Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Internet Disconnection Problem - Suspected Malware/Spyware

Started by LucasLockhart , May 26 2011 04:39 PM

  • This topic is locked This topic is locked

#1
LucasLockhart
Posted 26 May 2011 - 04:39 PM

LucasLockhart

    Member

  • Member
  • PipPip
  • 12 posts
Hi Geeks forum. ^_^ First, I'd like to thank anyone who decides to help me with this problem, I appreciate it so very much. ^^ Well, for a while now, my internet disconnects very frequently, maybe every 2 minutes, while I'm on the browser. I use Charter, but my mom's, brother's, and father's laptops who all use the same internet, never disconnect. So I suspect this to be a computer problem, and not an internet one. Mainly, it will disconnect when I'm on a forum such as this one, or DeviantArt as well. After this paragraph will be my OTL log, and again, I'm very thankful for anyone who helps. ^^ Please and thank you.

OTL logfile created on: 5/26/2011 3:31:08 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.49 Mb Total Physical Memory | 327.10 Mb Available Physical Memory | 31.96% Memory free
2.06 Gb Paging File | 1.49 Gb Available in Paging File | 72.20% Paging File free
Paging file location(s): C:\pagefile.sys 1182 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.53 Gb Total Space | 0.27 Gb Free Space | 1.36% Space Free | Partition Type: NTFS
Drive D: | 37.28 Gb Total Space | 31.42 Gb Free Space | 84.30% Space Free | Partition Type: NTFS
Drive E: | 17.73 Gb Total Space | 16.10 Gb Free Space | 90.78% Space Free | Partition Type: NTFS

Computer Name: LUCY | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/26 15:29:58 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2011/05/05 14:47:33 | 000,941,936 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2011/04/14 05:36:42 | 001,080,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/03/28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/03/16 16:05:14 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/03/03 14:19:33 | 002,548,864 | ---- | M] (TMRG, Inc.) -- C:\Program Files\RelevantKnowledge\rlvknlg.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2011/02/08 05:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010/03/25 18:42:36 | 000,388,096 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/05/26 15:29:58 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2011/03/03 14:19:29 | 000,545,408 | ---- | M] (TMRG, Inc.) -- C:\Program Files\RelevantKnowledge\rlls.dll
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/05/17 17:05:21 | 003,275,864 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_8832f4b.dll -- (Akamai)
SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Disabled | Stopped] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/02/24 11:43:00 | 003,461,116 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) [Disabled | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2011/04/14 21:28:42 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 10:06:38 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 07:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/11/04 21:47:57 | 000,070,600 | ---- | M] (www.wiselogic.co.kr) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva344.sys -- (XDva344)
DRV - [2010/11/04 00:00:00 | 000,002,304 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\HtsysmNT.sys -- (Htsysm)
DRV - [2009/03/18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2008/05/06 17:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/04/14 00:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2005/01/04 13:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\npptNT2.sys -- (NPPTNT2)
DRV - [2004/08/03 17:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2001/08/17 09:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D0 85 83 68 F3 B4 CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/03/20 18:33:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/05/10 18:11:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6E19037A-12E3-4295-8915-ED48BC341614}: C:\Program Files\RelevantKnowledge [2011/05/26 15:26:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2010/11/12 11:48:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2010/09/21 21:01:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a}
[2011/05/22 21:05:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\zn2zec4c.default\extensions
[2011/05/22 21:05:45 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\zn2zec4c.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010/09/21 21:01:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\SeaMonkey\Profiles\w4nmdda9.default\extensions
[2010/11/21 20:18:30 | 000,000,000 | ---D | M] (Mighty Magoo TextLinks) -- C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\EXTENSIONS\{EC8030F7-C20A-464F-9B0E-13A3A9E97384}\[email protected]

O1 HOSTS File: ([2011/02/14 22:27:17 | 000,000,723 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuPinnedList = 1
O8 - Extra context menu item: Free YouTube to iPod Converter - C:\Documents and Settings\Owner\Application Data\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm ()
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\RelevantKnowledge: DllName - C:\Program Files\RelevantKnowledge\rlls.dll - C:\Program Files\RelevantKnowledge\rlls.dll (TMRG, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/07/03 19:46:18 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/04/25 11:59:05 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{279d8951-332c-11e0-82bd-00e04c88889a}\Shell - "" = AutoRun
O33 - MountPoints2\{279d8951-332c-11e0-82bd-00e04c88889a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{279d8951-332c-11e0-82bd-00e04c88889a}\Shell\AutoRun\command - "" = "L:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/26 15:29:58 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/05/26 15:17:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\RelevantKnowledge
[2011/05/25 20:18:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\VIDEO
[2011/05/25 19:47:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\PSP
[2011/05/25 19:44:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\PICTURE
[2011/05/25 19:43:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\MUSIC
[2011/05/25 19:43:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\MP_ROOT
[2011/05/25 19:43:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\DAT
[2011/05/25 15:39:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\ImTOO
[2011/05/25 15:39:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\ImTOO
[2011/05/25 15:34:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ImTOO
[2011/05/25 15:32:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ImTOO
[2011/05/25 15:09:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Downloads
[2011/05/24 19:54:48 | 000,000,000 | ---D | C] -- C:\Temp
[2011/05/24 19:52:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Witcobber
[2011/05/24 19:52:13 | 000,000,000 | ---D | C] -- C:\Program Files\Witcobber
[2011/05/22 21:05:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\DVDVideoSoftIEHelpers
[2011/05/22 21:05:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\DVDVideoSoft
[2011/05/22 21:05:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Plasmoo
[2011/05/22 21:05:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DVDVideoSoft
[2011/05/22 21:05:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2011/05/22 20:19:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\psp ebook creator
[2011/05/22 20:19:31 | 000,000,000 | ---D | C] -- C:\Program Files\psp ebook creator
[2011/05/22 19:03:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Convert AVI to MP4
[2011/05/22 17:53:05 | 000,060,273 | ---- | C] (Open Source Software community project) -- C:\WINDOWS\System32\pthreadGC2.dll
[2011/05/22 17:52:58 | 000,000,000 | ---D | C] -- C:\Program Files\ffdshow
[2011/05/22 17:48:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Sothink Video Converter
[2011/05/22 17:47:40 | 000,290,816 | ---- | C] (SourceTec Software Co., LTD) -- C:\WINDOWS\System32\stFLVSource.ax
[2011/05/22 17:47:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SourceTec
[2011/05/22 17:47:30 | 000,217,088 | ---- | C] (-) -- C:\WINDOWS\System32\CoreFLACDecoder.ax
[2011/05/22 17:47:21 | 000,438,272 | ---- | C] (Gabest) -- C:\WINDOWS\System32\Mpeg2DecFilter.ax
[2011/05/22 17:42:57 | 020,715,424 | ---- | C] (SourceTec Software Co., LTD ) -- C:\Documents and Settings\Owner\My Documents\Setup.exe
[2011/05/22 17:38:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Digiarty
[2011/05/22 17:32:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Leawo Video2PSP v2
[2011/05/22 17:32:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Leawo
[2011/05/22 17:31:59 | 000,000,000 | ---D | C] -- C:\Program Files\RelevantKnowledge
[2011/05/22 17:30:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Leawo
[2011/05/22 17:30:34 | 000,000,000 | ---D | C] -- C:\Program Files\Leawo
[2011/05/22 16:42:59 | 000,000,000 | ---D | C] -- C:\Program Files\Red Kawa
[2011/05/22 16:42:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Red Kawa
[2011/05/22 10:01:15 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2011/05/22 09:59:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA
[2011/05/20 20:50:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\osu!
[2011/05/20 20:50:10 | 000,000,000 | ---D | C] -- C:\Program Files\osu!
[2011/05/16 19:04:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\YouTube Downloader
[2011/05/16 19:04:03 | 000,000,000 | ---D | C] -- C:\Program Files\YouTube Downloader
[2011/05/14 17:18:21 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011/05/14 17:08:25 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Owner\Recent
[2011/05/14 15:33:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\HiJackThis
[2011/05/14 15:33:17 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/05/14 10:11:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/05/14 10:10:48 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/05/07 15:33:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\PMB Files
[2011/05/07 15:32:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2011/05/05 14:47:32 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2011/05/04 18:57:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\jZip
[2011/05/04 18:56:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\jZip
[2011/05/04 18:56:43 | 000,000,000 | ---D | C] -- C:\Program Files\jZip
[2011/04/28 13:16:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2011/04/28 11:01:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NCH Software
[2011/04/28 11:01:20 | 000,000,000 | ---D | C] -- C:\Program Files\NCH Software
[2011/04/28 11:01:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\NCH Software
[2011/04/27 14:05:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\DC Trip 2011
[2010/08/22 18:53:33 | 001,654,869 | ---- | C] (Dynu Systems Inc.) -- C:\Documents and Settings\All Users\Application Data\DynuEncrypt.dll
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/26 15:29:58 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/05/26 15:25:38 | 116,175,474 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/05/26 15:23:48 | 000,040,268 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\untitled.PNG
[2011/05/26 15:23:44 | 000,973,098 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\untitled.bmp
[2011/05/26 15:17:05 | 000,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/05/26 15:16:50 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1214440339-1383384898-854245398-1003.job
[2011/05/26 15:16:44 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/26 15:16:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/26 15:16:29 | 1073,274,880 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/25 19:43:53 | 000,000,000 | RH-- | M] () -- C:\Documents and Settings\Owner\Desktop\MSTK_PRO.IND
[2011/05/25 19:43:52 | 000,000,000 | RH-- | M] () -- C:\Documents and Settings\Owner\Desktop\MEMSTICK.IND
[2011/05/25 15:34:34 | 000,001,870 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ImTOO YouTube Video Converter.lnk
[2011/05/25 13:29:17 | 000,005,305 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\DSC00199.JPG
[2011/05/25 13:29:01 | 000,005,305 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\DSC00199.JPG
[2011/05/24 19:53:50 | 000,005,632 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/24 19:39:30 | 020,039,090 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Junjou Romantica I want you [Usagi san x Misaki].mp4
[2011/05/15 14:58:56 | 000,007,285 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\cute-icons23.gif
[2011/05/15 14:57:19 | 000,003,614 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\th_Firion-Avatar.jpg
[2011/05/14 20:20:53 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/14 17:22:28 | 000,000,584 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/05/14 17:08:53 | 000,106,680 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\cc_20110514_170848.reg
[2011/05/12 19:47:56 | 000,053,556 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Oh-My-God.jpg
[2011/05/12 14:45:00 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1214440339-1383384898-854245398-1003.job
[2011/05/08 20:32:12 | 000,046,086 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\a0469.pdf
[2011/05/05 14:47:36 | 000,001,510 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/26 15:23:47 | 000,040,268 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\untitled.PNG
[2011/05/26 15:23:42 | 000,973,098 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\untitled.bmp
[2011/05/25 19:43:53 | 000,000,000 | RH-- | C] () -- C:\Documents and Settings\Owner\Desktop\MSTK_PRO.IND
[2011/05/25 19:43:52 | 000,000,000 | RH-- | C] () -- C:\Documents and Settings\Owner\Desktop\MEMSTICK.IND
[2011/05/25 15:34:33 | 000,001,870 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ImTOO YouTube Video Converter.lnk
[2011/05/25 13:29:17 | 000,005,305 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\DSC00199.JPG
[2011/05/25 13:29:01 | 000,005,305 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\DSC00199.JPG
[2011/05/24 19:38:35 | 020,039,090 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Junjou Romantica I want you [Usagi san x Misaki].mp4
[2011/05/22 17:53:09 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/05/22 17:47:30 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\RLAPEDec.ax
[2011/05/15 14:58:56 | 000,007,285 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\cute-icons23.gif
[2011/05/15 14:57:19 | 000,003,614 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\th_Firion-Avatar.jpg
[2011/05/14 20:20:52 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Internet Explorer.lnk
[2011/05/14 17:19:41 | 000,000,584 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/05/14 17:08:50 | 000,106,680 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\cc_20110514_170848.reg
[2011/05/12 19:47:56 | 000,053,556 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Oh-My-God.jpg
[2011/05/08 20:32:11 | 000,046,086 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\a0469.pdf
[2011/05/05 17:56:19 | 000,002,304 | ---- | C] () -- C:\WINDOWS\System32\HtsysmNT.sys
[2011/05/05 14:47:36 | 000,001,510 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2011/05/05 14:47:36 | 000,001,498 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Opera.lnk
[2011/04/11 14:22:31 | 000,173,120 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/04/08 06:28:58 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2011/03/20 13:47:59 | 000,000,055 | ---- | C] () -- C:\WINDOWS\SpeederXP.INI
[2011/02/07 21:28:23 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/12/21 23:01:17 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Adobe PNG Format CS5 Prefs
[2010/11/21 20:53:11 | 000,000,064 | ---- | C] () -- C:\WINDOWS\GPlrLanc.dat
[2010/11/11 22:28:35 | 000,000,025 | ---- | C] () -- C:\WINDOWS\libem.INI
[2010/11/11 22:27:37 | 000,000,248 | ---- | C] () -- C:\WINDOWS\System32\secustat.dat
[2010/09/17 14:48:21 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/15 21:39:07 | 000,230,752 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2010/09/15 21:39:06 | 000,118,176 | ---- | C] () -- C:\WINDOWS\patchw.dll
[2010/09/15 14:32:48 | 000,000,096 | -H-- | C] () -- C:\WINDOWS\System32\HsInfo.dat
[2010/09/01 15:43:32 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2010/07/31 13:32:08 | 000,370,336 | ---- | C] () -- C:\WINDOWS\System32\Syslib.dll
[2010/07/03 20:19:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/07/03 19:47:03 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/07/03 19:42:47 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/07/03 14:36:10 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/07/03 14:34:31 | 003,534,752 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/02/28 10:17:48 | 003,284,480 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2009/07/08 20:03:02 | 000,058,880 | ---- | C] () -- C:\WINDOWS\System32\bdmpegv.dll
[2007/02/19 18:44:12 | 001,291,776 | ---- | C] () -- C:\WINDOWS\System32\quartz(2).dll
[2006/10/22 12:22:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/10/22 12:22:00 | 001,622,016 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2006/10/22 12:22:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/10/22 12:22:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/10/22 12:22:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/10/22 12:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/10/22 12:22:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/10/22 12:22:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006/10/22 12:22:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2006/10/22 12:22:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/10/22 12:22:00 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2004/08/11 18:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/11 18:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/11 18:00:00 | 000,432,686 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/11 18:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/11 18:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/11 18:00:00 | 000,067,516 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/11 18:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/11 18:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/11 18:00:00 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo(2).dll
[2004/08/11 18:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/11 18:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/11 18:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/11 18:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/04/23 15:02:10 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.exe
[2003/02/18 18:26:28 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2011/02/15 21:08:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG
[2011/04/12 15:25:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/11/25 17:53:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/11/25 18:03:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/11/21 20:53:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Free Ride Games
[2011/05/25 15:32:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ImTOO
[2010/11/15 07:04:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2011/02/26 18:26:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\jBlChHh08505
[2011/05/22 17:32:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Leawo
[2011/04/11 14:32:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/04/28 13:16:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2010/12/26 16:13:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2011/02/15 19:02:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Outspark
[2010/09/11 00:19:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2011/05/22 15:42:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2010/12/22 01:06:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2011/04/03 21:45:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SYSTEMAX Software Development
[2011/04/05 11:24:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/11/12 10:13:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WeCareReminder
[2011/05/08 19:24:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2011/02/21 18:19:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\xOcean
[2011/04/05 10:39:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AVG
[2010/11/25 18:04:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AVG10
[2010/11/11 22:37:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\BITS
[2011/02/27 17:59:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\BugTrap Console Test108
[2010/11/19 17:55:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Downloaded Installations
[2011/05/22 21:05:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DVDVideoSoftIEHelpers
[2010/11/11 22:28:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FlashGet
[2010/11/11 22:28:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FlashGetBHO
[2010/11/11 22:27:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FlashgetSetup
[2011/05/25 15:19:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GetRightToGo
[2010/12/19 19:58:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\gtk-2.0
[2011/03/19 15:59:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\id Software
[2010/08/22 17:56:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ijjigame
[2011/05/25 15:39:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ImTOO
[2010/07/03 23:24:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterTrust
[2010/11/27 00:03:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\IObit
[2011/01/11 20:59:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\JAM Software
[2011/05/22 17:32:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leawo
[2011/05/22 17:34:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leawo Video2PSP v2
[2010/11/12 11:48:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Moonchild Productions
[2011/03/06 18:09:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Moyea
[2010/12/31 22:08:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MSNInstaller
[2010/09/10 18:09:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\NeopleLauncherDFO
[2011/02/06 15:34:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OpenCandy
[2010/10/21 20:11:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OpenOffice.org
[2011/05/05 14:47:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Opera
[2011/03/06 21:58:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Red Kawa
[2011/04/14 19:59:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\RenPy
[2011/02/06 15:37:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Reviversoft
[2010/09/25 23:08:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Secret of the Solstice
[2010/09/20 15:37:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Smith Micro
[2011/02/16 15:34:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Solstice Reborn
[2011/04/03 21:45:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SYSTEMAX Software Development
[2010/12/27 02:50:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TeamViewer
[2010/12/03 19:00:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Thinstall
[2011/01/17 18:26:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\WeatherBug

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07BF512B

< End of report >

OTL Extras logfile created on: 5/26/2011 3:31:08 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.49 Mb Total Physical Memory | 327.10 Mb Available Physical Memory | 31.96% Memory free
2.06 Gb Paging File | 1.49 Gb Available in Paging File | 72.20% Paging File free
Paging file location(s): C:\pagefile.sys 1182 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.53 Gb Total Space | 0.27 Gb Free Space | 1.36% Space Free | Partition Type: NTFS
Drive D: | 37.28 Gb Total Space | 31.42 Gb Free Space | 84.30% Space Free | Partition Type: NTFS
Drive E: | 17.73 Gb Total Space | 16.10 Gb Free Space | 90.78% Space Free | Partition Type: NTFS

Computer Name: LUCY | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /k cd "%L" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"57295:TCP" = 57295:TCP:*:Enabled:Pando Media Booster
"57295:UDP" = 57295:UDP:*:Enabled:Pando Media Booster
"59125:TCP" = 59125:TCP:*:Enabled:Pando Media Booster
"59125:UDP" = 59125:UDP:*:Enabled:Pando Media Booster
"56610:TCP" = 56610:TCP:*:Enabled:Pando Media Booster
"56610:UDP" = 56610:UDP:*:Enabled:Pando Media Booster
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"56732:TCP" = 56732:TCP:*:Enabled:Pando Media Booster
"56732:UDP" = 56732:UDP:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"57295:TCP" = 57295:TCP:*:Enabled:Pando Media Booster
"57295:UDP" = 57295:UDP:*:Enabled:Pando Media Booster
"59125:TCP" = 59125:TCP:*:Enabled:Pando Media Booster
"59125:UDP" = 59125:UDP:*:Enabled:Pando Media Booster
"56610:TCP" = 56610:TCP:*:Enabled:Pando Media Booster
"56610:UDP" = 56610:UDP:*:Enabled:Pando Media Booster
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"56732:TCP" = 56732:TCP:*:Enabled:Pando Media Booster
"56732:UDP" = 56732:UDP:*:Enabled:Pando Media Booster
"1870:TCP" = 1870:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\Xfire\Xfire.exe" = C:\Program Files\Xfire\Xfire.exe:*:Enabled:Xfire -- (Xfire Inc.)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\AVG\AVG PC Tuneup 2011\InternetOptimizer.exe" = C:\Program Files\AVG\AVG PC Tuneup 2011\InternetOptimizer.exe:*:Enabled:AVG Internet Optimizer -- (AVG)
"C:\Program Files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe" = C:\Program Files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe:*:Enabled:AVG PC Tuneup 2011 -- (AVG)
"C:\Ntreev USA\Grand Chase\main.exe" = C:\Ntreev USA\Grand Chase\main.exe:*:Enabled:GrandChase
"J:\Setup.exe" = J:\Setup.exe:*:Enabled:Setup
"C:\Documents and Settings\Owner\Local Settings\Temp\PT2_Downloader.exe" = C:\Documents and Settings\Owner\Local Settings\Temp\PT2_Downloader.exe:*:Enabled:PT2Downloader
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Program Files\AVG\AVG10\avgdiagex.exe" = C:\Program Files\AVG\AVG10\avgdiagex.exe:*:Enabled:AVG Diagnostics 2011 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgnsx.exe" = C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgemcx.exe" = C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)
"C:\WINDOWS\Temp\~os2.tmp\rlvknlg.exe" = C:\WINDOWS\Temp\~os2.tmp\rlvknlg.exe:*:Enabled:rlvknlg.exe -- (TMRG, Inc.)
"C:\WINDOWS\Temp\~os22.tmp\rlvknlg.exe" = C:\WINDOWS\Temp\~os22.tmp\rlvknlg.exe:*:Enabled:rlvknlg.exe
"c:\program files\relevantknowledge\rlvknlg.exe" = c:\program files\relevantknowledge\rlvknlg.exe:*:Enabled:rlvknlg.exe -- (TMRG, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0FD155A3-DF78-43ee-84B0-3CC86BA962F2}_is1" = Sothink Video Converter
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.7.2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{230E8DDC-FB78-4F9F-8461-22ED20DBC3BA}" = AVG 2011
"{26A24AE4-039D-4CA4-87B4-2F83216020F0}" = Java™ 6 Update 20
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 23
"{2AF416FC-AF16-400B-98E0-B2A1881054D6}_is1" = Leawo PSP Video Converter version 4.0.0.0
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{33D6CC28-9F75-4d1b-A11D-98895B3A3729}" = HP Photosmart 330,380,420,470,7800,8000,8200 Series
"{40280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{5B622B7A-60FB-4630-B11D-F121D20BCCD6}" = MarketResearch
"{5C134C7E-537D-4BA2-913D-A6F163DF10D4}" = UTAU 歌声合成ツール
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{755EC5E3-FD51-46bd-A57F-7A2D56FBF061}" = PSTAPlugin
"{769A295C-DCF4-41d6-AFBA-7D9394B23AFE}" = PSPrinters08
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ECE13D2-C028-44CB-8A96-A65196E7BBE7}_is1" = Convert AVI to MP4
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3455242-DAE0-4523-8242-FD82706ABF4B}" = CameraDrivers
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time Lib Setup
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{BABA6734-23CF-42AC-9E4C-EA2C7C80AA4E}" = AVG 2011
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3592426-531E-4110-911D-BFECE2CE284C}" = osu!
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{d08d9f98-1c78-4704-87e6-368b0023d831}" = RelevantKnowledge
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}" = NVIDIA PhysX
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1670367-C07F-411f-A196-79D2C65CBEC0}" = PS8200
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{faf0b65c-072b-4f7e-bd05-6a56f28d4233}" = Wallery
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Akamai" = Akamai NetSession Interface
"AVG" = AVG 2011
"AviSynth" = AviSynth 2.5
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"C-Media Audio Driver" = C-Media WDM Audio Driver
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Download Manager" = Download Manager 2.3.10
"ffdshow_is1" = ffdshow [rev 2583] [2009-01-05]
"Free YouTube to iPod Converter_is1" = Free YouTube to iPod Converter version 3.9.34.517
"HaaliMkx" = Haali Media Splitter
"HP Imaging Device Functions" = HP Imaging Device Functions 5.3
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"HPExtendedCapabilities" = HP Extended Capabilities 5.3
"ie8" = Windows Internet Explorer 8
"ImTOO YouTube Video Converter" = ImTOO YouTube Video Converter
"jZip" = jZip
"Manga Studio Debut 4.0" = Manga Studio Debut 4.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA Drivers Update Utility_is1" = NVIDIA Drivers Update Utility
"Opera 11.10.2092" = Opera 11.10
"psp ebook creator_is1" = psp ebook creator v1.0.3
"PSP Video 9" = PSP Video 9 6
"Super Video Converter_is1" = Super Video Converter 5.8
"SystemRequirementsLab" = System Requirements Lab
"Uninstall_is1" = Uninstall 1.0.0.1
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinX Free PSP Video Converter_is1" = WinX Free PSP Video Converter 3.2.20
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Xfire" = Xfire (remove only)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/14/2011 2:30:53 PM | Computer Name = LUCY | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 5/14/2011 2:30:53 PM | Computer Name = LUCY | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 5/14/2011 2:44:22 PM | Computer Name = LUCY | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 5/14/2011 2:44:22 PM | Computer Name = LUCY | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 5/14/2011 2:44:22 PM | Computer Name = LUCY | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 5/14/2011 2:44:22 PM | Computer Name = LUCY | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 5/14/2011 4:42:49 PM | Computer Name = LUCY | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 5/14/2011 4:42:49 PM | Computer Name = LUCY | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 5/14/2011 4:42:49 PM | Computer Name = LUCY | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 5/14/2011 4:42:49 PM | Computer Name = LUCY | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

[ System Events ]
Error - 5/15/2011 12:06:02 AM | Computer Name = LUCY | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.

Error - 5/15/2011 12:06:37 AM | Computer Name = LUCY | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.

Error - 5/15/2011 12:06:37 AM | Computer Name = LUCY | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort1.

Error - 5/15/2011 12:07:08 AM | Computer Name = LUCY | Source = PlugPlayManager | ID = 12
Description = The device 'HL-DT-ST CD-RW GCE-8483B' (IDE\CdRomHL-DT-ST_CD-RW_GCE-8483B________________1.00____\5&2dfcc752&0&0.1.0)
disappeared from the system without first being prepared for removal.

Error - 5/15/2011 12:20:07 PM | Computer Name = LUCY | Source = ipnathlp | ID = 30013
Description = The DHCP allocator has disabled itself on IP address 5.188.31.45, since
the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses
are being allocated to DHCP clients. To enable the DHCP allocator on this IP address,
please
change the scope to include the IP address, or change the IP address to fall within
the scope.

Error - 5/16/2011 4:53:07 PM | Computer Name = LUCY | Source = ipnathlp | ID = 30013
Description = The DHCP allocator has disabled itself on IP address 5.188.31.45, since
the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses
are being allocated to DHCP clients. To enable the DHCP allocator on this IP address,
please
change the scope to include the IP address, or change the IP address to fall within
the scope.

Error - 5/16/2011 7:07:35 PM | Computer Name = LUCY | Source = BROWSER | ID = 8032
Description = The browser service has failed to retrieve the backup list too many
times on transport \Device\NetBT_Tcpip_{D7B6DAD5-8939-47AC-8BCB-B88B17EA91F9}. The
backup browser is stopping.

Error - 5/17/2011 3:23:07 PM | Computer Name = LUCY | Source = ipnathlp | ID = 30013
Description = The DHCP allocator has disabled itself on IP address 5.188.31.45, since
the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses
are being allocated to DHCP clients. To enable the DHCP allocator on this IP address,
please
change the scope to include the IP address, or change the IP address to fall within
the scope.

Error - 5/17/2011 6:05:39 PM | Computer Name = LUCY | Source = ipnathlp | ID = 30013
Description = The DHCP allocator has disabled itself on IP address 5.188.31.45, since
the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses
are being allocated to DHCP clients. To enable the DHCP allocator on this IP address,
please
change the scope to include the IP address, or change the IP address to fall within
the scope.

Error - 5/17/2011 8:02:02 PM | Computer Name = LUCY | Source = ipnathlp | ID = 30013
Description = The DHCP allocator has disabled itself on IP address 5.188.31.45, since
the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses
are being allocated to DHCP clients. To enable the DHCP allocator on this IP address,
please
change the scope to include the IP address, or change the IP address to fall within
the scope.


< End of report >

Edited by LucasLockhart, 26 May 2011 - 04:50 PM.

  • 0

Advertisements

#2
Render
Posted 30 May 2011 - 08:48 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi, LucasLockhart! Welcome to GeeksToGo! My nick name is Render and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out :)

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just in case you are unable to access this site.

Please note:
  • Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply.
  • Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for us to analyse and fix your PC in the long run.
  • Please subscribe to this topic if you have not already done so. Please check back just in case, as the email system can fail at times.
  • Just because your machine is running better does not mean it is completely cleaned. Please wait for the 'all clear' from me to say when we are done.
  • Please reply within 3 days to be fair to other people asking for help.
  • When in doubt, please stop and ask first. There's no harm in asking questions!

Sorry for the delay.

If you have since resolved the original problem you were having, I would appreciate you letting me know. If not please perform the following steps below so I can have a look at the current condition of your machine.

Relevant Knowledge is classified as spyware or adware by some of the anti-virus software vendors, e.g. Symantec, McAfee, CA, BitDefender, F-Secure and some others.

Please un-install that application.

How to unistall program in Windows XP:

  • Click Start, click Control Panel, and then double-click Add or Remove Programs.
  • In the Currently installed programs box, click the program that you want to remove, and then click Remove.
  • If you are prompted to confirm the removal of the program, click Yes.

NEXT...

Posted Image OTL Custom Scan

  • Double click on the Posted Image icon to run it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top, make sure Stadard output is selected.
  • Select Scan all users
  • Check the boxes beside LOP Check and Purity Check.
  • Copy (select all lines inside quote box and press CTRL+C) and Paste (press CTRL+V) the following code into the Posted Image textbox.

    netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open OTL.Txt in Notepad window.
  • Please copy (Edit->Select All, Edit->Copy) the content of this file and post it with your next reply.

NEXT...

  • Please download aswMBR.exe to your desktop.
  • Double click the aswMBR.exe to run it.

    Posted Image
  • Click the Scan button to start scan.

    Posted Image
  • On completion of the scan click Save log, save it to your desktop and post in your next reply.

When completed the above, please post back the following in the order asked for:
  • OTL custom scan log
  • aswMBR log

  • 0

#3
LucasLockhart
Posted 30 May 2011 - 06:43 PM

LucasLockhart

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Hi, sorry for the somewhat late reply. Thank you for your help. ^^ My problem still occurs, and I followed your guide. Relevant Knowledge can't be removed through Remove All problems, as it is not in there. So, if it is not too much trouble, could you tell me an alternate way to remove Relevant Knowledge?
:

OTL Log:

OTL logfile created on: 5/30/2011 5:26:04 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.49 Mb Total Physical Memory | 264.21 Mb Available Physical Memory | 25.81% Memory free
2.06 Gb Paging File | 1.48 Gb Available in Paging File | 71.74% Paging File free
Paging file location(s): C:\pagefile.sys 1182 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.53 Gb Total Space | 5.95 Gb Free Space | 30.46% Space Free | Partition Type: NTFS
Drive D: | 37.28 Gb Total Space | 28.21 Gb Free Space | 75.69% Space Free | Partition Type: NTFS
Drive E: | 17.73 Gb Total Space | 7.47 Gb Free Space | 42.11% Space Free | Partition Type: NTFS

Computer Name: LUCY | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/30 17:24:53 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2011/05/05 14:47:33 | 000,941,936 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2011/04/14 05:36:42 | 001,080,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/03/28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/03/16 16:05:14 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2011/02/08 05:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/05/30 17:24:53 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/05/17 17:05:21 | 003,275,864 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_8832f4b.dll -- (Akamai)
SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Disabled | Stopped] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/02/24 11:43:00 | 003,461,116 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) [Disabled | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2011/04/14 21:28:42 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 10:06:38 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 07:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/11/04 21:47:57 | 000,070,600 | ---- | M] (www.wiselogic.co.kr) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva344.sys -- (XDva344)
DRV - [2010/11/04 00:00:00 | 000,002,304 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\HtsysmNT.sys -- (Htsysm)
DRV - [2009/03/18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2008/05/06 17:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/04/14 00:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2005/01/04 13:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\npptNT2.sys -- (NPPTNT2)
DRV - [2004/08/03 17:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2001/08/17 09:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1214440339-1383384898-854245398-1003\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-21-1214440339-1383384898-854245398-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1214440339-1383384898-854245398-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-1214440339-1383384898-854245398-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1214440339-1383384898-854245398-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D0 85 83 68 F3 B4 CB 01 [binary data]
IE - HKU\S-1-5-21-1214440339-1383384898-854245398-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/
IE - HKU\S-1-5-21-1214440339-1383384898-854245398-1003\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s
IE - HKU\S-1-5-21-1214440339-1383384898-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/03/20 18:33:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/05/10 18:11:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6E19037A-12E3-4295-8915-ED48BC341614}: C:\Program Files\RelevantKnowledge
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2010/11/12 11:48:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2010/09/21 21:01:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a}
[2011/05/22 21:05:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\zn2zec4c.default\extensions
[2011/05/22 21:05:45 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\zn2zec4c.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010/09/21 21:01:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\SeaMonkey\Profiles\w4nmdda9.default\extensions
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\EXTENSIONS\{EC8030F7-C20A-464F-9B0E-13A3A9E97384}\[email protected]

O1 HOSTS File: ([2011/02/14 22:27:17 | 000,000,723 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-21-1214440339-1383384898-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-1214440339-1383384898-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-21-1214440339-1383384898-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuPinnedList = 1
O8 - Extra context menu item: Free YouTube to iPod Converter - C:\Documents and Settings\Owner\Application Data\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm ()
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/07/03 19:46:18 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/04/25 11:59:05 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{279d8951-332c-11e0-82bd-00e04c88889a}\Shell - "" = AutoRun
O33 - MountPoints2\{279d8951-332c-11e0-82bd-00e04c88889a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{279d8951-332c-11e0-82bd-00e04c88889a}\Shell\AutoRun\command - "" = "L:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2011/05/30 17:24:53 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/05/29 21:18:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\FUNYOURS
[2011/05/29 21:06:24 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Owner\Recent
[2011/05/28 20:30:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Ultimate_Pack_5_by_Axeraider70
[2011/05/28 19:33:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CamStudio
[2011/05/28 19:31:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\NCH Software Suite
[2011/05/28 19:31:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Video Related Programs
[2011/05/27 13:31:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\spiral
[2011/05/26 18:01:08 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/26 18:01:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/26 18:00:57 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/26 18:00:57 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/25 20:18:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\VIDEO
[2011/05/25 19:47:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\PSP
[2011/05/25 19:44:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\PICTURE
[2011/05/25 19:43:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\MUSIC
[2011/05/25 19:43:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\MP_ROOT
[2011/05/25 19:43:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\DAT
[2011/05/25 15:39:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\ImTOO
[2011/05/25 15:34:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ImTOO
[2011/05/25 15:32:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ImTOO
[2011/05/25 15:09:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Downloads
[2011/05/24 19:54:48 | 000,000,000 | ---D | C] -- C:\Temp
[2011/05/24 19:52:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Witcobber
[2011/05/22 21:05:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\DVDVideoSoftIEHelpers
[2011/05/22 21:05:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Plasmoo
[2011/05/22 21:05:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DVDVideoSoft
[2011/05/22 21:05:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2011/05/22 20:19:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\psp ebook creator
[2011/05/22 19:03:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Convert AVI to MP4
[2011/05/22 17:53:05 | 000,060,273 | ---- | C] (Open Source Software community project) -- C:\WINDOWS\System32\pthreadGC2.dll
[2011/05/22 17:48:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Sothink Video Converter
[2011/05/22 17:47:40 | 000,290,816 | ---- | C] (SourceTec Software Co., LTD) -- C:\WINDOWS\System32\stFLVSource.ax
[2011/05/22 17:47:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SourceTec
[2011/05/22 17:47:30 | 001,184,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wvc1dmod.dll
[2011/05/22 17:47:30 | 000,217,088 | ---- | C] (-) -- C:\WINDOWS\System32\CoreFLACDecoder.ax
[2011/05/22 17:47:21 | 000,438,272 | ---- | C] (Gabest) -- C:\WINDOWS\System32\Mpeg2DecFilter.ax
[2011/05/22 17:38:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Digiarty
[2011/05/22 17:32:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Leawo Video2PSP v2
[2011/05/22 17:30:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Leawo
[2011/05/22 16:42:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Red Kawa
[2011/05/22 10:01:15 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2011/05/22 09:59:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA
[2011/05/20 20:50:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\osu!
[2011/05/16 19:04:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\YouTube Downloader
[2011/05/16 19:04:03 | 000,000,000 | ---D | C] -- C:\Program Files\YouTube Downloader
[2011/05/14 17:18:21 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011/05/14 15:33:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\HiJackThis
[2011/05/14 10:11:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/05/14 10:10:48 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/05/13 18:19:14 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/05/07 15:33:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\PMB Files
[2011/05/07 15:32:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2011/05/05 14:47:32 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2011/05/05 14:40:28 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2011/05/05 14:40:27 | 001,210,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2011/05/05 14:40:26 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdc.ocx
[2011/05/05 14:40:25 | 001,025,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browseui.dll
[2011/05/05 14:40:25 | 000,916,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2011/05/05 14:40:23 | 001,509,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shdocvw.dll
[2011/05/05 14:40:22 | 005,962,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2011/05/04 18:57:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\jZip
[2011/05/04 18:56:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\jZip
[2011/05/04 18:56:43 | 000,000,000 | ---D | C] -- C:\Program Files\jZip
[2011/05/04 18:34:59 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jscript.dll
[2011/05/04 18:34:59 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vbscript.dll
[2010/08/22 18:53:33 | 001,654,869 | ---- | C] (Dynu Systems Inc.) -- C:\Documents and Settings\All Users\Application Data\DynuEncrypt.dll
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/30 17:24:53 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/05/30 14:17:07 | 116,628,448 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/05/30 14:10:25 | 000,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/05/30 14:10:19 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1214440339-1383384898-854245398-1003.job
[2011/05/30 14:10:16 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/30 14:10:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/30 14:10:06 | 1073,274,880 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/29 21:19:14 | 000,000,416 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Legend of Galasia.lnk
[2011/05/29 16:56:47 | 000,155,648 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\asdasd.sai
[2011/05/29 15:17:57 | 000,958,464 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\jasper wip.sai
[2011/05/29 14:24:01 | 005,856,024 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Theme of Misty Lake (from Sonic and the Black Knight).mp3
[2011/05/29 12:53:19 | 000,653,209 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\LucasxPrimxSienne base.png
[2011/05/29 12:53:12 | 007,098,368 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\LucasxPrimxSienne base.sai
[2011/05/28 21:21:50 | 000,005,905 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Kiyoteru_sensei_Fanart_by_Midchii.png
[2011/05/28 21:03:32 | 000,470,149 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Untitled-2.psd
[2011/05/28 21:03:26 | 000,063,793 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Lucas.png
[2011/05/28 20:18:38 | 000,005,798 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\ant.png
[2011/05/28 20:02:36 | 000,061,384 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\New canvas.png
[2011/05/28 20:00:33 | 000,856,064 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\New canvas.sai
[2011/05/28 19:31:50 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\videopadShakeIcon.job
[2011/05/28 19:31:14 | 000,000,799 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VideoPad Video Editor.lnk
[2011/05/28 08:42:32 | 000,078,673 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\480959.jpg
[2011/05/27 22:17:00 | 000,238,925 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\jasper wip.png
[2011/05/27 20:54:37 | 000,051,864 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\KasaneTed.jpg
[2011/05/27 20:54:28 | 000,045,823 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\43.mspaint-drawings.jpg
[2011/05/27 16:32:41 | 000,012,958 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\jasper.JPG
[2011/05/27 16:29:45 | 000,046,079 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\jasper.png
[2011/05/27 11:59:04 | 003,534,752 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/26 18:01:14 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/26 15:23:48 | 000,040,268 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\untitled.PNG
[2011/05/25 19:43:53 | 000,000,000 | RH-- | M] () -- C:\Documents and Settings\Owner\Desktop\MSTK_PRO.IND
[2011/05/25 19:43:52 | 000,000,000 | RH-- | M] () -- C:\Documents and Settings\Owner\Desktop\MEMSTICK.IND
[2011/05/25 13:29:17 | 000,005,305 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\DSC00199.JPG
[2011/05/24 19:53:50 | 000,005,632 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/14 20:20:53 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/14 17:08:53 | 000,106,680 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\cc_20110514_170848.reg
[2011/05/13 18:19:14 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/05/12 14:45:00 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1214440339-1383384898-854245398-1003.job
[2011/05/05 14:47:36 | 000,001,510 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/29 21:19:14 | 000,000,416 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Legend of Galasia.lnk
[2011/05/29 16:56:47 | 000,155,648 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\asdasd.sai
[2011/05/29 12:48:12 | 000,653,209 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\LucasxPrimxSienne base.png
[2011/05/29 10:55:04 | 007,098,368 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\LucasxPrimxSienne base.sai
[2011/05/29 10:26:36 | 005,856,024 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Theme of Misty Lake (from Sonic and the Black Knight).mp3
[2011/05/28 21:21:49 | 000,005,905 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Kiyoteru_sensei_Fanart_by_Midchii.png
[2011/05/28 21:03:30 | 000,470,149 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Untitled-2.psd
[2011/05/28 21:03:24 | 000,063,793 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Lucas.png
[2011/05/28 20:18:38 | 000,005,798 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\ant.png
[2011/05/28 19:31:49 | 000,000,280 | ---- | C] () -- C:\WINDOWS\tasks\videopadShakeIcon.job
[2011/05/28 19:31:14 | 000,000,805 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoPad Video Editor.lnk
[2011/05/28 19:31:14 | 000,000,799 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VideoPad Video Editor.lnk
[2011/05/28 08:42:32 | 000,078,673 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\480959.jpg
[2011/05/27 22:16:59 | 000,238,925 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\jasper wip.png
[2011/05/27 21:06:51 | 000,958,464 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\jasper wip.sai
[2011/05/27 20:54:37 | 000,051,864 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\KasaneTed.jpg
[2011/05/27 20:54:28 | 000,045,823 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\43.mspaint-drawings.jpg
[2011/05/27 16:32:41 | 000,012,958 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\jasper.JPG
[2011/05/27 16:29:45 | 000,046,079 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\jasper.png
[2011/05/26 20:32:11 | 000,061,384 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\New canvas.png
[2011/05/26 19:36:03 | 000,856,064 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\New canvas.sai
[2011/05/26 18:01:14 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/26 15:23:47 | 000,040,268 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\untitled.PNG
[2011/05/25 19:43:53 | 000,000,000 | RH-- | C] () -- C:\Documents and Settings\Owner\Desktop\MSTK_PRO.IND
[2011/05/25 19:43:52 | 000,000,000 | RH-- | C] () -- C:\Documents and Settings\Owner\Desktop\MEMSTICK.IND
[2011/05/25 13:29:17 | 000,005,305 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\DSC00199.JPG
[2011/05/22 17:53:09 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/05/22 17:47:30 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\RLAPEDec.ax
[2011/05/14 20:20:52 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Internet Explorer.lnk
[2011/05/14 17:08:50 | 000,106,680 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\cc_20110514_170848.reg
[2011/05/05 17:56:19 | 000,002,304 | ---- | C] () -- C:\WINDOWS\System32\HtsysmNT.sys
[2011/05/05 14:47:36 | 000,001,510 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2011/05/05 14:47:36 | 000,001,498 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Opera.lnk
[2011/04/11 14:22:31 | 000,173,120 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/04/08 06:28:58 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2011/03/20 13:47:59 | 000,000,055 | ---- | C] () -- C:\WINDOWS\SpeederXP.INI
[2011/02/07 21:28:23 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/12/21 23:01:17 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Adobe PNG Format CS5 Prefs
[2010/11/21 20:53:11 | 000,000,064 | ---- | C] () -- C:\WINDOWS\GPlrLanc.dat
[2010/11/11 22:28:35 | 000,000,025 | ---- | C] () -- C:\WINDOWS\libem.INI
[2010/11/11 22:27:37 | 000,000,248 | ---- | C] () -- C:\WINDOWS\System32\secustat.dat
[2010/09/17 14:48:21 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/15 21:39:07 | 000,230,752 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2010/09/15 21:39:06 | 000,118,176 | ---- | C] () -- C:\WINDOWS\patchw.dll
[2010/09/15 14:32:48 | 000,000,096 | -H-- | C] () -- C:\WINDOWS\System32\HsInfo.dat
[2010/09/01 15:43:32 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2010/07/31 13:32:08 | 000,370,336 | ---- | C] () -- C:\WINDOWS\System32\Syslib.dll
[2010/07/03 20:19:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/07/03 19:47:03 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/07/03 19:42:47 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/07/03 14:36:10 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/07/03 14:34:31 | 003,534,752 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/02/28 10:17:48 | 003,284,480 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2009/07/08 20:03:02 | 000,058,880 | ---- | C] () -- C:\WINDOWS\System32\bdmpegv.dll
[2007/02/19 18:44:12 | 001,291,776 | ---- | C] () -- C:\WINDOWS\System32\quartz(2).dll
[2006/10/22 12:22:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/10/22 12:22:00 | 001,622,016 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2006/10/22 12:22:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/10/22 12:22:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/10/22 12:22:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/10/22 12:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/10/22 12:22:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/10/22 12:22:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006/10/22 12:22:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2006/10/22 12:22:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/10/22 12:22:00 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2004/08/11 18:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/11 18:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/11 18:00:00 | 000,432,686 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/11 18:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/11 18:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/11 18:00:00 | 000,067,516 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/11 18:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/11 18:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/11 18:00:00 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo(2).dll
[2004/08/11 18:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/11 18:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/11 18:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/11 18:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/04/23 15:02:10 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.exe
[2003/02/18 18:26:28 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2011/02/15 21:08:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG
[2011/04/12 15:25:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/11/25 17:53:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/11/25 18:03:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/11/21 20:53:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Free Ride Games
[2011/05/25 15:32:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ImTOO
[2010/11/15 07:04:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2011/02/26 18:26:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\jBlChHh08505
[2011/05/22 17:32:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Leawo
[2011/04/11 14:32:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/04/28 13:16:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2010/12/26 16:13:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2011/02/15 19:02:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Outspark
[2010/09/11 00:19:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2011/05/22 15:42:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2010/12/22 01:06:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2011/04/03 21:45:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SYSTEMAX Software Development
[2011/04/05 11:24:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/11/12 10:13:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WeCareReminder
[2011/05/08 19:24:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2011/02/21 18:19:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\xOcean
[2011/04/05 10:39:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AVG
[2010/11/25 18:04:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AVG10
[2010/11/11 22:37:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\BITS
[2011/02/27 17:59:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\BugTrap Console Test108
[2010/11/19 17:55:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Downloaded Installations
[2011/05/22 21:05:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DVDVideoSoftIEHelpers
[2010/11/11 22:28:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FlashGet
[2010/11/11 22:28:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FlashGetBHO
[2010/11/11 22:27:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FlashgetSetup
[2011/05/25 15:19:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GetRightToGo
[2010/12/19 19:58:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\gtk-2.0
[2011/03/19 15:59:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\id Software
[2010/08/22 17:56:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ijjigame
[2011/05/25 15:39:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ImTOO
[2010/07/03 23:24:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterTrust
[2010/11/27 00:03:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\IObit
[2011/01/11 20:59:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\JAM Software
[2011/05/22 17:32:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leawo
[2011/05/22 17:34:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leawo Video2PSP v2
[2010/11/12 11:48:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Moonchild Productions
[2011/03/06 18:09:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Moyea
[2010/12/31 22:08:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MSNInstaller
[2010/09/10 18:09:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\NeopleLauncherDFO
[2011/02/06 15:34:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OpenCandy
[2010/10/21 20:11:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OpenOffice.org
[2011/05/05 14:47:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Opera
[2011/03/06 21:58:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Red Kawa
[2011/04/14 19:59:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\RenPy
[2011/02/06 15:37:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Reviversoft
[2010/09/25 23:08:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Secret of the Solstice
[2010/09/20 15:37:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Smith Micro
[2011/02/16 15:34:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Solstice Reborn
[2011/05/27 13:32:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\spiral
[2011/04/03 21:45:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SYSTEMAX Software Development
[2010/12/27 02:50:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TeamViewer
[2010/12/03 19:00:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Thinstall
[2011/01/17 18:26:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\WeatherBug
[2011/05/28 19:31:50 | 000,000,280 | ---- | M] () -- C:\WINDOWS\Tasks\videopadShakeIcon.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/04/14 05:42:20 | 003,195,904 | ---- | M] (Microsoft Corporation) MD5=076DC8E559181061A5A5884CB1A67567 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2008/04/14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/02/18 06:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/02/18 06:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/02/18 06:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Opera\Opera.exe" /ShowIconsCommand [2011/05/05 14:47:33 | 000,941,936 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Opera\Opera.exe" /HideIconsCommand [2011/05/05 14:47:33 | 000,941,936 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Opera\Opera.exe" /ReInstallBrowser [2011/05/05 14:47:33 | 000,941,936 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\shell\open\command\\: "C:\Program Files\Opera\Opera.exe" [2011/05/05 14:47:33 | 000,941,936 | ---- | M] (Opera Software)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/02/18 06:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/02/18 06:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/02/18 06:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Opera\Opera.exe" /ShowIconsCommand [2011/05/05 14:47:33 | 000,941,936 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Opera\Opera.exe" /HideIconsCommand [2011/05/05 14:47:33 | 000,941,936 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Opera\Opera.exe" /ReInstallBrowser [2011/05/05 14:47:33 | 000,941,936 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\shell\open\command\\: "C:\Program Files\Opera\Opera.exe" [2011/05/05 14:47:33 | 000,941,936 | ---- | M] (Opera Software)

========== Alternate Data Streams ==========

@Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07BF512B

< End of report >

aswmbr log:
aswMBR version 0.9.5.317 Copyright© 2011 AVAST Software
Run date: 2011-05-30 17:26:19
-----------------------------
17:26:19.706 OS Version: Windows 5.1.2600 Service Pack 3
17:26:19.706 Number of processors: 1 586 0x204
17:26:19.716 ComputerName: LUCY UserName: Owner
17:26:22.080 Initialize success
17:35:40.022 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
17:35:40.032 Disk 0 Vendor: MAXTOR_6L040L2 A93.0500 Size: 38172MB BusType: 3
17:35:40.042 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c
17:35:40.042 Disk 1 Vendor: MAXTOR_6L040L2 A93.0500 Size: 38172MB BusType: 3
17:35:42.055 Disk 0 MBR read successfully
17:35:42.055 Disk 0 MBR scan
17:35:42.055 Disk 0 Windows XP default MBR code
17:35:44.068 Disk 0 scanning sectors +78156225
17:35:44.088 Disk 0 scanning C:\WINDOWS\system32\drivers
17:35:50.958 Service scanning
17:35:52.380 Disk 0 trace - called modules:
17:35:52.390 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys viaide.sys PCIIDEX.SYS
17:35:52.500 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86fd4ab8]
17:35:52.520 3 CLASSPNP.SYS[f762efd7] -> nt!IofCallDriver -> \Device\00000065[0x86fd8f18]
17:35:52.520 5 ACPI.sys[f75a5620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x86f8dd98]
17:35:55.234 Unsigned kernel modules:
17:35:55.234 0x806ef000 C:\WINDOWS\system32\hal.dll
17:35:56.936 0xf759f000 C:\WINDOWS\system32\drivers\ACPI.sys
17:35:57.507 0xf758e000 C:\WINDOWS\system32\drivers\pci.sys
17:35:57.627 0xf75ee000 C:\WINDOWS\system32\drivers\isapnp.sys
17:35:57.737 0xf7af2000 C:\WINDOWS\system32\drivers\viaide.sys
17:35:57.838 0xf786e000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
17:35:57.948 0xf75fe000 C:\WINDOWS\system32\drivers\MountMgr.sys
17:35:59.109 0xf7549000 C:\WINDOWS\system32\drivers\dmio.sys
17:35:59.190 0xf7876000 C:\WINDOWS\system32\drivers\PartMgr.sys
17:35:59.300 0xf760e000 C:\WINDOWS\system32\drivers\VolSnap.sys
17:35:59.400 0xf7531000 C:\WINDOWS\system32\drivers\atapi.sys
17:35:59.500 0xf761e000 C:\WINDOWS\system32\drivers\disk.sys
17:35:59.620 0xf762e000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
17:35:59.720 0xf7511000 C:\WINDOWS\system32\drivers\fltmgr.sys
17:35:59.820 0xf74ff000 C:\WINDOWS\system32\drivers\sr.sys
17:36:00.551 0xf745b000 C:\WINDOWS\system32\drivers\Ntfs.sys
17:36:00.652 0xf742e000 C:\WINDOWS\system32\drivers\NDIS.sys
17:36:00.742 0xf764e000 C:\WINDOWS\system32\drivers\viaagp.sys
17:36:00.842 0xf7414000 C:\WINDOWS\system32\drivers\Mup.sys
17:36:01.273 0xf778e000 C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:36:02.224 0xf6fe8000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
17:36:02.634 0xf779e000 C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:36:02.705 0xf77ae000 C:\WINDOWS\system32\DRIVERS\redbook.sys
17:36:02.805 0xf6fc5000 C:\WINDOWS\system32\DRIVERS\ks.sys
17:36:02.895 0xf79b6000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:36:02.955 0xf6fa1000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
17:36:03.325 0xf6e2f000 C:\WINDOWS\system32\drivers\portcls.sys
17:36:03.416 0xf77be000 C:\WINDOWS\system32\drivers\drmk.sys
17:36:03.506 0xf79be000 C:\WINDOWS\system32\DRIVERS\fdc.sys
17:36:03.596 0xf77ce000 C:\WINDOWS\system32\DRIVERS\serial.sys
17:36:03.686 0xf7ab2000 C:\WINDOWS\system32\DRIVERS\serenum.sys
17:36:03.776 0xf6e1b000 C:\WINDOWS\system32\DRIVERS\parport.sys
17:36:03.876 0xf7ab6000 C:\WINDOWS\system32\DRIVERS\gameenum.sys
17:36:04.878 0xf77de000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:36:04.968 0xf7aba000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:36:05.058 0xf6e04000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:36:05.158 0xf77ee000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:36:05.238 0xf77fe000 C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:36:05.469 0xf79c6000 C:\WINDOWS\system32\DRIVERS\TDI.SYS
17:36:05.569 0xf6df3000 C:\WINDOWS\system32\DRIVERS\psched.sys
17:36:05.659 0xf780e000 C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:36:06.790 0xf6dc3000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:36:06.911 0xf783e000 C:\WINDOWS\system32\DRIVERS\termdd.sys
17:36:07.011 0xf79e6000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:36:07.111 0xf79ee000 C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:36:07.191 0xf7b0e000 C:\WINDOWS\system32\DRIVERS\swenum.sys
17:36:07.331 0xf6c9d000 C:\WINDOWS\system32\DRIVERS\update.sys
17:36:07.421 0xf7ada000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:36:07.642 0xf47fc000 C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:36:08.202 0xf7966000 C:\WINDOWS\system32\DRIVERS\flpydisk.sys
17:36:09.985 0xf7986000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
17:36:10.075 0xf798e000 C:\WINDOWS\System32\drivers\vga.sys
17:36:10.656 0xf7996000 C:\WINDOWS\System32\Drivers\Msfs.SYS
17:36:10.746 0xf799e000 C:\WINDOWS\System32\Drivers\Npfs.SYS
17:36:11.297 0xf2b6e000 C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:36:11.708 0xf2aa6000 C:\WINDOWS\system32\DRIVERS\netbt.sys
17:36:11.988 0xf436e000 C:\WINDOWS\system32\DRIVERS\netbios.sys
17:36:12.088 0xf2a59000 C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:36:12.358 0xf434e000 C:\WINDOWS\System32\Drivers\Fips.SYS
17:36:12.459 0xf29c3000 C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:36:12.609 0xf433e000 C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:36:12.839 0xf78a6000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:36:12.919 0xf403c000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:36:12.999 0xf525e000 C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:36:13.089 0xf3b8f000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS
17:36:13.620 0xf5252000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:36:13.720 0xf6d2b000 C:\WINDOWS\System32\Drivers\Cdfs.SYS
17:36:14.622 0xf2bec000 C:\WINDOWS\System32\watchdog.sys
17:36:14.712 0xbf000000 C:\WINDOWS\System32\drivers\dxg.sys
17:36:17.245 0xb9cd3000 C:\WINDOWS\system32\drivers\wdmaud.sys
17:36:17.336 0xf3baf000 C:\WINDOWS\system32\drivers\sysaudio.sys
17:36:17.956 0xf7d1c000 C:\WINDOWS\system32\HtsysmNT.sys
17:36:19.318 0xb9a01000 C:\WINDOWS\System32\Drivers\Fastfat.SYS
17:36:19.679 Scan finished successfully
17:40:40.093 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
17:40:40.113 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"

Edited by LucasLockhart, 31 May 2011 - 12:50 PM.

  • 0

#4
Render
Posted 31 May 2011 - 03:06 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi,

Do you have ICS (Internet Connection Sharing) enabled on that machine?

Please do this:

Go to Start > All Programs > Accessories
Right click Command Prompt and select Run as administrator
When the prompt opens type the following bolded text and press enter

sfc /scannow (Note: There is a space between sfc and /scannow)

On completion reboot

NEXT...

Please repeat that scan:

  • Double click the aswMBR.exe to run it.

    Posted Image
  • Click the Scan button to start scan.

    Posted Image
  • On completion of the scan click Save log, save it to your desktop and post in your next reply.

  • 0

#5
LucasLockhart
Posted 31 May 2011 - 12:49 PM

LucasLockhart

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
I believe I have that, but I'm not entirely sure. Is there any way to check?
Sfc /scannow only did a window to check that everything is in the correct spots. Was that its purpose?

Here is the new aswmbr log:
aswMBR version 0.9.5.317 Copyright© 2011 AVAST Software
Run date: 2011-05-30 17:26:19
-----------------------------
17:26:19.706 OS Version: Windows 5.1.2600 Service Pack 3
17:26:19.706 Number of processors: 1 586 0x204
17:26:19.716 ComputerName: LUCY UserName: Owner
17:26:22.080 Initialize success
17:35:40.022 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
17:35:40.032 Disk 0 Vendor: MAXTOR_6L040L2 A93.0500 Size: 38172MB BusType: 3
17:35:40.042 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c
17:35:40.042 Disk 1 Vendor: MAXTOR_6L040L2 A93.0500 Size: 38172MB BusType: 3
17:35:42.055 Disk 0 MBR read successfully
17:35:42.055 Disk 0 MBR scan
17:35:42.055 Disk 0 Windows XP default MBR code
17:35:44.068 Disk 0 scanning sectors +78156225
17:35:44.088 Disk 0 scanning C:\WINDOWS\system32\drivers
17:35:50.958 Service scanning
17:35:52.380 Disk 0 trace - called modules:
17:35:52.390 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys viaide.sys PCIIDEX.SYS
17:35:52.500 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86fd4ab8]
17:35:52.520 3 CLASSPNP.SYS[f762efd7] -> nt!IofCallDriver -> \Device\00000065[0x86fd8f18]
17:35:52.520 5 ACPI.sys[f75a5620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x86f8dd98]
17:35:55.234 Unsigned kernel modules:
17:35:55.234 0x806ef000 C:\WINDOWS\system32\hal.dll
17:35:56.936 0xf759f000 C:\WINDOWS\system32\drivers\ACPI.sys
17:35:57.507 0xf758e000 C:\WINDOWS\system32\drivers\pci.sys
17:35:57.627 0xf75ee000 C:\WINDOWS\system32\drivers\isapnp.sys
17:35:57.737 0xf7af2000 C:\WINDOWS\system32\drivers\viaide.sys
17:35:57.838 0xf786e000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
17:35:57.948 0xf75fe000 C:\WINDOWS\system32\drivers\MountMgr.sys
17:35:59.109 0xf7549000 C:\WINDOWS\system32\drivers\dmio.sys
17:35:59.190 0xf7876000 C:\WINDOWS\system32\drivers\PartMgr.sys
17:35:59.300 0xf760e000 C:\WINDOWS\system32\drivers\VolSnap.sys
17:35:59.400 0xf7531000 C:\WINDOWS\system32\drivers\atapi.sys
17:35:59.500 0xf761e000 C:\WINDOWS\system32\drivers\disk.sys
17:35:59.620 0xf762e000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
17:35:59.720 0xf7511000 C:\WINDOWS\system32\drivers\fltmgr.sys
17:35:59.820 0xf74ff000 C:\WINDOWS\system32\drivers\sr.sys
17:36:00.551 0xf745b000 C:\WINDOWS\system32\drivers\Ntfs.sys
17:36:00.652 0xf742e000 C:\WINDOWS\system32\drivers\NDIS.sys
17:36:00.742 0xf764e000 C:\WINDOWS\system32\drivers\viaagp.sys
17:36:00.842 0xf7414000 C:\WINDOWS\system32\drivers\Mup.sys
17:36:01.273 0xf778e000 C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:36:02.224 0xf6fe8000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
17:36:02.634 0xf779e000 C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:36:02.705 0xf77ae000 C:\WINDOWS\system32\DRIVERS\redbook.sys
17:36:02.805 0xf6fc5000 C:\WINDOWS\system32\DRIVERS\ks.sys
17:36:02.895 0xf79b6000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:36:02.955 0xf6fa1000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
17:36:03.325 0xf6e2f000 C:\WINDOWS\system32\drivers\portcls.sys
17:36:03.416 0xf77be000 C:\WINDOWS\system32\drivers\drmk.sys
17:36:03.506 0xf79be000 C:\WINDOWS\system32\DRIVERS\fdc.sys
17:36:03.596 0xf77ce000 C:\WINDOWS\system32\DRIVERS\serial.sys
17:36:03.686 0xf7ab2000 C:\WINDOWS\system32\DRIVERS\serenum.sys
17:36:03.776 0xf6e1b000 C:\WINDOWS\system32\DRIVERS\parport.sys
17:36:03.876 0xf7ab6000 C:\WINDOWS\system32\DRIVERS\gameenum.sys
17:36:04.878 0xf77de000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:36:04.968 0xf7aba000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:36:05.058 0xf6e04000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:36:05.158 0xf77ee000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:36:05.238 0xf77fe000 C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:36:05.469 0xf79c6000 C:\WINDOWS\system32\DRIVERS\TDI.SYS
17:36:05.569 0xf6df3000 C:\WINDOWS\system32\DRIVERS\psched.sys
17:36:05.659 0xf780e000 C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:36:06.790 0xf6dc3000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:36:06.911 0xf783e000 C:\WINDOWS\system32\DRIVERS\termdd.sys
17:36:07.011 0xf79e6000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:36:07.111 0xf79ee000 C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:36:07.191 0xf7b0e000 C:\WINDOWS\system32\DRIVERS\swenum.sys
17:36:07.331 0xf6c9d000 C:\WINDOWS\system32\DRIVERS\update.sys
17:36:07.421 0xf7ada000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:36:07.642 0xf47fc000 C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:36:08.202 0xf7966000 C:\WINDOWS\system32\DRIVERS\flpydisk.sys
17:36:09.985 0xf7986000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
17:36:10.075 0xf798e000 C:\WINDOWS\System32\drivers\vga.sys
17:36:10.656 0xf7996000 C:\WINDOWS\System32\Drivers\Msfs.SYS
17:36:10.746 0xf799e000 C:\WINDOWS\System32\Drivers\Npfs.SYS
17:36:11.297 0xf2b6e000 C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:36:11.708 0xf2aa6000 C:\WINDOWS\system32\DRIVERS\netbt.sys
17:36:11.988 0xf436e000 C:\WINDOWS\system32\DRIVERS\netbios.sys
17:36:12.088 0xf2a59000 C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:36:12.358 0xf434e000 C:\WINDOWS\System32\Drivers\Fips.SYS
17:36:12.459 0xf29c3000 C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:36:12.609 0xf433e000 C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:36:12.839 0xf78a6000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:36:12.919 0xf403c000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:36:12.999 0xf525e000 C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:36:13.089 0xf3b8f000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS
17:36:13.620 0xf5252000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:36:13.720 0xf6d2b000 C:\WINDOWS\System32\Drivers\Cdfs.SYS
17:36:14.622 0xf2bec000 C:\WINDOWS\System32\watchdog.sys
17:36:14.712 0xbf000000 C:\WINDOWS\System32\drivers\dxg.sys
17:36:17.245 0xb9cd3000 C:\WINDOWS\system32\drivers\wdmaud.sys
17:36:17.336 0xf3baf000 C:\WINDOWS\system32\drivers\sysaudio.sys
17:36:17.956 0xf7d1c000 C:\WINDOWS\system32\HtsysmNT.sys
17:36:19.318 0xb9a01000 C:\WINDOWS\System32\Drivers\Fastfat.SYS
17:36:19.679 Scan finished successfully
17:40:40.093 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
17:40:40.113 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"


aswMBR version 0.9.5.317 Copyright© 2011 AVAST Software
Run date: 2011-05-31 11:46:18
-----------------------------
11:46:18.641 OS Version: Windows 5.1.2600 Service Pack 3
11:46:18.641 Number of processors: 1 586 0x204
11:46:18.641 ComputerName: LUCY UserName: Owner
11:46:19.482 Initialize success
11:46:27.103 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
11:46:27.103 Disk 0 Vendor: MAXTOR_6L040L2 A93.0500 Size: 38172MB BusType: 3
11:46:27.103 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c
11:46:27.113 Disk 1 Vendor: MAXTOR_6L040L2 A93.0500 Size: 38172MB BusType: 3
11:46:29.126 Disk 0 MBR read successfully
11:46:29.126 Disk 0 MBR scan
11:46:29.136 Disk 0 Windows XP default MBR code
11:46:31.138 Disk 0 scanning sectors +78156225
11:46:31.159 Disk 0 scanning C:\WINDOWS\system32\drivers
11:46:37.868 Service scanning
11:46:39.030 Disk 0 trace - called modules:
11:46:39.040 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys viaide.sys PCIIDEX.SYS rdbss.sys
11:46:39.040 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86fd4ab8]
11:46:39.040 3 CLASSPNP.SYS[f762efd7] -> nt!IofCallDriver -> \Device\00000065[0x86fd8f18]
11:46:39.040 5 ACPI.sys[f75a5620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x86f8dd98]
11:46:40.091 Unsigned kernel modules:
11:46:40.091 0x806ef000 C:\WINDOWS\system32\hal.dll
11:46:41.083 0xf759f000 C:\WINDOWS\system32\drivers\ACPI.sys
11:46:41.594 0xf758e000 C:\WINDOWS\system32\drivers\pci.sys
11:46:41.704 0xf75ee000 C:\WINDOWS\system32\drivers\isapnp.sys
11:46:41.794 0xf7af2000 C:\WINDOWS\system32\drivers\viaide.sys
11:46:41.884 0xf786e000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
11:46:41.984 0xf75fe000 C:\WINDOWS\system32\drivers\MountMgr.sys
11:46:42.945 0xf7549000 C:\WINDOWS\system32\drivers\dmio.sys
11:46:43.036 0xf7876000 C:\WINDOWS\system32\drivers\PartMgr.sys
11:46:43.126 0xf760e000 C:\WINDOWS\system32\drivers\VolSnap.sys
11:46:43.216 0xf7531000 C:\WINDOWS\system32\drivers\atapi.sys
11:46:43.316 0xf761e000 C:\WINDOWS\system32\drivers\disk.sys
11:46:43.396 0xf762e000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
11:46:43.476 0xf7511000 C:\WINDOWS\system32\drivers\fltmgr.sys
11:46:43.576 0xf74ff000 C:\WINDOWS\system32\drivers\sr.sys
11:46:44.187 0xf745b000 C:\WINDOWS\system32\drivers\Ntfs.sys
11:46:44.337 0xf742e000 C:\WINDOWS\system32\drivers\NDIS.sys
11:46:44.438 0xf764e000 C:\WINDOWS\system32\drivers\viaagp.sys
11:46:44.658 0xf7414000 C:\WINDOWS\system32\drivers\Mup.sys
11:46:45.169 0xf77ae000 C:\WINDOWS\system32\DRIVERS\intelppm.sys
11:46:45.860 0xf6fe8000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
11:46:46.320 0xf77be000 C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:46:46.420 0xf77ce000 C:\WINDOWS\system32\DRIVERS\redbook.sys
11:46:46.521 0xf6fc5000 C:\WINDOWS\system32\DRIVERS\ks.sys
11:46:46.621 0xf79be000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys
11:46:46.711 0xf6fa1000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
11:46:47.101 0xf6e2f000 C:\WINDOWS\system32\drivers\portcls.sys
11:46:47.212 0xf77de000 C:\WINDOWS\system32\drivers\drmk.sys
11:46:47.302 0xf79c6000 C:\WINDOWS\system32\DRIVERS\fdc.sys
11:46:47.382 0xf77ee000 C:\WINDOWS\system32\DRIVERS\serial.sys
11:46:47.482 0xf7ab2000 C:\WINDOWS\system32\DRIVERS\serenum.sys
11:46:47.562 0xf6e1b000 C:\WINDOWS\system32\DRIVERS\parport.sys
11:46:47.662 0xf7ab6000 C:\WINDOWS\system32\DRIVERS\gameenum.sys
11:46:48.624 0xf77fe000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:46:48.714 0xf7aba000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:46:48.804 0xf6e04000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:46:48.894 0xf780e000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:46:48.984 0xf781e000 C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:46:49.064 0xf79ce000 C:\WINDOWS\system32\DRIVERS\TDI.SYS
11:46:49.094 0xf6df3000 C:\WINDOWS\system32\DRIVERS\psched.sys
11:46:49.194 0xf782e000 C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:46:50.226 0xf6dc3000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys
11:46:50.316 0xf785e000 C:\WINDOWS\system32\DRIVERS\termdd.sys
11:46:50.406 0xf79ee000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:46:50.516 0xf79f6000 C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:46:50.596 0xf7b0c000 C:\WINDOWS\system32\DRIVERS\swenum.sys
11:46:50.657 0xf6c9d000 C:\WINDOWS\system32\DRIVERS\update.sys
11:46:50.747 0xf7ada000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:46:50.977 0xf48d2000 C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:46:51.548 0xf796e000 C:\WINDOWS\system32\DRIVERS\flpydisk.sys
11:46:53.130 0xf7986000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
11:46:53.220 0xf798e000 C:\WINDOWS\System32\drivers\vga.sys
11:46:53.721 0xf7996000 C:\WINDOWS\System32\Drivers\Msfs.SYS
11:46:53.791 0xf799e000 C:\WINDOWS\System32\Drivers\Npfs.SYS
11:46:54.342 0xf2957000 C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:46:54.752 0xf2891000 C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:46:54.853 0xf431e000 C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:46:54.953 0xf2841000 C:\WINDOWS\system32\DRIVERS\netbt.sys
11:46:55.233 0xf430e000 C:\WINDOWS\system32\DRIVERS\netbios.sys
11:46:55.323 0xf27f4000 C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:46:55.584 0xf42ee000 C:\WINDOWS\System32\Drivers\Fips.SYS
11:46:55.794 0xf79ae000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:46:55.894 0xf7896000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:46:55.974 0xf5222000 C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:46:56.064 0xf42ce000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS
11:46:56.645 0xf5216000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys
11:46:56.715 0xf54ec000 C:\WINDOWS\System32\Drivers\Cdfs.SYS
11:46:57.536 0xf2b9f000 C:\WINDOWS\System32\watchdog.sys
11:46:57.617 0xbf000000 C:\WINDOWS\System32\drivers\dxg.sys
11:46:59.960 0xb9cd3000 C:\WINDOWS\system32\drivers\wdmaud.sys
11:47:00.060 0xf2c48000 C:\WINDOWS\system32\drivers\sysaudio.sys
11:47:00.581 0xf7c6f000 C:\WINDOWS\system32\HtsysmNT.sys
11:47:01.893 0xb9a51000 C:\WINDOWS\System32\Drivers\Fastfat.SYS
11:47:02.253 Scan finished successfully
11:47:06.479 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
11:47:06.489 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"
  • 0

#6
Render
Posted 31 May 2011 - 01:05 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
For ICS please take a look here. If you are using a router to connect to the internet then please disable ICS if it's enabled.
  • 0

#7
LucasLockhart
Posted 02 June 2011 - 08:22 PM

LucasLockhart

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
But my families laptop use this router, since it disconnects connection sharing doesn't that mean they can't use it? :)
  • 0

#8
Render
Posted 03 June 2011 - 02:16 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
OK. Stop the horses for awhile. Let's clarify some things first.
So you are actually using ICS. Mom's, father's and brother's computers are connected to the internet though that computer.
They don't have problems with internet. Only that computer has problems. Is that correct?
  • 0

#9
LucasLockhart
Posted 03 June 2011 - 12:12 PM

LucasLockhart

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
That's correct. This computer is the desktop, with the router, all the laptops internet is connected to the same router, and only I have internet problems.
  • 0

#10
Render
Posted 03 June 2011 - 01:46 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
OK. If this is correct then if your computer is turned off then no one can connect to the internet. Is it so?

Please do the following:

Please download MiniToolBox and run it.

Checkmark following checkboxes:
  • List IP configuration
Click Go and post the result (Result.txt).
  • 0

Advertisements

#11
LucasLockhart
Posted 03 June 2011 - 04:20 PM

LucasLockhart

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
No, if my computer is turned off the router doesn't turn off so the other computers still can go on the internet.
That result has my IP address in it, I don't think posting that is safe is it?
  • 0

#12
Render
Posted 03 June 2011 - 05:22 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi,

No, if my computer is turned off the router doesn't turn off so the other computers still can go on the internet.

Why are you using ICS then? Please disable it as described here.

That result has my IP address in it, I don't think posting that is safe is it?

Yes it is safe as it is showing only your private IP, not public IP.
  • 0

#13
Render
Posted 03 June 2011 - 05:46 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
And then proceed with this please:

We need to run an OTL Fix

  • Please right click on Posted Image on your desktop and click on Run as administrator.
  • Under the Custom Scans/Fixes box copy and paste this in:

    :OTL
    PRC - [2011/03/03 14:19:33 | 002,548,864 | ---- | M] (TMRG, Inc.) -- C:\Program Files\RelevantKnowledge\rlvknlg.exe
    MOD - [2011/03/03 14:19:29 | 000,545,408 | ---- | M] (TMRG, Inc.) -- C:\Program Files\RelevantKnowledge\rlls.dll
    FF - HKLM\software\mozilla\Firefox\Extensions\\{6E19037A-12E3-4295-8915-ED48BC341614}: C:\Program Files\RelevantKnowledge [2011/05/26 15:26:02 | 000,000,000 | ---D | M]

    :Files
    C:\Program Files\RelevantKnowledge
    ipconfig /flushdns /c

    :Reg

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [emptyflash]
    [createrestorepoint]
    [reboot]
  • Click on Posted Image button.
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click on Posted Image button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

  • 0

#14
LucasLockhart
Posted 03 June 2011 - 06:02 PM

LucasLockhart

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
ICS is disabled now.

OTL:
All processes killed
========== OTL ==========
No active process named rlvknlg.exe was found!
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6E19037A-12E3-4295-8915-ED48BC341614} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6E19037A-12E3-4295-8915-ED48BC341614}\ not found.
File C:\Program Files\RelevantKnowledge not found.
File rity] not found.
File sethosts] not found.
File ptytemp] not found.
File ptyflash] not found.
File eaterestorepoint] not found.
File boot] not found.

OTL by OldTimer - Version 3.2.23.0 log created on 06032011_165310

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

MiniToolBox:
MiniToolBox by Farbar
Ran by Owner (administrator) on 03-06-2011 at 16:59:23
Microsoft Windows XP Service Pack 3 (X86)

***************************************************************************


================= IP Configuration: =======================================

# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Hamachi"

set address name="Hamachi" source=dhcp
set address name="Hamachi" gateway=? ?U ?@ gwmetric=
set dns name="Hamachi" source=dhcp register=NONE
set wins name="Hamachi" source=dhcp

# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=static addr=192.65.2.99 mask=255.255.255.0
set address name="Local Area Connection" gateway=192.65.2.55 gwmetric=0
set dns name="Local Area Connection" source=static addr=206.13.29.12 register=PRIMARY
add dns name="Local Area Connection" addr=206.13.30.12 index=2
set wins name="Local Area Connection" source=static addr=none


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : LUCY

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : charter.net



Ethernet adapter Hamachi:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Hamachi Network Interface

Physical Address. . . . . . . . . : 7A-79-54-B2-27-14

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : No

IP Address. . . . . . . . . . . . : 5.188.31.45

Subnet Mask . . . . . . . . . . . : 255.0.0.0

Default Gateway . . . . . . . . . :

DHCP Server . . . . . . . . . . . : 5.0.0.1

Lease Obtained. . . . . . . . . . : Friday, June 03, 2011 4:57:44 PM

Lease Expires . . . . . . . . . . : Friday, June 03, 2011 5:01:59 PM



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : charter.net

Description . . . . . . . . . . . : Realtek RTL8139 Family PCI Fast Ethernet NIC

Physical Address. . . . . . . . . : 00-E0-4C-88-88-9A

Dhcp Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : 192.65.2.99

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.65.2.55

DNS Servers . . . . . . . . . . . : 206.13.29.12

206.13.30.12

Server: dns1.lsanca.sbcglobal.net
Address: 206.13.29.12

Name: google.com
Addresses: 74.125.224.180, 74.125.224.178, 74.125.224.177, 74.125.224.179
74.125.224.176



Pinging google.com [74.125.224.212] with 32 bytes of data:



Reply from 74.125.224.212: bytes=32 time=10ms TTL=56

Reply from 74.125.224.212: bytes=32 time=14ms TTL=56



Ping statistics for 74.125.224.212:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 10ms, Maximum = 14ms, Average = 12ms

Server: dns1.lsanca.sbcglobal.net
Address: 206.13.29.12

Name: yahoo.com
Addresses: 98.137.149.56, 209.191.122.70, 67.195.160.76, 69.147.125.65
72.30.2.43



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:



Reply from 209.191.122.70: bytes=32 time=56ms TTL=53

Reply from 209.191.122.70: bytes=32 time=45ms TTL=53



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 45ms, Maximum = 56ms, Average = 50ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=64

Reply from 127.0.0.1: bytes=32 time<1ms TTL=64



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...7a 79 54 b2 27 14 ...... Hamachi Network Interface
0x3 ...00 e0 4c 88 88 9a ...... Realtek RTL8139 Family PCI Fast Ethernet NIC - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.65.2.55 192.65.2.99 20
5.0.0.0 255.0.0.0 5.188.31.45 5.188.31.45 20
5.188.31.45 255.255.255.255 127.0.0.1 127.0.0.1 20
5.255.255.255 255.255.255.255 5.188.31.45 5.188.31.45 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.65.2.0 255.255.255.0 192.65.2.99 192.65.2.99 20
192.65.2.99 255.255.255.255 127.0.0.1 127.0.0.1 20
192.65.2.255 255.255.255.255 192.65.2.99 192.65.2.99 20
224.0.0.0 240.0.0.0 5.188.31.45 5.188.31.45 20
224.0.0.0 240.0.0.0 192.65.2.99 192.65.2.99 20
255.255.255.255 255.255.255.255 5.188.31.45 5.188.31.45 1
255.255.255.255 255.255.255.255 192.65.2.99 192.65.2.99 1
Default Gateway: 192.65.2.55
===========================================================================
Persistent Routes:
None

================= End of IP Configuration =================================

Edited by LucasLockhart, 03 June 2011 - 06:02 PM.

  • 0

#15
Render
Posted 03 June 2011 - 06:30 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Something went wrong. Please repeat OTL fix.

We need to run an OTL Fix

  • Please right click on Posted Image on your desktop and click on Run as administrator.
  • Under the Custom Scans/Fixes box copy and paste this in (inside quote box - starts with sign : ends with sign ]):

    :OTL
    PRC - [2011/03/03 14:19:33 | 002,548,864 | ---- | M] (TMRG, Inc.) -- C:\Program Files\RelevantKnowledge\rlvknlg.exe
    MOD - [2011/03/03 14:19:29 | 000,545,408 | ---- | M] (TMRG, Inc.) -- C:\Program Files\RelevantKnowledge\rlls.dll
    FF - HKLM\software\mozilla\Firefox\Extensions\\{6E19037A-12E3-4295-8915-ED48BC341614}: C:\Program Files\RelevantKnowledge [2011/05/26 15:26:02 | 000,000,000 | ---D | M]

    :Files
    C:\Program Files\RelevantKnowledge
    ipconfig /flushdns /c

    :Reg

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [emptyflash]
    [createrestorepoint]
    [reboot]

  • Click on Posted Image button.
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click on Posted Image button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

NEXT...

Posted Image OTL Custom Scan

  • Double click on the Posted Image icon to run it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top, make sure Stadard output is selected.
  • Select Scan all users
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scans/Fixes box copy and paste this in:

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    CREATERESTOREPOINT

  • Click the Posted Image button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open OTL.Txt in Notepad window.
  • Please copy (Edit->Select All, Edit->Copy) the content of this file and post it with your next reply.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP