I scanned with BAZOOKA scanner after having my Email account hijacked a few times, had to change password.
The Bazooka scan said
systemdir.explorer
systemdir.edgedit
Were infected and serious.
I've been told to simply delete the regedit.exe & exploror.exe that at in the SYSTEM folder since the WINDOWS folder is the legitimate location for both files.
Using OS Windows 7 home premium 64 bit edition
Here is all the information this board's FAQ told me to include
OLT Log 1st
OTL logfile created on: 7/7/2010 5:17:55 PM - Run 1
OTL by OldTimer - Version 3.2.7.1 Folder = C:\Users\Crackles\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 49.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119.14 Gb Total Space | 81.00 Gb Free Space | 67.99% Space Free | Partition Type: NTFS
Drive D: | 298.09 Gb Total Space | 83.49 Gb Free Space | 28.01% Space Free | Partition Type: NTFS
Drive E: | 76.33 Gb Total Space | 23.79 Gb Free Space | 31.17% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive R: | 194.00 Mb Total Space | 166.85 Mb Free Space | 86.00% Space Free | Partition Type: FAT32
Computer Name: BOBBY
Current User Name: Crackles
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2010/07/07 14:19:31 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Crackles\Desktop\OTL.exe
PRC - [2010/05/18 17:04:46 | 003,021,720 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Program Files (x86)\Enigma Software Group\SpyHunter\SpyHunter4.exe
PRC - [2010/02/02 00:10:14 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010/02/02 00:10:14 | 000,305,152 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\scalc.exe
PRC - [2010/02/02 00:10:10 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2009/12/17 16:03:11 | 000,296,960 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NetMeter114beta_4.exe
PRC - [2009/11/25 09:24:14 | 004,009,592 | ---- | M] (Almico Software (www.almico.com)) -- C:\Program Files (x86)\SpeedFan\speedfan.exe
PRC - [2009/11/16 10:04:30 | 000,735,960 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
PRC - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2004/01/06 05:57:30 | 000,660,992 | ---- | M] (Think Less Do More Services) -- C:\Program Files (x86)\AvaFind\AvaFind.exe
========== Modules (SafeList) ==========
MOD - [2010/07/07 14:19:31 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Crackles\Desktop\OTL.exe
MOD - [2009/07/13 21:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/13 21:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2010/06/07 13:02:48 | 000,125,440 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2009/11/16 10:12:56 | 000,023,296 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV:64bit: - [2009/11/16 10:04:30 | 000,735,960 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/03/29 08:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2010/03/22 09:17:24 | 000,276,584 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)
SRV - [2009/11/06 13:24:54 | 000,282,728 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe -- (UpdateCenterService)
SRV - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2006/09/28 05:20:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2010/04/27 22:01:44 | 000,062,160 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RAMDiskVE.sys -- (RAMDiskVE)
DRV:64bit: - [2010/02/17 14:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010/02/17 14:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2010/01/03 19:22:52 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2009/11/16 10:07:10 | 000,123,200 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV:64bit: - [2009/11/16 10:03:42 | 000,136,584 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2009/11/16 09:56:16 | 000,145,336 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamon.sys -- (eamon)
DRV:64bit: - [2009/09/15 14:59:30 | 000,042,088 | ---- | M] (NVIDIA Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvoclk64.sys -- (nvoclk64)
DRV:64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/27 02:23:54 | 000,019,432 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz132_x64.sys -- (cpuz132)
DRV:64bit: - [2009/03/02 00:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV:64bit: - [2008/09/17 15:14:00 | 000,012,744 | R--- | M] (EnTech Taiwan) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Entech64.sys -- (ENTECH64)
DRV:64bit: - [2007/06/08 08:06:36 | 000,276,480 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmdcap.sys -- (U6000ALL) HDTV110 TV Box(ALL)
DRV:64bit: - [2007/04/09 11:09:46 | 000,012,288 | ---- | M] (Waytech Development, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UsbFltr.sys -- (UsbFltr)
DRV - [2009/12/17 02:10:34 | 000,024,072 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)
DRV - [2007/02/07 14:27:46 | 000,014,104 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.drudgereport.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 43 66 A6 C2 33 88 CA 01 [binary data]
IE - HKCU\..\URLSearchHook: {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\Windows\SysWOW64\dvmurl.dll (DeviceVM Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "www.google-feed.net"
FF - prefs.js..browser.search.defaultthis.engineName: "BS Player Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "www.google-feed.net"
FF - prefs.js..browser.startup.homepage: "http://www.drudgereport.com/"
FF - prefs.js..extensions.enabledItems: YoutubeDownloader@PeterOlayev.com:1.4
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..extensions.enabledItems: elemhidehelper@adblockplus.org:1.0.6
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:3.3
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.97
FF - prefs.js..extensions.enabledItems: nosquint@urandom.ca:2.0.3
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:3.6.3
FF - prefs.js..extensions.enabledItems: tinyurl.addon@fast-chat.co.uk:2.0.0
FF - prefs.js..extensions.enabledItems: {89736E8E-4B14-4042-8C75-AD00B6BD3900}:1.0.5
FF - prefs.js..extensions.enabledItems: {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}:2.5.10.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..extensions.enabledItems: chromelist@extensions.gijsk.com:0.4.1
FF - prefs.js..extensions.enabledItems: chromeditplus@webdesigns.ms11.net:2.8.8
FF - prefs.js..extensions.enabledItems: {B17C1C5A-04B1-11DB-9804-B622A1EF5492}:1.2
FF - prefs.js..extensions.enabledItems: {D46E8522-6E86-44b1-A622-58C0668AD78E}:3.6.0
FF - prefs.js..extensions.enabledItems: {eb46c787-131a-4eb7-9b93-7f62ca550917}:0.4.2
FF - prefs.js..extensions.enabledItems: {403304EE-066A-4a2a-8F41-F12028480A0A}:1.8.61
FF - prefs.js..extensions.enabledItems: {8479ade0-2eec-11de-8c30-0800200c9a66}:2.2.1
FF - prefs.js..extensions.enabledItems: {c9c58820-7bd4-11da-a72b-0800200c9a66}:3.20100306
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/12/31 15:37:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/06/27 01:24:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/06/27 01:25:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010/06/12 01:08:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2009/12/16 21:43:01 | 000,000,000 | ---D | M]
[2010/01/02 16:10:06 | 000,000,000 | ---D | M] -- C:\Users\Crackles\AppData\Roaming\Mozilla\Extensions
[2010/01/02 16:10:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Crackles\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/03/04 00:52:34 | 000,000,000 | ---D | M] -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\extensions
[2009/12/16 17:12:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/12/16 17:12:47 | 000,000,000 | ---D | M] (iPox Aqua) -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\{66277a5c-c33c-11db-8314-0800200c9a66}
[2009/12/16 17:12:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\{6c45b940-ae5a-11db-abbd-0800200c9a66}
[2009/12/16 17:12:47 | 000,000,000 | ---D | M] (Noscript) -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/12/16 17:12:48 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2009/12/16 17:12:48 | 000,000,000 | ---D | M] (Phoenity Modern) -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\{8181B740-5255-11D9-9FF6-0090995D2DCA}
[2009/12/16 17:12:48 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2009/12/16 17:12:48 | 000,000,000 | ---D | M] (Easy Youtube Video Downloader) -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
[2009/12/16 17:12:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\{C8E400E3-44BC-4e78-8C17-8C48E74C67F4}-trash
[2009/12/16 17:12:48 | 000,000,000 | ---D | M] (iPox) -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\{c9c58820-7bd4-11da-a72b-0800200c9a66}
[2009/12/16 17:12:48 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/12/16 17:12:48 | 000,000,000 | ---D | M] (Classic Compact) -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E}
[2009/12/16 17:12:48 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009/12/16 17:12:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\{eb46c787-131a-4eb7-9b93-7f62ca550917}
[2009/12/16 17:12:47 | 000,000,000 | ---D | M] -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\elemhidehelper@adblockplus.org
[2009/12/16 17:12:47 | 000,000,000 | ---D | M] -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\nick@getcellphonenumber.com
[2009/12/16 17:12:47 | 000,000,000 | ---D | M] -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\nosquint@urandom.ca
[2009/12/16 17:12:47 | 000,000,000 | ---D | M] -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\support@ancestry.com
[2010/07/07 13:44:22 | 000,000,000 | ---D | M] -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\6ecihsxw.default\extensions
[2010/05/17 21:31:44 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\6ecihsxw.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2010/04/26 20:46:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\6ecihsxw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/06/02 14:47:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\6ecihsxw.default\extensions\{403304EE-066A-4a2a-8F41-F12028480A0A}
[2009/12/20 15:21:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\6ecihsxw.default\extensions\{66277a5c-c33c-11db-8314-0800200c9a66}
[2009/12/19 03:45:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\6ecihsxw.default\extensions\{6c45b940-ae5a-11db-abbd-0800200c9a66}
[2010/06/27 21:35:34 | 000,000,000 | ---D | M] (Noscript) -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\6ecihsxw.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/12/16 22:32:41 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\6ecihsxw.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2009/12/20 15:21:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\6ecihsxw.default\extensions\{8181B740-5255-11D9-9FF6-0090995D2DCA}
[2010/06/19 12:31:33 | 000,000,000 | ---D | M] (Stratini Padded) -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\6ecihsxw.default\extensions\{8479ade0-2eec-11de-8c30-0800200c9a66}
[2010/04/13 13:24:52 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\6ecihsxw.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2009/12/23 15:09:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\6ecihsxw.default\extensions\{89736E8E-4B14-4042-8C75-AD00B6BD3900}
[2010/07/03 18:23:08 | 000,000,000 | ---D | M] (Password Exporter) -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\6ecihsxw.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}
[2010/05/26 19:48:42 | 000,000,000 | ---D | M] (Easy Youtube Video Downloader) -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\6ecihsxw.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
[2009/12/16 22:04:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\6ecihsxw.default\extensions\{C8E400E3-44BC-4e78-8C17-8C48E74C67F4}-trash
[2010/03/12 17:57:42 | 000,000,000 | ---D | M] (iPox) -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\6ecihsxw.default\extensions\{c9c58820-7bd4-11da-a72b-0800200c9a66}
[2010/05/01 01:24:41 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\6ecihsxw.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/01/11 21:21:51 | 000,000,000 | ---D | M] (Classic Compact) -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\6ecihsxw.default\extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E}
[2010/05/30 18:12:24 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\6ecihsxw.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/06/27 01:25:48 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\6ecihsxw.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009/12/17 16:00:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\6ecihsxw.default\extensions\{eb46c787-131a-4eb7-9b93-7f62ca550917}
[2010/06/29 23:50:52 | 000,000,000 | ---D | M] -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\6ecihsxw.default\extensions\chromeditplus@webdesigns.ms11.net
[2010/06/29 23:43:48 | 000,000,000 | ---D | M] -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\6ecihsxw.default\extensions\chromelist@extensions.gijsk.com
[2009/12/16 22:15:53 | 000,000,000 | ---D | M] -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\6ecihsxw.default\extensions\elemhidehelper@adblockplus.org
[2009/12/19 03:45:10 | 000,000,000 | ---D | M] -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\6ecihsxw.default\extensions\nick@getcellphonenumber.com
[2009/12/16 22:04:49 | 000,000,000 | ---D | M] -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\6ecihsxw.default\extensions\nosquint@urandom.ca
[2010/06/13 01:39:14 | 000,000,000 | ---D | M] -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\6ecihsxw.default\extensions\savedpasswordeditor@daniel.dawson
[2010/05/30 22:16:40 | 000,000,000 | ---D | M] -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\6ecihsxw.default\extensions\savedpasswords@adamfranco.com
[2009/12/16 22:04:49 | 000,000,000 | ---D | M] -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\6ecihsxw.default\extensions\support@ancestry.com
[2010/03/16 21:53:51 | 000,000,000 | ---D | M] -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\6ecihsxw.default\extensions\tinyurl.addon@fast-chat.co.uk
[2010/04/16 14:02:08 | 000,000,000 | ---D | M] -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\6ecihsxw.default\extensions\YoutubeDownloader@PeterOlayev.com
[2010/06/29 23:43:48 | 000,000,000 | ---D | M] -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\6ecihsxw.default\extensions\chromelist@extensions.gijsk.com\content
[2010/06/29 23:43:48 | 000,000,000 | ---D | M] -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\6ecihsxw.default\extensions\chromelist@extensions.gijsk.com\defaults
[2010/06/29 23:43:48 | 000,000,000 | ---D | M] -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\6ecihsxw.default\extensions\chromelist@extensions.gijsk.com\locale
[2010/06/29 23:43:48 | 000,000,000 | ---D | M] -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\6ecihsxw.default\extensions\chromelist@extensions.gijsk.com\skin
[2010/03/12 17:57:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\6ecihsxw.default\extensions\{c9c58820-7bd4-11da-a72b-0800200c9a66}\chrome\mozapps\extensions
[2010/03/12 17:57:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\6ecihsxw.default\extensions\{c9c58820-7bd4-11da-a72b-0800200c9a66}\chrome\mozapps\extensions\CVS
[2010/01/11 21:21:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\6ecihsxw.default\extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E}\chrome\mozapps\extensions
[2009/12/16 17:12:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\{c9c58820-7bd4-11da-a72b-0800200c9a66}\chrome\mozapps\extensions
[2009/12/16 17:12:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\{c9c58820-7bd4-11da-a72b-0800200c9a66}\chrome\mozapps\extensions\CVS
[2009/12/16 17:12:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E}\chrome\mozapps\extensions
[2009/07/01 08:22:12 | 000,000,880 | ---- | M] () -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\6ecihsxw.default\searchplugins\conduit.xml
[2010/01/16 02:08:02 | 000,000,003 | ---- | M] () -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\6ecihsxw.default\searchplugins\GoogleFeed.xml
[2010/07/07 03:51:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/04/25 19:34:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/25 19:34:25 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/12/17 20:31:54 | 000,063,488 | ---- | M] (Nullsoft) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
[2009/09/21 13:24:16 | 000,001,329 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\crawlersrch.xml
O1 HOSTS File: ([2010/07/07 13:38:32 | 000,392,034 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 123haustiereundmehr.com
O1 - Hosts: 13539 more lines...
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AvaFind] C:\Program Files (x86)\AvaFind\AvaFind.exe (Think Less Do More Services)
O4 - HKLM..\Run: [EVGAPrecision] C:\Program Files (x86)\EVGA Precision\EVGAPrecisionWrapper.exe ()
O4 - Startup: C:\Users\Crackles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PAIN-X-X - Shortcut.lnk = C:\Users\Crackles\Desktop\PAIN-X-X.ods ()
O4 - Startup: C:\Users\Crackles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpeedFan.lnk = C:\Program Files (x86)\SpeedFan\speedfan.exe (Almico Software (www.almico.com))
O4 - Startup: C:\Users\Crackles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SSD Tweak 2 - Shortcut.lnk = C:\Users\Crackles\Desktop\SSD Tweak 2.txt File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.68.166 68.87.74.166
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/07/07 13:38:33 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010/07/07 14:19:25 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Crackles\Desktop\OTL.exe
[2010/07/07 13:37:52 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2010/07/07 13:37:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Enigma Software Group
[2010/07/07 13:37:35 | 000,000,000 | ---D | C] -- C:\Windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
[2010/07/07 13:36:49 | 000,662,360 | ---- | C] (Enigma Software Group USA, LLC.) -- C:\Users\Crackles\Desktop\SpyHunter-Installer.exe
[2010/07/06 22:31:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bazooka Scanner
[2010/07/04 00:59:09 | 009,205,688 | ---- | C] (IObit ) -- C:\Users\Crackles\Desktop\is360setup.exe
[2010/07/04 00:52:52 | 000,665,072 | ---- | C] (Crawler Inc. ) -- C:\Users\Crackles\Desktop\SpywareTerminatorSetup.exe
[2010/07/03 15:17:58 | 000,000,000 | ---D | C] -- C:\Users\Crackles\Desktop\MISC Folders
[2010/07/03 15:17:00 | 000,000,000 | ---D | C] -- C:\Users\Crackles\Desktop\A8S-X sensor
[2010/07/03 15:16:29 | 000,000,000 | ---D | C] -- C:\Users\Crackles\Desktop\SSD Folder
[2010/07/03 14:07:07 | 000,000,000 | ---D | C] -- C:\Users\Crackles\AppData\Roaming\Audacity
[2010/07/03 14:06:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)
[2010/07/01 14:12:22 | 000,000,000 | ---D | C] -- C:\Users\Crackles\Desktop\Open Office ALL DATES
[2010/07/01 13:01:58 | 000,000,000 | ---D | C] -- C:\Users\Crackles\Desktop\RamDisk Setup
[2010/07/01 12:59:30 | 000,000,000 | ---D | C] -- C:\Users\Crackles\Desktop\..YOUTUB.E
[2010/07/01 12:59:09 | 000,000,000 | ---D | C] -- C:\Users\Crackles\New folder
[2010/06/30 01:11:55 | 000,000,000 | ---D | C] -- C:\Users\Crackles\AppData\Roaming\AvaFind Data
[2010/06/30 01:11:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AvaFind
[2010/06/30 00:47:27 | 000,000,000 | ---D | C] -- C:\Users\Crackles\Desktop\MOM Folder
[2010/06/30 00:47:14 | 000,000,000 | ---D | C] -- C:\Users\Crackles\Desktop\DAD Folder
[2010/06/29 23:14:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RAMDisk
[2010/06/29 18:05:38 | 000,000,000 | ---D | C] -- C:\Users\Crackles\Desktop\CAMERA DUMP 2010
[2010/06/28 12:02:28 | 000,000,000 | ---D | C] -- C:\Users\Crackles\AppData\Roaming\grepWin
[2010/06/27 04:34:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2010/06/27 04:34:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2010/06/27 04:34:04 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2010/06/27 01:28:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2010/06/27 01:25:50 | 000,000,000 | ---D | C] -- C:\ProgramData\NOS
[2010/06/27 01:25:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NOS
[2010/06/24 21:07:27 | 000,000,000 | ---D | C] -- C:\Users\Crackles\Desktop\Write Cache
[2010/06/23 13:49:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PointsCalculator
[2010/06/22 20:55:46 | 000,000,000 | ---D | C] -- C:\Users\Crackles\Desktop\OC OVERCLOK
[2010/06/22 16:11:57 | 000,000,000 | ---D | C] -- C:\Users\Crackles\Desktop\Benchmark
[2010/06/22 15:47:12 | 000,895,256 | ---- | C] (DivX, Inc. ) -- C:\Users\Crackles\Desktop\DivXInstaller.exe
[2010/06/20 22:08:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2010/06/20 20:11:56 | 000,000,000 | ---D | C] -- C:\Users\Crackles\Desktop\SPANISH Learn Speak Spanish Learning
[2010/06/20 19:58:15 | 000,000,000 | ---D | C] -- C:\Users\Crackles\Desktop\Storms MP3 Thunder Wind DANGER
[2010/06/20 10:45:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Easy GIF Animator
[2010/06/20 00:20:21 | 000,000,000 | ---D | C] -- C:\Users\Crackles\Desktop\NEW PICS 2010
[2010/06/19 15:07:39 | 000,000,000 | ---D | C] -- C:\Users\Crackles\Documents\EverioCopy
[2010/06/18 23:00:48 | 000,000,000 | ---D | C] -- C:\Users\Crackles\Desktop\Yahoo Email Addys
[2010/06/18 22:35:54 | 000,000,000 | ---D | C] -- C:\Users\Crackles\Desktop\S730 Camera
[2010/06/14 18:42:34 | 000,000,000 | ---D | C] -- C:\Users\Crackles\AppData\Local\Google
[2010/06/13 01:07:49 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/06/13 01:07:46 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2010/06/13 01:07:45 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/06/12 23:57:52 | 000,000,000 | ---D | C] -- C:\Users\Crackles\Desktop\Weather ALL
[2010/06/11 20:18:28 | 000,000,000 | ---D | C] -- C:\Users\Crackles\Desktop\Population
[2010/06/10 20:27:14 | 000,000,000 | ---D | C] -- C:\Users\Crackles\Desktop\Money Issues
[2010/06/09 19:59:30 | 000,000,000 | ---D | C] -- C:\Users\Crackles\Desktop\EPB Net
[2010/06/08 01:19:26 | 000,255,552 | ---- | C] (MagicISO, Inc.) -- C:\Windows\SysWow64\drivers\mcdbus.sys
[2010/06/08 01:19:26 | 000,255,552 | ---- | C] (MagicISO, Inc.) -- C:\Windows\SysNative\drivers\mcdbus.sys
[2010/06/08 01:19:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MagicDisc
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010/07/07 17:18:16 | 007,602,176 | -HS- | M] () -- C:\Users\Crackles\NTUSER.DAT
[2010/07/07 14:47:00 | 000,049,649 | ---- | M] () -- C:\Users\Crackles\Desktop\PAIN-X-X.ods
[2010/07/07 14:47:00 | 000,000,098 | -H-- | M] () -- C:\Users\Crackles\Desktop\.~lock.PAIN-X-X.ods#
[2010/07/07 14:19:31 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Crackles\Desktop\OTL.exe
[2010/07/07 13:38:33 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2010/07/07 13:38:22 | 000,133,714 | ---- | M] () -- C:\Users\Crackles\Desktop\VIRUS!!!!!!!.png
[2010/07/07 13:37:52 | 000,002,294 | ---- | M] () -- C:\Users\Crackles\Desktop\SpyHunter.lnk
[2010/07/07 13:36:49 | 000,662,360 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Users\Crackles\Desktop\SpyHunter-Installer.exe
[2010/07/06 17:30:00 | 000,000,450 | -H-- | M] () -- C:\Windows\tasks\My Backup 1-21-2010 SSD BACKUP xml.job
[2010/07/05 18:35:47 | 000,022,779 | ---- | M] () -- C:\Users\Crackles\Desktop\FIREFOX-PASSWORDS SO FAR.ods
[2010/07/05 18:35:46 | 000,000,098 | -H-- | M] () -- C:\Users\Crackles\Desktop\.~lock.FIREFOX-PASSWORDS SO FAR.ods#
[2010/07/05 14:01:59 | 000,010,542 | ---- | M] () -- C:\Users\Crackles\Desktop\ABORT-DEBATE.ods
[2010/07/05 01:35:40 | 000,009,788 | ---- | M] () -- C:\Users\Crackles\Desktop\PASSWORDS EMAIL WEBSITES SERVICES SUBscriptIONS ETC FREE OR FOR FEE.ods
[2010/07/04 22:38:44 | 000,001,046 | ---- | M] () -- C:\Users\Crackles\Application Data\Microsoft\Internet Explorer\Quick Launch\Audacity 1.3 Beta (Unicode).lnk
[2010/07/04 00:59:18 | 009,205,688 | ---- | M] (IObit ) -- C:\Users\Crackles\Desktop\is360setup.exe
[2010/07/04 00:52:52 | 000,665,072 | ---- | M] (Crawler Inc. ) -- C:\Users\Crackles\Desktop\SpywareTerminatorSetup.exe
[2010/07/04 00:50:47 | 000,744,529 | ---- | M] () -- C:\Users\Crackles\Desktop\bazookasetup.exe
[2010/07/03 18:25:20 | 000,046,367 | ---- | M] () -- C:\Users\Crackles\Desktop\password-export-2010-07-03.xml
[2010/07/03 14:06:48 | 000,001,046 | ---- | M] () -- C:\Users\Crackles\Desktop\Audacity 1.3 Beta (Unicode).lnk
[2010/07/02 20:55:57 | 000,013,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/07/02 20:55:57 | 000,013,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/07/02 20:53:02 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/07/02 20:53:02 | 000,615,122 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/07/02 20:53:02 | 000,103,496 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/07/02 20:48:54 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2010/07/02 20:48:52 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/07/02 20:48:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/07/02 20:48:07 | 210,763,776 | ---- | M] () -- C:\RAMDisk.img
[2010/07/02 20:47:28 | 004,358,548 | -H-- | M] () -- C:\Users\Crackles\AppData\Local\IconCache.db
[2010/07/02 14:46:51 | 000,052,148 | ---- | M] () -- C:\Users\Crackles\Desktop\SPAM EMAIL 1.png
[2010/07/01 23:24:21 | 000,000,116 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010/07/01 14:11:24 | 000,018,904 | ---- | M] () -- C:\Users\Crackles\Desktop\WHOLE-CARE ACT OF 201X.ods
[2010/07/01 13:41:51 | 000,001,472 | ---- | M] () -- C:\Users\Crackles\Application Data\Microsoft\Internet Explorer\Quick Launch\Command Prompt.lnk
[2010/06/30 19:03:51 | 000,260,027 | ---- | M] () -- C:\Users\Crackles\Desktop\NEBULIZER MEDS REFILL CME PHARMACY.png
[2010/06/30 01:11:53 | 000,002,655 | ---- | M] () -- C:\Users\Public\Desktop\Ava Find.lnk
[2010/06/29 17:03:22 | 000,015,126 | ---- | M] () -- C:\Users\Crackles\Desktop\REPAIR WASHER DRYER ROOM ROTTEN BOARDS BOTTOM EXTERIROR.ods
[2010/06/29 16:45:37 | 000,007,710 | ---- | M] () -- C:\Users\Crackles\Desktop\Gov't Income House Senate Government.ods
[2010/06/29 01:36:28 | 000,025,415 | ---- | M] () -- C:\Users\Crackles\Desktop\MinWage.png
[2010/06/28 23:52:41 | 000,044,319 | ---- | M] () -- C:\Users\Crackles\Desktop\FONTS COMPARED.ods
[2010/06/28 23:35:41 | 000,016,496 | ---- | M] () -- C:\Users\Crackles\Desktop\DIET-WEIGHT-LOGXERCISE.ods
[2010/06/28 00:03:51 | 000,013,305 | ---- | M] () -- C:\Users\Crackles\Desktop\DOMAIN ORGANIZED.ods
[2010/06/27 22:46:25 | 000,013,241 | ---- | M] () -- C:\Users\Crackles\Desktop\HEART PAIN.ods
[2010/06/27 21:54:21 | 000,019,556 | ---- | M] () -- C:\Users\Crackles\Desktop\TEMPLATES OVERCLOCK UD3P.ods
[2010/06/27 20:54:42 | 000,026,092 | ---- | M] () -- C:\Users\Crackles\Desktop\Treadmill & Weight Log.ods
[2010/06/26 21:21:56 | 000,011,751 | ---- | M] () -- C:\Users\Crackles\Desktop\TREADMILL CHART.ods
[2010/06/25 15:23:29 | 000,004,129 | ---- | M] () -- C:\Windows\SysWow64\temp.hdt
[2010/06/24 23:44:51 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\initdebug.nfo
[2010/06/24 21:58:16 | 000,326,032 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/06/24 21:51:58 | 000,000,972 | ---- | M] () -- C:\Users\Crackles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SSD Tweak 2 - Shortcut.lnk
[2010/06/24 18:10:17 | 000,042,669 | ---- | M] () -- C:\Users\Crackles\Documents\HDTune_WRITE-CACHE-DISABLED.png
[2010/06/23 20:35:33 | 000,079,800 | ---- | M] () -- C:\Users\Crackles\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/06/22 21:03:00 | 000,022,293 | ---- | M] () -- C:\Users\Crackles\Desktop\PILL COUNT JUNE 5 AT 6 PM.ods
[2010/06/22 20:58:33 | 000,018,719 | ---- | M] () -- C:\Users\Crackles\Desktop\CIG PRICE TN VS GA.ods
[2010/06/22 15:47:10 | 000,895,256 | ---- | M] (DivX, Inc. ) -- C:\Users\Crackles\Desktop\DivXInstaller.exe
[2010/06/22 13:48:21 | 000,013,943 | ---- | M] () -- C:\Users\Crackles\Desktop\OPEN DATES.ods
[2010/06/20 22:08:28 | 000,001,268 | ---- | M] () -- C:\Users\Crackles\Desktop\Revo Uninstaller.lnk
[2010/06/19 23:55:21 | 000,000,480 | ---- | M] () -- C:\Users\Crackles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PAIN-X-X - Shortcut.lnk
[2010/06/19 12:05:15 | 000,000,110 | -H-- | M] () -- C:\Users\Crackles\Desktop\.~lock.PAIN X 3.ods#
[2010/06/18 19:44:06 | 000,000,110 | -H-- | M] () -- C:\Users\Crackles\Desktop\.~lock.CIG Prices Chart TN GA Tax cartons.ods#
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/07/07 13:38:33 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2010/07/07 13:38:22 | 000,133,714 | ---- | C] () -- C:\Users\Crackles\Desktop\VIRUS!!!!!!!.png
[2010/07/07 13:37:52 | 000,002,294 | ---- | C] () -- C:\Users\Crackles\Desktop\SpyHunter.lnk
[2010/07/05 14:01:58 | 000,010,542 | ---- | C] () -- C:\Users\Crackles\Desktop\ABORT-DEBATE.ods
[2010/07/04 22:38:44 | 000,001,046 | ---- | C] () -- C:\Users\Crackles\Application Data\Microsoft\Internet Explorer\Quick Launch\Audacity 1.3 Beta (Unicode).lnk
[2010/07/04 00:50:48 | 000,744,529 | ---- | C] () -- C:\Users\Crackles\Desktop\bazookasetup.exe
[2010/07/03 18:30:31 | 000,000,098 | -H-- | C] () -- C:\Users\Crackles\Desktop\.~lock.FIREFOX-PASSWORDS SO FAR.ods#
[2010/07/03 18:30:30 | 000,022,779 | ---- | C] () -- C:\Users\Crackles\Desktop\FIREFOX-PASSWORDS SO FAR.ods
[2010/07/03 18:25:19 | 000,046,367 | ---- | C] () -- C:\Users\Crackles\Desktop\password-export-2010-07-03.xml
[2010/07/03 18:07:00 | 000,009,788 | ---- | C] () -- C:\Users\Crackles\Desktop\PASSWORDS EMAIL WEBSITES SERVICES SUBscriptIONS ETC FREE OR FOR FEE.ods
[2010/07/03 14:06:48 | 000,001,046 | ---- | C] () -- C:\Users\Crackles\Desktop\Audacity 1.3 Beta (Unicode).lnk
[2010/07/02 20:48:58 | 000,000,098 | -H-- | C] () -- C:\Users\Crackles\Desktop\.~lock.PAIN-X-X.ods#
[2010/07/02 14:46:51 | 000,052,148 | ---- | C] () -- C:\Users\Crackles\Desktop\SPAM EMAIL 1.png
[2010/07/01 20:49:45 | 210,763,776 | ---- | C] () -- C:\RAMDisk.img
[2010/06/30 19:03:51 | 000,260,027 | ---- | C] () -- C:\Users\Crackles\Desktop\NEBULIZER MEDS REFILL CME PHARMACY.png
[2010/06/30 13:41:38 | 000,018,904 | ---- | C] () -- C:\Users\Crackles\Desktop\WHOLE-CARE ACT OF 201X.ods
[2010/06/30 01:11:53 | 000,002,655 | ---- | C] () -- C:\Users\Public\Desktop\Ava Find.lnk
[2010/06/29 17:02:23 | 000,015,126 | ---- | C] () -- C:\Users\Crackles\Desktop\REPAIR WASHER DRYER ROOM ROTTEN BOARDS BOTTOM EXTERIROR.ods
[2010/06/29 15:40:14 | 000,007,710 | ---- | C] () -- C:\Users\Crackles\Desktop\Gov't Income House Senate Government.ods
[2010/06/29 01:36:28 | 000,025,415 | ---- | C] () -- C:\Users\Crackles\Desktop\MinWage.png
[2010/06/28 23:52:39 | 000,044,319 | ---- | C] () -- C:\Users\Crackles\Desktop\FONTS COMPARED.ods
[2010/06/28 23:35:40 | 000,016,496 | ---- | C] () -- C:\Users\Crackles\Desktop\DIET-WEIGHT-LOGXERCISE.ods
[2010/06/27 23:50:54 | 000,013,305 | ---- | C] () -- C:\Users\Crackles\Desktop\DOMAIN ORGANIZED.ods
[2010/06/27 22:03:39 | 000,013,241 | ---- | C] () -- C:\Users\Crackles\Desktop\HEART PAIN.ods
[2010/06/26 21:32:39 | 000,026,092 | ---- | C] () -- C:\Users\Crackles\Desktop\Treadmill & Weight Log.ods
[2010/06/26 20:35:16 | 000,011,751 | ---- | C] () -- C:\Users\Crackles\Desktop\TREADMILL CHART.ods
[2010/06/26 15:59:19 | 000,019,556 | ---- | C] () -- C:\Users\Crackles\Desktop\TEMPLATES OVERCLOCK UD3P.ods
[2010/06/25 15:23:29 | 000,004,129 | ---- | C] () -- C:\Windows\SysWow64\temp.hdt
[2010/06/24 21:51:58 | 000,000,972 | ---- | C] () -- C:\Users\Crackles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SSD Tweak 2 - Shortcut.lnk
[2010/06/24 18:10:17 | 000,042,669 | ---- | C] () -- C:\Users\Crackles\Documents\HDTune_WRITE-CACHE-DISABLED.png
[2010/06/22 20:58:31 | 000,018,719 | ---- | C] () -- C:\Users\Crackles\Desktop\CIG PRICE TN VS GA.ods
[2010/06/22 12:55:56 | 000,013,943 | ---- | C] () -- C:\Users\Crackles\Desktop\OPEN DATES.ods
[2010/06/20 22:08:28 | 000,001,268 | ---- | C] () -- C:\Users\Crackles\Desktop\Revo Uninstaller.lnk
[2010/06/19 23:55:21 | 000,000,480 | ---- | C] () -- C:\Users\Crackles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PAIN-X-X - Shortcut.lnk
[2010/06/19 18:40:51 | 000,049,649 | ---- | C] () -- C:\Users\Crackles\Desktop\PAIN-X-X.ods
[2010/06/18 19:44:06 | 000,000,110 | -H-- | C] () -- C:\Users\Crackles\Desktop\.~lock.CIG Prices Chart TN GA Tax cartons.ods#
[2010/06/18 10:04:00 | 000,000,110 | -H-- | C] () -- C:\Users\Crackles\Desktop\.~lock.PAIN X 3.ods#
[2010/05/25 21:51:32 | 000,611,328 | ---- | C] () -- C:\Windows\SysWow64\DVD43.dll
[2010/05/24 23:18:04 | 000,000,185 | ---- | C] () -- C:\Windows\SysWow64\msblcd32.dll
[2010/03/12 01:27:09 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010/03/11 14:40:54 | 000,000,026 | ---- | C] () -- C:\Windows\dvdSanta.INI
[2010/03/11 11:17:27 | 000,000,116 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010/01/11 01:33:51 | 000,000,000 | ---- | C] () -- C:\Windows\Bench32.INI
[2010/01/02 21:41:03 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll
[2010/01/02 21:41:03 | 000,002,412 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini
[2009/12/31 23:08:26 | 000,000,053 | ---- | C] () -- C:\Windows\wininit.ini
[2009/12/18 13:20:25 | 000,006,318 | ---- | C] () -- C:\Windows\silkquit.ini
[2009/12/18 00:41:31 | 000,175,104 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2009/12/18 00:41:30 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\GTTunerCard.dll
[2009/12/18 00:41:30 | 000,237,646 | ---- | C] () -- C:\Windows\SysWow64\Snap_device.dll
[2009/12/18 00:41:30 | 000,069,707 | ---- | C] () -- C:\Windows\SysWow64\DISP_OPT1.dll
[2009/12/17 23:50:23 | 000,021,504 | ---- | C] () -- C:\Windows\SysWow64\WBCustomizer.dll
[2009/12/17 02:04:22 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2009/12/16 23:47:48 | 000,001,108 | -HS- | C] () -- C:\Windows\SysWow64\KGyGaAvL.sys
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
========== Alternate Data Streams ==========
@Alternate Data Stream - 368 bytes -> C:\Users\Crackles\AppData\Local\desktop.ini:722b2b1c349a06abf0e866180e5a7e63
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:FB1B13D8
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5C321E34
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:DFC5A2B2
< End of report >
The Bazooka scan said
systemdir.explorer
systemdir.edgedit
Were infected and serious.
I've been told to simply delete the regedit.exe & exploror.exe that at in the SYSTEM folder since the WINDOWS folder is the legitimate location for both files.
Using OS Windows 7 home premium 64 bit edition
Here is all the information this board's FAQ told me to include
OLT Log 1st
OTL logfile created on: 7/7/2010 5:17:55 PM - Run 1
OTL by OldTimer - Version 3.2.7.1 Folder = C:\Users\Crackles\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 49.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119.14 Gb Total Space | 81.00 Gb Free Space | 67.99% Space Free | Partition Type: NTFS
Drive D: | 298.09 Gb Total Space | 83.49 Gb Free Space | 28.01% Space Free | Partition Type: NTFS
Drive E: | 76.33 Gb Total Space | 23.79 Gb Free Space | 31.17% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive R: | 194.00 Mb Total Space | 166.85 Mb Free Space | 86.00% Space Free | Partition Type: FAT32
Computer Name: BOBBY
Current User Name: Crackles
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2010/07/07 14:19:31 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Crackles\Desktop\OTL.exe
PRC - [2010/05/18 17:04:46 | 003,021,720 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Program Files (x86)\Enigma Software Group\SpyHunter\SpyHunter4.exe
PRC - [2010/02/02 00:10:14 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010/02/02 00:10:14 | 000,305,152 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\scalc.exe
PRC - [2010/02/02 00:10:10 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2009/12/17 16:03:11 | 000,296,960 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NetMeter114beta_4.exe
PRC - [2009/11/25 09:24:14 | 004,009,592 | ---- | M] (Almico Software (www.almico.com)) -- C:\Program Files (x86)\SpeedFan\speedfan.exe
PRC - [2009/11/16 10:04:30 | 000,735,960 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
PRC - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2004/01/06 05:57:30 | 000,660,992 | ---- | M] (Think Less Do More Services) -- C:\Program Files (x86)\AvaFind\AvaFind.exe
========== Modules (SafeList) ==========
MOD - [2010/07/07 14:19:31 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Crackles\Desktop\OTL.exe
MOD - [2009/07/13 21:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/13 21:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2010/06/07 13:02:48 | 000,125,440 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2009/11/16 10:12:56 | 000,023,296 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV:64bit: - [2009/11/16 10:04:30 | 000,735,960 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/03/29 08:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2010/03/22 09:17:24 | 000,276,584 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)
SRV - [2009/11/06 13:24:54 | 000,282,728 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe -- (UpdateCenterService)
SRV - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2006/09/28 05:20:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2010/04/27 22:01:44 | 000,062,160 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RAMDiskVE.sys -- (RAMDiskVE)
DRV:64bit: - [2010/02/17 14:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010/02/17 14:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2010/01/03 19:22:52 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2009/11/16 10:07:10 | 000,123,200 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV:64bit: - [2009/11/16 10:03:42 | 000,136,584 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2009/11/16 09:56:16 | 000,145,336 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamon.sys -- (eamon)
DRV:64bit: - [2009/09/15 14:59:30 | 000,042,088 | ---- | M] (NVIDIA Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvoclk64.sys -- (nvoclk64)
DRV:64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/27 02:23:54 | 000,019,432 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz132_x64.sys -- (cpuz132)
DRV:64bit: - [2009/03/02 00:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV:64bit: - [2008/09/17 15:14:00 | 000,012,744 | R--- | M] (EnTech Taiwan) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Entech64.sys -- (ENTECH64)
DRV:64bit: - [2007/06/08 08:06:36 | 000,276,480 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmdcap.sys -- (U6000ALL) HDTV110 TV Box(ALL)
DRV:64bit: - [2007/04/09 11:09:46 | 000,012,288 | ---- | M] (Waytech Development, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UsbFltr.sys -- (UsbFltr)
DRV - [2009/12/17 02:10:34 | 000,024,072 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)
DRV - [2007/02/07 14:27:46 | 000,014,104 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.drudgereport.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 43 66 A6 C2 33 88 CA 01 [binary data]
IE - HKCU\..\URLSearchHook: {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\Windows\SysWOW64\dvmurl.dll (DeviceVM Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "www.google-feed.net"
FF - prefs.js..browser.search.defaultthis.engineName: "BS Player Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "www.google-feed.net"
FF - prefs.js..browser.startup.homepage: "http://www.drudgereport.com/"
FF - prefs.js..extensions.enabledItems: YoutubeDownloader@PeterOlayev.com:1.4
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..extensions.enabledItems: elemhidehelper@adblockplus.org:1.0.6
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:3.3
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.97
FF - prefs.js..extensions.enabledItems: nosquint@urandom.ca:2.0.3
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:3.6.3
FF - prefs.js..extensions.enabledItems: tinyurl.addon@fast-chat.co.uk:2.0.0
FF - prefs.js..extensions.enabledItems: {89736E8E-4B14-4042-8C75-AD00B6BD3900}:1.0.5
FF - prefs.js..extensions.enabledItems: {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}:2.5.10.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..extensions.enabledItems: chromelist@extensions.gijsk.com:0.4.1
FF - prefs.js..extensions.enabledItems: chromeditplus@webdesigns.ms11.net:2.8.8
FF - prefs.js..extensions.enabledItems: {B17C1C5A-04B1-11DB-9804-B622A1EF5492}:1.2
FF - prefs.js..extensions.enabledItems: {D46E8522-6E86-44b1-A622-58C0668AD78E}:3.6.0
FF - prefs.js..extensions.enabledItems: {eb46c787-131a-4eb7-9b93-7f62ca550917}:0.4.2
FF - prefs.js..extensions.enabledItems: {403304EE-066A-4a2a-8F41-F12028480A0A}:1.8.61
FF - prefs.js..extensions.enabledItems: {8479ade0-2eec-11de-8c30-0800200c9a66}:2.2.1
FF - prefs.js..extensions.enabledItems: {c9c58820-7bd4-11da-a72b-0800200c9a66}:3.20100306
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/12/31 15:37:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/06/27 01:24:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/06/27 01:25:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010/06/12 01:08:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2009/12/16 21:43:01 | 000,000,000 | ---D | M]
[2010/01/02 16:10:06 | 000,000,000 | ---D | M] -- C:\Users\Crackles\AppData\Roaming\Mozilla\Extensions
[2010/01/02 16:10:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Crackles\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/03/04 00:52:34 | 000,000,000 | ---D | M] -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\extensions
[2009/12/16 17:12:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/12/16 17:12:47 | 000,000,000 | ---D | M] (iPox Aqua) -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\{66277a5c-c33c-11db-8314-0800200c9a66}
[2009/12/16 17:12:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\{6c45b940-ae5a-11db-abbd-0800200c9a66}
[2009/12/16 17:12:47 | 000,000,000 | ---D | M] (Noscript) -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/12/16 17:12:48 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2009/12/16 17:12:48 | 000,000,000 | ---D | M] (Phoenity Modern) -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\{8181B740-5255-11D9-9FF6-0090995D2DCA}
[2009/12/16 17:12:48 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2009/12/16 17:12:48 | 000,000,000 | ---D | M] (Easy Youtube Video Downloader) -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
[2009/12/16 17:12:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\{C8E400E3-44BC-4e78-8C17-8C48E74C67F4}-trash
[2009/12/16 17:12:48 | 000,000,000 | ---D | M] (iPox) -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\{c9c58820-7bd4-11da-a72b-0800200c9a66}
[2009/12/16 17:12:48 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/12/16 17:12:48 | 000,000,000 | ---D | M] (Classic Compact) -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E}
[2009/12/16 17:12:48 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009/12/16 17:12:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\{eb46c787-131a-4eb7-9b93-7f62ca550917}
[2009/12/16 17:12:47 | 000,000,000 | ---D | M] -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\elemhidehelper@adblockplus.org
[2009/12/16 17:12:47 | 000,000,000 | ---D | M] -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\nick@getcellphonenumber.com
[2009/12/16 17:12:47 | 000,000,000 | ---D | M] -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\nosquint@urandom.ca
[2009/12/16 17:12:47 | 000,000,000 | ---D | M] -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\support@ancestry.com
[2010/07/07 13:44:22 | 000,000,000 | ---D | M] -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\6ecihsxw.default\extensions
[2010/05/17 21:31:44 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\6ecihsxw.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2010/04/26 20:46:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\6ecihsxw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/06/02 14:47:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\6ecihsxw.default\extensions\{403304EE-066A-4a2a-8F41-F12028480A0A}
[2009/12/20 15:21:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\6ecihsxw.default\extensions\{66277a5c-c33c-11db-8314-0800200c9a66}
[2009/12/19 03:45:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\6ecihsxw.default\extensions\{6c45b940-ae5a-11db-abbd-0800200c9a66}
[2010/06/27 21:35:34 | 000,000,000 | ---D | M] (Noscript) -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\6ecihsxw.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/12/16 22:32:41 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\6ecihsxw.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2009/12/20 15:21:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\6ecihsxw.default\extensions\{8181B740-5255-11D9-9FF6-0090995D2DCA}
[2010/06/19 12:31:33 | 000,000,000 | ---D | M] (Stratini Padded) -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\6ecihsxw.default\extensions\{8479ade0-2eec-11de-8c30-0800200c9a66}
[2010/04/13 13:24:52 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\6ecihsxw.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2009/12/23 15:09:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\6ecihsxw.default\extensions\{89736E8E-4B14-4042-8C75-AD00B6BD3900}
[2010/07/03 18:23:08 | 000,000,000 | ---D | M] (Password Exporter) -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\6ecihsxw.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}
[2010/05/26 19:48:42 | 000,000,000 | ---D | M] (Easy Youtube Video Downloader) -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\6ecihsxw.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
[2009/12/16 22:04:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\6ecihsxw.default\extensions\{C8E400E3-44BC-4e78-8C17-8C48E74C67F4}-trash
[2010/03/12 17:57:42 | 000,000,000 | ---D | M] (iPox) -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\6ecihsxw.default\extensions\{c9c58820-7bd4-11da-a72b-0800200c9a66}
[2010/05/01 01:24:41 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\6ecihsxw.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/01/11 21:21:51 | 000,000,000 | ---D | M] (Classic Compact) -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\6ecihsxw.default\extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E}
[2010/05/30 18:12:24 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\6ecihsxw.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/06/27 01:25:48 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\6ecihsxw.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009/12/17 16:00:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\6ecihsxw.default\extensions\{eb46c787-131a-4eb7-9b93-7f62ca550917}
[2010/06/29 23:50:52 | 000,000,000 | ---D | M] -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\6ecihsxw.default\extensions\chromeditplus@webdesigns.ms11.net
[2010/06/29 23:43:48 | 000,000,000 | ---D | M] -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\6ecihsxw.default\extensions\chromelist@extensions.gijsk.com
[2009/12/16 22:15:53 | 000,000,000 | ---D | M] -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\6ecihsxw.default\extensions\elemhidehelper@adblockplus.org
[2009/12/19 03:45:10 | 000,000,000 | ---D | M] -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\6ecihsxw.default\extensions\nick@getcellphonenumber.com
[2009/12/16 22:04:49 | 000,000,000 | ---D | M] -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\6ecihsxw.default\extensions\nosquint@urandom.ca
[2010/06/13 01:39:14 | 000,000,000 | ---D | M] -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\6ecihsxw.default\extensions\savedpasswordeditor@daniel.dawson
[2010/05/30 22:16:40 | 000,000,000 | ---D | M] -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\6ecihsxw.default\extensions\savedpasswords@adamfranco.com
[2009/12/16 22:04:49 | 000,000,000 | ---D | M] -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\6ecihsxw.default\extensions\support@ancestry.com
[2010/03/16 21:53:51 | 000,000,000 | ---D | M] -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\6ecihsxw.default\extensions\tinyurl.addon@fast-chat.co.uk
[2010/04/16 14:02:08 | 000,000,000 | ---D | M] -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\6ecihsxw.default\extensions\YoutubeDownloader@PeterOlayev.com
[2010/06/29 23:43:48 | 000,000,000 | ---D | M] -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\6ecihsxw.default\extensions\chromelist@extensions.gijsk.com\content
[2010/06/29 23:43:48 | 000,000,000 | ---D | M] -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\6ecihsxw.default\extensions\chromelist@extensions.gijsk.com\defaults
[2010/06/29 23:43:48 | 000,000,000 | ---D | M] -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\6ecihsxw.default\extensions\chromelist@extensions.gijsk.com\locale
[2010/06/29 23:43:48 | 000,000,000 | ---D | M] -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\6ecihsxw.default\extensions\chromelist@extensions.gijsk.com\skin
[2010/03/12 17:57:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\6ecihsxw.default\extensions\{c9c58820-7bd4-11da-a72b-0800200c9a66}\chrome\mozapps\extensions
[2010/03/12 17:57:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\6ecihsxw.default\extensions\{c9c58820-7bd4-11da-a72b-0800200c9a66}\chrome\mozapps\extensions\CVS
[2010/01/11 21:21:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\6ecihsxw.default\extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E}\chrome\mozapps\extensions
[2009/12/16 17:12:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\{c9c58820-7bd4-11da-a72b-0800200c9a66}\chrome\mozapps\extensions
[2009/12/16 17:12:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\{c9c58820-7bd4-11da-a72b-0800200c9a66}\chrome\mozapps\extensions\CVS
[2009/12/16 17:12:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E}\chrome\mozapps\extensions
[2009/07/01 08:22:12 | 000,000,880 | ---- | M] () -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\6ecihsxw.default\searchplugins\conduit.xml
[2010/01/16 02:08:02 | 000,000,003 | ---- | M] () -- C:\Users\Crackles\AppData\Roaming\Mozilla\Firefox\Profiles\6ecihsxw.default\searchplugins\GoogleFeed.xml
[2010/07/07 03:51:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/04/25 19:34:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/25 19:34:25 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/12/17 20:31:54 | 000,063,488 | ---- | M] (Nullsoft) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
[2009/09/21 13:24:16 | 000,001,329 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\crawlersrch.xml
O1 HOSTS File: ([2010/07/07 13:38:32 | 000,392,034 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 123haustiereundmehr.com
O1 - Hosts: 13539 more lines...
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AvaFind] C:\Program Files (x86)\AvaFind\AvaFind.exe (Think Less Do More Services)
O4 - HKLM..\Run: [EVGAPrecision] C:\Program Files (x86)\EVGA Precision\EVGAPrecisionWrapper.exe ()
O4 - Startup: C:\Users\Crackles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PAIN-X-X - Shortcut.lnk = C:\Users\Crackles\Desktop\PAIN-X-X.ods ()
O4 - Startup: C:\Users\Crackles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpeedFan.lnk = C:\Program Files (x86)\SpeedFan\speedfan.exe (Almico Software (www.almico.com))
O4 - Startup: C:\Users\Crackles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SSD Tweak 2 - Shortcut.lnk = C:\Users\Crackles\Desktop\SSD Tweak 2.txt File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.68.166 68.87.74.166
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/07/07 13:38:33 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010/07/07 14:19:25 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Crackles\Desktop\OTL.exe
[2010/07/07 13:37:52 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2010/07/07 13:37:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Enigma Software Group
[2010/07/07 13:37:35 | 000,000,000 | ---D | C] -- C:\Windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
[2010/07/07 13:36:49 | 000,662,360 | ---- | C] (Enigma Software Group USA, LLC.) -- C:\Users\Crackles\Desktop\SpyHunter-Installer.exe
[2010/07/06 22:31:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bazooka Scanner
[2010/07/04 00:59:09 | 009,205,688 | ---- | C] (IObit ) -- C:\Users\Crackles\Desktop\is360setup.exe
[2010/07/04 00:52:52 | 000,665,072 | ---- | C] (Crawler Inc. ) -- C:\Users\Crackles\Desktop\SpywareTerminatorSetup.exe
[2010/07/03 15:17:58 | 000,000,000 | ---D | C] -- C:\Users\Crackles\Desktop\MISC Folders
[2010/07/03 15:17:00 | 000,000,000 | ---D | C] -- C:\Users\Crackles\Desktop\A8S-X sensor
[2010/07/03 15:16:29 | 000,000,000 | ---D | C] -- C:\Users\Crackles\Desktop\SSD Folder
[2010/07/03 14:07:07 | 000,000,000 | ---D | C] -- C:\Users\Crackles\AppData\Roaming\Audacity
[2010/07/03 14:06:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)
[2010/07/01 14:12:22 | 000,000,000 | ---D | C] -- C:\Users\Crackles\Desktop\Open Office ALL DATES
[2010/07/01 13:01:58 | 000,000,000 | ---D | C] -- C:\Users\Crackles\Desktop\RamDisk Setup
[2010/07/01 12:59:30 | 000,000,000 | ---D | C] -- C:\Users\Crackles\Desktop\..YOUTUB.E
[2010/07/01 12:59:09 | 000,000,000 | ---D | C] -- C:\Users\Crackles\New folder
[2010/06/30 01:11:55 | 000,000,000 | ---D | C] -- C:\Users\Crackles\AppData\Roaming\AvaFind Data
[2010/06/30 01:11:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AvaFind
[2010/06/30 00:47:27 | 000,000,000 | ---D | C] -- C:\Users\Crackles\Desktop\MOM Folder
[2010/06/30 00:47:14 | 000,000,000 | ---D | C] -- C:\Users\Crackles\Desktop\DAD Folder
[2010/06/29 23:14:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RAMDisk
[2010/06/29 18:05:38 | 000,000,000 | ---D | C] -- C:\Users\Crackles\Desktop\CAMERA DUMP 2010
[2010/06/28 12:02:28 | 000,000,000 | ---D | C] -- C:\Users\Crackles\AppData\Roaming\grepWin
[2010/06/27 04:34:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2010/06/27 04:34:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2010/06/27 04:34:04 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2010/06/27 01:28:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2010/06/27 01:25:50 | 000,000,000 | ---D | C] -- C:\ProgramData\NOS
[2010/06/27 01:25:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NOS
[2010/06/24 21:07:27 | 000,000,000 | ---D | C] -- C:\Users\Crackles\Desktop\Write Cache
[2010/06/23 13:49:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PointsCalculator
[2010/06/22 20:55:46 | 000,000,000 | ---D | C] -- C:\Users\Crackles\Desktop\OC OVERCLOK
[2010/06/22 16:11:57 | 000,000,000 | ---D | C] -- C:\Users\Crackles\Desktop\Benchmark
[2010/06/22 15:47:12 | 000,895,256 | ---- | C] (DivX, Inc. ) -- C:\Users\Crackles\Desktop\DivXInstaller.exe
[2010/06/20 22:08:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2010/06/20 20:11:56 | 000,000,000 | ---D | C] -- C:\Users\Crackles\Desktop\SPANISH Learn Speak Spanish Learning
[2010/06/20 19:58:15 | 000,000,000 | ---D | C] -- C:\Users\Crackles\Desktop\Storms MP3 Thunder Wind DANGER
[2010/06/20 10:45:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Easy GIF Animator
[2010/06/20 00:20:21 | 000,000,000 | ---D | C] -- C:\Users\Crackles\Desktop\NEW PICS 2010
[2010/06/19 15:07:39 | 000,000,000 | ---D | C] -- C:\Users\Crackles\Documents\EverioCopy
[2010/06/18 23:00:48 | 000,000,000 | ---D | C] -- C:\Users\Crackles\Desktop\Yahoo Email Addys
[2010/06/18 22:35:54 | 000,000,000 | ---D | C] -- C:\Users\Crackles\Desktop\S730 Camera
[2010/06/14 18:42:34 | 000,000,000 | ---D | C] -- C:\Users\Crackles\AppData\Local\Google
[2010/06/13 01:07:49 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/06/13 01:07:46 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2010/06/13 01:07:45 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/06/12 23:57:52 | 000,000,000 | ---D | C] -- C:\Users\Crackles\Desktop\Weather ALL
[2010/06/11 20:18:28 | 000,000,000 | ---D | C] -- C:\Users\Crackles\Desktop\Population
[2010/06/10 20:27:14 | 000,000,000 | ---D | C] -- C:\Users\Crackles\Desktop\Money Issues
[2010/06/09 19:59:30 | 000,000,000 | ---D | C] -- C:\Users\Crackles\Desktop\EPB Net
[2010/06/08 01:19:26 | 000,255,552 | ---- | C] (MagicISO, Inc.) -- C:\Windows\SysWow64\drivers\mcdbus.sys
[2010/06/08 01:19:26 | 000,255,552 | ---- | C] (MagicISO, Inc.) -- C:\Windows\SysNative\drivers\mcdbus.sys
[2010/06/08 01:19:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MagicDisc
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010/07/07 17:18:16 | 007,602,176 | -HS- | M] () -- C:\Users\Crackles\NTUSER.DAT
[2010/07/07 14:47:00 | 000,049,649 | ---- | M] () -- C:\Users\Crackles\Desktop\PAIN-X-X.ods
[2010/07/07 14:47:00 | 000,000,098 | -H-- | M] () -- C:\Users\Crackles\Desktop\.~lock.PAIN-X-X.ods#
[2010/07/07 14:19:31 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Crackles\Desktop\OTL.exe
[2010/07/07 13:38:33 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2010/07/07 13:38:22 | 000,133,714 | ---- | M] () -- C:\Users\Crackles\Desktop\VIRUS!!!!!!!.png
[2010/07/07 13:37:52 | 000,002,294 | ---- | M] () -- C:\Users\Crackles\Desktop\SpyHunter.lnk
[2010/07/07 13:36:49 | 000,662,360 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Users\Crackles\Desktop\SpyHunter-Installer.exe
[2010/07/06 17:30:00 | 000,000,450 | -H-- | M] () -- C:\Windows\tasks\My Backup 1-21-2010 SSD BACKUP xml.job
[2010/07/05 18:35:47 | 000,022,779 | ---- | M] () -- C:\Users\Crackles\Desktop\FIREFOX-PASSWORDS SO FAR.ods
[2010/07/05 18:35:46 | 000,000,098 | -H-- | M] () -- C:\Users\Crackles\Desktop\.~lock.FIREFOX-PASSWORDS SO FAR.ods#
[2010/07/05 14:01:59 | 000,010,542 | ---- | M] () -- C:\Users\Crackles\Desktop\ABORT-DEBATE.ods
[2010/07/05 01:35:40 | 000,009,788 | ---- | M] () -- C:\Users\Crackles\Desktop\PASSWORDS EMAIL WEBSITES SERVICES SUBscriptIONS ETC FREE OR FOR FEE.ods
[2010/07/04 22:38:44 | 000,001,046 | ---- | M] () -- C:\Users\Crackles\Application Data\Microsoft\Internet Explorer\Quick Launch\Audacity 1.3 Beta (Unicode).lnk
[2010/07/04 00:59:18 | 009,205,688 | ---- | M] (IObit ) -- C:\Users\Crackles\Desktop\is360setup.exe
[2010/07/04 00:52:52 | 000,665,072 | ---- | M] (Crawler Inc. ) -- C:\Users\Crackles\Desktop\SpywareTerminatorSetup.exe
[2010/07/04 00:50:47 | 000,744,529 | ---- | M] () -- C:\Users\Crackles\Desktop\bazookasetup.exe
[2010/07/03 18:25:20 | 000,046,367 | ---- | M] () -- C:\Users\Crackles\Desktop\password-export-2010-07-03.xml
[2010/07/03 14:06:48 | 000,001,046 | ---- | M] () -- C:\Users\Crackles\Desktop\Audacity 1.3 Beta (Unicode).lnk
[2010/07/02 20:55:57 | 000,013,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/07/02 20:55:57 | 000,013,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/07/02 20:53:02 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/07/02 20:53:02 | 000,615,122 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/07/02 20:53:02 | 000,103,496 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/07/02 20:48:54 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2010/07/02 20:48:52 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/07/02 20:48:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/07/02 20:48:07 | 210,763,776 | ---- | M] () -- C:\RAMDisk.img
[2010/07/02 20:47:28 | 004,358,548 | -H-- | M] () -- C:\Users\Crackles\AppData\Local\IconCache.db
[2010/07/02 14:46:51 | 000,052,148 | ---- | M] () -- C:\Users\Crackles\Desktop\SPAM EMAIL 1.png
[2010/07/01 23:24:21 | 000,000,116 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010/07/01 14:11:24 | 000,018,904 | ---- | M] () -- C:\Users\Crackles\Desktop\WHOLE-CARE ACT OF 201X.ods
[2010/07/01 13:41:51 | 000,001,472 | ---- | M] () -- C:\Users\Crackles\Application Data\Microsoft\Internet Explorer\Quick Launch\Command Prompt.lnk
[2010/06/30 19:03:51 | 000,260,027 | ---- | M] () -- C:\Users\Crackles\Desktop\NEBULIZER MEDS REFILL CME PHARMACY.png
[2010/06/30 01:11:53 | 000,002,655 | ---- | M] () -- C:\Users\Public\Desktop\Ava Find.lnk
[2010/06/29 17:03:22 | 000,015,126 | ---- | M] () -- C:\Users\Crackles\Desktop\REPAIR WASHER DRYER ROOM ROTTEN BOARDS BOTTOM EXTERIROR.ods
[2010/06/29 16:45:37 | 000,007,710 | ---- | M] () -- C:\Users\Crackles\Desktop\Gov't Income House Senate Government.ods
[2010/06/29 01:36:28 | 000,025,415 | ---- | M] () -- C:\Users\Crackles\Desktop\MinWage.png
[2010/06/28 23:52:41 | 000,044,319 | ---- | M] () -- C:\Users\Crackles\Desktop\FONTS COMPARED.ods
[2010/06/28 23:35:41 | 000,016,496 | ---- | M] () -- C:\Users\Crackles\Desktop\DIET-WEIGHT-LOGXERCISE.ods
[2010/06/28 00:03:51 | 000,013,305 | ---- | M] () -- C:\Users\Crackles\Desktop\DOMAIN ORGANIZED.ods
[2010/06/27 22:46:25 | 000,013,241 | ---- | M] () -- C:\Users\Crackles\Desktop\HEART PAIN.ods
[2010/06/27 21:54:21 | 000,019,556 | ---- | M] () -- C:\Users\Crackles\Desktop\TEMPLATES OVERCLOCK UD3P.ods
[2010/06/27 20:54:42 | 000,026,092 | ---- | M] () -- C:\Users\Crackles\Desktop\Treadmill & Weight Log.ods
[2010/06/26 21:21:56 | 000,011,751 | ---- | M] () -- C:\Users\Crackles\Desktop\TREADMILL CHART.ods
[2010/06/25 15:23:29 | 000,004,129 | ---- | M] () -- C:\Windows\SysWow64\temp.hdt
[2010/06/24 23:44:51 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\initdebug.nfo
[2010/06/24 21:58:16 | 000,326,032 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/06/24 21:51:58 | 000,000,972 | ---- | M] () -- C:\Users\Crackles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SSD Tweak 2 - Shortcut.lnk
[2010/06/24 18:10:17 | 000,042,669 | ---- | M] () -- C:\Users\Crackles\Documents\HDTune_WRITE-CACHE-DISABLED.png
[2010/06/23 20:35:33 | 000,079,800 | ---- | M] () -- C:\Users\Crackles\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/06/22 21:03:00 | 000,022,293 | ---- | M] () -- C:\Users\Crackles\Desktop\PILL COUNT JUNE 5 AT 6 PM.ods
[2010/06/22 20:58:33 | 000,018,719 | ---- | M] () -- C:\Users\Crackles\Desktop\CIG PRICE TN VS GA.ods
[2010/06/22 15:47:10 | 000,895,256 | ---- | M] (DivX, Inc. ) -- C:\Users\Crackles\Desktop\DivXInstaller.exe
[2010/06/22 13:48:21 | 000,013,943 | ---- | M] () -- C:\Users\Crackles\Desktop\OPEN DATES.ods
[2010/06/20 22:08:28 | 000,001,268 | ---- | M] () -- C:\Users\Crackles\Desktop\Revo Uninstaller.lnk
[2010/06/19 23:55:21 | 000,000,480 | ---- | M] () -- C:\Users\Crackles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PAIN-X-X - Shortcut.lnk
[2010/06/19 12:05:15 | 000,000,110 | -H-- | M] () -- C:\Users\Crackles\Desktop\.~lock.PAIN X 3.ods#
[2010/06/18 19:44:06 | 000,000,110 | -H-- | M] () -- C:\Users\Crackles\Desktop\.~lock.CIG Prices Chart TN GA Tax cartons.ods#
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/07/07 13:38:33 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2010/07/07 13:38:22 | 000,133,714 | ---- | C] () -- C:\Users\Crackles\Desktop\VIRUS!!!!!!!.png
[2010/07/07 13:37:52 | 000,002,294 | ---- | C] () -- C:\Users\Crackles\Desktop\SpyHunter.lnk
[2010/07/05 14:01:58 | 000,010,542 | ---- | C] () -- C:\Users\Crackles\Desktop\ABORT-DEBATE.ods
[2010/07/04 22:38:44 | 000,001,046 | ---- | C] () -- C:\Users\Crackles\Application Data\Microsoft\Internet Explorer\Quick Launch\Audacity 1.3 Beta (Unicode).lnk
[2010/07/04 00:50:48 | 000,744,529 | ---- | C] () -- C:\Users\Crackles\Desktop\bazookasetup.exe
[2010/07/03 18:30:31 | 000,000,098 | -H-- | C] () -- C:\Users\Crackles\Desktop\.~lock.FIREFOX-PASSWORDS SO FAR.ods#
[2010/07/03 18:30:30 | 000,022,779 | ---- | C] () -- C:\Users\Crackles\Desktop\FIREFOX-PASSWORDS SO FAR.ods
[2010/07/03 18:25:19 | 000,046,367 | ---- | C] () -- C:\Users\Crackles\Desktop\password-export-2010-07-03.xml
[2010/07/03 18:07:00 | 000,009,788 | ---- | C] () -- C:\Users\Crackles\Desktop\PASSWORDS EMAIL WEBSITES SERVICES SUBscriptIONS ETC FREE OR FOR FEE.ods
[2010/07/03 14:06:48 | 000,001,046 | ---- | C] () -- C:\Users\Crackles\Desktop\Audacity 1.3 Beta (Unicode).lnk
[2010/07/02 20:48:58 | 000,000,098 | -H-- | C] () -- C:\Users\Crackles\Desktop\.~lock.PAIN-X-X.ods#
[2010/07/02 14:46:51 | 000,052,148 | ---- | C] () -- C:\Users\Crackles\Desktop\SPAM EMAIL 1.png
[2010/07/01 20:49:45 | 210,763,776 | ---- | C] () -- C:\RAMDisk.img
[2010/06/30 19:03:51 | 000,260,027 | ---- | C] () -- C:\Users\Crackles\Desktop\NEBULIZER MEDS REFILL CME PHARMACY.png
[2010/06/30 13:41:38 | 000,018,904 | ---- | C] () -- C:\Users\Crackles\Desktop\WHOLE-CARE ACT OF 201X.ods
[2010/06/30 01:11:53 | 000,002,655 | ---- | C] () -- C:\Users\Public\Desktop\Ava Find.lnk
[2010/06/29 17:02:23 | 000,015,126 | ---- | C] () -- C:\Users\Crackles\Desktop\REPAIR WASHER DRYER ROOM ROTTEN BOARDS BOTTOM EXTERIROR.ods
[2010/06/29 15:40:14 | 000,007,710 | ---- | C] () -- C:\Users\Crackles\Desktop\Gov't Income House Senate Government.ods
[2010/06/29 01:36:28 | 000,025,415 | ---- | C] () -- C:\Users\Crackles\Desktop\MinWage.png
[2010/06/28 23:52:39 | 000,044,319 | ---- | C] () -- C:\Users\Crackles\Desktop\FONTS COMPARED.ods
[2010/06/28 23:35:40 | 000,016,496 | ---- | C] () -- C:\Users\Crackles\Desktop\DIET-WEIGHT-LOGXERCISE.ods
[2010/06/27 23:50:54 | 000,013,305 | ---- | C] () -- C:\Users\Crackles\Desktop\DOMAIN ORGANIZED.ods
[2010/06/27 22:03:39 | 000,013,241 | ---- | C] () -- C:\Users\Crackles\Desktop\HEART PAIN.ods
[2010/06/26 21:32:39 | 000,026,092 | ---- | C] () -- C:\Users\Crackles\Desktop\Treadmill & Weight Log.ods
[2010/06/26 20:35:16 | 000,011,751 | ---- | C] () -- C:\Users\Crackles\Desktop\TREADMILL CHART.ods
[2010/06/26 15:59:19 | 000,019,556 | ---- | C] () -- C:\Users\Crackles\Desktop\TEMPLATES OVERCLOCK UD3P.ods
[2010/06/25 15:23:29 | 000,004,129 | ---- | C] () -- C:\Windows\SysWow64\temp.hdt
[2010/06/24 21:51:58 | 000,000,972 | ---- | C] () -- C:\Users\Crackles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SSD Tweak 2 - Shortcut.lnk
[2010/06/24 18:10:17 | 000,042,669 | ---- | C] () -- C:\Users\Crackles\Documents\HDTune_WRITE-CACHE-DISABLED.png
[2010/06/22 20:58:31 | 000,018,719 | ---- | C] () -- C:\Users\Crackles\Desktop\CIG PRICE TN VS GA.ods
[2010/06/22 12:55:56 | 000,013,943 | ---- | C] () -- C:\Users\Crackles\Desktop\OPEN DATES.ods
[2010/06/20 22:08:28 | 000,001,268 | ---- | C] () -- C:\Users\Crackles\Desktop\Revo Uninstaller.lnk
[2010/06/19 23:55:21 | 000,000,480 | ---- | C] () -- C:\Users\Crackles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PAIN-X-X - Shortcut.lnk
[2010/06/19 18:40:51 | 000,049,649 | ---- | C] () -- C:\Users\Crackles\Desktop\PAIN-X-X.ods
[2010/06/18 19:44:06 | 000,000,110 | -H-- | C] () -- C:\Users\Crackles\Desktop\.~lock.CIG Prices Chart TN GA Tax cartons.ods#
[2010/06/18 10:04:00 | 000,000,110 | -H-- | C] () -- C:\Users\Crackles\Desktop\.~lock.PAIN X 3.ods#
[2010/05/25 21:51:32 | 000,611,328 | ---- | C] () -- C:\Windows\SysWow64\DVD43.dll
[2010/05/24 23:18:04 | 000,000,185 | ---- | C] () -- C:\Windows\SysWow64\msblcd32.dll
[2010/03/12 01:27:09 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010/03/11 14:40:54 | 000,000,026 | ---- | C] () -- C:\Windows\dvdSanta.INI
[2010/03/11 11:17:27 | 000,000,116 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010/01/11 01:33:51 | 000,000,000 | ---- | C] () -- C:\Windows\Bench32.INI
[2010/01/02 21:41:03 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll
[2010/01/02 21:41:03 | 000,002,412 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini
[2009/12/31 23:08:26 | 000,000,053 | ---- | C] () -- C:\Windows\wininit.ini
[2009/12/18 13:20:25 | 000,006,318 | ---- | C] () -- C:\Windows\silkquit.ini
[2009/12/18 00:41:31 | 000,175,104 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2009/12/18 00:41:30 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\GTTunerCard.dll
[2009/12/18 00:41:30 | 000,237,646 | ---- | C] () -- C:\Windows\SysWow64\Snap_device.dll
[2009/12/18 00:41:30 | 000,069,707 | ---- | C] () -- C:\Windows\SysWow64\DISP_OPT1.dll
[2009/12/17 23:50:23 | 000,021,504 | ---- | C] () -- C:\Windows\SysWow64\WBCustomizer.dll
[2009/12/17 02:04:22 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2009/12/16 23:47:48 | 000,001,108 | -HS- | C] () -- C:\Windows\SysWow64\KGyGaAvL.sys
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
========== Alternate Data Streams ==========
@Alternate Data Stream - 368 bytes -> C:\Users\Crackles\AppData\Local\desktop.ini:722b2b1c349a06abf0e866180e5a7e63
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:FB1B13D8
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5C321E34
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:DFC5A2B2
< End of report >