-04 14:49:50 | 000,008,161 | ---- | C] () -- I:\Windows\10890hacktozl55.dll
  [2009-11-04 14:49:50 | 000,006,684 | ---- | C] () -- I:\Windows\50398spambot59z.dll
  [2009-11-04 14:49:50 | 000,005,432 | ---- | C] () -- I:\Windows\6b8bszarse2559.dll
  [2009-11-04 14:49:50 | 000,004,173 | ---- | C] () -- I:\Windows\System32\1z5199ormba.dll
  [2009-11-04 14:49:50 | 000,002,972 | ---- | C] () -- I:\Windows\System32\24999pa5se3226z.dll
  [2009-11-04 14:49:50 | 000,002,579 | ---- | C] () -- I:\Windows\System32\98574tzoj55b.dll
  [2009-11-04 14:49:49 | 000,012,582 | ---- | C] () -- I:\Windows\5e36thze51940.dll
  [2009-11-04 14:49:49 | 000,009,192 | ---- | C] () -- I:\Windows\1896worz5b5.dll
  [2009-11-04 14:49:47 | 000,012,115 | ---- | C] () -- I:\Windows\System32\4b6bs9yw5rez211.dll
  [2009-11-04 14:49:47 | 000,010,679 | ---- | C] () -- I:\Windows\2834zp569e.dll
  [2009-11-04 14:49:47 | 000,007,207 | ---- | C] () -- I:\Windows\System32\99b9thief151z.dll
  [2009-11-04 14:49:47 | 000,005,704 | ---- | C] () -- I:\Windows\System32\39833h5cktool6b7z.dll
  [2009-11-04 14:49:46 | 000,018,419 | ---- | C] () -- I:\Windows\62czv5r30659.dll
  [2009-11-04 14:49:46 | 000,016,737 | ---- | C] () -- I:\Windows\System32\9zaspa9se2255.dll
  [2009-11-04 14:49:46 | 000,010,938 | ---- | C] () -- I:\Windows\3590downlozder1516.dll
  [2009-11-04 14:49:46 | 000,009,346 | ---- | C] () -- I:\Windows\System32\98dabacz5oor2492.dll
  [2009-11-04 14:49:46 | 000,007,972 | ---- | C] () -- I:\Windows\System32\6fa95ackdoz92156.dll
  [2009-11-04 14:49:46 | 000,004,340 | ---- | C] () -- I:\Windows\System32\zffa5hief259.dll
  [2009-11-04 14:49:46 | 000,003,716 | ---- | C] () -- I:\Windows\5758znot-a-v9rus7e5.dll
  [2009-11-04 14:49:46 | 000,003,366 | ---- | C] () -- I:\Windows\5952not9a5vzrus4a2.dll
  [2009-11-04 14:49:46 | 000,002,988 | ---- | C] () -- I:\Windows\System32\26zbbackdo9r515.dll
  [2009-10-28 00:22:46 | 000,004,305 | ---- | C] () -- I:\Windows\24509not-a-vi9uz1c6.dll
  [2009-10-20 23:36:51 | 000,011,961 | ---- | C] () -- I:\Windows\System32\93952wormz07.dll
  [2009-10-19 23:20:50 | 000,017,698 | ---- | C] () -- I:\Windows\2f2zspyw9re1587.dll
  [2009-10-19 11:29:40 | 000,018,261 | ---- | C] () -- I:\Windows\System32\292z5pyware2062.dll
  [2009-10-16 00:42:41 | 000,005,951 | ---- | C] () -- I:\Windows\z5947wo9m572.dll
  [2009-10-12 18:12:17 | 000,011,543 | ---- | C] () -- I:\Windows\System32\10a3backdooz4659.dll
  [2009-10-05 21:03:41 | 000,002,872 | ---- | C] () -- I:\Windows\15420hackzoo94dd5.dll
  [2009-10-05 09:44:01 | 000,004,896 | ---- | C] () -- I:\Windows\27657nzt9a-virus5c.dll
  [2009-09-27 05:27:34 | 000,002,872 | ---- | C] () -- I:\Windows\System32\19215spy456z.dll
  [2009-09-23 19:56:10 | 000,004,285 | ---- | C] () -- I:\Windows\System32\16zt5reat122609.dll
  [2009-09-22 19:46:54 | 000,002,824 | ---- | C] () -- I:\Windows\System32\7z535hief3091.dll
  [2009-09-22 10:37:15 | 000,016,468 | ---- | C] () -- I:\Windows\System32\16955wormz84.dll
  [2009-09-12 19:34:23 | 000,012,168 | ---- | C] () -- I:\Windows\System32\1z959ackdoor1095.dll
  [2009-08-28 21:19:44 | 000,013,984 | ---- | C] () -- I:\Windows\5z319teal1931.dll
  [2009-08-26 13:02:32 | 000,006,686 | ---- | C] () -- I:\Windows\System32\77afdo9nload5r18z8.dll
  2009-08-20 22:19:51 | 000,004,770 | ---- | C] () -- I:\Windows\15844zorm79d.dll
  [2009-08-12 13:34:48 | 000,016,789 | ---- | C] () -- I:\Windows\System32\zff59hief442.dll
  [2009-08-10 13:34:41 | 000,010,648 | ---- | C] () -- I:\Windows\457e5z9al2773.dll
  [2009-08-09 09:48:58 | 000,009,154 | ---- | C] () -- I:\Windows\1d65zhie91085.dll
  [2009-08-08 11:33:36 | 000,013,127 | ---- | C] () -- I:\Windows\System32\6392sparse257z.dll
  [2009-07-29 02:35:26 | 000,016,278 | ---- | C] () -- I:\Windows\System32\z09thie52558.dll
  [2009-07-25 07:53:19 | 000,011,480 | ---- | C] () -- I:\Windows\3144t5reat2990z.dll
  [2009-07-23 17:05:05 | 000,015,833 | ---- | C] () -- I:\Windows\902eszywa5e2822.dll
  [2009-07-23 15:44:53 | 000,005,916 | ---- | C] () -- I:\Windows\System32\25599worz455.dll
  [2009-07-19 18:39:31 | 000,014,501 | ---- | C] () -- I:\Windows\4dczba59door1363.dll
  [2009-07-17 05:56:58 | 000,017,744 | ---- | C] () -- I:\Windows\2e91add5arz3091.dll
  [2009-07-14 21:20:56 | 000,017,875 | ---- | C] () -- I:\Windows\3a589tzal3016.dll
  [2009-07-04 18:13:48 | 000,005,707 | ---- | C] () -- I:\Windows\5951virzs696.dll
  [2009-06-25 22:48:08 | 000,008,258 | ---- | C] () -- I:\Windows\System32\4991spz4165.dll
  [2009-06-22 14:59:35 | 000,003,405 | ---- | C] () -- I:\Windows\System32\25869noz-a-5irus3a4.dll
  [2009-06-20 01:25:14 | 000,012,036 | ---- | C] () -- I:\Windows\z414sp57f69.dll
  [2009-06-16 03:52:25 | 000,009,186 | ---- | C] () -- I:\Windows\69z5ste9l1857.dll
  [2009-06-11 19:16:38 | 000,010,190 | ---- | C] () -- I:\Windows\System32\49e7z5eal1951.dll
  [2009-05-28 18:19:55 | 000,017,617 | ---- | C] () -- I:\Windows\2f52s9ezl2489.dll
  [2009-05-25 02:35:29 | 000,014,494 | ---- | C] () -- I:\Windows\2150hackz9ol41e.dll
  [2009-05-15 12:01:38 | 000,005,229 | ---- | C] () -- I:\Windows\15193not-a-vi95s4z.dll
  [2009-05-11 21:59:13 | 000,016,317 | ---- | C] () -- I:\Windows\System32\550ethr5zt256939.dll
  [2009-05-05 09:33:21 | 000,007,665 | ---- | C] () -- I:\Windows\System32\2azcspa5se6339.dll
  [2009-04-23 16:00:57 | 000,008,938 | ---- | C] () -- I:\Windows\4696addwa5z2383.dll
  [2009-04-22 11:34:00 | 000,004,007 | ---- | C] () -- I:\Windows\System32\232dspar5e569z.dll
  [2009-04-17 15:59:20 | 000,015,896 | ---- | C] () -- I:\Windows\System32\azbth9ef1519.dll
  [2009-04-17 13:54:27 | 000,015,511 | ---- | C] () -- I:\Windows\System32\567fthre5t9712z.dll
  [2009-04-15 14:31:13 | 000,006,022 | ---- | C] () -- I:\Windows\System32\584z2troj7799.dll
  [2009-04-04 09:52:19 | 000,016,365 | ---- | C] () -- I:\Windows\System32\1z940spam5ot455.dll
  [2009-04-04 03:12:14 | 000,013,804 | ---- | C] () -- I:\Windows\System32\9f15vzr348.dll
  [2009-03-20 04:16:52 | 000,008,294 | ---- | C] () -- I:\Windows\System32\1bd0spyware2549z.dll
  [2009-03-18 06:03:25 | 000,013,027 | ---- | C] () -- I:\Windows\35ect9ze5t27719.dll
  [2009-03-05 20:24:30 | 000,004,109 | ---- | C] () -- I:\Windows\211vi9z55.dll
  [2009-03-01 13:42:49 | 000,017,848 | ---- | C] () -- I:\Windows\7585ziru9763.dll
  [2009-02-25 13:29:59 | 000,003,410 | ---- | C] () -- I:\Windows\4zecthr9at50708.dll
  [2009-02-24 07:48:58 | 000,005,542 | ---- | C] () -- I:\Windows\96bcdownloaderz675.dll
  [2009-02-16 14:48:32 | 000,016,828 | ---- | C] () -- I:\Windows\System32\225stealz945.dll
  [2009-02-11 03:15:05 | 000,008,436 | ---- | C] () -- I:\Windows\4b5sp5waze29.dll
  [2009-02-06 04:09:23 | 000,007,250 | ---- | C] () -- I:\Windows\System32\9195spazbo966.dll
  [2009-02-06 01:12:26 | 000,009,777 | ---- | C] () -- I:\Windows\553bbzckd9or1772.dll
  [2009-01-21 18:32:49 | 000,016,081 | ---- | C] () -- I:\Windows\5b8f95ief294z.dll
  [2009-01-20 22:03:58 | 000,012,370 | ---- | C] () -- I:\Windows\System32\95z95worm739.dll
  [2009-01-11 22:07:25 | 000,003,048 | ---- | C] () -- I:\Windows\System32\20195troz2329.dll
  [2009-01-08 06:14:47 | 000,003,786 | ---- | C] () -- I:\Windows\6129stzal5490.dll
  [2009-01-02 17:27:34 | 000,003,173 | ---- | C] () -- I:\Windows\48595yzb.dll
  [2008-12-26 15:51:28 | 000,014,656 | ---- | C] () -- I:\Windows\3809t5reatz0485.dll
  [2008-12-25 02:54:04 | 000,002,790 | ---- | C] () -- I:\Windows\System32\2z4599roj592.dll
  [2008-12-13 22:29:39 | 000,002,986 | ---- | C] () -- I:\Windows\98b3stez52515.dll
  [2008-11-28 21:21:10 | 000,015,634 | ---- | C] () -- I:\Windows\System32\6e47a9z5are2203.dll
  [2008-11-23 19:02:01 | 000,009,609 | ---- | C] () -- I:\Windows\25259z9t-a-virus3aa.dll
  [2008-11-23 17:24:34 | 000,009,155 | ---- | C] () -- I:\Windows\System32\7a2ctzief5097.dll
  [2008-11-19 22:55:17 | 000,003,910 | ---- | C] () -- I:\Windows\1159spa9b5t39z.dll
  [2008-11-16 05:05:25 | 000,008,851 | ---- | C] () -- I:\Windows\7zcft9r5at22764.dll
  [2008-11-12 20:56:52 | 000,017,995 | ---- | C] () -- I:\Windows\System32\729cz5r159.dll
  [2008-11-10 15:27:31 | 000,005,873 | ---- | C] () -- I:\Windows\System32\9b2zaddwar51347.dll
  [2008-10-27 00:13:02 | 000,013,563 | ---- | C] () -- I:\Windows\1z479s9y157.dll
  [2008-10-24 05:15:05 | 000,009,604 | ---- | C] () -- I:\Windows\35e0d5wnzoader3292.dll
  [2008-10-23 16:08:05 | 000,002,986 | ---- | C] () -- I:\Windows\System32\6538vir3z97.dll
  [2008-10-22 00:01:48 | 000,017,427 | ---- | C] () -- I:\Windows\fc6zddwar52409.dll
  [2008-10-12 14:56:00 | 000,006,439 | ---- | C] () -- I:\Windows\4cbz95ief2139.dll
  [2008-10-11 06:02:52 | 000,014,578 | ---- | C] () -- I:\Windows\2z94backd9or2546.dll
  [2008-10-04 07:41:33 | 000,013,273 | ---- | C] () -- I:\Windows\92810worz745.dll
  [2008-10-03 11:29:00 | 000,013,866 | ---- | C] () -- I:\Windows\System32\9e54s5eal3033z.dll
  [2008-09-27 15:57:25 | 000,010,018 | ---- | C] () -- I:\Windows\System32\552fspywarz309.dll
  [2008-09-19 21:26:22 | 000,004,778 | ---- | C] () -- I:\Windows\11755n9t-a-viruz407.dll
  [2008-09-10 16:50:49 | 000,015,894 | ---- | C] () -- I:\Windows\System32\93687zr5j2af.dll
  [2008-09-07 12:07:29 | 000,013,408 | ---- | C] () -- I:\Windows\System32\1370znot-a-v9r5s222.dll
  [2008-09-02 04:17:48 | 000,010,325 | ---- | C] () -- I:\Windows\System32\29029ha5kto9lz31.dll
  [2008-08-27 02:40:48 | 000,016,379 | ---- | C] () -- I:\Windows\System32\6a65ad9waze25155.dll
  [2008-08-24 05:35:13 | 000,015,184 | ---- | C] () -- I:\Windows\3723v951413z.dll
  [2008-08-21 10:58:31 | 000,005,786 | ---- | C] () -- I:\Windows\129419ot-a5virus4z.dll
  [2008-08-20 09:45:33 | 000,015,543 | ---- | C] () -- I:\Windows\ce9zhie51274.dll
  [2008-08-09 23:13:55 | 000,016,307 | ---- | C] () -- I:\Windows\System32\3383tro9554z.dll
  [2008-08-08 09:02:48 | 000,006,762 | ---- | C] () -- I:\Windows\System32\7a9cspyza591987.dll
  [2008-07-27 22:45:38 | 000,011,332 | ---- | C] () -- I:\Windows\System32\157559ozm187.dll
  [2008-07-20 21:07:08 | 000,016,233 | ---- | C] () -- I:\Windows\35b5addware9z9.dll
  [2008-07-11 19:06:28 | 000,014,424 | ---- | C] () -- I:\Windows\7z6dt95ef1829.dll
  [2008-07-05 09:54:11 | 000,014,253 | ---- | C] () -- I:\Windows\55699i52951z.dll
  [2008-06-24 10:15:55 | 000,002,994 | ---- | C] () -- I:\Windows\System32\27532hzcktool2c69.dll
  [2008-06-17 19:28:56 | 000,010,411 | ---- | C] () -- I:\Windows\System32\3z5609pambot1b6.dll
  [2008-06-15 02:05:45 | 000,013,928 | ---- | C] () -- I:\Windows\System32\9z50v5r2824.dll
  [2008-05-16 00:18:18 | 000,011,329 | ---- | C] () -- I:\Windows\1e4stzal5950.dll
  [2008-05-10 08:13:15 | 000,005,187 | ---- | C] () -- I:\Windows\System32\1c8z9hrea515524.dll
  [2008-05-02 07:43:48 | 000,002,649 | ---- | C] () -- I:\Windows\System32\61ezthr9at658.dll
  [2008-04-29 01:14:47 | 000,003,067 | ---- | C] () -- I:\Windows\7595zir152.dll
  [2008-04-26 01:06:48 | 000,010,864 | ---- | C] () -- I:\Windows\15097nzt-a-v95us563.dll
  [2008-04-24 14:40:41 | 000,002,860 | ---- | C] () -- I:\Windows\1692zviru935c.dll
  [2008-04-22 18:16:26 | 000,003,108 | ---- | C] () -- I:\Windows\31984hackt9ozc5.dll
  [2008-04-21 00:50:11 | 000,008,653 | ---- | C] () -- I:\Windows\System32\5d8czparse11039.dll
  [2008-04-04 17:31:39 | 000,014,875 | ---- | C] () -- I:\Windows\System32\50zest9a51998.dll
  [2008-04-02 18:59:19 | 000,017,089 | ---- | C] () -- I:\Windows\389zspar5e2925.dll
  [2008-03-25 17:22:16 | 000,017,832 | ---- | C] () -- I:\Windows\System32\15889ackdozr1283.dll
  [2008-03-20 00:40:18 | 000,011,584 | ---- | C] () -- I:\Windows\642c5hzeat90196.dll
  [2008-03-16 03:46:01 | 000,013,086 | ---- | C] () -- I:\Windows\System32\59azteal1521.dll
  [2008-03-11 22:52:27 | 000,010,514 | ---- | C] () -- I:\Windows\91450zacktool555.dll
  [2008-02-25 06:31:50 | 000,004,318 | ---- | C] () -- I:\Windows\31925ot-a-virzs598.dll
  [2008-02-25 01:32:44 | 000,003,286 | ---- | C] () -- I:\Windows\System32\zb40back5oor9132.dll
  [2008-02-20 16:49:32 | 000,009,818 | ---- | C] () -- I:\Windows\System32\6z62w9rm55d.dll
  [2008-02-09 09:07:40 | 000,008,321 | ---- | C] () -- I:\Windows\System32\2z2a5pa9se804.dll
  [2008-02-06 23:26:30 | 000,009,597 | ---- | C] () -- I:\Windows\69f6zp5rse409.dll
  [2008-01-29 06:17:43 | 000,002,814 | ---- | C] () -- I:\Windows\29fthzef2159.dll
  [2008-01-13 14:22:02 | 000,015,462 | ---- | C] () -- I:\Windows\4573doz95oader2603.dll
  [2008-01-10 17:59:49 | 000,006,917 | ---- | C] () -- I:\Windows\System32\18631not5a-viru94z5.dll
  [2008-01-10 11:33:14 | 000,003,066 | ---- | C] () -- I:\Windows\System32\5700hazktoo91005.dll
  [2008-01-09 01:41:06 | 000,018,423 | ---- | C] () -- I:\Windows\z797threat17556.dll
  [2008-01-03 07:52:00 | 000,005,819 | ---- | C] () -- I:\Windows\System32\zc29downloader1165.dll
  [2007-11-07 04:19:28 | 000,053,299 | ---- | C] () -- I:\Windows\System32\pthreadVC.dll
  [2007-09-12 23:54:48 | 000,141,180 | ---- | C] () -- I:\Windows\System32\xlive.dll.cat
  [2007-03-23 17:35:26 | 000,022,723 | ---- | C] () -- I:\Windows\System32\xrxs1l3.dll
  [2006-12-12 07:36:18 | 000,022,723 | ---- | C] () -- I:\Windows\System32\sugo2l3.dll
  O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
  O2 - BHO: () - {7426C803-F077-43A3-A6EE-EE12D24814DA} - File not found
  O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {10CECF4F-A96E-4803-8AC2-F565FB29FF47} - No CLSID value found.
  O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
  O4 - HKLM..\RunOnceEx: [del] File not found
  
  :Commands
  [EmptyFlash]
  [EmptyTemp]
  [Purity]

• Then click the Run Fix button at the top
• Let the program run unhindered, it will reboot when it is done and produce a log

Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.

• When finished, it will produce a report for you.

Please include the following in your next post:

• OTL Fix log
• ComboFix log

Edited by RPMcMurphy, 13 June 2010 - 09:33 AM.
Added info.

[emily6238]

Iam having a problem here. I copied and paste the code and run the fix. OTL run until just before the 2 last code; empty temp and purity, and then it stopped working. I didn't click anywhere or do anything. It is not responding now. I'm not sure what should I do here. Force restart?

I'm posting this with my PDA.

Edited by emily6238, 13 June 2010 - 11:25 AM.

[RPMcMurphy]

If it's still hung go ahead and reboot it and continue with ComboFix.

[emily6238]

I restarted it. Proceed with Combofix but it doesn't run and gave me an alert about a possible file patching virus compromising the combofix and tell me to re-download. I did but it's still the same. What should I do now?

[RPMcMurphy]

Hi emily6238,

Is this the message ComboFix is giving you:

!!ALEART!! It is not SAFE to continue!
The contents of the Combofix package has been compromised.
Please download a fresh copy from:
http://www.bleepingc....o-use-combofix
Note: You may be infected with a file patching virus (Virut)

[emily6238]

yes.

[RPMcMurphy]

emily6238,

I'm afraid that is very bad news. You have a real nasty infection on your system. Virut/Virtob is a file infector virus with IRC bot functionality which infects all .exe and .scr files, downloads more malicious files to your system, and opens a back door that compromises your computer. In many cases the infected files cannot be deleted and anti-malware scanners cannot disinfect them properly. When disinfection is attempted, the files become corrupted and the system may become irreparable.

Experts in the security community believe that once infected with this type of malware, the best course of action is to reformat and reinstall the OS. Please read "When should I re-format?" and "Reformatting the computer or troubleshooting; which is best?".

If your computer was used for online banking, has credit card information or other sensitive data on it, you should immediately disconnect from the Internet until your system is cleaned. All passwords should be changed immediately as they are potentially compromised. They should be changed by using a different computer and not the infected one. If necessary, banking and credit card institutions should be notified of the possible security breach.

Reformatting the drive and doing a clean install of Windows is the recommended course of action for this infection. Reinstalling Windows without first wiping the entire hard drive with a repartition and/or format will not remove the infection.

Right now, the best thing you can do is to backup, preferably to CD, all your important data, documents, pictures, movies, and songs, then reformat and reinstall Windows.

DO NOT backup any applications or installers and DO NOT backup any files with the following extensions:

* .exe
* .scr
* .htm
* .html
* .xml
* .zip
* .rar

For more information on Virut, and why you need to reformat, please read miekiemoes blog here.

To find out how to carry out a Reformat and Reinstall, please see this page.

I am sorry I cannot give any better news. If you insist on trying to clean the PC there are some tools we can try to run, but you are doing so at your own risk and against my strongest advice. Please advise me how you wish to proceed.

[emily6238]

I think I want to have a clean start. I have an external hard disc where I keep lots of mp3, avi video and installer as well. Can I just delete the installer or I must format the whole thing?

Also, after I reformat how can I be sure that it is really clean, that I didn't accidentally re-introduce it to my system from my backup.

Edited by emily6238, 14 June 2010 - 12:00 AM.

[RPMcMurphy]

I'd back up the mp3s and vids and then nuke and pave the whole system. It's really the only way to be sure that it's clean. I also recommend that you scan the files that you back up before restoring them. I've heard of some variants of Virut that will infect all files.

[emily6238]

Hmm.. I'm not sure how can I back up all to DVD or CD. I used 230GB of my ext. HD, only 10GB is for installer. The rest of it (200GB +) all movies. Ouch.

I don't really care about windows drive. Nothing really important there. It's the external HD I was hoping to keep.

Edited by emily6238, 14 June 2010 - 12:14 AM.

[RPMcMurphy]

In that case you could remove any applications, installers, etc. and plug it in after you've reformatted and reinstalled the PC (just don't let anything autorun). Scan it right away with MBAM and KAV and remove anything that's infected.

[emily6238]

I reformatted and reinstall my windows. Downloading my KAV before I plug my HD back.

xxxxxxxxxxxxxxxxxx

KAV up and running with updated database. I ran the vulnerability scan and disabled autorun from hard disc (and etc). Plug my HD back and now scanning with KAV first. Later with MBAM. That's all right? Did I miss anything?

Edited by emily6238, 14 June 2010 - 06:11 AM.