Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

All my files are gone.


  • Please log in to reply

#1
clementine367

clementine367

    New Member

  • Member
  • Pip
  • 6 posts
I can log onto my computer ok but when I get to my desktop the 20+ programs that are usually there aren't there and all the programs in my 2 hard drives are gone. When I open the folders all it says is (empty) and I can't find anything. There was only one file in the main hard drive where I have the operating system called BOOTSECT.BAK but I don't know what it is or how to open it or if I even should open it. I did what it said in the cleaning guide and got the OTL program onto a disk and put it into the other infected computer and got this log. Please help! :C

OTL logfile created on: 5/10/2011 8:23:19 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\HEhehehe MINE\Desktop
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 59.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 2.72 Gb Free Space | 7.30% Space Free | Partition Type: NTFS
Drive D: | 702.31 Mb Total Space | 673.73 Mb Free Space | 95.93% Space Free | Partition Type: UDF
Drive S: | 931.51 Gb Total Space | 889.41 Gb Free Space | 95.48% Space Free | Partition Type: NTFS

Computer Name: AMD5000-PC | User Name: HEhehehe MINE | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/10 20:14:29 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\HEhehehe MINE\Desktop\OTL.com
PRC - [2011/04/23 21:38:39 | 000,140,952 | -H-- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.53\GoogleCrashHandler.exe
PRC - [2011/03/22 22:28:35 | 001,242,448 | -H-- | M] (Valve Corporation) -- C:\Program Files\Steam\steam.exe
PRC - [2011/02/25 10:46:22 | 000,249,648 | -H-- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/01/10 19:25:06 | 001,230,704 | -H-- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/06/16 20:21:13 | 000,322,352 | -H-- | M] (BitTorrent, Inc.) -- C:\Program Files\utorrent\utorrent.exe
PRC - [2010/04/28 14:15:02 | 002,633,976 | -H-- | M] (Veoh Networks) -- C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
PRC - [2009/11/23 16:53:56 | 004,497,704 | -H-- | M] (Wacom Technology, Corp.) -- C:\Windows\System32\Pen_Tablet.exe
PRC - [2009/11/23 16:53:56 | 001,823,528 | -H-- | M] (Wacom Technology, Corp.) -- C:\Windows\System32\WTablet\Pen_TabletUser.exe
PRC - [2009/04/11 02:28:11 | 001,143,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wercon.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/20 22:21:41 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/01/04 17:38:08 | 000,024,652 | -H-- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe


========== Modules (SafeList) ==========

MOD - [2011/05/10 20:14:29 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\HEhehehe MINE\Desktop\OTL.com
MOD - [2010/08/31 11:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/04/20 12:33:30 | 000,403,240 | -H-- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/02/28 18:44:14 | 000,183,560 | -H-- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011/01/23 18:25:34 | 000,655,624 | -H-- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/11/23 16:53:58 | 000,113,448 | -H-- | M] (Wacom Technology, Corp.) [Disabled | Stopped] -- C:\Program Files\WTouch\WTouchService.exe -- (WTouchService)
SRV - [2009/11/23 16:53:56 | 004,497,704 | -H-- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Windows\System32\Pen_Tablet.exe -- (TabletServicePen)
SRV - [2008/11/01 01:27:57 | 000,611,664 | -H-- | M] (Lavasoft) [Disabled | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2008/01/20 22:21:41 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/05/25 05:41:53 | 000,099,248 | -H-- | M] () [Disabled | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe -- (lxddCATSCustConnectService)
SRV - [2007/05/25 05:41:37 | 000,537,520 | -H-- | M] ( ) [Disabled | Stopped] -- C:\Windows\System32\lxddcoms.exe -- (lxdd_device)
SRV - [2007/01/04 17:38:08 | 000,024,652 | -H-- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)


========== Driver Services (SafeList) ==========

DRV - [2009/08/27 16:06:32 | 000,016,168 | -H-- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV - [2009/08/09 13:19:02 | 000,025,280 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/07/09 10:16:24 | 000,013,480 | -H-- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WacomVTHid.sys -- (WacomVTHid)
DRV - [2009/05/20 12:54:06 | 000,013,736 | -H-- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2009/04/11 02:32:55 | 000,226,280 | -H-- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\drivers\volsnap.sys -- (volsnap)
DRV - [2008/06/03 06:22:56 | 003,695,104 | -H-- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007/08/15 23:49:48 | 000,552,448 | -H-- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2007/02/16 11:12:36 | 000,011,312 | -H-- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2006/11/02 03:30:56 | 000,044,544 | -H-- | M] (Realtek Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.startsearcher.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.startsearcher.com
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/...UGO&form=ZGAPHP
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.startsearcher.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.startsearcher.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "Start Searcher"
FF - prefs.js..browser.search.defaulturl: "http://www.startsearcher.com/?q="
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.bing.com/...GO&form=ZGAPHP"
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: [email protected]:4.5
FF - prefs.js..extensions.enabledItems: [email protected]:1.5.2
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {D44439AC-6BD0-4E77-9322-F8822852330B}:1.9.1
FF - prefs.js..keyword.URL: "http://websearch.ask...=YYYYYYYYUS&q="
FF - prefs.js..network.proxy.type: 0


FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/21 19:54:33 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/02/13 18:35:13 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/02/13 18:35:13 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/14 14:15:07 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/14 14:15:07 | 000,000,000 | -H-D | M]

[2009/10/26 15:30:45 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\HEhehehe MINE\AppData\Roaming\mozilla\Extensions
[2011/04/23 01:07:20 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\HEhehehe MINE\AppData\Roaming\mozilla\Firefox\Profiles\wttirlpc.default\extensions
[2010/09/08 21:44:59 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\HEhehehe MINE\AppData\Roaming\mozilla\Firefox\Profiles\wttirlpc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/09/08 21:45:00 | 000,000,000 | -H-D | M] (Yahoo! Toolbar) -- C:\Users\HEhehehe MINE\AppData\Roaming\mozilla\Firefox\Profiles\wttirlpc.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/10/20 23:08:33 | 000,000,000 | -H-D | M] (DownloadHelper) -- C:\Users\HEhehehe MINE\AppData\Roaming\mozilla\Firefox\Profiles\wttirlpc.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/04/21 16:58:40 | 000,000,000 | -H-D | M] (Adblock Plus) -- C:\Users\HEhehehe MINE\AppData\Roaming\mozilla\Firefox\Profiles\wttirlpc.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/06/19 04:18:01 | 000,000,000 | -H-D | M] (Veoh Video Compass) -- C:\Users\HEhehehe MINE\AppData\Roaming\mozilla\Firefox\Profiles\wttirlpc.default\extensions\[email protected]
[2011/04/17 15:45:48 | 000,002,567 | -H-- | M] () -- C:\Users\HEhehehe MINE\AppData\Roaming\Mozilla\Firefox\Profiles\wttirlpc.default\searchplugins\askcom.xml
[2011/01/12 13:47:45 | 000,001,919 | -H-- | M] () -- C:\Users\HEhehehe MINE\AppData\Roaming\Mozilla\Firefox\Profiles\wttirlpc.default\searchplugins\bing-zugo.xml
[2010/03/31 00:22:19 | 000,002,057 | -H-- | M] () -- C:\Users\HEhehehe MINE\AppData\Roaming\Mozilla\Firefox\Profiles\wttirlpc.default\searchplugins\youtube-video-search.xml
[2011/01/17 21:34:38 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/02/13 18:35:13 | 000,000,000 | -H-D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO
[2011/02/13 18:35:13 | 000,000,000 | -H-D | M] (DivX HiQ) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA
[2010/03/21 19:54:33 | 000,000,000 | -H-D | M] (HP Smart Web Printing) -- C:\PROGRAM FILES\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3
[2011/04/22 21:04:45 | 000,000,000 | -H-D | M] (XULRunner) -- C:\USERS\HEHEHEHE MINE\APPDATA\LOCAL\{D44439AC-6BD0-4E77-9322-F8822852330B}

Hosts file not found
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O2 - BHO: (no name) - {B1BE275B-78BF-4A33-81AB-380699CFF329} - No CLSID value found.
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (CrowdStar Gamebar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {B3535C18-0E70-4D4B-B36B-BBFE139BB144} - No CLSID value found.
O3 - HKLM\..\Toolbar: (CrowdStar Gamebar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (CrowdStar Gamebar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [lxddamon] File not found
O4 - HKLM..\Run: [lxddmon.exe] File not found
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\iexplorer.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [EA Core] File not found
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O4 - HKCU..\Run: [Wisdom-soft AutoScreenRecorder 3.1 Pro] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O9 - Extra Button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\HEhehehe MINE\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Users\HEhehehe MINE\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | -H-- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{7134e19f-6561-11df-96f9-001d922b96ed}\Shell - "" = AutoRun
O33 - MountPoints2\{7134e19f-6561-11df-96f9-001d922b96ed}\Shell\AutoRun\command - "" = E:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/10 20:22:14 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\HEhehehe MINE\Desktop\OTL.com
[2011/04/24 03:26:50 | 000,565,248 | -H-- | C] (WinTrust) -- C:\ProgramData\iCEyocHtffAu.exe
[2011/04/22 21:04:44 | 000,000,000 | -H-D | C] -- C:\Users\HEhehehe MINE\AppData\Local\{D44439AC-6BD0-4E77-9322-F8822852330B}
[2011/04/22 21:03:00 | 000,000,000 | -H-D | C] -- C:\Users\HEhehehe MINE\AppData\Roaming\FE82F7DC5FC140EB2DBAA911891CAA8A
[2011/04/22 12:36:59 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FeralHeart
[2011/04/14 14:22:37 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/04/14 14:21:40 | 000,000,000 | -H-D | C] -- C:\Program Files\iPod
[2011/04/14 14:17:06 | 000,000,000 | -H-D | C] -- C:\Program Files\Bonjour
[2011/04/14 14:14:59 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/04/14 14:14:48 | 000,000,000 | -H-D | C] -- C:\Program Files\QuickTime
[2008/11/18 22:10:42 | 000,999,424 | -H-- | C] ( ) -- C:\Windows\System32\lxddusb1.dll
[2008/11/18 22:10:42 | 000,413,696 | -H-- | C] ( ) -- C:\Windows\System32\lxddinpa.dll
[2008/11/18 22:10:42 | 000,397,312 | -H-- | C] ( ) -- C:\Windows\System32\lxddiesc.dll
[2008/11/18 22:10:42 | 000,323,584 | -H-- | C] ( ) -- C:\Windows\System32\LXDDhcp.dll
[2008/11/18 22:10:41 | 001,232,896 | -H-- | C] ( ) -- C:\Windows\System32\lxddserv.dll
[2008/11/18 22:10:41 | 000,643,072 | -H-- | C] ( ) -- C:\Windows\System32\lxddpmui.dll
[2008/11/18 22:10:41 | 000,585,728 | -H-- | C] ( ) -- C:\Windows\System32\lxddlmpm.dll
[2008/11/18 22:10:41 | 000,163,840 | -H-- | C] ( ) -- C:\Windows\System32\lxddprox.dll
[2008/11/18 22:10:41 | 000,094,208 | -H-- | C] ( ) -- C:\Windows\System32\lxddpplc.dll
[2008/11/18 22:10:40 | 000,700,416 | -H-- | C] ( ) -- C:\Windows\System32\lxddhbn3.dll
[2008/11/18 22:10:40 | 000,385,968 | -H-- | C] ( ) -- C:\Windows\System32\lxddih.exe
[2008/11/18 22:10:39 | 000,684,032 | -H-- | C] ( ) -- C:\Windows\System32\lxddcomc.dll
[2008/11/18 22:10:39 | 000,537,520 | -H-- | C] ( ) -- C:\Windows\System32\lxddcoms.exe
[2008/11/18 22:10:39 | 000,425,984 | -H-- | C] ( ) -- C:\Windows\System32\lxddcomm.dll
[2008/11/18 22:10:39 | 000,394,160 | -H-- | C] ( ) -- C:\Windows\System32\lxddcfg.exe
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/10 20:21:29 | 000,000,896 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/10 20:21:16 | 000,003,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/10 20:21:16 | 000,003,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/10 20:20:57 | 2012,667,904 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/10 20:14:29 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\HEhehehe MINE\Desktop\OTL.com
[2011/04/24 20:43:03 | 000,000,900 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/24 03:52:09 | 233,945,942 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/04/24 03:36:00 | 000,000,136 | -H-- | M] () -- C:\ProgramData\~30007048r
[2011/04/24 03:36:00 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~30007048
[2011/04/24 03:35:56 | 000,000,328 | -H-- | M] () -- C:\ProgramData\30007048
[2011/04/24 03:35:54 | 000,483,328 | -H-- | M] () -- C:\ProgramData\30007048.exe
[2011/04/24 03:26:49 | 000,565,248 | -H-- | M] (WinTrust) -- C:\ProgramData\iCEyocHtffAu.exe
[2011/04/23 23:59:01 | 000,010,852 | -HS- | M] () -- C:\Users\HEhehehe MINE\AppData\Local\58bx7eu82nw807u43225osy0i56032q6uj62
[2011/04/23 23:59:01 | 000,010,852 | -HS- | M] () -- C:\ProgramData\58bx7eu82nw807u43225osy0i56032q6uj62
[2011/04/22 22:16:03 | 000,000,959 | -H-- | M] () -- C:\Users\HEhehehe MINE\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/04/22 21:04:47 | 000,000,000 | -H-- | M] () -- C:\Users\HEhehehe MINE\AppData\Local\Gsezisuvubovisi.bin
[2011/04/22 21:04:46 | 000,000,120 | -H-- | M] () -- C:\Users\HEhehehe MINE\AppData\Local\Hlukocarezate.dat
[2011/04/22 12:36:59 | 000,000,616 | -H-- | M] () -- C:\Users\Public\Desktop\FeralHeart.lnk
[2011/04/22 02:30:05 | 000,012,448 | -HS- | M] () -- C:\Users\HEhehehe MINE\AppData\Local\6pb087442k5ycs4ep8i2mb5i618
[2011/04/22 02:30:05 | 000,012,448 | -HS- | M] () -- C:\ProgramData\6pb087442k5ycs4ep8i2mb5i618
[2011/04/22 00:44:31 | 000,365,792 | -H-- | M] () -- C:\Users\HEhehehe MINE\Documents\Imagin.veg
[2011/04/22 00:12:05 | 000,300,944 | -H-- | M] () -- C:\Users\HEhehehe MINE\Documents\Imagin.veg.bak
[2011/04/21 18:31:36 | 000,319,744 | -H-- | M] () -- C:\Users\HEhehehe MINE\Documents\LP WFTE.veg
[2011/04/21 17:15:37 | 000,002,674 | -HS- | M] () -- C:\Users\HEhehehe MINE\AppData\Local\00im1vnqdvdkb4fgj82467ha27waal
[2011/04/21 17:15:37 | 000,002,674 | -HS- | M] () -- C:\ProgramData\00im1vnqdvdkb4fgj82467ha27waal
[2011/04/20 12:30:45 | 002,397,328 | -H-- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/04/20 00:10:19 | 000,639,904 | -H-- | M] () -- C:\Windows\System32\perfh009.dat
[2011/04/20 00:10:19 | 000,118,156 | -H-- | M] () -- C:\Windows\System32\perfc009.dat
[2011/04/18 14:33:52 | 000,320,568 | -H-- | M] () -- C:\Users\HEhehehe MINE\Documents\LP WFTE.veg.bak
[2011/04/18 13:03:57 | 000,267,200 | -H-- | M] () -- C:\Users\HEhehehe MINE\Documents\dgdlemon.veg
[2011/04/17 15:45:35 | 000,011,934 | -HS- | M] () -- C:\Users\HEhehehe MINE\AppData\Local\b0se3umyo1dr8xdjlk14y73mq7bw5tu1v871iw0v3y4la7
[2011/04/17 15:45:35 | 000,011,934 | -HS- | M] () -- C:\ProgramData\b0se3umyo1dr8xdjlk14y73mq7bw5tu1v871iw0v3y4la7
[2011/04/14 22:51:24 | 000,251,416 | -H-- | M] () -- C:\Users\HEhehehe MINE\Documents\remembering sunday.veg
[2011/04/14 22:17:49 | 000,122,728 | -H-- | M] () -- C:\Users\HEhehehe MINE\Documents\raaaaaaaaaaaaaaaaaaaaaaaaaaa.veg
[2011/04/14 22:12:10 | 000,096,888 | -H-- | M] () -- C:\Users\HEhehehe MINE\Documents\raaaaaaaaaaaaaaaaaaaaaaaaaaa.veg.bak
[2011/04/14 17:39:46 | 000,001,971 | -H-- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/04/14 14:22:37 | 000,001,664 | -H-- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/04/14 14:15:00 | 000,001,726 | -H-- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/04/13 18:24:47 | 000,001,748 | -H-- | M] () -- C:\Users\HEhehehe MINE\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/04/12 19:26:25 | 000,000,846 | -H-- | M] () -- C:\Users\HEhehehe MINE\Desktop\firefox.exe - Shortcut.lnk
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/24 03:36:00 | 000,000,136 | -H-- | C] () -- C:\ProgramData\~30007048r
[2011/04/24 03:36:00 | 000,000,120 | -H-- | C] () -- C:\ProgramData\~30007048
[2011/04/24 03:35:56 | 000,000,328 | -H-- | C] () -- C:\ProgramData\30007048
[2011/04/24 03:35:54 | 000,483,328 | -H-- | C] () -- C:\ProgramData\30007048.exe
[2011/04/23 23:54:05 | 000,010,852 | -HS- | C] () -- C:\Users\HEhehehe MINE\AppData\Local\58bx7eu82nw807u43225osy0i56032q6uj62
[2011/04/23 23:54:05 | 000,010,852 | -HS- | C] () -- C:\ProgramData\58bx7eu82nw807u43225osy0i56032q6uj62
[2011/04/22 22:30:23 | 233,945,942 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/04/22 21:04:47 | 000,000,000 | -H-- | C] () -- C:\Users\HEhehehe MINE\AppData\Local\Gsezisuvubovisi.bin
[2011/04/22 21:04:46 | 000,000,120 | -H-- | C] () -- C:\Users\HEhehehe MINE\AppData\Local\Hlukocarezate.dat
[2011/04/22 12:36:59 | 000,000,616 | -H-- | C] () -- C:\Users\Public\Desktop\FeralHeart.lnk
[2011/04/22 02:27:57 | 000,012,448 | -HS- | C] () -- C:\Users\HEhehehe MINE\AppData\Local\6pb087442k5ycs4ep8i2mb5i618
[2011/04/22 02:27:57 | 000,012,448 | -HS- | C] () -- C:\ProgramData\6pb087442k5ycs4ep8i2mb5i618
[2011/04/21 17:14:38 | 000,002,674 | -HS- | C] () -- C:\ProgramData\00im1vnqdvdkb4fgj82467ha27waal
[2011/04/21 17:14:37 | 000,002,674 | -HS- | C] () -- C:\Users\HEhehehe MINE\AppData\Local\00im1vnqdvdkb4fgj82467ha27waal
[2011/04/18 00:30:56 | 000,365,792 | -H-- | C] () -- C:\Users\HEhehehe MINE\Documents\Imagin.veg
[2011/04/18 00:30:56 | 000,300,944 | -H-- | C] () -- C:\Users\HEhehehe MINE\Documents\Imagin.veg.bak
[2011/04/17 15:43:37 | 000,011,934 | -HS- | C] () -- C:\Users\HEhehehe MINE\AppData\Local\b0se3umyo1dr8xdjlk14y73mq7bw5tu1v871iw0v3y4la7
[2011/04/17 15:43:37 | 000,011,934 | -HS- | C] () -- C:\ProgramData\b0se3umyo1dr8xdjlk14y73mq7bw5tu1v871iw0v3y4la7
[2011/04/14 14:22:37 | 000,001,664 | -H-- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/04/14 14:15:00 | 000,001,726 | -H-- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/04/12 19:26:25 | 000,000,846 | -H-- | C] () -- C:\Users\HEhehehe MINE\Desktop\firefox.exe - Shortcut.lnk
[2011/04/11 23:28:10 | 000,122,728 | -H-- | C] () -- C:\Users\HEhehehe MINE\Documents\raaaaaaaaaaaaaaaaaaaaaaaaaaa.veg
[2011/04/11 23:28:10 | 000,096,888 | -H-- | C] () -- C:\Users\HEhehehe MINE\Documents\raaaaaaaaaaaaaaaaaaaaaaaaaaa.veg.bak
[2011/04/09 01:24:44 | 000,012,354 | -HS- | C] () -- C:\Users\HEhehehe MINE\AppData\Local\p01466yq787g02dkm22q
[2011/04/09 01:24:44 | 000,012,354 | -HS- | C] () -- C:\ProgramData\p01466yq787g02dkm22q
[2011/03/09 19:44:41 | 000,000,680 | -H-- | C] () -- C:\Users\HEhehehe MINE\AppData\Local\d3d9caps.dat
[2010/06/28 22:18:52 | 000,045,056 | -H-- | C] () -- C:\Users\HEhehehe MINE\AppData\Roaming\chrtmp
[2010/04/17 08:41:14 | 000,011,586 | -HS- | C] () -- C:\Users\HEhehehe MINE\AppData\Local\5sbBr21
[2010/04/17 08:41:14 | 000,011,586 | -HS- | C] () -- C:\ProgramData\5sbBr21
[2010/03/21 19:46:44 | 000,165,717 | -H-- | C] () -- C:\Windows\hpoins44.dat
[2009/12/09 19:05:10 | 000,000,000 | -H-- | C] () -- C:\Users\HEhehehe MINE\AppData\Roaming\Framework
[2009/11/15 11:47:14 | 000,161,792 | -H-- | C] () -- C:\Users\HEhehehe MINE\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/27 15:35:04 | 000,000,000 | -H-- | C] () -- C:\Windows\ativpsrm.bin
[2009/09/18 18:19:39 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/18 18:19:38 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/18 18:18:32 | 000,226,280 | -H-- | C] () -- C:\Windows\System32\drivers\volsnap.sys
[2009/09/18 18:17:16 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/09/06 16:13:11 | 000,000,000 | -H-- | C] () -- C:\ProgramData\Folder Actions Handlers
[2009/09/06 16:13:11 | 000,000,000 | -H-- | C] () -- C:\ProgramData\Filters
[2009/09/05 14:14:22 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT
[2009/09/05 14:09:17 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2009/08/09 21:08:24 | 000,001,890 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2009/08/09 21:08:24 | 000,000,088 | RHS- | C] () -- C:\ProgramData\177FE39BB4.sys
[2009/08/03 16:07:42 | 000,403,816 | -H-- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | -H-- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/06/11 05:30:02 | 000,000,586 | -H-- | C] () -- C:\Windows\hpomdl44.dat
[2009/04/21 07:34:25 | 000,000,580 | -H-- | C] () -- C:\ProgramData\lxdd
[2009/03/13 17:27:30 | 000,237,568 | -H-- | C] () -- C:\Windows\System32\rmc_rtspdl.dll
[2008/11/21 17:47:52 | 003,596,288 | -H-- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/11/18 22:15:49 | 000,344,064 | -H-- | C] () -- C:\Windows\System32\lxddcoin.dll
[2008/11/18 22:12:59 | 000,036,864 | -H-- | C] () -- C:\Windows\System32\lxf3oem.dll
[2008/11/18 22:12:59 | 000,012,288 | -H-- | C] () -- C:\Windows\System32\LXF3PMRC.DLL
[2008/11/18 22:11:31 | 000,000,044 | -H-- | C] () -- C:\Windows\System32\lxddrwrd.ini
[2008/11/18 22:10:42 | 000,286,720 | -H-- | C] () -- C:\Windows\System32\LXDDinst.dll
[2008/11/18 22:10:40 | 000,208,896 | -H-- | C] () -- C:\Windows\System32\lxddgrd.dll
[2008/11/01 00:36:41 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/06/03 03:35:18 | 000,159,744 | -H-- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008/06/03 03:02:02 | 003,107,788 | -H-- | C] () -- C:\Windows\System32\atiumdva.dat
[2008/05/16 11:58:04 | 000,012,632 | -H-- | C] () -- C:\Windows\System32\lsdelete.exe
[2008/04/28 21:09:10 | 000,172,033 | -H-- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008/03/06 00:38:44 | 000,090,112 | -H-- | C] () -- C:\Windows\System32\atibrtmon.exe
[2008/01/20 22:23:41 | 000,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en
[2007/01/23 14:40:03 | 000,065,536 | -H-- | C] () -- C:\Windows\System32\lxddcaps.dll
[2007/01/10 07:44:26 | 001,457,024 | RH-- | C] () -- C:\Windows\System32\SSCProt.dll
[2007/01/09 12:13:08 | 000,692,224 | -H-- | C] () -- C:\Windows\System32\lxdddrs.dll
[2006/11/02 08:46:27 | 002,397,328 | -H-- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:34:20 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,639,904 | -H-- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | -H-- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,118,156 | -H-- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | -H-- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | -H-- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | -H-- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | -H-- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | -H-- | C] () -- C:\Windows\System32\mlang.dat
[2006/10/06 13:08:04 | 000,069,632 | -H-- | C] () -- C:\Windows\System32\lxddcnv4.dll
[2006/05/17 22:47:12 | 000,040,960 | -H-- | C] () -- C:\Windows\System32\lxddvs.dll

========== LOP Check ==========

[2010/10/09 11:38:02 | 000,000,000 | -H-D | M] -- C:\Users\HEhehehe MINE\AppData\Roaming\.minecraft
[2009/10/26 15:28:19 | 000,000,000 | -H-D | M] -- C:\Users\HEhehehe MINE\AppData\Roaming\acccore
[2011/01/26 22:51:10 | 000,000,000 | RHSD | M] -- C:\Users\HEhehehe MINE\AppData\Roaming\explorer32
[2010/03/27 23:31:20 | 000,000,000 | -H-D | M] -- C:\Users\HEhehehe MINE\AppData\Roaming\Facebook
[2011/04/22 21:03:03 | 000,000,000 | -H-D | M] -- C:\Users\HEhehehe MINE\AppData\Roaming\FE82F7DC5FC140EB2DBAA911891CAA8A
[2010/08/11 19:36:32 | 000,000,000 | -H-D | M] -- C:\Users\HEhehehe MINE\AppData\Roaming\Handy Uninstaller
[2009/11/14 10:15:10 | 000,000,000 | -H-D | M] -- C:\Users\HEhehehe MINE\AppData\Roaming\Jasc
[2009/12/21 14:50:56 | 000,000,000 | -H-D | M] -- C:\Users\HEhehehe MINE\AppData\Roaming\Lexmark Productivity Studio
[2011/01/13 12:15:02 | 000,000,000 | -H-D | M] -- C:\Users\HEhehehe MINE\AppData\Roaming\NCH Swift Sound
[2009/11/15 11:31:47 | 000,000,000 | -H-D | M] -- C:\Users\HEhehehe MINE\AppData\Roaming\Publish Providers
[2010/12/29 21:44:50 | 000,000,000 | -H-D | M] -- C:\Users\HEhehehe MINE\AppData\Roaming\Sony
[2010/02/08 14:21:44 | 000,000,000 | -H-D | M] -- C:\Users\HEhehehe MINE\AppData\Roaming\Sony Creative Software
[2011/01/01 12:24:46 | 000,000,000 | -H-D | M] -- C:\Users\HEhehehe MINE\AppData\Roaming\Sony Creative Software Inc
[2011/01/12 13:50:22 | 000,000,000 | -H-D | M] -- C:\Users\HEhehehe MINE\AppData\Roaming\Synthesia
[2010/04/13 18:27:28 | 000,000,000 | -H-D | M] -- C:\Users\HEhehehe MINE\AppData\Roaming\SYSTEMAX Software Development
[2010/10/08 16:02:18 | 000,000,000 | -H-D | M] -- C:\Users\HEhehehe MINE\AppData\Roaming\Thinstall
[2010/01/03 04:23:22 | 000,000,000 | -H-D | M] -- C:\Users\HEhehehe MINE\AppData\Roaming\Uniblue
[2011/05/10 20:27:07 | 000,000,000 | -H-D | M] -- C:\Users\HEhehehe MINE\AppData\Roaming\uTorrent
[2009/12/19 10:34:41 | 000,000,396 | -H-- | M] () -- C:\Windows\Tasks\NSSstub.job
[2011/04/24 20:13:17 | 000,032,650 | -H-- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:888AFB86

< End of report >
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,679 posts
  • MVP
Copy the text between the lines of stars by highlighting and Ctrl + c


********************************************************************


:OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
FF - prefs.js..extensions.enabledItems: {D44439AC-6BD0-4E77-9322-F8822852330B}:1.9.1
[2011/04/22 21:04:45 | 000,000,000 | -H-D | M] (XULRunner) -- C:\USERS\HEHEHEHE MINE\APPDATA\LOCAL\{D44439AC-6BD0-4E77-9322-F8822852330B}
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {B1BE275B-78BF-4A33-81AB-380699CFF329} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {B3535C18-0E70-4D4B-B36B-BBFE139BB144} - No CLSID value found.
O3 - HKLM\..\Toolbar: (CrowdStar Gamebar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [lxddamon] File not found
O4 - HKLM..\Run: [lxddmon.exe] File not found
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\iexplorer.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [EA Core] File not found
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O33 - MountPoints2\{7134e19f-6561-11df-96f9-001d922b96ed}\Shell - "" = AutoRun
O33 - MountPoints2\{7134e19f-6561-11df-96f9-001d922b96ed}\Shell\AutoRun\command - "" = E:\setup.exe
[2011/04/22 21:04:44 | 000,000,000 | -H-D | C] -- C:\Users\HEhehehe MINE\AppData\Local\{D44439AC-6BD0-4E77-9322-F8822852330B}
[2011/04/22 21:03:00 | 000,000,000 | -H-D | C] -- C:\Users\HEhehehe MINE\AppData\Roaming\FE82F7DC5FC140EB2DBAA911891CAA8A
[2011/04/24 03:36:00 | 000,000,136 | -H-- | C] () -- C:\ProgramData\~30007048r
[2011/04/24 03:36:00 | 000,000,120 | -H-- | C] () -- C:\ProgramData\~30007048
[2011/04/24 03:35:56 | 000,000,328 | -H-- | C] () -- C:\ProgramData\30007048
[2011/04/24 03:35:54 | 000,483,328 | -H-- | C] () -- C:\ProgramData\30007048.exe
[2011/04/23 23:54:05 | 000,010,852 | -HS- | C] () -- C:\Users\HEhehehe MINE\AppData\Local\58bx7eu82nw807u43225osy0i56032q6uj62
[2011/04/23 23:54:05 | 000,010,852 | -HS- | C] () -- C:\ProgramData\58bx7eu82nw807u43225osy0i56032q6uj62
[2011/04/22 21:04:47 | 000,000,000 | -H-- | C] () -- C:\Users\HEhehehe MINE\AppData\Local\Gsezisuvubovisi.bin
[2011/04/22 21:04:46 | 000,000,120 | -H-- | C] () -- C:\Users\HEhehehe MINE\AppData\Local\Hlukocarezate.dat
[2011/04/22 12:36:59 | 000,000,616 | -H-- | C] () -- C:\Users\Public\Desktop\FeralHeart.lnk
[2011/04/22 02:27:57 | 000,012,448 | -HS- | C] () -- C:\Users\HEhehehe MINE\AppData\Local\6pb087442k5ycs4ep8i2mb5i618
[2011/04/22 02:27:57 | 000,012,448 | -HS- | C] () -- C:\ProgramData\6pb087442k5ycs4ep8i2mb5i618
[2011/04/21 17:14:38 | 000,002,674 | -HS- | C] () -- C:\ProgramData\00im1vnqdvdkb4fgj82467ha27waal
[2011/04/21 17:14:37 | 000,002,674 | -HS- | C] () -- C:\Users\HEhehehe MINE\AppData\Local\00im1vnqdvdkb4fgj82467ha27waal
[2011/04/17 15:43:37 | 000,011,934 | -HS- | C] () -- C:\Users\HEhehehe MINE\AppData\Local\b0se3umyo1dr8xdjlk14y73mq7bw5tu1v871iw0v3y4la7
[2011/04/17 15:43:37 | 000,011,934 | -HS- | C] () -- C:\ProgramData\b0se3umyo1dr8xdjlk14y73mq7bw5tu1v871iw0v3y4la7
[2011/04/09 01:24:44 | 000,012,354 | -HS- | C] () -- C:\Users\HEhehehe MINE\AppData\Local\p01466yq787g02dkm22q
[2011/04/09 01:24:44 | 000,012,354 | -HS- | C] () -- C:\ProgramData\p01466yq787g02dkm22q
[2010/04/17 08:41:14 | 000,011,586 | -HS- | C] () -- C:\Users\HEhehehe MINE\AppData\Local\5sbBr21
[2010/04/17 08:41:14 | 000,011,586 | -HS- | C] () -- C:\ProgramData\5sbBr21


:Commands
[purity]
[emptytemp]
[Reboot]


*******************************************************************

then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done.

Open Firefox. Tools > Options > Privacy > History: make sure "Remember download history" is checked.



Download and Run (right click and select Run As Administrator) unhide.exe
http://download.blee...nler/unhide.exe

Ron
  • 0

#3
clementine367

clementine367

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Thank you very much for helping and replying! Everything is back on my computer and I'm currently on the previously infected computer. Is there anything else I should do to make sure everything is back on track? I have the log from the fix saved on a disk and I'll post it here under this so you can see. Thanks again! Computer cookies for you.

All processes killed
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: {D44439AC-6BD0-4E77-9322-F8822852330B}:1.9.1 removed from extensions.enabledItems
C:\USERS\HEHEHEHE MINE\APPDATA\LOCAL\{D44439AC-6BD0-4E77-9322-F8822852330B}\chrome\content folder moved successfully.
C:\USERS\HEHEHEHE MINE\APPDATA\LOCAL\{D44439AC-6BD0-4E77-9322-F8822852330B}\chrome folder moved successfully.
C:\USERS\HEHEHEHE MINE\APPDATA\LOCAL\{D44439AC-6BD0-4E77-9322-F8822852330B} folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B1BE275B-78BF-4A33-81AB-380699CFF329}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B1BE275B-78BF-4A33-81AB-380699CFF329}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{9D425283-D487-4337-BAB6-AB8354A81457} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{B3535C18-0E70-4D4B-B36B-BBFE139BB144} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B3535C18-0E70-4D4B-B36B-BBFE139BB144}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
C:\Program Files\Ask.com\GenericAskToolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\lxddamon deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\lxddmon.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Malwarebytes Anti-Malware (reboot) deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Malwarebytes' Anti-Malware (reboot) not found.
C:\Program Files\Malwarebytes' Anti-Malware\iexplorer.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\EA Core deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\uTorrent deleted successfully.
C:\Program Files\utorrent\utorrent.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\Windows\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {D27CDB6E-AE6D-11CF-96B8-444553540000}
C:\Windows\Downloaded Program Files\swflash.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ deleted successfully.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7134e19f-6561-11df-96f9-001d922b96ed}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7134e19f-6561-11df-96f9-001d922b96ed}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7134e19f-6561-11df-96f9-001d922b96ed}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7134e19f-6561-11df-96f9-001d922b96ed}\ not found.
File E:\setup.exe not found.
Folder C:\Users\HEhehehe MINE\AppData\Local\{D44439AC-6BD0-4E77-9322-F8822852330B}\ not found.
C:\Users\HEhehehe MINE\AppData\Roaming\FE82F7DC5FC140EB2DBAA911891CAA8A folder moved successfully.
C:\ProgramData\~30007048r moved successfully.
C:\ProgramData\~30007048 moved successfully.
C:\ProgramData\30007048 moved successfully.
C:\ProgramData\30007048.exe moved successfully.
C:\Users\HEhehehe MINE\AppData\Local\58bx7eu82nw807u43225osy0i56032q6uj62 moved successfully.
C:\ProgramData\58bx7eu82nw807u43225osy0i56032q6uj62 moved successfully.
C:\Users\HEhehehe MINE\AppData\Local\Gsezisuvubovisi.bin moved successfully.
C:\Users\HEhehehe MINE\AppData\Local\Hlukocarezate.dat moved successfully.
C:\Users\Public\Desktop\FeralHeart.lnk moved successfully.
C:\Users\HEhehehe MINE\AppData\Local\6pb087442k5ycs4ep8i2mb5i618 moved successfully.
C:\ProgramData\6pb087442k5ycs4ep8i2mb5i618 moved successfully.
C:\ProgramData\00im1vnqdvdkb4fgj82467ha27waal moved successfully.
C:\Users\HEhehehe MINE\AppData\Local\00im1vnqdvdkb4fgj82467ha27waal moved successfully.
C:\Users\HEhehehe MINE\AppData\Local\b0se3umyo1dr8xdjlk14y73mq7bw5tu1v871iw0v3y4la7 moved successfully.
C:\ProgramData\b0se3umyo1dr8xdjlk14y73mq7bw5tu1v871iw0v3y4la7 moved successfully.
C:\Users\HEhehehe MINE\AppData\Local\p01466yq787g02dkm22q moved successfully.
C:\ProgramData\p01466yq787g02dkm22q moved successfully.
C:\Users\HEhehehe MINE\AppData\Local\5sbBr21 moved successfully.
C:\ProgramData\5sbBr21 moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: HEhehehe MINE
->Temp folder emptied: 3475336740 bytes
->Temporary Internet Files folder emptied: 290695935 bytes
->Java cache emptied: 447668 bytes
->FireFox cache emptied: 74102960 bytes
->Google Chrome cache emptied: 7571080 bytes
->Flash cache emptied: 154779 bytes

User: Public

%systemdrive% .tmp files removed: 31212390 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 755521077 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 4,420.00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 05132011_193729

Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\TMP0000001456D7A42A2F438BE5 not found!

Registry entries deleted on Reboot...
  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,679 posts
  • MVP
Let's install the free Avast:

http://www.avast.com...ivirus-download

Download, Save, and right click and Run As Administrator.

Once you have it installed and it has updated:

Click on the Avast ball. Then click on Scan Computer, then on
Boot-Time Scan then on Settings. Change the Ask at the bottom to Move to Chest. OK then Schedule Now. Reboot and let it run a scan. It may take hours.
Once it finishes it should load windows.

Ron
  • 0

#5
clementine367

clementine367

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
I'm having more problems. I was on the computer all nice and stuff and then this "Vista" malware fighting software pops up and closes my browser and now I'm back on the other computer. I tried running Malwarebytes to see if I could fix the problem but when I tried opening it, it failed saying it couldn't find the correct path or something. I came back here to see if I could try reinstalling it. I did everything you said too! Is there something getting into my computer?
  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,679 posts
  • MVP
Sounds like it. Did you run the Avast Boot-time scan?

Ron
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP