Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Internet Disconnection Problem - Suspected Malware/Spyware

Started by LucasLockhart , May 26 2011 04:39 PM

  • This topic is locked This topic is locked

#16
LucasLockhart
Posted 04 June 2011 - 03:58 PM

LucasLockhart

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
All processes killed
========== OTL ==========
No active process named rlvknlg.exe was found!
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6E19037A-12E3-4295-8915-ED48BC341614} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6E19037A-12E3-4295-8915-ED48BC341614}\ not found.
File C:\Program Files\RelevantKnowledge not found.
File rity] not found.
File sethosts] not found.
File ptytemp] not found.
File ptyflash] not found.
File eaterestorepoint] not found.
File boot] not found.

OTL by OldTimer - Version 3.2.23.0 log created on 06042011_140358

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

OTL logfile created on: 6/4/2011 2:12:58 PM - Run 2
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.49 Mb Total Physical Memory | 351.13 Mb Available Physical Memory | 34.31% Memory free
2.06 Gb Paging File | 1.53 Gb Available in Paging File | 74.40% Paging File free
Paging file location(s): C:\pagefile.sys 1182 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.53 Gb Total Space | 3.95 Gb Free Space | 20.22% Space Free | Partition Type: NTFS
Drive D: | 37.28 Gb Total Space | 26.34 Gb Free Space | 70.65% Space Free | Partition Type: NTFS
Drive E: | 17.73 Gb Total Space | 11.81 Gb Free Space | 66.57% Space Free | Partition Type: NTFS

Computer Name: LUCY | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/04 14:09:56 | 000,164,669 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\PriusOnlineDownloader.exe
PRC - [2011/06/03 16:51:55 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2011/05/05 14:47:33 | 000,941,936 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2011/04/18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/04/14 05:36:42 | 001,080,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/03/28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/03/16 16:05:14 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2011/02/08 05:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/06/03 16:51:55 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/05/17 17:05:21 | 003,275,864 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_8832f4b.dll -- (Akamai)
SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/02/24 11:43:00 | 003,461,116 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) [Disabled | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2011/04/14 21:28:42 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 10:06:38 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 07:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/11/04 21:47:57 | 000,070,600 | ---- | M] (www.wiselogic.co.kr) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva344.sys -- (XDva344)
DRV - [2010/11/04 00:00:00 | 000,002,304 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\HtsysmNT.sys -- (Htsysm)
DRV - [2009/03/18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2008/05/06 17:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/04/14 00:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2005/01/04 13:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\npptNT2.sys -- (NPPTNT2)
DRV - [2004/08/03 17:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2001/08/17 09:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1214440339-1383384898-854245398-1003\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-21-1214440339-1383384898-854245398-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1214440339-1383384898-854245398-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-1214440339-1383384898-854245398-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1214440339-1383384898-854245398-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D0 85 83 68 F3 B4 CB 01 [binary data]
IE - HKU\S-1-5-21-1214440339-1383384898-854245398-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/
IE - HKU\S-1-5-21-1214440339-1383384898-854245398-1003\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s
IE - HKU\S-1-5-21-1214440339-1383384898-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/03/20 18:33:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/05/10 18:11:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2010/11/12 11:48:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2010/09/21 21:01:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a}
[2011/05/22 21:05:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\zn2zec4c.default\extensions
[2011/05/22 21:05:45 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\zn2zec4c.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010/09/21 21:01:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\SeaMonkey\Profiles\w4nmdda9.default\extensions
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\EXTENSIONS\{EC8030F7-C20A-464F-9B0E-13A3A9E97384}\[email protected]

O1 HOSTS File: ([2011/02/14 22:27:17 | 000,000,723 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKU\S-1-5-21-1214440339-1383384898-854245398-1003..\Run: [Raptr] C:\Program Files\Raptr\raptrstub.exe (Raptr, Inc)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-21-1214440339-1383384898-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-1214440339-1383384898-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-21-1214440339-1383384898-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuPinnedList = 1
O8 - Extra context menu item: Free YouTube to iPod Converter - C:\Documents and Settings\Owner\Application Data\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm ()
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/07/03 19:46:18 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/04/25 11:59:05 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{279d8951-332c-11e0-82bd-00e04c88889a}\Shell - "" = AutoRun
O33 - MountPoints2\{279d8951-332c-11e0-82bd-00e04c88889a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{279d8951-332c-11e0-82bd-00e04c88889a}\Shell\AutoRun\command - "" = "L:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2011/06/03 19:30:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\DFO
[2011/06/03 18:48:39 | 000,000,000 | ---D | C] -- C:\Nexon
[2011/06/03 18:32:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Google Chrome
[2011/06/03 18:18:33 | 1008,828,056 | ---- | C] (Nexon) -- C:\Documents and Settings\Owner\Desktop\DFOSetup36.exe
[2011/06/03 16:53:10 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/03 16:51:55 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/06/02 18:45:47 | 000,000,000 | ---D | C] -- C:\AeriaGames
[2011/05/30 18:22:08 | 000,000,000 | ---D | C] -- C:\Program Files\Raptr
[2011/05/30 18:22:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Raptr
[2011/05/29 21:06:24 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Owner\Recent
[2011/05/28 19:33:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CamStudio
[2011/05/28 19:31:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Video Related Programs
[2011/05/27 13:31:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\spiral
[2011/05/26 18:01:08 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/26 18:00:57 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/26 18:00:57 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/25 20:18:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\VIDEO
[2011/05/25 19:47:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\PSP
[2011/05/25 19:44:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\PICTURE
[2011/05/25 19:43:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\MUSIC
[2011/05/25 19:43:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\MP_ROOT
[2011/05/25 19:43:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\DAT
[2011/05/25 15:39:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\ImTOO
[2011/05/25 15:32:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ImTOO
[2011/05/24 19:54:48 | 000,000,000 | ---D | C] -- C:\Temp
[2011/05/22 21:05:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\DVDVideoSoftIEHelpers
[2011/05/22 21:05:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Plasmoo
[2011/05/22 21:05:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2011/05/22 19:03:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Convert AVI to MP4
[2011/05/22 17:53:05 | 000,060,273 | ---- | C] (Open Source Software community project) -- C:\WINDOWS\System32\pthreadGC2.dll
[2011/05/22 17:47:40 | 000,290,816 | ---- | C] (SourceTec Software Co., LTD) -- C:\WINDOWS\System32\stFLVSource.ax
[2011/05/22 17:47:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SourceTec
[2011/05/22 17:47:30 | 001,184,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wvc1dmod.dll
[2011/05/22 17:47:30 | 000,217,088 | ---- | C] (-) -- C:\WINDOWS\System32\CoreFLACDecoder.ax
[2011/05/22 17:47:21 | 000,438,272 | ---- | C] (Gabest) -- C:\WINDOWS\System32\Mpeg2DecFilter.ax
[2011/05/22 17:32:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Leawo Video2PSP v2
[2011/05/22 10:01:15 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2011/05/22 09:59:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA
[2011/05/16 19:04:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\YouTube Downloader
[2011/05/16 19:04:03 | 000,000,000 | ---D | C] -- C:\Program Files\YouTube Downloader
[2011/05/14 17:18:21 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011/05/14 10:11:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/05/14 10:10:48 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/05/13 18:19:14 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/05/07 15:33:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\PMB Files
[2011/05/07 15:32:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2011/05/05 14:47:32 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2010/08/22 18:53:33 | 001,654,869 | ---- | C] (Dynu Systems Inc.) -- C:\Documents and Settings\All Users\Application Data\DynuEncrypt.dll
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/04 14:45:22 | 000,183,410 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\lucas2.PNG
[2011/06/04 14:34:05 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-1383384898-854245398-1003UA.job
[2011/06/04 14:09:56 | 000,164,669 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\PriusOnlineDownloader.exe
[2011/06/04 14:06:46 | 000,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/06/04 14:06:22 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1214440339-1383384898-854245398-1003.job
[2011/06/04 14:06:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/04 14:06:10 | 1073,274,880 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/04 13:41:49 | 117,178,102 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/06/03 19:13:47 | 000,000,202 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Dungeon Fighter Online.url
[2011/06/03 18:41:53 | 1008,828,056 | ---- | M] (Nexon) -- C:\Documents and Settings\Owner\Desktop\DFOSetup36.exe
[2011/06/03 18:34:01 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-1383384898-854245398-1003Core.job
[2011/06/03 18:33:14 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Google Chrome.lnk
[2011/06/03 18:33:14 | 000,002,262 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/06/03 17:40:58 | 000,000,618 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Dream Of Mirror Online.lnk
[2011/06/03 16:51:55 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/06/03 15:24:16 | 008,956,198 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Imogen Heap - The Moment I Said It.mp3
[2011/06/03 15:07:10 | 000,084,328 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\gscopy.png
[2011/06/03 11:26:53 | 000,020,588 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Bokura23.png
[2011/06/02 19:02:04 | 000,000,666 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\EdenEternal.lnk
[2011/06/02 18:44:41 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/29 16:56:47 | 000,155,648 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\asdasd.sai
[2011/05/29 15:17:57 | 000,958,464 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\jasper wip.sai
[2011/05/29 12:53:19 | 000,653,209 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\LucasxPrimxSienne base.png
[2011/05/29 12:53:12 | 007,098,368 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\LucasxPrimxSienne base.sai
[2011/05/28 21:03:32 | 000,470,149 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Untitled-2.psd
[2011/05/28 21:03:26 | 000,063,793 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Lucas.png
[2011/05/28 20:18:38 | 000,005,798 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\ant.png
[2011/05/28 20:02:36 | 000,061,384 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\New canvas.png
[2011/05/28 20:00:33 | 000,856,064 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\New canvas.sai
[2011/05/28 19:31:50 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\videopadShakeIcon.job
[2011/05/28 19:31:14 | 000,000,799 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VideoPad Video Editor.lnk
[2011/05/27 22:17:00 | 000,238,925 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\jasper wip.png
[2011/05/27 11:59:04 | 003,534,752 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/26 18:01:14 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/25 19:43:53 | 000,000,000 | RH-- | M] () -- C:\Documents and Settings\Owner\Desktop\MSTK_PRO.IND
[2011/05/25 19:43:52 | 000,000,000 | RH-- | M] () -- C:\Documents and Settings\Owner\Desktop\MEMSTICK.IND
[2011/05/24 19:53:50 | 000,005,632 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/16 19:04:11 | 000,000,797 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\YouTube Downloader.lnk
[2011/05/14 20:20:53 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/14 17:08:53 | 000,106,680 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\cc_20110514_170848.reg
[2011/05/13 18:19:14 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/05/12 14:45:00 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1214440339-1383384898-854245398-1003.job
[2011/05/09 18:01:47 | 000,000,584 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to Xfire.exe.lnk
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/04 14:09:56 | 000,164,669 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\PriusOnlineDownloader.exe
[2011/06/03 19:13:47 | 000,000,202 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Dungeon Fighter Online.url
[2011/06/03 18:33:14 | 000,002,284 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Google Chrome.lnk
[2011/06/03 18:33:14 | 000,002,262 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/06/03 18:29:02 | 000,000,978 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-1383384898-854245398-1003UA.job
[2011/06/03 18:29:00 | 000,000,926 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-1383384898-854245398-1003Core.job
[2011/06/03 17:40:57 | 000,000,618 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Dream Of Mirror Online.lnk
[2011/06/03 15:24:05 | 008,956,198 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Imogen Heap - The Moment I Said It.mp3
[2011/06/03 15:07:10 | 000,084,328 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\gscopy.png
[2011/06/03 11:26:53 | 000,020,588 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Bokura23.png
[2011/06/02 19:02:00 | 000,000,666 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\EdenEternal.lnk
[2011/05/29 16:56:47 | 000,155,648 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\asdasd.sai
[2011/05/29 12:48:12 | 000,653,209 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\LucasxPrimxSienne base.png
[2011/05/29 10:55:04 | 007,098,368 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\LucasxPrimxSienne base.sai
[2011/05/28 21:03:30 | 000,470,149 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Untitled-2.psd
[2011/05/28 21:03:24 | 000,063,793 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Lucas.png
[2011/05/28 20:18:38 | 000,005,798 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\ant.png
[2011/05/28 19:31:49 | 000,000,280 | ---- | C] () -- C:\WINDOWS\tasks\videopadShakeIcon.job
[2011/05/28 19:31:14 | 000,000,805 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoPad Video Editor.lnk
[2011/05/28 19:31:14 | 000,000,799 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VideoPad Video Editor.lnk
[2011/05/27 22:16:59 | 000,238,925 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\jasper wip.png
[2011/05/27 21:06:51 | 000,958,464 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\jasper wip.sai
[2011/05/26 20:32:11 | 000,061,384 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\New canvas.png
[2011/05/26 19:36:03 | 000,856,064 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\New canvas.sai
[2011/05/26 18:01:14 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/25 19:43:53 | 000,000,000 | RH-- | C] () -- C:\Documents and Settings\Owner\Desktop\MSTK_PRO.IND
[2011/05/25 19:43:52 | 000,000,000 | RH-- | C] () -- C:\Documents and Settings\Owner\Desktop\MEMSTICK.IND
[2011/05/22 17:53:09 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/05/22 17:47:30 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\RLAPEDec.ax
[2011/05/16 19:04:11 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\YouTube Downloader.lnk
[2011/05/14 20:20:52 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Internet Explorer.lnk
[2011/05/14 17:08:50 | 000,106,680 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\cc_20110514_170848.reg
[2011/05/14 10:14:11 | 000,000,584 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to Xfire.exe.lnk
[2011/05/05 17:56:19 | 000,002,304 | ---- | C] () -- C:\WINDOWS\System32\HtsysmNT.sys
[2011/05/05 14:47:36 | 000,001,510 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2011/05/05 14:47:36 | 000,001,498 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Opera.lnk
[2011/04/11 14:22:31 | 000,173,120 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/04/08 06:28:58 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2011/03/20 13:47:59 | 000,000,055 | ---- | C] () -- C:\WINDOWS\SpeederXP.INI
[2011/02/07 21:28:23 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/12/21 23:01:17 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Adobe PNG Format CS5 Prefs
[2010/11/21 20:53:11 | 000,000,064 | ---- | C] () -- C:\WINDOWS\GPlrLanc.dat
[2010/11/11 22:28:35 | 000,000,025 | ---- | C] () -- C:\WINDOWS\libem.INI
[2010/11/11 22:27:37 | 000,000,248 | ---- | C] () -- C:\WINDOWS\System32\secustat.dat
[2010/09/17 14:48:21 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/15 21:39:07 | 000,230,752 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2010/09/15 21:39:06 | 000,118,176 | ---- | C] () -- C:\WINDOWS\patchw.dll
[2010/09/15 14:32:48 | 000,000,096 | -H-- | C] () -- C:\WINDOWS\System32\HsInfo.dat
[2010/09/01 15:43:32 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2010/07/31 13:32:08 | 000,370,336 | ---- | C] () -- C:\WINDOWS\System32\Syslib.dll
[2010/07/03 20:19:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/07/03 19:47:03 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/07/03 19:42:47 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/07/03 14:36:10 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/07/03 14:34:31 | 003,534,752 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/02/28 10:17:48 | 003,284,480 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2009/07/08 20:03:02 | 000,058,880 | ---- | C] () -- C:\WINDOWS\System32\bdmpegv.dll
[2007/02/19 18:44:12 | 001,291,776 | ---- | C] () -- C:\WINDOWS\System32\quartz(2).dll
[2006/10/22 12:22:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/10/22 12:22:00 | 001,622,016 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2006/10/22 12:22:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/10/22 12:22:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/10/22 12:22:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/10/22 12:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/10/22 12:22:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/10/22 12:22:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006/10/22 12:22:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2006/10/22 12:22:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/10/22 12:22:00 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2004/08/11 18:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/11 18:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/11 18:00:00 | 000,432,686 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/11 18:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/11 18:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/11 18:00:00 | 000,067,516 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/11 18:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/11 18:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/11 18:00:00 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo(2).dll
[2004/08/11 18:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/11 18:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/11 18:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/11 18:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/04/23 15:02:10 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.exe
[2003/02/18 18:26:28 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2011/02/15 21:08:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG
[2011/04/12 15:25:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/11/25 17:53:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/11/25 18:03:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/11/21 20:53:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Free Ride Games
[2011/05/25 15:32:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ImTOO
[2010/11/15 07:04:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2011/02/26 18:26:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\jBlChHh08505
[2011/05/22 17:32:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Leawo
[2011/04/11 14:32:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/04/28 13:16:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2011/06/03 18:45:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2011/02/15 19:02:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Outspark
[2010/09/11 00:19:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2011/06/03 18:44:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2010/12/22 01:06:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2011/04/03 21:45:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SYSTEMAX Software Development
[2011/04/05 11:24:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/11/12 10:13:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WeCareReminder
[2011/05/08 19:24:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2011/02/21 18:19:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\xOcean
[2011/04/05 10:39:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AVG
[2010/11/25 18:04:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AVG10
[2010/11/11 22:37:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\BITS
[2011/02/27 17:59:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\BugTrap Console Test108
[2010/11/19 17:55:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Downloaded Installations
[2011/05/22 21:05:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DVDVideoSoftIEHelpers
[2010/11/11 22:28:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FlashGet
[2010/11/11 22:28:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FlashGetBHO
[2010/11/11 22:27:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FlashgetSetup
[2011/05/25 15:19:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GetRightToGo
[2010/12/19 19:58:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\gtk-2.0
[2011/03/19 15:59:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\id Software
[2010/08/22 17:56:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ijjigame
[2011/05/25 15:39:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ImTOO
[2010/07/03 23:24:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterTrust
[2010/11/27 00:03:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\IObit
[2011/01/11 20:59:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\JAM Software
[2011/05/22 17:32:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leawo
[2011/05/22 17:34:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leawo Video2PSP v2
[2010/11/12 11:48:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Moonchild Productions
[2011/03/06 18:09:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Moyea
[2010/12/31 22:08:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MSNInstaller
[2010/09/10 18:09:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\NeopleLauncherDFO
[2011/02/06 15:34:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OpenCandy
[2010/10/21 20:11:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OpenOffice.org
[2011/05/05 14:47:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Opera
[2011/06/04 14:07:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Raptr
[2011/03/06 21:58:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Red Kawa
[2011/04/14 19:59:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\RenPy
[2011/02/06 15:37:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Reviversoft
[2010/09/25 23:08:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Secret of the Solstice
[2010/09/20 15:37:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Smith Micro
[2011/02/16 15:34:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Solstice Reborn
[2011/05/27 13:32:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\spiral
[2011/04/03 21:45:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SYSTEMAX Software Development
[2010/12/27 02:50:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TeamViewer
[2010/12/03 19:00:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Thinstall
[2011/01/17 18:26:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\WeatherBug
[2011/05/28 19:31:50 | 000,000,280 | ---- | M] () -- C:\WINDOWS\Tasks\videopadShakeIcon.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/04/14 05:42:20 | 003,195,904 | ---- | M] (Microsoft Corporation) MD5=076DC8E559181061A5A5884CB1A67567 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2008/04/14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/05/20 00:54:14 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2011/05/20 00:54:14 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2011/05/20 00:54:14 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/05/20 00:54:14 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/05/20 00:54:14 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/02/18 06:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/02/18 06:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/02/18 06:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Opera\Opera.exe" /ShowIconsCommand [2011/05/05 14:47:33 | 000,941,936 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Opera\Opera.exe" /HideIconsCommand [2011/05/05 14:47:33 | 000,941,936 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Opera\Opera.exe" /ReInstallBrowser [2011/05/05 14:47:33 | 000,941,936 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\shell\open\command\\: "C:\Program Files\Opera\Opera.exe" [2011/05/05 14:47:33 | 000,941,936 | ---- | M] (Opera Software)

========== Alternate Data Streams ==========

@Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07BF512B

< End of report >
  • 0

Advertisements

#17
Render
Posted 04 June 2011 - 04:54 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
How is it running now? Original problem is still present?
  • 0

#18
LucasLockhart
Posted 05 June 2011 - 04:33 PM

LucasLockhart

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
It got noticeably better, but I think the problem is still there, because it'll still disconnect during downloads and on websites like DeviantArt and Megaupload.
  • 0

#19
Render
Posted 05 June 2011 - 04:51 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi,

I need some more informations here. Are you getting some error messages when disconnect happens?

Please proceed with these steps:

Step 1

Please run MiniToolBox.

Checkmark following checkboxes:
  • List last 10 Event Viewer log
Click Go and post the result (Result.txt).

Step 2

Please download AVP Tool by Kaspersky. Save it to your desktop, and reboot your computer into SafeMode.

  • You can do this by restarting your computer and continually tapping the F8 key until a menu appears.
  • Use your up arrow key to highlight SafeMode then hit enter.
  • Double click the setup file to run it.
  • Click Next to continue.
  • It will by default install it to your desktop folder.Click Next.
  • Hit OK at the prompt for scanning in Safe Mode.
  • It will then open a box. There will be a tab that says Automatic scan.
  • Under Automatic scan make sure these are checked:

    Hidden Startup Objects
    System Memory
    Disk Boot Sectors.
    My Computer.
    Also any other drives (Removable that you may have)

  • Leave the rest of the settings as they appear as default.
  • Then click on Scan at the to right hand corner.
  • It will automatically Neutralize any objects found.
  • If some objects are left un-neutralized then click the button that says Neutralize all.
  • If it says it cannot be Neutralized then choose the delete option when prompted.
  • After that is done click on the Reports button at the bottom and save it to file name it Kas.
  • Save it somewhere convenient like your desktop and post it in your next reply.

Note: This tool will self uninstall when you close it so please save the log before closing it.

When completed the above, please post back the following in the order asked for:
  • MiniTool log
  • AVP tool report

  • 0

#20
LucasLockhart
Posted 08 June 2011 - 03:47 PM

LucasLockhart

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Sorry, could you give me a little bit to do it? I'll have it done by tomorrow morning. I'm just really busy right now
  • 0

#21
Render
Posted 08 June 2011 - 03:52 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
No problem.:)
  • 0

#22
Render
Posted 17 June 2011 - 07:41 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP