Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

suddenly, admin account (only) is not working right


  • This topic is locked This topic is locked
4 replies to this topic

#1 junkforaaron

junkforaaron

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:39 PM

Posted 05 July 2010 - 07:01 AM

all of these problems are only on the admin acct. my other day to day acct is working fine, internet and all.
all of these symptoms happened suddenly and at the same time:

* i logged onto my admin account and created a new folder on the desktop. i typed in a folder name, hit enter and it reverted to new folder. i cannot rename it or any new folder.
* there is a new icon on my desktop: rasphone.pbk and a folder: _hidden.pbk. i deleted them but they reappear the net time i log on.
* Firefox will not start. brief busy animation on the pointer then nothing.
* i have a Franklin cellular modem as my internet connection. it will not connect. the modem software loads fine, but when i hit "go" it says "initializing" then "disconnected" instead of "dialing" like it used to.


all of these problems are only on the admin acct. my other day to day acct is working fine, internet and all.

spybot, avast, and malwarebytes are coming back clean.

Thanks for taking a look smile.gif


following are dds, mbam, otl, and gmer logs.







DDS (Ver_09-06-26.01) - NTFSx86
Run by User at 17:38:39.27 on Sun 07/04/2010
Internet Explorer: 8.0.6001.18928 BrowserJavaVersion: 1.6.0_17
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6002.2.1252.1.1033.18.2936.1495 [GMT -8:00]

SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\ehome\ehsched.exe
C:\Windows\ehome\ehRecvr.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\ACS_CDU680\EVDO-Modem\Bin\RDVCHG.EXE
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\msiexec.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\vssvc.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\User\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\NPSWF32_FlashUtil.exe -p
mRun: [<NO NAME>]
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\windows\system32\wpclsp.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath -
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-11-29 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-11-29 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-11-29 53328]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-12-6 1153368]
R3 cmusbser;%CMUSBSER%;c:\windows\system32\drivers\cmusbser.sys [2009-12-11 87040]
R3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]
R3 PGEffect;Pangu effect driver;c:\windows\system32\drivers\PGEffect.sys [2009-7-6 22272]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-5 136176]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 camsvc;TOSHIBA Web Camera Service;c:\program files\toshiba\toshiba web camera application\TWebCameraSrv.exe [2009-7-6 20544]

=============== Created Last 30 ================

2010-07-04 17:28 <DIR> --d----- c:\windows\Application Data
2010-07-04 17:23 87,608 a------- C:\inst.exe
2010-07-04 17:23 47,360 a------- C:\pcouffin.sys
2010-07-04 17:23 7,887 a------- C:\pcouffin.cat
2010-07-04 17:23 1,144 a------- C:\pcouffin.inf
2010-07-04 16:38 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-04 16:38 <DIR> --d----- c:\programdata\Malwarebytes
2010-07-04 16:38 <DIR> --d----- c:\progra~2\Malwarebytes
2010-07-04 16:38 20,952 a------- c:\windows\system32\drivers\mbam.sys
2010-07-04 16:38 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2010-07-04 05:16 <DIR> --d----- c:\users\user\New Folder
2010-07-04 05:15 <DIR> --d----- c:\programdata\WindowsSearch
2010-07-04 03:28 <DIR> --d----- c:\users\user\.config
2010-07-04 03:27 <DIR> --d----- c:\temp\qt-user
2010-07-04 03:27 <DIR> --d----- C:\temp
2010-06-23 03:00 297,808 a------- c:\windows\system32\mscoree.dll
2010-06-23 03:00 295,264 a------- c:\windows\system32\PresentationHost.exe
2010-06-23 03:00 99,176 a------- c:\windows\system32\PresentationHostProxy.dll
2010-06-23 03:00 49,472 a------- c:\windows\system32\netfxperf.dll
2010-06-23 03:00 1,130,824 a------- c:\windows\system32\dfshim.dll
2010-06-22 12:15 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2010-06-22 12:15 28,672 a------- c:\windows\system32\Apphlpdm.dll
2010-06-20 13:08 <DIR> --d----- c:\program files\Avira
2010-06-10 15:51 289,792 a------- c:\windows\system32\atmfd.dll
2010-06-10 15:51 34,304 a------- c:\windows\system32\atmlib.dll
2010-06-10 15:51 2,037,248 a------- c:\windows\system32\win32k.sys
2010-06-10 15:47 67,072 a------- c:\windows\system32\asycfilt.dll
2010-06-05 04:24 <DIR> --d----- c:\program files\common files\Stardock
2010-06-05 04:24 <DIR> --d----- c:\program files\Indie Games

==================== Find3M ====================

2010-05-21 14:14 221,568 -------- c:\windows\system32\MpSigStub.exe
2010-05-09 03:59 143,360 a------- c:\windows\inf\infstrng.dat
2010-05-09 03:59 86,016 a------- c:\windows\inf\infstor.dat
2010-05-09 03:59 51,200 a------- c:\windows\inf\infpub.dat
2010-05-03 21:59 916,480 a------- c:\windows\system32\wininet.dll
2010-05-03 21:55 109,056 a------- c:\windows\system32\iesysprep.dll
2010-05-03 21:55 71,680 a------- c:\windows\system32\iesetup.dll
2010-05-03 20:31 133,632 a------- c:\windows\system32\ieUnatt.exe
2010-04-23 06:13 2,048 a------- c:\windows\system32\tzres.dll
2010-04-16 08:43 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2010-04-16 08:43 458,752 a------- c:\windows\apppatch\AcSpecfc.dll
2010-04-16 08:43 542,720 a------- c:\windows\apppatch\AcLayers.dll
2010-04-16 08:43 2,159,616 a------- c:\windows\apppatch\AcGenral.dll
2010-04-08 13:20 107,808 a------- c:\windows\system32\dns-sd.exe
2010-04-08 13:20 91,424 a------- c:\windows\system32\dnssd.dll
2009-12-03 23:48 665,600 a------- c:\windows\inf\drvindex.dat
2008-01-20 18:43 174 a--sh--- c:\program files\desktop.ini
2007-11-07 08:03 97,296 a------- C:\install.res.1036.dll
2007-11-07 08:03 96,272 a------- C:\install.res.3082.dll
2007-11-07 08:03 96,272 a------- C:\install.res.1031.dll
2007-11-07 08:03 95,248 a------- C:\install.res.1040.dll
2007-11-07 08:03 91,152 a------- C:\install.res.1033.dll
2007-11-07 08:03 81,424 a------- C:\install.res.1041.dll
2007-11-07 08:03 79,888 a------- C:\install.res.1042.dll
2007-11-07 08:03 76,304 a------- C:\install.res.1028.dll
2007-11-07 08:03 75,792 a------- C:\install.res.2052.dll
2006-11-02 04:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 04:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 04:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 04:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 01:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 01:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 01:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 01:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2009-12-15 02:21 245,760 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat

============= FINISH: 17:39:03.18 ===============






Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4275

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928

7/4/2010 4:47:08 PM
mbam-log-2010-07-04 (16-47-08).txt

Scan type: Quick scan
Objects scanned: 138226
Time elapsed: 4 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)





OTL logfile created on: 7/5/2010 1:56:29 AM - Run 1
OTL by OldTimer - Version 3.2.7.1 Folder = C:\Users\drew\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 57.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.70 Gb Total Space | 76.70 Gb Free Space | 26.66% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 65.85 Mb Total Space | 54.98 Mb Free Space | 83.49% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KEN-PC
Current User Name: User
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/07/05 01:55:02 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\drew\Desktop\OTL.exe
PRC - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/04/05 11:37:47 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/11/24 15:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/11/24 15:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/11/24 15:51:21 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/11/24 15:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/11/24 15:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/04/10 22:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/10/16 16:26:20 | 000,860,160 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2008/10/16 15:54:34 | 000,466,944 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008/08/01 18:08:38 | 002,592,768 | ---- | M] (C-motech Co.,Ltd) -- C:\Program Files\ACS_CDU680\EVDO-Modem\Bin\CDU680.EXE
PRC - [2008/08/01 18:07:18 | 000,307,200 | ---- | M] (C-motech Co.,Ltd) -- C:\Program Files\ACS_CDU680\EVDO-Modem\Bin\RDVCHG.exe
PRC - [2008/01/20 18:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006/10/05 11:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe


========== Modules (SafeList) ==========

MOD - [2010/07/05 01:55:02 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\drew\Desktop\OTL.exe
MOD - [2009/04/10 22:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/20 18:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/05/27 02:37:19 | 000,395,048 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/11/24 15:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/24 15:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/24 15:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/24 15:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/09/24 17:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/04/16 17:42:58 | 000,020,544 | ---- | M] (TOSHIBA) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe -- (camsvc)
SRV - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/10/16 16:26:20 | 000,860,160 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008/10/16 15:54:34 | 000,466,944 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008/01/20 18:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006/10/05 11:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2005/11/14 00:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2009/11/24 15:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/11/24 15:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/11/24 15:49:48 | 000,053,328 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2009/11/24 15:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/11/24 15:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009/08/09 13:25:56 | 000,029,696 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VClone.sys -- (VClone)
DRV - [2009/04/24 13:29:28 | 000,163,840 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009/04/08 10:53:12 | 000,064,000 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTSTOR.sys -- (RTSTOR)
DRV - [2009/03/30 16:13:42 | 002,350,624 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/03/20 15:37:42 | 000,208,688 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2009/03/18 10:44:54 | 000,022,272 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PGEffect.sys -- (PGEffect)
DRV - [2009/03/03 11:07:30 | 002,476,544 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2009/02/11 16:11:50 | 000,329,752 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2009/01/27 18:12:14 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2008/11/17 06:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel®
DRV - [2008/05/07 10:30:12 | 000,025,896 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\LPCFilter.sys -- (LPCFilter)
DRV - [2008/01/20 18:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 18:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 18:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 18:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 18:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 18:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 18:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 18:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 18:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 18:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008/01/20 18:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 18:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 18:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 18:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 18:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 18:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 18:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 18:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 18:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 18:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 18:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 18:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 18:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 18:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 18:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/11/09 13:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2006/12/13 18:31:56 | 000,087,040 | ---- | M] (Cmotech Co.,Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cmusbser.sys -- (cmusbser)
DRV - [2006/11/28 14:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/02 01:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 01:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 01:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 01:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 01:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 01:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 01:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 01:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 01:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 01:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 01:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 00:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 00:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 00:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 00:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 00:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 00:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/01 23:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?br...B&bmod=TSHB
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?br...B&bmod=TSHB

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?br...B&bmod=TSHB
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?br...B&bmod=TSHB
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/|http://www.reddit.com/message/inbox/|http://home.myspace.com/index.cfm?fuseaction=home|http://www.facebook.com/|http://ask.metafilter.com/|https://mail.google.com/mail/?shva=1#inbox|http://bibleforums.org/usercp.php"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..extensions.enabledItems: elemhidehelper@adblockplus.org:1.0.6
FF - prefs.js..extensions.enabledItems: add-to-searchbox@maltekraus.de:2.0
FF - prefs.js..extensions.enabledItems: {8b86149f-01fb-4842-9dd8-4d7eb02fd055}:0.21.1
FF - prefs.js..extensions.enabledItems: {1e2fd05e-2ce6-11dd-bd1b-efbb55d89593}:1.4
FF - prefs.js..extensions.enabledItems: {c0d8c829-2f23-4d63-9dfb-7047c17a8357}:0.1.7
FF - prefs.js..extensions.enabledItems: {ba243cb0-b824-4a26-9418-73ee795d9b9d}:1.0.3
FF - prefs.js..extensions.enabledItems: {71328583-3CA7-4809-B4BA-570A85818FBB}:0.6.3
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.8
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.13
FF - prefs.js..extensions.enabledItems: translator@zoli.bod:1.0.5
FF - prefs.js..extensions.enabledItems: greasefire@skrul.com:1.0.4
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: giorgio@gilestro.tk:0.3
FF - prefs.js..extensions.enabledItems: {EDA7B1D7-F793-4e03-B074-E6F303317FB0}:1.2.6
FF - prefs.js..extensions.enabledItems: multilinks@plugin:2.0.0.17
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.87
FF - prefs.js..extensions.enabledItems: imagetab@next.gen.nz:1.1
FF - prefs.js..extensions.enabledItems: {55ce2530-61df-4ddc-b287-feae64e70575}:0.7
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:3.6.3
FF - prefs.js..extensions.enabledItems: {6072cb90-a0bd-11da-a746-0800200c9a66}:2006.4.5.1
FF - prefs.js..extensions.enabledItems: {0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3}:2.0.5
FF - prefs.js..extensions.enabledItems: {54BB9F3F-07E5-486c-9B39-C7398B99391C}:3.1.2009110201
FF - prefs.js..extensions.enabledItems: tineye@ideeinc.com:0.7.1
FF - prefs.js..extensions.enabledItems: flickr@billconan.com:1.1
FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.7
FF - prefs.js..extensions.enabledItems: {b41cb5f0-2e52-11de-8c30-0800200c9a66}:2.1
FF - prefs.js..extensions.enabledItems: {de5809e0-2b07-11dd-bd0b-0800200c9a66}:1.2.0
FF - prefs.js..extensions.enabledItems: djziggy@gmail.com:1.1.7
FF - prefs.js..network.proxy.backup.ftp: ""
FF - prefs.js..network.proxy.backup.ftp_port: 0
FF - prefs.js..network.proxy.backup.gopher: ""
FF - prefs.js..network.proxy.backup.gopher_port: 0
FF - prefs.js..network.proxy.backup.socks: ""
FF - prefs.js..network.proxy.backup.socks_port: 0
FF - prefs.js..network.proxy.backup.ssl: ""
FF - prefs.js..network.proxy.backup.ssl_port: 0
FF - prefs.js..network.proxy.ftp: "91.103.185.182"
FF - prefs.js..network.proxy.ftp_port: 80
FF - prefs.js..network.proxy.gopher: "91.103.185.182"
FF - prefs.js..network.proxy.gopher_port: 80
FF - prefs.js..network.proxy.http: "91.103.185.182"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "91.103.185.182"
FF - prefs.js..network.proxy.socks_port: 80
FF - prefs.js..network.proxy.ssl: "91.103.185.182"
FF - prefs.js..network.proxy.ssl_port: 80

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/09 04:00:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/09 04:00:20 | 000,000,000 | ---D | M]

[2009/12/12 08:51:48 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Mozilla\Extensions
[2009/11/29 22:08:56 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Mozilla\Extensions-BackupByFirefoxPortable
[2009/11/29 22:08:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Extensions-BackupByFirefoxPortable\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/06/29 01:04:04 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ym170h0f.default\extensions
[2009/11/30 04:30:25 | 000,000,000 | ---D | M] (Resurrect Pages) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ym170h0f.default\extensions\{0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3}
[2009/12/14 14:29:08 | 000,000,000 | ---D | M] (Basic Bookmarks for FF3) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ym170h0f.default\extensions\{1e2fd05e-2ce6-11dd-bd1b-efbb55d89593}
[2010/03/28 07:02:03 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ym170h0f.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2009/11/30 01:20:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ym170h0f.default\extensions\{54BB9F3F-07E5-486c-9B39-C7398B99391C}
[2010/04/09 14:00:27 | 000,000,000 | ---D | M] (RefreshBlocker) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ym170h0f.default\extensions\{55ce2530-61df-4ddc-b287-feae64e70575}
[2009/11/30 01:20:16 | 000,000,000 | ---D | M] (repagination) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ym170h0f.default\extensions\{6072cb90-a0bd-11da-a746-0800200c9a66}
[2010/01/27 22:09:11 | 000,000,000 | ---D | M] (CacheViewer) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ym170h0f.default\extensions\{71328583-3CA7-4809-B4BA-570A85818FBB}
[2010/06/18 11:07:28 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ym170h0f.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/06/18 11:07:20 | 000,000,000 | ---D | M] (FoxySpider) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ym170h0f.default\extensions\{75df891f-e299-4725-b14f-7d52f086dea2}
[2010/04/13 22:42:46 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ym170h0f.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2010/04/13 22:42:47 | 000,000,000 | ---D | M] (All-in-One Gestures) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ym170h0f.default\extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055}
[2010/03/28 07:02:03 | 000,000,000 | ---D | M] (Black Stratini) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ym170h0f.default\extensions\{b41cb5f0-2e52-11de-8c30-0800200c9a66}
[2010/03/04 07:55:48 | 000,000,000 | ---D | M] (Bookmark Duplicate Detector) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ym170h0f.default\extensions\{ba243cb0-b824-4a26-9418-73ee795d9b9d}
[2010/04/09 13:18:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ym170h0f.default\extensions\{c0d8c829-2f23-4d63-9dfb-7047c17a8357}
[2010/04/06 02:06:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ym170h0f.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2010/05/04 01:12:50 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ym170h0f.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/04/13 22:42:57 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ym170h0f.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010/04/13 22:42:42 | 000,000,000 | ---D | M] (Gradient iCool) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ym170h0f.default\extensions\{de5809e0-2b07-11dd-bd0b-0800200c9a66}
[2010/04/13 22:42:51 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ym170h0f.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/03/02 19:26:20 | 000,000,000 | ---D | M] (Menu Editor) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ym170h0f.default\extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0}
[2010/03/24 03:12:16 | 000,000,000 | ---D | M] (Text-to-Image) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ym170h0f.default\extensions\{f701c26a-479a-4724-b4f1-870db12f063c}
[2010/04/07 04:05:29 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ym170h0f.default\extensions\add-to-searchbox@maltekraus.de
[2010/05/30 01:39:48 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ym170h0f.default\extensions\alertbox@ajitk.com
[2010/05/04 01:12:49 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ym170h0f.default\extensions\amznUWL@amazon.com
[2010/06/18 11:07:16 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ym170h0f.default\extensions\djziggy@gmail.com
[2009/11/29 22:52:47 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ym170h0f.default\extensions\elemhidehelper@adblockplus.org
[2010/05/12 02:03:00 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ym170h0f.default\extensions\firebug@software.joehewitt.com
[2009/12/14 13:28:29 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ym170h0f.default\extensions\flickr@billconan.com
[2010/06/22 08:48:01 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ym170h0f.default\extensions\foxyproxy@eric.h.jung
[2010/02/24 09:06:34 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ym170h0f.default\extensions\giorgio@gilestro.tk
[2010/06/14 05:03:23 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ym170h0f.default\extensions\greasefire@skrul.com
[2010/03/27 04:25:59 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ym170h0f.default\extensions\imagetab@next.gen.nz
[2010/03/02 01:21:41 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ym170h0f.default\extensions\linky@gemal.dk
[2010/04/02 05:46:08 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ym170h0f.default\extensions\multilinks@plugin
[2010/06/18 11:07:20 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ym170h0f.default\extensions\piclens@cooliris.com
[2010/06/18 11:07:20 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ym170h0f.default\extensions\piclens@cooliris.com-trash
[2010/03/28 07:02:03 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ym170h0f.default\extensions\SkipScreen@SkipScreen
[2010/06/22 08:48:01 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ym170h0f.default\extensions\staged-xpis
[2009/11/29 22:52:47 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ym170h0f.default\extensions\tineye@ideeinc.com
[2010/06/18 11:07:21 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ym170h0f.default\extensions\translator@zoli.bod
[2010/06/09 07:50:49 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ym170h0f.default\extensions\youtube2mp3@mondayx.de
[2010/04/08 03:10:42 | 000,001,849 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ym170h0f.default\searchplugins\blue-letter-bible---nasb.xml
[2009/12/30 07:39:09 | 000,005,776 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ym170h0f.default\searchplugins\bugmenot.xml
[2009/12/15 03:56:28 | 000,002,035 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ym170h0f.default\searchplugins\google-translate-any--en.xml
[2009/12/31 01:25:47 | 000,001,720 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ym170h0f.default\searchplugins\youtube-video-search.xml
[2010/07/04 17:31:20 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/07/04 15:50:52 | 000,411,877 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 my.webaroo.net
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 14234 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\NPSWF32_FlashUtil.exe File not found
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 13:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 90 Days ==========

[2010/07/05 01:39:05 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\New Folder
[2010/07/04 17:33:37 | 000,000,000 | R--D | C] -- C:\Users\User\Searches
[2010/07/04 17:28:58 | 000,000,000 | ---D | C] -- C:\Windows\Application Data
[2010/07/04 17:23:38 | 000,047,360 | ---- | C] (VSO Software) -- C:\pcouffin.sys
[2010/07/04 17:23:38 | 000,000,000 | ---D | C] -- C:\Vso
[2010/07/04 17:23:38 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\PcSetup
[2010/07/04 16:38:10 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/07/04 16:38:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/07/04 16:38:08 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/07/04 16:38:08 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/04 05:17:09 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\_hiddenPbk
[2010/07/04 05:16:20 | 000,000,000 | ---D | C] -- C:\Users\User\New Folder
[2010/07/04 05:15:15 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2010/07/04 03:31:24 | 000,000,000 | -HSD | C] -- C:\Users\User\Desktop\%APPDATA%
[2010/07/04 03:28:13 | 000,000,000 | ---D | C] -- C:\Users\User\.config
[2010/07/04 03:27:50 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\vlc
[2010/07/04 03:27:50 | 000,000,000 | ---D | C] -- C:\temp
[2010/07/03 00:49:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2010/07/03 00:35:27 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2010/06/26 03:01:46 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/06/20 13:08:00 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/06/05 04:24:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Stardock
[2010/06/05 04:24:52 | 000,000,000 | ---D | C] -- C:\Program Files\Indie Games
[2010/06/05 04:12:11 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Slam Dunk Studios, LLC
[2010/06/01 04:00:55 | 000,000,000 | ---D | C] -- C:\Users\User\ringtones
[2010/05/28 04:18:22 | 000,000,000 | R--D | C] -- C:\Users\User\Contacts
[2010/05/26 02:00:10 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\gegl-0.0
[2010/05/23 10:01:02 | 000,000,000 | RH-D | C] -- C:\Users\User\Favorites
[2010/05/23 04:22:32 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Apple Computer
[2010/05/23 04:14:34 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Karen's Power Tools
[2010/05/23 04:14:27 | 000,000,000 | ---D | C] -- C:\Program Files\Karen's Power Tools
[2010/05/23 04:14:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Karen's Power Tools
[2010/05/23 03:40:46 | 000,000,000 | ---D | C] -- C:\Program Files\WinMerge
[2010/05/23 02:51:26 | 000,000,000 | R--D | C] -- C:\Users\User\Program Files
[2010/05/23 02:43:11 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Rachel's Documents
[2010/05/23 02:43:07 | 000,000,000 | R--D | C] -- C:\Users\User\Documents\Favorites
[2010/05/23 02:42:34 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Sarah's Documents
[2010/05/19 04:02:20 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\inkscape
[2010/05/19 03:46:34 | 000,000,000 | ---D | C] -- C:\Program Files\Inkscape
[2010/05/10 14:27:09 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Apple Computer
[2010/05/09 04:01:01 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/05/09 04:00:58 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/05/09 04:00:58 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/05/09 03:59:58 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/05/09 03:59:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010/05/09 03:59:43 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/05/09 03:58:48 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/05/09 03:58:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2010/05/09 03:58:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/05/05 00:36:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2010/05/05 00:36:36 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2010/05/05 00:36:29 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2010/05/05 00:36:13 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2010/05/05 00:36:03 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010/05/05 00:32:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2010/05/01 13:47:54 | 000,000,000 | ---D | C] -- C:\Program Files\PokerStars.NET
[2010/05/01 02:31:53 | 000,000,000 | ---D | C] -- C:\Program Files\WinDirStat
[2010/04/23 08:58:36 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\FullTiltPoker
[2010/04/19 19:07:28 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\BitTorrent
[2010/04/09 13:45:37 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\HostsMan Backups
[2010/04/09 13:45:37 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\abelhadigital.com
[2010/04/09 13:45:37 | 000,000,000 | ---D | C] -- C:\ProgramData\abelhadigital.com
[2010/04/09 13:45:31 | 000,000,000 | ---D | C] -- C:\Program Files\HostsMan

========== Files - Modified Within 90 Days ==========

[2010/07/05 01:56:44 | 005,767,168 | -HS- | M] () -- C:\Users\User\NTUSER.DAT
[2010/07/05 01:54:00 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{3CF49A80-EA5E-4019-8FAD-5ADE5DADDB1E}.job
[2010/07/05 01:53:01 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/05 01:42:42 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/05 01:41:18 | 000,524,288 | -HS- | M] () -- C:\Users\User\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/07/05 01:41:18 | 000,065,536 | -HS- | M] () -- C:\Users\User\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/07/05 00:41:19 | 000,703,388 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/07/05 00:41:19 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/07/05 00:41:19 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/07/05 00:34:29 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/07/05 00:34:26 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/07/05 00:34:26 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/07/05 00:34:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/07/05 00:34:19 | 3079,536,640 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/04 17:51:34 | 004,545,955 | -H-- | M] () -- C:\Users\User\AppData\Local\IconCache.db
[2010/07/04 17:33:18 | 000,001,960 | ---- | M] () -- C:\Users\User\Desktop\rasphone.pbk
[2010/07/04 17:23:54 | 000,087,608 | ---- | M] () -- C:\inst.exe
[2010/07/04 17:23:54 | 000,047,360 | ---- | M] (VSO Software) -- C:\pcouffin.sys
[2010/07/04 17:23:54 | 000,007,887 | ---- | M] () -- C:\pcouffin.cat
[2010/07/04 17:23:54 | 000,001,144 | ---- | M] () -- C:\pcouffin.inf
[2010/07/04 17:16:15 | 000,359,929 | ---- | M] () -- C:\Users\User\Desktop\dds.scr
[2010/07/04 16:38:13 | 000,000,745 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/04 15:50:52 | 000,411,877 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/07/04 04:36:46 | 000,411,877 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100704-155052.backup
[2010/07/04 03:28:22 | 000,007,739 | ---- | M] () -- C:\Users\User\.recently-used.xbel
[2010/07/03 00:49:59 | 000,000,937 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2010/07/03 00:49:59 | 000,000,913 | ---- | M] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2010/06/26 03:26:13 | 000,406,127 | ---- | M] () -- C:\Users\User\Desktop\nintendo-500x2642.jpg
[2010/06/25 12:11:18 | 002,414,208 | ---- | M] () -- C:\Users\User\Desktop\Marathon eternal soundtrack_ Swirls (Piano).mp3
[2010/06/24 02:31:53 | 000,039,716 | ---- | M] () -- C:\Users\User\Desktop\wye6A.jpg
[2010/06/22 08:10:56 | 000,000,670 | ---- | M] () -- C:\Users\User\Desktop\Desktop - Shortcut.lnk
[2010/06/22 07:08:57 | 037,261,890 | ---- | M] () -- C:\Users\User\Desktop\151596cf6de768cf045c81d9f71d12d0_chords.flv
[2010/06/22 06:57:42 | 046,260,796 | ---- | M] () -- C:\Users\User\Desktop\95428cc6e4f79f9e8becc26f38a7749d_new.flv
[2010/06/22 06:34:41 | 009,463,413 | ---- | M] () -- C:\Users\User\Desktop\515c437cf01bdf8b1a80182a24994765_dog.flv
[2010/06/22 00:17:31 | 000,792,651 | ---- | M] () -- C:\Users\User\Desktop\flammarion.jpg
[2010/06/22 00:12:26 | 000,229,909 | ---- | M] () -- C:\Users\User\Desktop\Flammarion-urbi_et_orbi.jpg
[2010/06/22 00:06:40 | 000,063,209 | ---- | M] () -- C:\Users\User\Desktop\universum.jpg
[2010/06/21 15:25:00 | 000,085,521 | ---- | M] () -- C:\Users\User\Desktop\humans.jpg
[2010/06/19 08:42:32 | 000,036,864 | ---- | M] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/12 04:03:22 | 000,726,509 | ---- | M] () -- C:\Users\User\Desktop\LrOjq.jpg
[2010/06/11 03:21:37 | 000,339,824 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/06/05 01:47:49 | 000,211,015 | ---- | M] () -- C:\Users\User\4655752348_899030d5d9_b.jpg
[2010/06/01 04:06:18 | 000,000,848 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\VLC media player.lnk
[2010/05/27 02:38:36 | 000,000,757 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2010/05/26 02:04:44 | 000,047,616 | ---- | M] () -- C:\Users\User\Documents\Writing and Research - Agricultural Antibiotics - Final Draft.doc
[2010/05/23 06:12:50 | 000,180,130 | ---- | M] () -- C:\Users\User\Documents\Your PasswordCard.pdf
[2010/05/23 03:40:48 | 000,000,752 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\WinMerge.lnk
[2010/05/19 03:53:14 | 000,000,799 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Inkscape.lnk
[2010/05/19 03:53:14 | 000,000,775 | ---- | M] () -- C:\Users\User\Desktop\Inkscape.lnk
[2010/05/17 04:05:19 | 000,002,044 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/19 19:18:02 | 000,000,632 | RHS- | M] () -- C:\Users\User\ntuser.pol
[2010/04/15 09:47:10 | 000,203,484 | ---- | M] () -- C:\Users\User\Documents\2009TaxReturn.PDF
[2010/04/09 14:44:41 | 000,249,966 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100704-043645.backup
[2010/04/09 13:58:13 | 000,249,914 | ---- | M] () -- C:\Windows\System32\drivers\etc\HOSTS.bak

========== Files Created - No Company Name ==========

[2010/07/04 17:23:38 | 000,087,608 | ---- | C] () -- C:\inst.exe
[2010/07/04 17:23:38 | 000,007,887 | ---- | C] () -- C:\pcouffin.cat
[2010/07/04 17:23:38 | 000,001,144 | ---- | C] () -- C:\pcouffin.inf
[2010/07/04 17:16:13 | 000,359,929 | ---- | C] () -- C:\Users\User\Desktop\dds.scr
[2010/07/04 16:38:13 | 000,000,745 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/04 05:17:09 | 000,001,960 | ---- | C] () -- C:\Users\User\Desktop\rasphone.pbk
[2010/07/04 03:28:22 | 000,007,739 | ---- | C] () -- C:\Users\User\.recently-used.xbel
[2010/07/03 00:49:59 | 000,000,937 | ---- | C] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2010/07/03 00:49:59 | 000,000,913 | ---- | C] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2010/06/26 03:26:10 | 000,406,127 | ---- | C] () -- C:\Users\User\Desktop\nintendo-500x2642.jpg
[2010/06/24 02:31:47 | 000,039,716 | ---- | C] () -- C:\Users\User\Desktop\wye6A.jpg
[2010/06/22 08:26:20 | 002,414,208 | ---- | C] () -- C:\Users\User\Desktop\Marathon eternal soundtrack_ Swirls (Piano).mp3
[2010/06/22 08:10:56 | 000,000,670 | ---- | C] () -- C:\Users\User\Desktop\Desktop - Shortcut.lnk
[2010/06/22 06:59:45 | 037,261,890 | ---- | C] () -- C:\Users\User\Desktop\151596cf6de768cf045c81d9f71d12d0_chords.flv
[2010/06/22 06:50:17 | 046,260,796 | ---- | C] () -- C:\Users\User\Desktop\95428cc6e4f79f9e8becc26f38a7749d_new.flv
[2010/06/22 06:34:40 | 009,463,413 | ---- | C] () -- C:\Users\User\Desktop\515c437cf01bdf8b1a80182a24994765_dog.flv
[2010/06/22 00:17:31 | 000,792,651 | ---- | C] () -- C:\Users\User\Desktop\flammarion.jpg
[2010/06/22 00:12:26 | 000,229,909 | ---- | C] () -- C:\Users\User\Desktop\Flammarion-urbi_et_orbi.jpg
[2010/06/22 00:06:40 | 000,063,209 | ---- | C] () -- C:\Users\User\Desktop\universum.jpg
[2010/06/21 15:24:56 | 000,085,521 | ---- | C] () -- C:\Users\User\Desktop\humans.jpg
[2010/06/12 04:03:21 | 000,726,509 | ---- | C] () -- C:\Users\User\Desktop\LrOjq.jpg
[2010/06/05 01:47:47 | 000,211,015 | ---- | C] () -- C:\Users\User\4655752348_899030d5d9_b.jpg
[2010/06/01 04:06:18 | 000,000,848 | ---- | C] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\VLC media player.lnk
[2010/05/23 06:12:49 | 000,180,130 | ---- | C] () -- C:\Users\User\Documents\Your PasswordCard.pdf
[2010/05/23 03:40:48 | 000,000,752 | ---- | C] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\WinMerge.lnk
[2010/05/23 02:43:07 | 000,419,328 | ---- | C] () -- C:\Users\User\Documents\Psychology - Joice Voight.ppt
[2010/05/23 02:43:07 | 000,204,800 | ---- | C] () -- C:\Users\User\Documents\Thewindsocold.ppt
[2010/05/23 02:43:07 | 000,189,509 | ---- | C] () -- C:\Users\User\Documents\Taxes - 2005 - 1040.pdf
[2010/05/23 02:43:07 | 000,187,757 | ---- | C] () -- C:\Users\User\Documents\Taxes - 2006.pdf
[2010/05/23 02:43:07 | 000,089,794 | ---- | C] () -- C:\Users\User\Documents\Reciept - powerball.pdf
[2010/05/23 02:43:07 | 000,056,832 | ---- | C] () -- C:\Users\User\Documents\PROIR COURSES - 2003 SPRING - EXPOSITORY WRITING - proccess - Going to the Bathroom.doc
[2010/05/23 02:43:07 | 000,047,616 | ---- | C] () -- C:\Users\User\Documents\Writing and Research - Agricultural Antibiotics - Final Draft.doc
[2010/05/23 02:43:07 | 000,043,008 | ---- | C] () -- C:\Users\User\Documents\Writing and Research - Agricultural Antibiotics.doc
[2010/05/23 02:43:07 | 000,033,792 | ---- | C] () -- C:\Users\User\Documents\Rich Mullins - Final.doc
[2010/05/23 02:43:07 | 000,025,088 | ---- | C] () -- C:\Users\User\Documents\PROIR COURSES - 2003 SPRING - EXPOSITORY WRITING - description - Tree of my Childhood.doc
[2010/05/23 02:43:07 | 000,024,064 | ---- | C] () -- C:\Users\User\Documents\The world as 100 people.doc
[2010/05/23 02:43:07 | 000,023,552 | ---- | C] () -- C:\Users\User\Documents\TELL ME ABOUT YOURSELF - aaron.doc
[2010/05/23 02:43:07 | 000,021,504 | ---- | C] () -- C:\Users\User\Documents\Recipe - Tzatziki.doc
[2010/05/23 02:43:06 | 001,304,064 | ---- | C] () -- C:\Users\User\Documents\Lifespan Psychology - Arindam Ray.ppt
[2010/05/23 02:43:06 | 000,695,808 | ---- | C] () -- C:\Users\User\Documents\I am me.ppt
[2010/05/23 02:43:06 | 000,294,329 | ---- | C] () -- C:\Users\User\Documents\IMG00206.xcf
[2010/05/23 02:43:06 | 000,174,080 | ---- | C] () -- C:\Users\User\Documents\lyrics.doc
[2010/05/23 02:43:06 | 000,124,541 | ---- | C] () -- C:\Users\User\Documents\MedTerms.dic
[2010/05/23 02:43:06 | 000,086,016 | ---- | C] () -- C:\Users\User\Documents\Genogram.xls
[2010/05/23 02:43:06 | 000,033,280 | ---- | C] () -- C:\Users\User\Documents\Jokes for Catherine.doc
[2010/05/23 02:43:06 | 000,030,720 | ---- | C] () -- C:\Users\User\Documents\my family history.doc
[2010/05/23 02:43:06 | 000,024,576 | ---- | C] () -- C:\Users\User\Documents\Health History.doc
[2010/05/23 02:43:06 | 000,018,930 | ---- | C] () -- C:\Users\User\Documents\PROIR COURSES - 2003 SPRING - EXPOSITORY WRITING - definition - Thrift.doc
[2010/05/23 02:43:06 | 000,013,824 | ---- | C] () -- C:\Users\User\Documents\family history.xls
[2010/05/23 02:43:06 | 000,010,355 | ---- | C] () -- C:\Users\User\Documents\PROIR COURSES - 2003 SPRING - EXPOSITORY WRITING - argument - Gun Ban.doc
[2010/05/23 02:43:06 | 000,005,606 | ---- | C] () -- C:\Users\User\Documents\Inspiring Quotes.doc
[2010/05/23 02:43:06 | 000,001,950 | ---- | C] () -- C:\Users\User\Documents\personal history.rtf
[2010/05/23 02:43:02 | 092,211,622 | ---- | C] () -- C:\Users\User\Documents\documents2
[2010/05/23 02:43:02 | 000,397,824 | ---- | C] () -- C:\Users\User\Documents\Cultural Anthropology - Robertsonpaper.doc
[2010/05/23 02:43:02 | 000,009,714 | ---- | C] () -- C:\Users\User\Documents\data
[2010/05/23 02:43:01 | 000,052,736 | ---- | C] () -- C:\Users\User\Documents\book summary - realage.doc
[2010/05/23 02:43:01 | 000,045,568 | ---- | C] () -- C:\Users\User\Documents\Coaching Certificate.ppt
[2010/05/23 02:43:01 | 000,037,736 | ---- | C] () -- C:\Users\User\Documents\Ask Dr Dawn Trancript - 2008-07-26.abw
[2010/05/23 02:43:01 | 000,031,232 | ---- | C] () -- C:\Users\User\Documents\amore translation.doc
[2010/05/23 02:43:01 | 000,027,136 | ---- | C] () -- C:\Users\User\Documents\Aaron ticket.doc
[2010/05/23 02:43:01 | 000,021,504 | ---- | C] () -- C:\Users\User\Documents\Book1.xls
[2010/05/23 02:43:01 | 000,014,848 | ---- | C] () -- C:\Users\User\Documents\calendar.xls
[2010/05/23 02:43:01 | 000,013,359 | ---- | C] () -- C:\Users\User\Documents\Chart - GTD Flowchart.pdf
[2010/05/23 02:43:01 | 000,006,015 | ---- | C] () -- C:\Users\User\Documents\Alaska Vacation Notes.doc
[2010/05/23 02:43:01 | 000,001,582 | ---- | C] () -- C:\Users\User\Documents\bang for the buck.rtf
[2010/05/23 02:43:01 | 000,001,423 | ---- | C] () -- C:\Users\User\Documents\books to read.rtf
[2010/05/19 03:53:14 | 000,000,799 | ---- | C] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Inkscape.lnk
[2010/05/19 03:53:14 | 000,000,775 | ---- | C] () -- C:\Users\User\Desktop\Inkscape.lnk
[2010/05/17 04:05:19 | 000,002,044 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/04/15 09:47:09 | 000,203,484 | ---- | C] () -- C:\Users\User\Documents\2009TaxReturn.PDF
[2009/12/17 04:15:10 | 000,056,320 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll
[2009/12/16 03:12:58 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2009/11/29 22:16:41 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/11/26 00:06:00 | 009,820,160 | ---- | C] () -- C:\Windows\avcodec-52.dll
[2009/11/26 00:06:00 | 000,791,040 | ---- | C] () -- C:\Windows\avformat-52.dll
[2009/11/26 00:06:00 | 000,221,696 | ---- | C] () -- C:\Windows\swscale-0.dll
[2009/11/26 00:06:00 | 000,077,312 | ---- | C] () -- C:\Windows\avutil-50.dll
[2009/10/12 19:01:58 | 000,000,013 | RHS- | C] () -- C:\Windows\System32\drivers\fbd.sys
[2009/10/12 19:01:23 | 000,000,004 | RHS- | C] () -- C:\Windows\System32\drivers\taishop.sys
[2009/09/20 02:11:42 | 000,122,368 | ---- | C] () -- C:\Windows\lua5.1.dll
[2009/07/06 23:56:21 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2009/07/06 23:32:18 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/03/03 11:17:44 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1670.dll
[2006/11/02 04:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/01 23:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2004/02/20 12:36:34 | 000,416,256 | ---- | C] () -- C:\Windows\exchndl.dll

========== LOP Check ==========

[2010/04/09 13:45:37 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\abelhadigital.com
[2010/04/19 19:07:28 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\BitTorrent
[2009/12/07 05:08:10 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Blender Foundation
[2009/12/31 23:47:34 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Crayon Physics Deluxe
[2009/12/07 05:34:16 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\FaceGen
[2009/12/16 04:40:27 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\FLV Extract
[2010/02/10 03:01:34 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\GrabPro
[2010/06/25 03:02:24 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\gtk-2.0
[2009/12/08 07:44:34 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\HandBrake
[2010/05/19 04:02:20 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\inkscape
[2010/01/25 05:01:57 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Ironclad Games
[2010/01/08 06:10:05 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\NCH Swift Sound
[2009/11/30 04:26:11 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\OpenOffice.org
[2010/02/18 16:43:27 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Orbit
[2009/12/27 02:40:34 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Rainmeter
[2009/12/06 00:36:34 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\SecondLife
[2010/06/05 04:12:11 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Slam Dunk Studios, LLC
[2010/01/20 08:29:35 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Stardock
[2009/11/29 05:10:19 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Template
[2009/12/01 23:11:26 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Toshiba
[2010/04/17 05:51:10 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Vso
[2009/11/30 02:09:50 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Webaroo
[2010/07/04 20:45:59 | 000,032,566 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/07/05 01:54:00 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{3CF49A80-EA5E-4019-8FAD-5ADE5DADDB1E}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2010/07/04 17:23:54 | 000,087,608 | ---- | M] () -- C:\inst.exe


< MD5 for: AGP440.SYS >
[2008/01/20 18:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/20 18:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/20 18:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/20 18:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/20 18:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2008/03/24 19:22:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=2D77788D0B7FE269044F58C86AE099CE -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_3e1ecd89\AGP440.sys
[2008/03/24 19:22:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=2D77788D0B7FE269044F58C86AE099CE -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.22142_none_ba734aead7ed1bb6\AGP440.sys
[2008/03/25 19:38:23 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=ED91751834103DB2A74470CD763A49FE -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_e4087235\AGP440.sys
[2008/03/25 19:38:23 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=ED91751834103DB2A74470CD763A49FE -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20800_none_b8b64d46daa7e57a\AGP440.sys
[2006/11/02 01:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/10 22:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/10 22:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/10 22:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/20 18:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/20 18:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 01:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/06/02 19:29:54 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=9C0E70031905ADBF94EDB9EA14AF943B -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7f3e4ed9\atapi.sys
[2008/06/02 19:29:54 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=9C0E70031905ADBF94EDB9EA14AF943B -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22193_none_dd6376773aedb5e4\atapi.sys
[2008/06/02 19:27:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E26DDFE464B464DAF1C739122978D1D6 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b7393fc6\atapi.sys
[2008/06/02 19:27:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E26DDFE464B464DAF1C739122978D1D6 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20847_none_dbb74a7b3d9afbc1\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 01:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 01:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTOR.SYS >
[2009/02/11 16:26:18 | 000,407,576 | ---- | M] (Intel Corporation) MD5=1ADAA4F16073FD0C7270F451FD024E97 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009/02/11 16:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2009/02/11 16:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Windows\System32\drivers\iaStor.sys
[2009/02/11 16:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_ea118ff5\iaStor.sys

< MD5 for: IASTORV.SYS >
[2008/01/20 18:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008/01/20 18:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/20 18:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 01:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/04/10 22:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/10 22:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/20 18:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 01:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/20 18:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/20 18:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/20 18:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/20 18:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009/04/10 22:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/10 22:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< %systemroot%\system32\*.dll /lockedfiles >
[2009/04/10 22:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/10 22:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:51CF25B1
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:CC9DD8FE
< End of report >




GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-05 03:26:00
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\User\AppData\Local\Temp\kwldqpow.sys


---- Kernel code sections - GMER 1.0.15 ----

.text C:\Windows\system32\DRIVERS\tos_sps32.sys section is writeable [0x8A35C480, 0x3C939, 0xE8000020]
.dsrt C:\Windows\system32\DRIVERS\tos_sps32.sys unknown last section [0x8A39D900, 0x3CA, 0x48000040]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\system32\services.exe[732] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00350002
IAT C:\Windows\system32\services.exe[732] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 00350000

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

Edited by junkforaaron, 05 July 2010 - 07:08 AM.


BC AdBot (Login to Remove)

 


#2 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:07:39 PM

Posted 07 July 2010 - 12:11 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE



Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#3 junkforaaron

junkforaaron
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:39 PM

Posted 09 July 2010 - 10:42 AM

seems to be one of the less common bugs in vista. i just created a new acct and transferred my files and settings. all is well. thanks ;)

#4 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:07:39 PM

Posted 10 July 2010 - 08:12 AM

So you need no more help? smile.gif
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#5 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:07:39 PM

Posted 13 July 2010 - 11:20 AM

Since this issue appears to be resolved ... this Topic has been closed.

If your the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users