Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

PSW.OnlineGames infection (Help Me Please)

Started by Lunar_PrinZ , Aug 20 2009 03:58 AM

  • Please log in to reply

#1
Lunar_PrinZ
Posted 20 August 2009 - 03:58 AM

Lunar_PrinZ

    New Member

  • Member
  • Pip
  • 1 posts
Hi there.

I got this infection for a few weeks ago.
My AVG 8.5 (free edition) found it but is not able to delete it.


I just back-up my data and format my computer today.
However, I find it again.


I have read and followed the instruction in "Malware and Spyware Cleaning Guide, Please read before starting a new topic" already.

Could you help me to remove it please.







First, this is from "MBAM".

PSW2.JPG

Malwarebytes' Anti-Malware 1.40
Database version: 2551
Windows 5.1.2600 Service Pack 3

8/21/2009 1:12:17 AM
mbam-log-2009-08-21 (01-12-17).txt

Scan type: Quick Scan
Objects scanned: 79416
Time elapsed: 3 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{af4da69b-e1d6-469a-855b-6445294857d4} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{af4da69b-e1d6-469a-855b-6445294857d4} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\iehlprobj.iehlprobj.1 (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{af4da69b-e1d6-469a-855b-6445294857d4} (Spyware.OnlineGames) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ahnsoft (Spyware.OnlineGames) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Then, this is from ROOTREPEAL.

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/08/21 01:26
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB7498000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xBADCE000 Size: 8192 File Visible: No Signed: -
Status: -

Name: griplnmd.sys
Image Path: griplnmd.sys
Address: 0xBA8A8000 Size: 61440 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB77F3000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: c:\documents and settings\lunar_prinz\local settings\temp\~df146e.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\lunar_prinz\local settings\temp\~df228d.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\lunar_prinz\local settings\temp\~dfa890.tmp
Status: Allocation size mismatch (API: 24576, Raw: 0)

SSDT
-------------------
#: 025 Function Name: NtClose
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb76276b8

#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb7627574

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb7627a52

#: 068 Function Name: NtDuplicateObject
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb762714c

#: 119 Function Name: NtOpenKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb762764e

#: 122 Function Name: NtOpenProcess
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb762708c

#: 128 Function Name: NtOpenThread
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb76270f0

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb762776e

#: 204 Function Name: NtRestoreKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb762772e

#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb76278ae

==EOF==

And the last ones is from OTL.

OTL logfile created on: 8/21/2009 2:49:18 AM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Lunar_PrinZ\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.57 Gb Available Physical Memory | 78.41% Memory free
3.85 Gb Paging File | 3.46 Gb Available in Paging File | 89.82% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 24.51 Gb Total Space | 19.62 Gb Free Space | 80.06% Space Free | Partition Type: NTFS
Drive D: | 25.00 Gb Total Space | 23.28 Gb Free Space | 93.11% Space Free | Partition Type: NTFS
Drive E: | 25.00 Gb Total Space | 3.69 Gb Free Space | 14.77% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: VENUS
Current User Name: Lunar_PrinZ
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2006/04/14 11:43:02 | 00,114,753 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2006/04/14 11:44:58 | 00,540,745 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2009/08/17 22:58:55 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/08/17 23:07:17 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2008/04/14 19:00:00 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2006/04/17 16:24:30 | 00,110,592 | R--- | M] () -- C:\WINDOWS\ATK0100\HControl.exe
PRC - [2006/01/20 11:34:26 | 00,544,768 | R--- | M] (Motorola Inc.) -- C:\WINDOWS\sm56hlpr.exe
PRC - [2005/10/21 13:26:48 | 00,761,945 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2006/04/14 11:51:52 | 00,667,718 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
PRC - [2006/04/14 11:52:18 | 00,602,182 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
PRC - [2006/04/14 11:56:12 | 00,569,413 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
PRC - [2009/08/17 23:07:23 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2006/03/17 12:16:00 | 00,143,426 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe
PRC - [2006/04/14 11:42:26 | 00,217,164 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2006/02/02 22:19:10 | 01,753,088 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2006/02/02 21:31:04 | 00,290,816 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2006/01/23 21:47:32 | 00,073,728 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
PRC - [2006/01/27 18:17:50 | 00,221,184 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
PRC - [2006/04/01 15:37:00 | 02,170,880 | R--- | M] () -- C:\WINDOWS\ATK0100\ATKOSD.exe
PRC - [2009/08/17 23:07:01 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2008/04/14 19:00:00 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wscntfy.exe
PRC - [2009/08/17 23:04:21 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2006/01/26 15:06:38 | 00,311,296 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
PRC - [2006/04/14 11:49:28 | 00,397,381 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2005/12/05 16:50:08 | 02,134,016 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\IEXPLORE.EXE
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\IEXPLORE.EXE
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\IEXPLORE.EXE
PRC - [2009/08/20 22:02:03 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lunar_PrinZ\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/08/17 22:58:55 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
SRV - [2009/08/17 23:07:17 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
SRV - [2009/08/17 23:07:01 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])
SRV - [2009/08/17 23:04:21 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])
SRV - [2006/04/14 11:43:02 | 00,114,753 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng [Auto | Running])
SRV - [2008/04/14 19:00:00 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2008/04/14 12:41:56 | 00,028,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\irmon.dll -- (Irmon [Auto | Running])
SRV - [2006/03/17 12:16:00 | 00,143,426 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2006/04/14 11:42:26 | 00,217,164 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc [Auto | Running])
SRV - [2006/04/14 11:44:58 | 00,540,745 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor [Auto | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.geekstogo...se-t249774.html
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe (Intel Corporation)
O4 - HKLM..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe ()
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1250777336328 (WUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 161.200.192.4 161.200.192.195
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/08/20 15:28:01 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/08/20 16:24:46 | 00,000,053 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{6a8325c4-8d98-11de-9e03-806d6172696f}\Shell\AutoRun\command - "" = lot.exe
O33 - MountPoints2\{6a8325c4-8d98-11de-9e03-806d6172696f}\Shell\open\Command - "" = lot.exe
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

NetSvcs: 6to4 - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - C:\WINDOWS\System32\irmon.dll (Microsoft Corporation)
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 14 Days ==========

[2009/08/21 02:41:38 | 00,003,584 | ---- | C] () -- C:\Documents and Settings\Lunar_PrinZ\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/21 01:25:41 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Lunar_PrinZ\Desktop\settings.dat
[2009/08/21 01:12:09 | 00,152,150 | ---- | C] () -- C:\Documents and Settings\Lunar_PrinZ\Desktop\PSW2.JPG
[2009/08/21 01:03:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Lunar_PrinZ\Application Data\Malwarebytes
[2009/08/21 01:03:08 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/21 01:03:05 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/08/21 01:03:04 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/08/21 01:03:04 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/08/21 01:03:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/08/21 01:02:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/08/21 01:00:53 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Lunar_PrinZ\Desktop\NTREGOPT.lnk
[2009/08/21 01:00:53 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Lunar_PrinZ\Desktop\ERUNT.lnk
[2009/08/21 01:00:52 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/08/21 00:09:24 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/08/21 00:09:24 | 00,001,709 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/08/21 00:09:23 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009/08/21 00:09:23 | 00,051,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/08/21 00:09:23 | 00,026,944 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/08/21 00:09:22 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/08/21 00:09:22 | 00,094,160 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/08/21 00:09:22 | 00,093,392 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/08/21 00:09:22 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/08/21 00:09:03 | 01,279,456 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/08/21 00:09:03 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2009/08/21 00:09:00 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/08/20 22:19:53 | 00,004,444 | ---- | C] () -- C:\WINDOWS\System32\pid.PNF
[2009/08/20 22:17:37 | 00,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2009/08/20 22:17:35 | 00,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2009/08/20 22:17:31 | 00,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2009/08/20 22:17:22 | 13,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2009/08/20 22:17:22 | 00,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2009/08/20 22:17:20 | 01,158,818 | ---- | C] () -- C:\WINDOWS\System32\korwbrkr.lex
[2009/08/20 22:17:20 | 01,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2009/08/20 22:17:20 | 00,002,060 | ---- | C] () -- C:\WINDOWS\System32\noise.jpn
[2009/08/20 22:17:20 | 00,001,486 | ---- | C] () -- C:\WINDOWS\System32\noise.kor
[2009/08/20 22:17:11 | 00,211,938 | ---- | C] () -- C:\WINDOWS\System32\lcphrase.tbl
[2009/08/20 22:17:11 | 00,146,126 | ---- | C] () -- C:\WINDOWS\System32\array30.tab
[2009/08/20 22:17:11 | 00,116,285 | ---- | C] () -- C:\WINDOWS\System32\msdayi.tbl
[2009/08/20 22:17:11 | 00,110,566 | ---- | C] () -- C:\WINDOWS\System32\arphr.tbl
[2009/08/20 22:17:11 | 00,044,370 | ---- | C] () -- C:\WINDOWS\System32\acode.tbl
[2009/08/20 22:17:11 | 00,044,370 | ---- | C] () -- C:\WINDOWS\System32\a234.tbl
[2009/08/20 22:17:11 | 00,043,242 | ---- | C] () -- C:\WINDOWS\System32\phoncode.tbl
[2009/08/20 22:17:11 | 00,024,114 | ---- | C] () -- C:\WINDOWS\System32\lcptr.tbl
[2009/08/20 22:17:11 | 00,018,600 | ---- | C] () -- C:\WINDOWS\System32\arrayhw.tab
[2009/08/20 22:17:11 | 00,016,312 | ---- | C] () -- C:\WINDOWS\System32\arptr.tbl
[2009/08/20 22:17:11 | 00,004,071 | ---- | C] () -- C:\WINDOWS\System32\phon.tbl
[2009/08/20 22:17:11 | 00,002,714 | ---- | C] () -- C:\WINDOWS\System32\phonptr.tbl
[2009/08/20 22:17:11 | 00,001,460 | ---- | C] () -- C:\WINDOWS\System32\a15.tbl
[2009/08/20 22:17:11 | 00,000,700 | ---- | C] () -- C:\WINDOWS\System32\dayiptr.tbl
[2009/08/20 22:17:11 | 00,000,520 | ---- | C] () -- C:\WINDOWS\System32\dayiphr.tbl
[2009/08/20 22:17:10 | 00,195,618 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10002.nls
[2009/08/20 22:17:10 | 00,195,618 | ---- | C] () -- C:\WINDOWS\System32\c_10002.nls
[2009/08/20 22:17:10 | 00,082,172 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bopomofo.nls
[2009/08/20 22:17:10 | 00,082,172 | ---- | C] () -- C:\WINDOWS\System32\bopomofo.nls
[2009/08/20 22:17:10 | 00,066,728 | ---- | C] () -- C:\WINDOWS\System32\dllcache\big5.nls
[2009/08/20 22:17:10 | 00,066,728 | ---- | C] () -- C:\WINDOWS\System32\big5.nls
[2009/08/20 22:17:10 | 00,016,254 | ---- | C] () -- C:\WINDOWS\System32\PINTLPAE.HLP
[2009/08/20 22:17:10 | 00,014,821 | ---- | C] () -- C:\WINDOWS\System32\PINTLPAD.HLP
[2009/08/20 22:17:07 | 01,564,868 | ---- | C] () -- C:\WINDOWS\System32\WINSP.MB
[2009/08/20 22:17:07 | 01,223,500 | ---- | C] () -- C:\WINDOWS\System32\WINZM.MB
[2009/08/20 22:17:06 | 01,783,864 | ---- | C] () -- C:\WINDOWS\System32\WINPY.MB
[2009/08/20 22:17:06 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10008.nls
[2009/08/20 22:17:06 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\c_10008.nls
[2009/08/20 22:17:06 | 00,083,748 | ---- | C] () -- C:\WINDOWS\System32\prcp.nls
[2009/08/20 22:17:06 | 00,083,748 | ---- | C] () -- C:\WINDOWS\System32\prc.nls
[2009/08/20 22:17:06 | 00,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prcp.nls
[2009/08/20 22:17:06 | 00,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prc.nls
[2009/08/20 22:17:03 | 00,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2009/08/20 22:17:03 | 00,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2009/08/20 22:16:57 | 00,189,986 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1361.nls
[2009/08/20 22:16:57 | 00,189,986 | ---- | C] () -- C:\WINDOWS\System32\c_1361.nls
[2009/08/20 22:16:57 | 00,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10003.nls
[2009/08/20 22:16:57 | 00,177,698 | ---- | C] () -- C:\WINDOWS\System32\c_10003.nls
[2009/08/20 22:16:57 | 00,047,066 | ---- | C] () -- C:\WINDOWS\System32\ksc.nls
[2009/08/20 22:16:57 | 00,047,066 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ksc.nls
[2009/08/20 22:16:38 | 00,180,770 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20932.nls
[2009/08/20 22:16:38 | 00,180,770 | ---- | C] () -- C:\WINDOWS\System32\c_20932.nls
[2009/08/20 22:16:38 | 00,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20000.nls
[2009/08/20 22:16:38 | 00,180,258 | ---- | C] () -- C:\WINDOWS\System32\c_20000.nls
[2009/08/20 22:16:38 | 00,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20949.nls
[2009/08/20 22:16:38 | 00,177,698 | ---- | C] () -- C:\WINDOWS\System32\c_20949.nls
[2009/08/20 22:16:38 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20936.nls
[2009/08/20 22:16:38 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\c_20936.nls
[2009/08/20 22:16:38 | 00,162,850 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10001.nls
[2009/08/20 22:16:38 | 00,162,850 | ---- | C] () -- C:\WINDOWS\System32\c_10001.nls
[2009/08/20 22:16:38 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21027.nls
[2009/08/20 22:16:38 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20290.nls
[2009/08/20 22:16:38 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_21027.nls
[2009/08/20 22:16:38 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_20290.nls
[2009/08/20 22:16:38 | 00,028,288 | ---- | C] () -- C:\WINDOWS\System32\xjis.nls
[2009/08/20 22:16:38 | 00,028,288 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xjis.nls
[2009/08/20 22:16:31 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_864.nls
[2009/08/20 22:16:31 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_864.nls
[2009/08/20 22:16:31 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28596.nls
[2009/08/20 22:16:31 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10004.nls
[2009/08/20 22:16:31 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28596.NLS
[2009/08/20 22:16:31 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10004.nls
[2009/08/20 22:16:30 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_720.nls
[2009/08/20 22:16:30 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_720.nls
[2009/08/20 22:16:30 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_708.nls
[2009/08/20 22:16:30 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_708.nls
[2009/08/20 22:16:28 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_862.nls
[2009/08/20 22:16:28 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_862.nls
[2009/08/20 22:16:28 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10005.nls
[2009/08/20 22:16:28 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10005.nls
[2009/08/20 22:16:25 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10021.nls
[2009/08/20 22:16:25 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10021.nls
[2009/08/20 22:13:12 | 00,034,616 | ---- | C] () -- C:\Documents and Settings\Lunar_PrinZ\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/08/20 22:10:07 | 00,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2009/08/20 22:10:04 | 00,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2009/08/20 22:10:04 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2009/08/20 22:10:01 | 01,685,606 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.spd
[2009/08/20 22:10:01 | 00,605,050 | ---- | C] () -- C:\WINDOWS\System32\dllcache\r1033tts.lxa
[2009/08/20 22:10:01 | 00,000,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.sdf
[2009/08/20 22:10:00 | 00,643,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ltts1033.lxa
[2009/08/20 22:10:00 | 00,000,000 | R--D | C] -- C:\Program Files
[2009/08/20 22:10:00 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
[2009/08/20 22:10:00 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2009/08/20 22:10:00 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files
[2009/08/20 22:09:59 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28603.nls
[2009/08/20 22:09:59 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28603.nls
[2009/08/20 22:09:57 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_857.nls
[2009/08/20 22:09:57 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_857.nls
[2009/08/20 22:09:57 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28599.nls
[2009/08/20 22:09:57 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28599.nls
[2009/08/20 22:09:56 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10081.nls
[2009/08/20 22:09:56 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10081.nls
[2009/08/20 22:09:54 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28595.nls
[2009/08/20 22:09:54 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10017.nls
[2009/08/20 22:09:54 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10007.nls
[2009/08/20 22:09:54 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28595.NLS
[2009/08/20 22:09:54 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10017.nls
[2009/08/20 22:09:54 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10007.nls
[2009/08/20 22:09:53 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_869.nls
[2009/08/20 22:09:53 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_737.nls
[2009/08/20 22:09:53 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_869.nls
[2009/08/20 22:09:53 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_737.nls
[2009/08/20 22:09:53 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_875.nls
[2009/08/20 22:09:53 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28597.nls
[2009/08/20 22:09:53 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10006.nls
[2009/08/20 22:09:53 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_875.nls
[2009/08/20 22:09:53 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28597.NLS
[2009/08/20 22:09:53 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10006.nls
[2009/08/20 22:09:51 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_866.nls
[2009/08/20 22:09:51 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_855.nls
[2009/08/20 22:09:51 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_866.nls
[2009/08/20 22:09:51 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_855.nls
[2009/08/20 22:09:51 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28594.nls
[2009/08/20 22:09:51 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28594.NLS
[2009/08/20 22:09:49 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_852.nls
[2009/08/20 22:09:49 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_852.nls
[2009/08/20 22:09:49 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10082.nls
[2009/08/20 22:09:49 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10029.nls
[2009/08/20 22:09:49 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10010.nls
[2009/08/20 22:09:49 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10082.nls
[2009/08/20 22:09:49 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10029.nls
[2009/08/20 22:09:49 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10010.nls
[2009/08/20 22:09:48 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20127.nls
[2009/08/20 22:09:48 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_20127.nls
[2009/08/20 22:09:44 | 00,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2009/08/20 22:09:36 | 00,144,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat
[2009/08/20 22:09:35 | 01,296,669 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP3.CAT
[2009/08/20 22:09:35 | 01,088,840 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NTPRINT.CAT
[2009/08/20 22:09:35 | 00,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2009/08/20 22:09:35 | 00,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2009/08/20 22:09:35 | 00,112,918 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat
[2009/08/20 22:09:35 | 00,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2009/08/20 22:09:35 | 00,034,747 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat
[2009/08/20 22:09:35 | 00,034,063 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2009/08/20 22:09:35 | 00,026,991 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
[2009/08/20 22:09:35 | 00,016,535 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2009/08/20 22:09:35 | 00,014,433 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
[2009/08/20 22:09:35 | 00,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2009/08/20 22:09:35 | 00,012,363 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2009/08/20 22:09:35 | 00,010,027 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2009/08/20 22:09:35 | 00,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2009/08/20 22:09:35 | 00,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2009/08/20 22:09:35 | 00,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
[2009/08/20 22:09:34 | 02,144,487 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2009/08/20 22:09:34 | 00,522,220 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2009/08/20 22:09:24 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2009/08/20 22:09:24 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2009/08/20 22:09:18 | 00,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2009/08/20 22:08:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings
[2009/08/20 22:08:55 | 00,157,160 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/08/20 22:08:13 | 00,000,211 | -HS- | C] () -- C:\boot.ini
[2009/08/20 22:08:09 | 00,000,261 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf
[2009/08/20 22:04:29 | 00,000,000 | -HSD | C] -- C:\System Volume Information
[2009/08/20 22:03:26 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2009/08/20 22:03:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2009/08/20 22:02:31 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/08/20 22:02:03 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Lunar_PrinZ\Desktop\OTL.exe
[2009/08/20 22:01:46 | 00,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2009/08/20 22:01:46 | 00,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2009/08/20 22:01:46 | 00,000,000 | R--D | C] -- C:\WINDOWS\Web
[2009/08/20 22:01:46 | 00,000,000 | -H-D | C] -- C:\WINDOWS\inf
[2009/08/20 22:01:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2009/08/20 22:01:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2009/08/20 22:01:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2009/08/20 22:01:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2009/08/20 22:01:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2009/08/20 22:01:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2009/08/20 22:01:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
[2009/08/20 22:01:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2009/08/20 22:01:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2009/08/20 22:01:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2009/08/20 22:01:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2009/08/20 22:01:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2009/08/20 22:01:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2009/08/20 22:01:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2009/08/20 22:01:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2009/08/20 22:01:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
[2009/08/20 22:01:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
[2009/08/20 22:01:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2009/08/20 22:01:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2009/08/20 22:01:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2009/08/20 22:01:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
[2009/08/20 22:01:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2009/08/20 22:01:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
[2009/08/20 22:01:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2009/08/20 22:01:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\config
[2009/08/20 22:01:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2009/08/20 22:01:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2009/08/20 22:01:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2009/08/20 22:01:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2009/08/20 22:01:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2009/08/20 22:01:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2009/08/20 22:01:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2009/08/20 22:01:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
[2009/08/20 22:01:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2009/08/20 22:01:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2009/08/20 22:01:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1025
[2009/08/20 22:01:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\system32
[2009/08/20 22:01:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\system
[2009/08/20 22:01:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\security
[2009/08/20 22:01:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2009/08/20 22:01:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\repair
[2009/08/20 22:01:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\Provisioning
[2009/08/20 22:01:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\PeerNet
[2009/08/20 22:01:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\pchealth
[2009/08/20 22:01:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\Network Diagnostic
[2009/08/20 22:01:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\mui
[2009/08/20 22:01:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2009/08/20 22:01:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2009/08/20 22:01:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\Media
[2009/08/20 22:01:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\L2Schemas
[2009/08/20 22:01:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\java
[2009/08/20 22:01:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\ime
[2009/08/20 22:01:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\Help
[2009/08/20 22:01:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\ehome
[2009/08/20 22:01:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2009/08/20 22:01:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2009/08/20 22:01:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2009/08/20 22:01:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2009/08/20 22:01:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\Config
[2009/08/20 22:01:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2009/08/20 22:01:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\addins
[2009/08/20 22:01:46 | 00,000,000 | ---D | C] -- C:\WINDOWS
[2009/08/20 21:53:19 | 00,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2009/08/20 21:51:13 | 00,308,160 | ---- | C] (ALWIL Software) -- C:\Documents and Settings\Lunar_PrinZ\Desktop\avast_home_setup.exe
[2009/08/20 21:46:48 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Lunar_PrinZ\Desktop\RootRepeal.exe
[2009/08/20 21:29:43 | 03,942,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Lunar_PrinZ\Desktop\mbam-setup.exe
[2009/08/20 21:27:44 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Lunar_PrinZ\Desktop\erunt_setup.exe
[2009/08/20 21:26:21 | 00,021,504 | ---- | C] (Doug Knox) -- C:\Documents and Settings\Lunar_PrinZ\Desktop\SysRestorePoint.exe
[2009/08/20 21:13:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2009/08/20 21:12:56 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2009/08/20 21:12:54 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2009/08/20 21:12:09 | 00,272,384 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Lunar_PrinZ\Desktop\TFC.exe
[2009/08/20 21:10:12 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2009/08/20 16:46:15 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/08/20 16:46:08 | 00,042,915 | ---- | C] () -- C:\Documents and Settings\Lunar_PrinZ\Desktop\PSW1.JPG
[2009/08/20 16:22:31 | 00,000,000 | -H-D | C] -- C:\$AVG8.VAULT$
[2009/08/20 16:21:55 | 00,013,646 | ---- | C] () -- C:\WINDOWS\System32\wpa.bak
[2009/08/20 16:06:41 | 00,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2009/08/20 16:06:40 | 04,279,780 | -H-- | C] () -- C:\Documents and Settings\Lunar_PrinZ\Local Settings\Application Data\IconCache.db
[2009/08/20 16:05:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Lunar_PrinZ\Application Data\Intel
[2009/08/20 16:04:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Intel
[2009/08/20 16:04:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2009/08/20 16:04:33 | 00,000,000 | ---D | C] -- C:\Program Files\Intel
[2009/08/20 15:59:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Lunar_PrinZ\My Documents\Bluetooth
[2009/08/20 15:59:47 | 00,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
[2009/08/20 15:59:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Lunar_PrinZ\Local Settings\Application Data\Toshiba
[2009/08/20 15:56:57 | 00,000,000 | ---D | C] -- C:\Program Files\Toshiba
[2009/08/20 15:55:15 | 00,921,656 | R--- | C] () -- C:\WINDOWS\System32\VGA.RAW
[2009/08/20 15:55:15 | 00,921,656 | ---- | C] () -- C:\WINDOWS\System32\CustomBk.raw
[2009/08/20 15:55:15 | 00,245,760 | R--- | C] (vimicro) -- C:\WINDOWS\System32\Vmprp321.ax
[2009/08/20 15:55:15 | 00,227,840 | R--- | C] (Vimicro Corporation) -- C:\WINDOWS\System32\drivers\usbvm321.sys
[2009/08/20 15:55:15 | 00,032,768 | R--- | C] (Vimicro Corporation) -- C:\WINDOWS\System32\VMCtrl321.ax
[2009/08/20 15:55:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\CatRoot
[2009/08/20 15:55:14 | 00,032,768 | ---- | C] () -- C:\WINDOWS\VMUninstNT.exe
[2009/08/20 15:55:14 | 00,032,768 | ---- | C] () -- C:\WINDOWS\VMInstNT.exe
[2009/08/20 15:55:14 | 00,000,000 | ---D | C] -- C:\WINDOWS\EffectResources
[2009/08/20 15:54:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\SMSC
[2009/08/20 15:51:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2009/08/20 15:51:40 | 00,069,721 | ---- | C] (Synaptics, Inc.) -- C:\WINDOWS\System32\SynTPFcs.dll
[2009/08/20 15:51:35 | 00,094,297 | ---- | C] (Synaptics, Inc.) -- C:\WINDOWS\System32\SynTPAPI.dll
[2009/08/20 15:51:35 | 00,081,920 | ---- | C] (Synaptics, Inc.) -- C:\WINDOWS\System32\SynTPCo2.dll
[2009/08/20 15:51:34 | 00,191,936 | ---- | C] (Synaptics, Inc.) -- C:\WINDOWS\System32\drivers\SynTP.sys
[2009/08/20 15:51:34 | 00,114,688 | ---- | C] (Synaptics, Inc.) -- C:\WINDOWS\System32\SynCtrl.dll
[2009/08/20 15:51:34 | 00,082,012 | ---- | C] (Synaptics, Inc.) -- C:\WINDOWS\System32\SynCOM.dll
[2009/08/20 15:51:29 | 00,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2009/08/20 15:50:24 | 00,028,544 | ---- | C] (REDC) -- C:\WINDOWS\System32\drivers\rimmptsk.sys
[2009/08/20 15:50:24 | 00,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2009/08/20 15:50:23 | 00,307,968 | ---- | C] (REDC) -- C:\WINDOWS\System32\drivers\rixdptsk.sys
[2009/08/20 15:50:23 | 00,051,328 | ---- | C] (REDC) -- C:\WINDOWS\System32\drivers\rimsptsk.sys
[2009/08/20 15:48:14 | 00,000,000 | ---D | C] -- C:\WINDOWS\OPTIONS
[2009/08/20 15:46:52 | 00,131,072 | R--- | C] (Motorola Inc.) -- C:\WINDOWS\System32\sm56co.dll
[2009/08/20 15:46:50 | 00,000,000 | ---D | C] -- C:\WINDOWS\Motorola
[2009/08/20 15:46:49 | 00,862,340 | R--- | C] (Motorola Inc.) -- C:\WINDOWS\System32\drivers\smserial.sys
[2009/08/20 15:46:49 | 00,544,768 | R--- | C] (Motorola Inc.) -- C:\WINDOWS\sm56hlpr.exe
[2009/08/20 15:46:49 | 00,069,632 | R--- | C] () -- C:\WINDOWS\sm56spn.dll
[2009/08/20 15:46:49 | 00,069,632 | R--- | C] () -- C:\WINDOWS\sm56itl.dll
[2009/08/20 15:46:49 | 00,069,632 | R--- | C] () -- C:\WINDOWS\sm56eng.dll
[2009/08/20 15:46:49 | 00,069,632 | R--- | C] () -- C:\WINDOWS\sm56brz.dll
[2009/08/20 15:46:49 | 00,061,440 | R--- | C] () -- C:\WINDOWS\sm56ger.dll
[2009/08/20 15:46:49 | 00,061,440 | R--- | C] () -- C:\WINDOWS\sm56fra.dll
[2009/08/20 15:46:49 | 00,053,248 | R--- | C] () -- C:\WINDOWS\sm56jpn.dll
[2009/08/20 15:46:49 | 00,049,152 | R--- | C] () -- C:\WINDOWS\sm56cht.dll
[2009/08/20 15:46:49 | 00,049,152 | R--- | C] () -- C:\WINDOWS\sm56chs.dll
[2009/08/20 15:45:28 | 00,142,336 | R--- | C] (Analog Devices, Inc.) -- C:\WINDOWS\System32\drivers\ADIHdAud.sys
[2009/08/20 15:45:23 | 00,049,152 | ---- | C] (Analog Devices Inc.) -- C:\WINDOWS\System32\DSndUp.exe
[2009/08/20 15:45:23 | 00,045,056 | ---- | C] (adi) -- C:\WINDOWS\System32\CleanUp.exe
[2009/08/20 15:45:23 | 00,000,000 | ---D | C] -- C:\Program Files\Analog Devices
[2009/08/20 15:45:21 | 00,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2009/08/20 15:40:49 | 00,050,868 | ---- | C] () -- C:\WINDOWS\System32\nvapps.xml
[2009/08/20 15:40:38 | 00,016,960 | ---- | C] () -- C:\WINDOWS\System32\nvdisp.nvu
[2009/08/20 15:40:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\nview
[2009/08/20 15:38:34 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2009/08/20 15:37:42 | 00,005,632 | R--- | C] () -- C:\WINDOWS\System32\drivers\ATKACPI.sys
[2009/08/20 15:37:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\ATK0100
[2009/08/20 15:37:26 | 00,007,424 | R--- | C] () -- C:\WINDOWS\System32\drivers\MMIOPORT.SYS
[2009/08/20 15:35:30 | 00,000,053 | RHS- | C] () -- C:\autorun.inf
[2009/08/20 15:33:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Lunar_PrinZ\Application Data\Identities
[2009/08/20 15:33:41 | 00,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2009/08/20 15:33:38 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Lunar_PrinZ\My Documents\My Pictures
[2009/08/20 15:33:38 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Lunar_PrinZ\My Documents\My Music
[2009/08/20 15:33:35 | 00,000,000 | --SD | C] -- C:\Documents and Settings\Lunar_PrinZ\Application Data\Microsoft
[2009/08/20 15:33:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Lunar_PrinZ\Local Settings\Application Data\Microsoft
[2009/08/20 15:31:39 | 00,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2009/08/20 15:31:37 | 00,000,006 | -H-- | C] () -- C:\WINDOWS\tasks\SA.DAT
[2009/08/20 15:31:37 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009/08/20 15:31:36 | 00,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2009/08/20 15:30:48 | 00,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2009/08/20 15:29:53 | 00,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/08/20 15:29:21 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2009/08/20 15:29:21 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2009/08/20 15:29:21 | 00,029,184 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2009/08/20 15:28:52 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2009/08/20 15:28:42 | 00,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2009/08/20 15:28:41 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_858.nls
[2009/08/20 15:28:41 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_870.nls
[2009/08/20 15:28:41 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21025.nls
[2009/08/20 15:28:41 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20924.nls
[2009/08/20 15:28:41 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20880.nls
[2009/08/20 15:28:40 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20871.nls
[2009/08/20 15:28:40 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20838.nls
[2009/08/20 15:28:40 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20833.nls
[2009/08/20 15:28:40 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20424.nls
[2009/08/20 15:28:40 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20423.nls
[2009/08/20 15:28:40 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20420.nls
[2009/08/20 15:28:40 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20297.nls
[2009/08/20 15:28:40 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20285.nls
[2009/08/20 15:28:40 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20284.nls
[2009/08/20 15:28:40 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20280.nls
[2009/08/20 15:28:40 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20278.nls
[2009/08/20 15:28:40 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20277.nls
[2009/08/20 15:28:40 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20273.nls
[2009/08/20 15:28:40 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20269.nls
[2009/08/20 15:28:39 | 00,187,938 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20005.nls
[2009/08/20 15:28:39 | 00,186,402 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20001.nls
[2009/08/20 15:28:39 | 00,185,378 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20003.nls
[2009/08/20 15:28:39 | 00,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20004.nls
[2009/08/20 15:28:39 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20002.nls
[2009/08/20 15:28:39 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20108.nls
[2009/08/20 15:28:39 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20107.nls
[2009/08/20 15:28:39 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20106.nls
[2009/08/20 15:28:39 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20105.nls
[2009/08/20 15:28:39 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1149.nls
[2009/08/20 15:28:39 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1148.nls
[2009/08/20 15:28:39 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1147.nls
[2009/08/20 15:28:38 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1146.nls
[2009/08/20 15:28:38 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1145.nls
[2009/08/20 15:28:38 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1144.nls
[2009/08/20 15:28:38 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1143.nls
[2009/08/20 15:28:38 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1142.nls
[2009/08/20 15:28:38 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1141.nls
[2009/08/20 15:28:38 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1140.nls
[2009/08/20 15:28:38 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1047.nls
[2009/08/20 15:28:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2009/08/20 15:28:16 | 00,000,000 | ---D | C] -- C:\Program Files\xerox
[2009/08/20 15:28:16 | 00,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2009/08/20 15:28:01 | 00,002,626 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/08/20 15:28:01 | 00,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2009/08/20 15:28:01 | 00,000,000 | RHS- | C] () -- C:\IO.SYS
[2009/08/20 15:28:01 | 00,000,000 | ---- | C] () -- C:\CONFIG.SYS
[2009/08/20 15:28:01 | 00,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT
[2009/08/20 15:27:58 | 00,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2009/08/20 15:27:58 | 00,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2009/08/20 15:27:56 | 00,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
[2009/08/20 15:27:01 | 00,000,488 | RH-- | C] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2009/08/20 15:27:01 | 00,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2009/08/20 15:27:01 | 00,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2009/08/20 15:27:01 | 00,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2009/08/20 15:26:55 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest
[2009/08/20 15:26:55 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2009/08/20 15:26:55 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2009/08/20 15:26:55 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2009/08/20 15:26:55 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2009/08/20 15:26:55 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2009/08/20 15:26:51 | 00,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2009/08/20 15:26:41 | 04,399,505 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nls302en.lex
[2009/08/20 15:26:34 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
[2009/08/20 15:26:26 | 00,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp
[2009/08/20 15:26:26 | 00,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp
[2009/08/20 15:26:20 | 00,000,984 | ---- | C] () -- C:\WINDOWS\System32\dllcache\srframe.mmf
[2009/08/20 15:26:17 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2009/08/20 15:26:15 | 00,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2009/08/20 15:26:14 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2009/08/20 15:26:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2009/08/20 15:26:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2009/08/20 15:26:01 | 00,000,000 | ---D | C] -- C:\Program Files\Movie Maker
[2009/08/20 15:25:41 | 00,376,832 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msinfo.dll
[2009/08/20 15:25:39 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
[2009/08/20 15:25:35 | 00,000,000 | ---D | C] -- C:\Program Files\NetMeeting
[2009/08/20 15:25:32 | 00,000,000 | ---D | C] -- C:\Program Files\Outlook Express
[2009/08/20 15:25:26 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2009/08/20 15:25:25 | 00,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2009/08/20 15:25:24 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2009/08/20 15:25:01 | 00,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/08/20 15:24:54 | 00,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2009/08/20 15:24:49 | 00,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2009/08/20 15:24:43 | 00,000,000 | ---D | C] -- C:\Program Files\Online Services
[2009/08/20 15:24:42 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2009/08/20 15:24:42 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
[2009/08/20 15:24:37 | 00,000,000 | ---D | C] -- C:\Program Files\Messenger
[2009/08/20 15:24:33 | 00,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone
[2009/08/20 15:24:19 | 00,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2009/08/20 15:24:18 | 00,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2009/08/20 15:24:18 | 00,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2009/08/20 15:24:18 | 00,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2009/08/20 15:24:18 | 00,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2009/08/20 15:24:18 | 00,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2009/08/20 15:24:18 | 00,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2009/08/20 15:24:18 | 00,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2009/08/20 15:24:18 | 00,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2009/08/20 15:24:18 | 00,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2009/08/20 15:24:18 | 00,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2009/08/20 15:24:17 | 00,093,702 | ---- | C] () -- C:\WINDOWS\System32\subrange.uce
[2009/08/20 15:24:17 | 00,060,458 | ---- | C] () -- C:\WINDOWS\System32\ideograf.uce
[2009/08/20 15:24:17 | 00,024,006 | ---- | C] () -- C:\WINDOWS\System32\gb2312.uce
[2009/08/20 15:24:17 | 00,016,740 | ---- | C] () -- C:\WINDOWS\System32\shiftjis.uce
[2009/08/20 15:24:17 | 00,012,876 | ---- | C] () -- C:\WINDOWS\System32\korean.uce
[2009/08/20 15:24:17 | 00,008,484 | ---- | C] () -- C:\WINDOWS\System32\kanji_2.uce
[2009/08/20 15:24:17 | 00,006,948 | ---- | C] () -- C:\WINDOWS\System32\kanji_1.uce
[2009/08/20 15:24:16 | 00,022,984 | ---- | C] () -- C:\WINDOWS\System32\bopomofo.uce
[2009/08/20 15:24:15 | 00,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
[2009/08/20 15:24:15 | 00,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2009/08/20 15:24:13 | 00,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h
[2009/08/20 15:24:08 | 00,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
[2009/08/20 15:23:56 | 00,281,088 | ---- | C] (Cinematronics) -- C:\WINDOWS\System32\dllcache\pinball.exe
[2009/08/20 15:23:56 | 00,000,000 | ---D | C] -- C:\Program Files\MSN
[2009/08/20 15:23:55 | 00,000,000 | ---D | C] -- C:\Program Files\Windows NT
[2009/08/20 15:23:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2009/08/20 15:23:50 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
[2009/08/20 15:23:48 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[2009/08/20 15:23:35 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos

========== Files - Modified Within 14 Days ==========

[2009/08/21 02:44:15 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/08/21 02:44:10 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/08/21 02:44:09 | 00,050,868 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/08/21 02:44:05 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/08/21 02:43:05 | 04,279,780 | -H-- | M] () -- C:\Documents and Settings\Lunar_PrinZ\Local Settings\Application Data\IconCache.db
[2009/08/21 02:41:38 | 00,003,584 | ---- | M] () -- C:\Documents and Settings\Lunar_PrinZ\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/21 01:25:41 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Lunar_PrinZ\Desktop\settings.dat
[2009/08/21 01:12:10 | 00,152,150 | ---- | M] () -- C:\Documents and Settings\Lunar_PrinZ\Desktop\PSW2.JPG
[2009/08/21 01:03:08 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/21 01:00:53 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Lunar_PrinZ\Desktop\NTREGOPT.lnk
[2009/08/21 01:00:53 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Lunar_PrinZ\Desktop\ERUNT.lnk
[2009/08/21 00:09:24 | 00,001,709 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/08/21 00:09:22 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/08/20 22:19:53 | 00,004,444 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF
[2009/08/20 22:17:39 | 00,000,231 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/08/20 22:13:12 | 00,034,616 | ---- | M] () -- C:\Documents and Settings\Lunar_PrinZ\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/08/20 22:12:46 | 00,356,120 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/08/20 22:12:46 | 00,311,938 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/08/20 22:12:46 | 00,040,326 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/08/20 22:08:10 | 00,157,160 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/08/20 22:06:01 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/08/20 22:02:03 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lunar_PrinZ\Desktop\OTL.exe
[2009/08/20 21:51:20 | 00,308,160 | ---- | M] (ALWIL Software) -- C:\Documents and Settings\Lunar_PrinZ\Desktop\avast_home_setup.exe
[2009/08/20 21:46:48 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Lunar_PrinZ\Desktop\RootRepeal.exe
[2009/08/20 21:29:43 | 03,942,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Lunar_PrinZ\Desktop\mbam-setup.exe
[2009/08/20 21:27:44 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Lunar_PrinZ\Desktop\erunt_setup.exe
[2009/08/20 21:26:22 | 00,021,504 | ---- | M] (Doug Knox) -- C:\Documents and Settings\Lunar_PrinZ\Desktop\SysRestorePoint.exe
[2009/08/20 21:12:16 | 00,272,384 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lunar_PrinZ\Desktop\TFC.exe
[2009/08/20 16:46:08 | 00,042,915 | ---- | M] () -- C:\Documents and Settings\Lunar_PrinZ\Desktop\PSW1.JPG
[2009/08/20 16:24:46 | 00,000,053 | RHS- | M] () -- C:\autorun.inf
[2009/08/20 16:21:53 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
[2009/08/20 16:06:41 | 00,000,000 | ---- | M] () -- C:\WINDOWS\tosOBEX.INI
[2009/08/20 16:00:03 | 00,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
[2009/08/20 15:30:48 | 00,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2009/08/20 15:29:53 | 00,000,261 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2009/08/20 15:28:01 | 00,000,477 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/08/20 15:28:01 | 00,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2009/08/20 15:28:01 | 00,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/08/20 15:28:01 | 00,000,000 | ---- | M] () -- C:\WINDOWS\control.ini
[2009/08/20 15:28:01 | 00,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/08/20 15:28:01 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/08/20 15:27:58 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2009/08/20 15:27:58 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2009/08/20 15:27:58 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2009/08/20 15:27:48 | 00,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2009/08/20 15:27:01 | 00,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2009/08/20 15:27:01 | 00,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2009/08/20 15:26:55 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2009/08/20 15:26:55 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2009/08/20 15:26:55 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2009/08/20 15:26:55 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2009/08/20 15:26:55 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2009/08/20 15:26:55 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2009/08/20 15:25:01 | 00,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/08/20 15:24:53 | 00,000,037 | ---- | M] () -- C:\WINDOWS\vbaddin.ini
[2009/08/20 15:24:53 | 00,000,036 | ---- | M] () -- C:\WINDOWS\vb.ini
[2009/08/20 15:21:25 | 00,000,211 | -HS- | M] () -- C:\boot.ini
[2009/08/17 23:10:20 | 01,279,456 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/08/17 23:06:54 | 00,093,392 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/08/17 23:06:43 | 00,094,160 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/08/17 23:05:52 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/08/17 23:05:37 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/08/17 23:04:40 | 00,051,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/08/17 23:04:29 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/08/17 23:03:21 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/08/17 23:02:50 | 00,097,480 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr

========== LOP Check ==========

[2009/08/21 01:03:04 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/08/20 16:04:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intel
[2009/08/21 01:03:10 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Lunar_PrinZ\Application Data
[2009/08/20 16:05:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lunar_PrinZ\Application Data\Intel
[2008/04/14 19:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/08/21 02:44:10 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< >
< End of report >






OTL Extras logfile created on: 8/21/2009 2:49:18 AM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Lunar_PrinZ\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.57 Gb Available Physical Memory | 78.41% Memory free
3.85 Gb Paging File | 3.46 Gb Available in Paging File | 89.82% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 24.51 Gb Total Space | 19.62 Gb Free Space | 80.06% Space Free | Partition Type: NTFS
Drive D: | 25.00 Gb Total Space | 23.28 Gb Free Space | 93.11% Space Free | Partition Type: NTFS
Drive E: | 25.00 Gb Total Space | 3.69 Gb Free Space | 14.77% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: VENUS
Current User Name: Lunar_PrinZ
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{17E2F183-BAC4-4D01-BD7A-59F781E17EFA}" = REALTEK PCIE NIC Driver
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{61F1704D-38E4-45D3-B1A0-6DF3CDA05F07}" = Vimicro 321 Camera
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{B502B428-3386-40A9-98DB-079AAB72E64F}" = mEoU
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F1B8DB67-D30E-4FF9-A85F-3CEE51825AA2}" = SMSC IrCC V5.1.3600.9
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"avast!" = avast! Antivirus
"ERUNT_is1" = ERUNT 1.1j
"HControl" = ATK0100 ACPI UTILITY
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"NVIDIA Drivers" = NVIDIA Drivers
"ProInst" = ซอฟต์แวร์ Intel® PROSet/Wireless
"SMSERIAL" = Motorola SM56 Data Fax Modem
"SynTPDeinstKey" = Synaptics Pointing Device Driver

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/20/2009 3:37:39 PM | Computer Name = VENUS | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x00036d7a.

[ System Events ]
Error - 8/20/2009 6:45:37 AM | Computer Name = VENUS | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.

Error - 8/20/2009 11:29:36 AM | Computer Name = VENUS | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 8/20/2009 11:29:36 AM | Computer Name = VENUS | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 8/20/2009 11:33:21 AM | Computer Name = VENUS | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 8/20/2009 11:33:21 AM | Computer Name = VENUS | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.

Error - 8/20/2009 1:54:05 PM | Computer Name = VENUS | Source = Service Control Manager | ID = 7034
Description = The Intel® PROSet/Wireless Event Log service terminated unexpectedly.
It has done this 1 time(s).

Error - 8/20/2009 1:54:05 PM | Computer Name = VENUS | Source = Service Control Manager | ID = 7034
Description = The Intel® PROSet/Wireless Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 8/20/2009 1:54:07 PM | Computer Name = VENUS | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Display Driver Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 8/20/2009 1:54:07 PM | Computer Name = VENUS | Source = Service Control Manager | ID = 7034
Description = The Intel® PROSet/Wireless Registry Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 8/20/2009 2:13:28 PM | Computer Name = VENUS | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring
the volume.


< End of report >

Finally, English isn't my native language. Sorry if there is something wrong in my text.

and
Thank you so much.

Edited by Lunar_PrinZ, 20 August 2009 - 02:26 PM.

  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP