Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Generic.Bot.H

Started by JaRvEy , May 10 2010 04:52 PM

  • Please log in to reply

#1
JaRvEy
Posted 10 May 2010 - 04:52 PM

JaRvEy

    Member

  • Member
  • PipPip
  • 50 posts
Hey guys. I'm new here and appreciate your patience in advance! I had a virus last week and i reformatted my harddrive. Spybot comes back clean. However, Malwarebytes comes back with Generic.Bot.h and it won't go away! Can I get some help with this? Would you need to see the log from the Malwarebytes "removal"? Or possibly a HiJackThis log? Please let me know~
  • 0

Advertisements

#2
RKinner
Posted 10 May 2010 - 07:39 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Do as much of

http://www.geekstogo...uide-t2852.html

as you can. If a step won't work, skip to the next one. Copy and paste your gmer, mbam, otl, & extras logs into a reply. Do not attach them.

If you lose internet access after running MBAM or if you are not able to get to the downloads:

In IE, Tools, Internet Options, Connections, LAN Settings, then uncheck all boxes and OK. Close IE and restart IE.

In FireFox, Tools, Options, Advanced, Settings, check No Proxy then OK. Close Firefox and restart Firefox.

In Chrome, Wrench, Options, Under the Hood, Change Proxy Settings, uncheck all boxes, OK.

Ron
  • 0

#3
JaRvEy
Posted 11 May 2010 - 09:51 AM

JaRvEy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
Thanks for replying, RKinner. Here are my logs and a few comments:

The following GMER log has 4 red entries. I know my Avast scan shows two LeechLLC files. I tried removing them through Avast but they keep reappearing.[/u]

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-11 11:23:10
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\grumpy\LOCALS~1\Temp\pxtdapog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xF49EAC7A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xF49EAB36]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteKey [0xF49EB0EA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xF49EB014]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xF49EA70C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xF49EAC10]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xF49EA64C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xF49EA6B0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xF49EAD30]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRenameKey [0xF49EB1B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xF49EACF0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xF49EAE70]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0xF49F7AC6]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0xF49F78EA]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0xF49F7A24]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2CCC 80504568 4 Bytes JMP 54F49EB0
PAGE ntkrnlpa.exe!ZwLoadDriver 8058413A 7 Bytes JMP F49F7A28 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!NtCreateSection 805AB38E 7 Bytes JMP F49F78EE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC502 5 Bytes JMP F49F3536 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ObInsertObject 805C2F86 5 Bytes JMP F49F4EC2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D1134 7 Bytes JMP F49F7ACA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF6F40360, 0x240F7E, 0xE8000020]

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
---- Processes - GMER 1.0.15 ----

Library C:\Program Files\LeechLLC:mstorr.exe (*** hidden *** ) @ C:\Program Files\LeechLLC:mstorr.exe [2428] 0x10000000

Process C:\WINDOWS\explorer.exe (*** hidden *** ) 2724

Process C:\Program Files\LeechLLC:mstorr.exe (*** hidden *** ) 2740
Library C:\Program Files\LeechLLC:mstorr.exe (*** hidden *** ) @ C:\Program Files\LeechLLC:mstorr.exe [2740] 0x00400000

---- Files - GMER 1.0.15 ----

ADS C:\Program Files\LeechLLC:mstorr.exe 638976 bytes executable

---- EOF - GMER 1.0.15 ----

============================================================

[b]Here's my Malwarebytes' log. I tried removing Generic.Bot.H numerous times. But it keeps coming back![/b]

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4089

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/11/2010 9:17:39 AM
mbam-log-2010-05-11 (09-17-39).txt

Scan type: Quick scan
Objects scanned: 108660
Time elapsed: 3 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{p7y0u4w6-281q-ni2i-ux0d-15qq6lm01ow3} (Generic.Bot.H) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

============================================================

[u]OTL log file here:

OTL logfile created on: 5/11/2010 11:32:13 AM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\grumpy\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 545.00 Mb Available Physical Memory | 53.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.00 Gb Total Space | 116.34 Gb Free Space | 78.08% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: E510
Current User Name: grumpy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/05/11 08:01:22 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\grumpy\Desktop\OTL.exe
PRC - [2010/05/06 16:59:38 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009/01/26 15:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/14 00:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/05/11 08:01:22 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\grumpy\Desktop\OTL.exe
MOD - [2008/04/14 00:40:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2006/06/01 17:22:00 | 001,466,368 | ---- | M] () -- C:\WINDOWS\system32\nview.dll
MOD - [2006/06/01 17:22:00 | 001,019,904 | ---- | M] () -- C:\WINDOWS\system32\nvwimg.dll
MOD - [2006/06/01 17:22:00 | 000,081,920 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvwddi.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/05/06 16:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/05/06 16:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/05/06 16:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2006/10/21 13:38:44 | 000,508,824 | ---- | M] ( ) [On_Demand | Stopped] -- C:\WINDOWS\System32\DKabcoms.exe -- (dkab_device)
SRV - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2010/05/06 16:39:23 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/05/06 16:39:00 | 000,164,048 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/05/06 16:34:27 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/05/06 16:33:59 | 000,100,432 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/05/06 16:33:47 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/05/06 16:33:29 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2008/04/13 17:06:06 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2006/06/01 17:22:00 | 003,925,920 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.yahoo.com"
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/09 14:56:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/10 15:08:24 | 000,000,000 | ---D | M]

[2010/05/10 15:24:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\grumpy\Application Data\Mozilla\Extensions
[2010/05/10 09:00:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\grumpy\Application Data\Mozilla\Firefox\Profiles\4iocrouq.default\extensions
[2010/05/10 15:07:19 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\grumpy\Application Data\Mozilla\Firefox\Profiles\4iocrouq.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/05/09 13:11:36 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/01/13 18:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll

O1 HOSTS File: ([2007/08/11 02:58:33 | 000,000,768 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [nvcpl] C:\Program Files\LeechLLC:mstorr.exe File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Program Files\LeechLLC:mstorr.exe) - C:\Program Files\LeechLLC:mstorr.exe File not found
O24 - Desktop WallPaper: C:\Documents and Settings\grumpy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\grumpy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/05/09 10:02:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (aswBoot.exe /M:625a940e56b) - C:\WINDOWS\System32\aswBoot.exe (ALWIL Software)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2010/05/09 10:01:51 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902053519425536)

========== Files/Folders - Created Within 90 Days ==========

[2010/05/11 08:01:18 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\grumpy\Desktop\OTL.exe
[2010/05/11 07:52:57 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/05/11 07:01:00 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/05/11 07:00:59 | 000,164,048 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/05/11 07:00:58 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/05/11 07:00:57 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/05/11 07:00:55 | 000,100,432 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/05/11 07:00:55 | 000,094,800 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/05/11 07:00:55 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/05/11 07:00:44 | 000,165,032 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/05/11 07:00:44 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/05/11 07:00:38 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/05/11 07:00:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/05/11 06:54:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/05/11 06:47:54 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\grumpy\Desktop\TFC.exe
[2010/05/11 05:49:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/05/11 03:00:17 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010/05/10 16:37:36 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/05/10 15:27:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\grumpy\Local Settings\Application Data\Yahoo
[2010/05/10 15:27:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2010/05/10 15:26:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2010/05/10 15:24:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP
[2010/05/10 15:24:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2010/05/10 15:24:41 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2010/05/10 15:05:34 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/05/10 14:13:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\grumpy\Application Data\Malwarebytes
[2010/05/10 09:00:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2010/05/10 09:00:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2010/05/10 09:00:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\grumpy\Application Data\Yahoo!
[2010/05/10 08:59:04 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2010/05/10 08:32:15 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\grumpy\PrivacIE
[2010/05/10 08:31:35 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\grumpy\IETldCache
[2010/05/10 08:27:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/05/10 08:25:51 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/05/10 07:32:22 | 000,360,448 | ---- | C] ( ) -- C:\WINDOWS\System32\lexlog.dll
[2010/05/10 07:32:15 | 000,000,000 | ---D | C] -- C:\Program Files\Dell_HostCD
[2010/05/10 07:31:31 | 000,000,000 | ---D | C] -- C:\Program Files\Dell
[2010/05/10 07:31:20 | 000,987,136 | ---- | C] ( ) -- C:\WINDOWS\System32\DKabusb1.dll
[2010/05/10 07:31:20 | 000,675,840 | ---- | C] ( ) -- C:\WINDOWS\System32\DKabpmui.dll
[2010/05/10 07:31:19 | 001,204,224 | ---- | C] ( ) -- C:\WINDOWS\System32\DKabserv.dll
[2010/05/10 07:31:18 | 000,336,792 | ---- | C] ( ) -- C:\WINDOWS\System32\DKabppls.exe
[2010/05/10 07:31:18 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\DKabprox.dll
[2010/05/10 07:31:18 | 000,114,688 | ---- | C] ( ) -- C:\WINDOWS\System32\DKabpplc.dll
[2010/05/10 07:31:17 | 000,561,152 | ---- | C] ( ) -- C:\WINDOWS\System32\DKablmpm.dll
[2010/05/10 07:31:17 | 000,532,480 | ---- | C] ( ) -- C:\WINDOWS\System32\DKabpar1.dll
[2010/05/10 07:31:14 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\DKabinpa.dll
[2010/05/10 07:31:12 | 001,056,768 | ---- | C] ( ) -- C:\WINDOWS\System32\DKabip1.dll
[2010/05/10 07:31:11 | 000,508,824 | ---- | C] ( ) -- C:\WINDOWS\System32\DKabcoms.exe
[2010/05/10 07:31:11 | 000,507,904 | ---- | C] ( ) -- C:\WINDOWS\System32\DKabhcp.dll
[2010/05/10 07:31:10 | 000,614,400 | ---- | C] ( ) -- C:\WINDOWS\System32\DKabcomc.dll
[2010/05/10 07:31:10 | 000,425,984 | ---- | C] ( ) -- C:\WINDOWS\System32\DKabcomm.dll
[2010/05/09 16:27:42 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2010/05/09 15:56:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard
[2010/05/09 15:53:52 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2010/05/09 15:46:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\grumpy\Application Data\HP
[2010/05/09 15:46:13 | 000,098,304 | ---- | C] (Hewlett Packard Company) -- C:\WINDOWS\System32\hpzjsn01.dll
[2010/05/09 15:41:25 | 000,000,000 | ---D | C] -- C:\Program Files\SopCast
[2010/05/09 14:56:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\grumpy\Local Settings\Application Data\Mozilla
[2010/05/09 14:56:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\grumpy\Application Data\Mozilla
[2010/05/09 14:30:39 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/09 14:30:38 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/05/09 14:30:38 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/09 14:30:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/05/09 14:29:16 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/05/09 14:29:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/05/09 14:23:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/05/09 13:47:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\grumpy\Application Data\acccore
[2010/05/09 13:47:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\grumpy\Local Settings\Application Data\AOL
[2010/05/09 13:47:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\grumpy\Local Settings\Application Data\AIM
[2010/05/09 13:46:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AIM
[2010/05/09 13:46:53 | 000,000,000 | ---D | C] -- C:\Program Files\AIM
[2010/05/09 13:46:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AOL
[2010/05/09 13:24:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\grumpy\Local Settings\Application Data\CutePDF Writer
[2010/05/09 13:23:33 | 000,000,000 | ---D | C] -- C:\Program Files\GPLGS
[2010/05/09 13:23:05 | 000,000,000 | ---D | C] -- C:\Program Files\Acro Software
[2010/05/09 13:22:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\grumpy\My Documents\Downloads
[2010/05/09 13:21:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\grumpy\Local Settings\Application Data\Temp
[2010/05/09 13:21:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\grumpy\Local Settings\Application Data\Google
[2010/05/09 13:20:26 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/05/09 13:19:29 | 000,000,000 | ---D | C] -- C:\Program Files\MWSnap
[2010/05/09 13:18:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/05/09 13:18:27 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010/05/09 13:18:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2010/05/09 13:17:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\grumpy\Local Settings\Application Data\Adobe
[2010/05/09 13:17:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2010/05/09 13:13:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2010/05/09 13:13:43 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp Detect
[2010/05/09 13:13:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\RegisteredPackages
[2010/05/09 13:13:01 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp
[2010/05/09 13:13:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\grumpy\Application Data\Winamp
[2010/05/09 13:11:35 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/05/09 12:34:25 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\grumpy\UserData
[2010/05/09 11:07:58 | 000,000,000 | R--D | C] -- C:\Documents and Settings\grumpy\Desktop\WORK
[2010/05/09 11:00:50 | 000,000,000 | -HSD | C] -- C:\Program Files\LeechLLC
[2010/05/09 10:59:24 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2010/05/09 10:58:37 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2010/05/09 10:52:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\grumpy\Desktop\MP3
[2010/05/09 10:49:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA
[2010/05/09 10:49:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\nView_Profiles
[2010/05/09 10:47:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\nview
[2010/05/09 10:47:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2010/05/09 10:45:19 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2010/05/09 10:41:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\grumpy\Application Data\Adobe
[2010/05/09 10:41:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\grumpy\Application Data\Macromedia
[2010/05/09 10:39:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2010/05/09 10:38:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2010/05/09 10:38:04 | 000,000,000 | ---D | C] -- C:\drvrtmp
[2010/05/09 10:38:02 | 000,000,000 | ---D | C] -- C:\dell
[2010/05/09 10:07:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\grumpy\Application Data\Identities
[2010/05/09 10:07:41 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2010/05/09 10:07:38 | 000,000,000 | R--D | C] -- C:\Documents and Settings\grumpy\My Documents\My Pictures
[2010/05/09 10:07:38 | 000,000,000 | R--D | C] -- C:\Documents and Settings\grumpy\My Documents\My Music
[2010/05/09 10:07:35 | 000,000,000 | --SD | C] -- C:\Documents and Settings\grumpy\Application Data\Microsoft
[2010/05/09 10:07:35 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\grumpy\Application Data
[2010/05/09 10:07:35 | 000,000,000 | R--D | C] -- C:\Documents and Settings\grumpy\Favorites
[2010/05/09 10:07:35 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\grumpy\Cookies
[2010/05/09 10:07:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\grumpy\Local Settings\Application Data\Microsoft
[2010/05/09 10:07:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\grumpy\Desktop
[2010/05/09 10:07:34 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\grumpy\SendTo
[2010/05/09 10:07:34 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\grumpy\Recent
[2010/05/09 10:07:34 | 000,000,000 | R--D | C] -- C:\Documents and Settings\grumpy\Start Menu
[2010/05/09 10:07:34 | 000,000,000 | R--D | C] -- C:\Documents and Settings\grumpy\My Documents
[2010/05/09 10:07:34 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\grumpy\Templates
[2010/05/09 10:07:34 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\grumpy\PrintHood
[2010/05/09 10:07:34 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\grumpy\NetHood
[2010/05/09 10:07:34 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\grumpy\Local Settings
[2010/05/09 10:06:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2010/05/09 10:06:54 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2010/05/09 10:06:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/05/09 10:06:53 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/05/09 10:06:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/05/09 10:05:34 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/05/09 10:05:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/05/09 10:03:53 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2010/05/09 10:03:52 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2010/05/09 10:03:52 | 000,029,184 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2010/05/09 10:02:55 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2010/05/09 10:02:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2010/05/09 10:02:31 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2010/05/09 10:02:31 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2010/05/09 10:01:28 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\DRM
[2010/05/09 10:01:19 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2010/05/09 10:01:19 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2010/05/09 10:01:10 | 000,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2010/05/09 10:00:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
[2010/05/09 10:00:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2010/05/09 10:00:36 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2010/05/09 10:00:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2010/05/09 10:00:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2010/05/09 10:00:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2010/05/09 10:00:24 | 000,000,000 | ---D | C] -- C:\Program Files\Movie Maker
[2010/05/09 10:00:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
[2010/05/09 10:00:01 | 000,000,000 | ---D | C] -- C:\Program Files\NetMeeting
[2010/05/09 09:59:58 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Express
[2010/05/09 09:59:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2010/05/09 09:59:51 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2010/05/09 09:59:50 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2010/05/09 09:59:21 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2010/05/09 09:59:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2010/05/09 09:59:09 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2010/05/09 09:59:09 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
[2010/05/09 09:59:09 | 000,000,000 | ---D | C] -- C:\Program Files\Online Services
[2010/05/09 09:59:03 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger
[2010/05/09 09:59:00 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone
[2010/05/09 09:58:25 | 000,000,000 | ---D | C] -- C:\Program Files\MSN
[2010/05/09 09:58:23 | 000,281,088 | ---- | C] (Cinematronics) -- C:\WINDOWS\System32\dllcache\pinball.exe
[2010/05/09 09:58:20 | 000,000,000 | ---D | C] -- C:\Program Files\Windows NT
[2010/05/09 09:58:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2010/05/09 09:58:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
[2010/05/09 09:58:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[2010/05/09 09:57:41 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2010/05/09 05:52:14 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2010/05/09 05:52:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2010/05/09 05:52:06 | 000,000,000 | R--D | C] -- C:\Program Files
[2010/05/09 05:52:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
[2010/05/09 05:52:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2010/05/09 05:52:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files
[2010/05/09 05:51:34 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu
[2010/05/09 05:51:34 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents
[2010/05/09 05:51:34 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Templates
[2010/05/09 05:51:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Favorites
[2010/05/09 05:51:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop
[2010/05/09 05:51:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2010/05/09 05:51:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2010/05/09 05:51:14 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2010/05/09 05:51:14 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data
[2010/05/09 05:50:47 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2010/05/09 05:50:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings
[2010/05/09 05:46:56 | 000,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2010/05/09 05:46:56 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2010/05/09 05:46:56 | 000,000,000 | R--D | C] -- C:\WINDOWS\Web
[2010/05/09 05:46:56 | 000,000,000 | -H-D | C] -- C:\WINDOWS\inf
[2010/05/09 05:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2010/05/09 05:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2010/05/09 05:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS
[2010/05/09 05:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2010/05/09 05:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2010/05/09 05:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2010/05/09 05:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2010/05/09 05:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32
[2010/05/09 05:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\system
[2010/05/09 05:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
[2010/05/09 05:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2010/05/09 05:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2010/05/09 05:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\security
[2010/05/09 05:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2010/05/09 05:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2010/05/09 05:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\repair
[2010/05/09 05:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2010/05/09 05:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\Provisioning
[2010/05/09 05:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\PeerNet
[2010/05/09 05:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\pchealth
[2010/05/09 05:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2010/05/09 05:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2010/05/09 05:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\Network Diagnostic
[2010/05/09 05:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2010/05/09 05:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\mui
[2010/05/09 05:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2010/05/09 05:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2010/05/09 05:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\Media
[2010/05/09 05:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\L2Schemas
[2010/05/09 05:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\java
[2010/05/09 05:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2010/05/09 05:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
[2010/05/09 05:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime
[2010/05/09 05:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
[2010/05/09 05:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2010/05/09 05:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\Help
[2010/05/09 05:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2010/05/09 05:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
[2010/05/09 05:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2010/05/09 05:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\ehome
[2010/05/09 05:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
[2010/05/09 05:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2010/05/09 05:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2010/05/09 05:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2010/05/09 05:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2010/05/09 05:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2010/05/09 05:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2010/05/09 05:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\config
[2010/05/09 05:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\Config
[2010/05/09 05:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2010/05/09 05:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins
[2010/05/09 05:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2010/05/09 05:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2010/05/09 05:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2010/05/09 05:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2010/05/09 05:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2010/05/09 05:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2010/05/09 05:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2010/05/09 05:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
[2010/05/09 05:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2010/05/09 05:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2010/05/09 05:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1025

========== Files - Modified Within 90 Days ==========

[2010/05/11 11:30:24 | 000,063,804 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/05/11 11:30:24 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/11 11:30:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/11 11:27:04 | 003,597,644 | -H-- | M] () -- C:\Documents and Settings\grumpy\Local Settings\Application Data\IconCache.db
[2010/05/11 11:26:10 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-1284227242-1644491937-1003UA.job
[2010/05/11 11:25:10 | 001,310,720 | ---- | M] () -- C:\Documents and Settings\grumpy\ntuser.dat
[2010/05/11 09:47:59 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\grumpy\ntuser.ini
[2010/05/11 08:01:22 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\grumpy\Desktop\OTL.exe
[2010/05/11 07:56:39 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\grumpy\Desktop\gmer.exe
[2010/05/11 07:54:16 | 001,310,720 | ---- | M] () -- C:\Documents and Settings\grumpy\ntuser.bak
[2010/05/11 07:52:57 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\grumpy\Desktop\NTREGOPT.lnk
[2010/05/11 07:52:57 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\grumpy\Desktop\ERUNT.lnk
[2010/05/11 07:11:42 | 000,000,599 | ---- | M] () -- C:\WINDOWS\System32\LexFiles.usr
[2010/05/11 07:01:00 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/05/11 07:00:56 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/05/11 06:48:14 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\grumpy\Desktop\TFC.exe
[2010/05/11 05:45:27 | 008,206,880 | ---- | M] () -- C:\Documents and Settings\grumpy\Desktop\SUPERAntiSpyware.exe
[2010/05/11 03:19:27 | 000,356,120 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/05/11 03:19:27 | 000,311,604 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/05/11 03:19:27 | 000,039,992 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/05/11 03:01:11 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/05/10 16:37:36 | 000,001,986 | ---- | M] () -- C:\Documents and Settings\grumpy\Desktop\HiJackThis.lnk
[2010/05/10 15:28:50 | 000,165,912 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/05/10 15:00:43 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/10 13:26:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-1284227242-1644491937-1003Core.job
[2010/05/10 08:31:58 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\grumpy\Desktop\INTERNET EXPLORER.lnk
[2010/05/10 07:39:34 | 000,027,884 | ---- | M] () -- C:\WINDOWS\System32\LexFiles.ulf
[2010/05/10 07:39:25 | 000,031,200 | ---- | M] () -- C:\Documents and Settings\grumpy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/05/09 15:58:03 | 000,113,025 | ---- | M] () -- C:\WINDOWS\hpoins07.dat
[2010/05/09 15:57:48 | 000,000,532 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/05/09 15:57:33 | 000,000,723 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP IMAGE ZONE EXPRESS.lnk
[2010/05/09 15:57:15 | 000,001,808 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2010/05/09 15:56:58 | 000,000,984 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP SOLUTION CENTER.lnk
[2010/05/09 15:41:26 | 000,000,666 | ---- | M] () -- C:\Documents and Settings\grumpy\Desktop\SOPCAST.lnk
[2010/05/09 14:56:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010/05/09 14:30:41 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MALWARE BYTES' ANTI-MALWARE.lnk
[2010/05/09 14:29:20 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\grumpy\Desktop\SPYBOT.lnk
[2010/05/09 13:47:07 | 000,000,360 | -H-- | M] () -- C:\IPH.PH
[2010/05/09 13:46:58 | 000,001,574 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AIM.lnk
[2010/05/09 13:21:56 | 000,002,293 | ---- | M] () -- C:\Documents and Settings\grumpy\Desktop\GOOGLE CHROME.lnk
[2010/05/09 13:19:30 | 000,000,606 | ---- | M] () -- C:\Documents and Settings\grumpy\Desktop\MWSNAP 3.lnk
[2010/05/09 13:18:37 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ADOBE READER 9.lnk
[2010/05/09 13:13:52 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WINAMP.lnk
[2010/05/09 13:13:32 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/05/09 13:11:37 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\FIREFOX.lnk
[2010/05/09 10:45:37 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/05/09 10:45:21 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/05/09 10:05:37 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2010/05/09 10:04:28 | 000,000,780 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/05/09 10:02:17 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/05/09 10:02:17 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/05/09 10:02:17 | 000,000,000 | ---- | M] () -- C:\WINDOWS\control.ini
[2010/05/09 10:02:17 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/05/09 10:02:17 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/05/09 10:02:14 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/05/09 10:02:14 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/05/09 10:02:05 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2010/05/09 10:01:19 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2010/05/09 10:01:19 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010/05/09 10:01:13 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/05/09 10:01:13 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2010/05/09 10:01:13 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010/05/09 10:01:13 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010/05/09 10:01:13 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010/05/09 10:01:13 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2010/05/09 09:59:29 | 000,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/05/09 09:59:19 | 000,000,037 | ---- | M] () -- C:\WINDOWS\vbaddin.ini
[2010/05/09 09:59:19 | 000,000,036 | ---- | M] () -- C:\WINDOWS\vb.ini
[2010/05/09 09:57:04 | 000,000,319 | -HS- | M] () -- C:\boot.ini
[2010/05/09 05:52:18 | 000,004,444 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF
[2010/05/09 05:52:05 | 000,000,231 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/05/06 16:59:57 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/05/06 16:59:36 | 000,165,032 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/05/06 16:39:23 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/05/06 16:39:00 | 000,164,048 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/05/06 16:34:27 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/05/06 16:33:59 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/05/06 16:33:55 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/05/06 16:33:47 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/05/06 16:33:29 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2010/05/11 07:52:57 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\grumpy\Desktop\NTREGOPT.lnk
[2010/05/11 07:52:57 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\grumpy\Desktop\ERUNT.lnk
[2010/05/11 07:01:59 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\grumpy\ntuser.tmp.LOG
[2010/05/11 07:01:00 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/05/11 05:45:21 | 008,206,880 | ---- | C] () -- C:\Documents and Settings\grumpy\Desktop\SUPERAntiSpyware.exe
[2010/05/10 16:37:36 | 000,001,986 | ---- | C] () -- C:\Documents and Settings\grumpy\Desktop\HiJackThis.lnk
[2010/05/10 14:57:48 | 001,310,720 | ---- | C] () -- C:\Documents and Settings\grumpy\ntuser.dat
[2010/05/10 14:57:48 | 001,310,720 | ---- | C] () -- C:\Documents and Settings\grumpy\ntuser.bak
[2010/05/10 08:31:58 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\grumpy\Desktop\INTERNET EXPLORER.lnk
[2010/05/10 07:45:02 | 000,000,599 | ---- | C] () -- C:\WINDOWS\System32\LexFiles.usr
[2010/05/10 07:31:21 | 000,020,254 | ---- | C] () -- C:\WINDOWS\System32\DKabpmui.chm
[2010/05/10 07:31:09 | 000,001,780 | ---- | C] () -- C:\WINDOWS\System32\DKab.loc
[2010/05/10 07:31:03 | 000,027,884 | ---- | C] () -- C:\WINDOWS\System32\LexFiles.ulf
[2010/05/09 15:57:33 | 000,000,723 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP IMAGE ZONE EXPRESS.lnk
[2010/05/09 15:57:15 | 000,001,808 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2010/05/09 15:56:58 | 000,000,984 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP SOLUTION CENTER.lnk
[2010/05/09 15:52:18 | 000,113,025 | ---- | C] () -- C:\WINDOWS\hpoins07.dat
[2010/05/09 15:52:18 | 000,021,124 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat
[2010/05/09 15:52:18 | 000,000,726 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2010/05/09 15:41:26 | 000,000,666 | ---- | C] () -- C:\Documents and Settings\grumpy\Desktop\SOPCAST.lnk
[2010/05/09 14:56:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/05/09 14:30:41 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MALWARE BYTES' ANTI-MALWARE.lnk
[2010/05/09 14:29:20 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\grumpy\Desktop\SPYBOT.lnk
[2010/05/09 13:46:58 | 000,001,574 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AIM.lnk
[2010/05/09 13:46:36 | 000,000,360 | -H-- | C] () -- C:\IPH.PH
[2010/05/09 13:23:07 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2010/05/09 13:21:56 | 000,002,293 | ---- | C] () -- C:\Documents and Settings\grumpy\Desktop\GOOGLE CHROME.lnk
[2010/05/09 13:21:07 | 000,000,982 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-1284227242-1644491937-1003UA.job
[2010/05/09 13:21:06 | 000,000,930 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-1284227242-1644491937-1003Core.job
[2010/05/09 13:19:30 | 000,000,606 | ---- | C] () -- C:\Documents and Settings\grumpy\Desktop\MWSNAP 3.lnk
[2010/05/09 13:18:37 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ADOBE READER 9.lnk
[2010/05/09 13:13:52 | 000,000,654 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WINAMP.lnk
[2010/05/09 13:11:37 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\FIREFOX.lnk
[2010/05/09 10:47:58 | 000,063,804 | ---- | C] () -- C:\WINDOWS\System32\nvapps.xml
[2010/05/09 10:47:41 | 000,016,960 | ---- | C] () -- C:\WINDOWS\System32\nvdisp.nvu
[2010/05/09 10:45:24 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/05/09 10:45:21 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/05/09 10:38:31 | 000,001,902 | ---- | C] () -- C:\WINDOWS\System32\SetupBD.din
[2010/05/09 10:38:04 | 000,005,110 | ---- | C] () -- C:\WINDOWS\System32\e100b325.din
[2010/05/09 10:07:36 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\grumpy\ntuser.ini
[2010/05/09 10:07:35 | 000,020,480 | -H-- | C] () -- C:\Documents and Settings\grumpy\ntuser.dat.LOG
[2010/05/09 10:05:37 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2010/05/09 10:04:28 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/05/09 10:04:16 | 000,028,288 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xjis.nls
[2010/05/09 10:03:48 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prcp.nls
[2010/05/09 10:03:48 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prc.nls
[2010/05/09 10:03:47 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2010/05/09 10:03:32 | 000,047,066 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ksc.nls
[2010/05/09 10:03:31 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2010/05/09 10:03:25 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2010/05/09 10:03:24 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2010/05/09 10:03:23 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2010/05/09 10:03:14 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2010/05/09 10:03:10 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2010/05/09 10:03:06 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2010/05/09 10:02:57 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2010/05/09 10:02:55 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_870.nls
[2010/05/09 10:02:54 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20949.nls
[2010/05/09 10:02:54 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20936.nls
[2010/05/09 10:02:54 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_864.nls
[2010/05/09 10:02:54 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_862.nls
[2010/05/09 10:02:54 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_858.nls
[2010/05/09 10:02:54 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_720.nls
[2010/05/09 10:02:54 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_708.nls
[2010/05/09 10:02:54 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28596.nls
[2010/05/09 10:02:54 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21027.nls
[2010/05/09 10:02:54 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21025.nls
[2010/05/09 10:02:53 | 000,180,770 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20932.nls
[2010/05/09 10:02:53 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20924.nls
[2010/05/09 10:02:53 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20880.nls
[2010/05/09 10:02:53 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20871.nls
[2010/05/09 10:02:53 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20838.nls
[2010/05/09 10:02:53 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20833.nls
[2010/05/09 10:02:53 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20424.nls
[2010/05/09 10:02:53 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20423.nls
[2010/05/09 10:02:53 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20420.nls
[2010/05/09 10:02:53 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20297.nls
[2010/05/09 10:02:53 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20290.nls
[2010/05/09 10:02:53 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20285.nls
[2010/05/09 10:02:53 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20284.nls
[2010/05/09 10:02:53 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20280.nls
[2010/05/09 10:02:52 | 000,187,938 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20005.nls
[2010/05/09 10:02:52 | 000,185,378 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20003.nls
[2010/05/09 10:02:52 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20004.nls
[2010/05/09 10:02:52 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20002.nls
[2010/05/09 10:02:52 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20278.nls
[2010/05/09 10:02:52 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20277.nls
[2010/05/09 10:02:52 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20273.nls
[2010/05/09 10:02:52 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20269.nls
[2010/05/09 10:02:52 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20108.nls
[2010/05/09 10:02:52 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20107.nls
[2010/05/09 10:02:52 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20106.nls
[2010/05/09 10:02:52 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20105.nls
[2010/05/09 10:02:51 | 000,189,986 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1361.nls
[2010/05/09 10:02:51 | 000,186,402 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20001.nls
[2010/05/09 10:02:51 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20000.nls
[2010/05/09 10:02:51 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1149.nls
[2010/05/09 10:02:51 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1148.nls
[2010/05/09 10:02:51 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1147.nls
[2010/05/09 10:02:51 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1146.nls
[2010/05/09 10:02:51 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1145.nls
[2010/05/09 10:02:51 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1144.nls
[2010/05/09 10:02:51 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1143.nls
[2010/05/09 10:02:51 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1142.nls
[2010/05/09 10:02:51 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1141.nls
[2010/05/09 10:02:50 | 000,195,618 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10002.nls
[2010/05/09 10:02:50 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10003.nls
[2010/05/09 10:02:50 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10008.nls
[2010/05/09 10:02:50 | 000,162,850 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10001.nls
[2010/05/09 10:02:50 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1140.nls
[2010/05/09 10:02:50 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1047.nls
[2010/05/09 10:02:50 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10021.nls
[2010/05/09 10:02:50 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10005.nls
[2010/05/09 10:02:50 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10004.nls
[2010/05/09 10:02:49 | 000,082,172 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bopomofo.nls
[2010/05/09 10:02:49 | 000,066,728 | ---- | C] () -- C:\WINDOWS\System32\dllcache\big5.nls
[2010/05/09 10:02:17 | 000,002,626 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/05/09 10:02:17 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2010/05/09 10:02:17 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2010/05/09 10:02:17 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS
[2010/05/09 10:02:17 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT
[2010/05/09 10:02:14 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/05/09 10:02:14 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/05/09 10:02:13 | 000,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
[2010/05/09 10:01:19 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2010/05/09 10:01:19 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010/05/09 10:01:13 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/05/09 10:01:13 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest
[2010/05/09 10:01:13 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010/05/09 10:01:13 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010/05/09 10:01:13 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010/05/09 10:01:13 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2010/05/09 10:00:59 | 004,399,505 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nls302en.lex
[2010/05/09 10:00:45 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp
[2010/05/09 10:00:45 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp
[2010/05/09 10:00:40 | 000,000,984 | ---- | C] () -- C:\WINDOWS\System32\dllcache\srframe.mmf
[2010/05/09 10:00:07 | 000,376,832 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msinfo.dll
[2010/05/09 09:59:29 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/05/09 09:58:48 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2010/05/09 09:58:47 | 000,093,702 | ---- | C] () -- C:\WINDOWS\System32\subrange.uce
[2010/05/09 09:58:47 | 000,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2010/05/09 09:58:47 | 000,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2010/05/09 09:58:47 | 000,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2010/05/09 09:58:47 | 000,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2010/05/09 09:58:47 | 000,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2010/05/09 09:58:47 | 000,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2010/05/09 09:58:47 | 000,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2010/05/09 09:58:47 | 000,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2010/05/09 09:58:47 | 000,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2010/05/09 09:58:47 | 000,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2010/05/09 09:58:46 | 000,060,458 | ---- | C] () -- C:\WINDOWS\System32\ideograf.uce
[2010/05/09 09:58:46 | 000,024,006 | ---- | C] () -- C:\WINDOWS\System32\gb2312.uce
[2010/05/09 09:58:46 | 000,022,984 | ---- | C] () -- C:\WINDOWS\System32\bopomofo.uce
[2010/05/09 09:58:46 | 000,016,740 | ---- | C] () -- C:\WINDOWS\System32\shiftjis.uce
[2010/05/09 09:58:46 | 000,012,876 | ---- | C] () -- C:\WINDOWS\System32\korean.uce
[2010/05/09 09:58:46 | 000,008,484 | ---- | C] () -- C:\WINDOWS\System32\kanji_2.uce
[2010/05/09 09:58:46 | 000,006,948 | ---- | C] () -- C:\WINDOWS\System32\kanji_1.uce
[2010/05/09 09:58:45 | 000,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
[2010/05/09 09:58:45 | 000,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2010/05/09 09:58:44 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h
[2010/05/09 09:58:39 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
[2010/05/09 05:52:18 | 000,004,444 | ---- | C] () -- C:\WINDOWS\System32\pid.PNF
[2010/05/09 05:52:17 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/05/09 05:52:08 | 001,685,606 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.spd
[2010/05/09 05:52:08 | 000,000,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.sdf
[2010/05/09 05:52:07 | 000,643,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ltts1033.lxa
[2010/05/09 05:52:07 | 000,605,050 | ---- | C] () -- C:\WINDOWS\System32\dllcache\r1033tts.lxa
[2010/05/09 05:52:04 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28603.nls
[2010/05/09 05:52:04 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28603.nls
[2010/05/09 05:52:02 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_857.nls
[2010/05/09 05:52:02 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_857.nls
[2010/05/09 05:52:02 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28599.nls
[2010/05/09 05:52:02 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28599.nls
[2010/05/09 05:52:01 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10081.nls
[2010/05/09 05:52:01 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10081.nls
[2010/05/09 05:51:59 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28595.nls
[2010/05/09 05:51:59 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28595.NLS
[2010/05/09 05:51:59 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10017.nls
[2010/05/09 05:51:59 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10017.nls
[2010/05/09 05:51:59 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10007.nls
[2010/05/09 05:51:59 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10007.nls
[2010/05/09 05:51:57 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28597.nls
[2010/05/09 05:51:57 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28597.NLS
[2010/05/09 05:51:57 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10006.nls
[2010/05/09 05:51:57 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10006.nls
[2010/05/09 05:51:56 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_869.nls
[2010/05/09 05:51:56 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_869.nls
[2010/05/09 05:51:56 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_737.nls
[2010/05/09 05:51:56 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_737.nls
[2010/05/09 05:51:56 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_875.nls
[2010/05/09 05:51:56 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_875.nls
[2010/05/09 05:51:55 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_866.nls
[2010/05/09 05:51:55 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_866.nls
[2010/05/09 05:51:55 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_855.nls
[2010/05/09 05:51:55 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_855.nls
[2010/05/09 05:51:55 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28594.nls
[2010/05/09 05:51:55 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28594.NLS
[2010/05/09 05:51:52 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_852.nls
[2010/05/09 05:51:52 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_852.nls
[2010/05/09 05:51:52 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10082.nls
[2010/05/09 05:51:52 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10082.nls
[2010/05/09 05:51:52 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10029.nls
[2010/05/09 05:51:52 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10029.nls
[2010/05/09 05:51:52 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10010.nls
[2010/05/09 05:51:52 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10010.nls
[2010/05/09 05:51:49 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20127.nls
[2010/05/09 05:51:49 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_20127.nls
[2010/05/09 05:51:43 | 000,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2010/05/09 05:51:34 | 000,144,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat
[2010/05/09 05:51:34 | 000,026,991 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
[2010/05/09 05:51:34 | 000,014,433 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
[2010/05/09 05:51:33 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2010/05/09 05:51:33 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2010/05/09 05:51:33 | 000,112,918 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat
[2010/05/09 05:51:33 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2010/05/09 05:51:33 | 000,034,747 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat
[2010/05/09 05:51:33 | 000,034,063 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2010/05/09 05:51:33 | 000,016,535 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2010/05/09 05:51:33 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2010/05/09 05:51:33 | 000,012,363 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2010/05/09 05:51:33 | 000,010,027 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2010/05/09 05:51:33 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2010/05/09 05:51:33 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2010/05/09 05:51:33 | 000,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
[2010/05/09 05:51:32 | 002,144,487 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2010/05/09 05:51:32 | 001,296,669 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP3.CAT
[2010/05/09 05:51:32 | 000,522,220 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2010/05/09 05:50:46 | 000,165,912 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/05/09 05:50:10 | 000,000,319 | -HS- | C] () -- C:\boot.ini
[2010/05/09 05:50:07 | 000,000,780 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf
[2006/12/27 16:34:00 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\softcoin.dll
[2006/12/27 16:34:00 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\gencoin.dll
[2006/06/01 17:22:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/06/01 17:22:00 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/06/01 17:22:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/06/01 17:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/06/01 17:22:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/06/01 17:22:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/06/01 17:22:00 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2001/07/06 15:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2010/05/09 13:46:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2010/05/11 07:00:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/05/09 13:47:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\grumpy\Application Data\acccore

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/05/09 10:02:17 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/05/09 09:57:04 | 000,000,319 | -HS- | M] () -- C:\boot.ini
[2010/05/09 10:02:17 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/05/09 10:02:17 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/05/09 13:47:07 | 000,000,360 | -H-- | M] () -- C:\IPH.PH
[2010/05/09 10:02:17 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/04/13 17:13:04 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/13 19:01:44 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/05/11 11:30:16 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2010/05/09 05:50:09 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2010/05/09 05:50:09 | 001,089,536 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2010/05/09 05:50:09 | 000,905,216 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010/05/06 16:33:29 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aavmker4.sys
[2010/05/06 16:33:47 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys
[2010/05/06 16:33:55 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswmon.sys
[2010/05/06 16:33:59 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswmon2.sys
[2010/05/06 16:34:27 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswRdr.sys
[2010/05/06 16:39:00 | 000,164,048 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswSP.sys
[2010/05/06 16:39:23 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswTdi.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
[2010/02/24 09:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxsmb.sys
[2010/02/11 08:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip6.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 638976 bytes -> C:\Program Files\LeechLLC:mstorr.exe
< End of report >







OTL logfile created on: 5/11/2010 11:32:13 AM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\grumpy\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 545.00 Mb Available Physical Memory | 53.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.00 Gb Total Space | 116.34 Gb Free Space | 78.08% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: E510
Current User Name: grumpy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/05/11 08:01:22 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\grumpy\Desktop\OTL.exe
PRC - [2010/05/06 16:59:38 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009/01/26 15:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/14 00:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/05/11 08:01:22 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\grumpy\Desktop\OTL.exe
MOD - [2008/04/14 00:40:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2006/06/01 17:22:00 | 001,466,368 | ---- | M] () -- C:\WINDOWS\system32\nview.dll
MOD - [2006/06/01 17:22:00 | 001,019,904 | ---- | M] () -- C:\WINDOWS\system32\nvwimg.dll
MOD - [2006/06/01 17:22:00 | 000,081,920 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvwddi.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/05/06 16:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/05/06 16:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/05/06 16:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2006/10/21 13:38:44 | 000,508,824 | ---- | M] ( ) [On_Demand | Stopped] -- C:\WINDOWS\System32\DKabcoms.exe -- (dkab_device)
SRV - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2010/05/06 16:39:23 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/05/06 16:39:00 | 000,164,048 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/05/06 16:34:27 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/05/06 16:33:59 | 000,100,432 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/05/06 16:33:47 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/05/06 16:33:29 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2008/04/13 17:06:06 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2006/06/01 17:22:00 | 003,925,920 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.yahoo.com"
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/09 14:56:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/10 15:08:24 | 000,000,000 | ---D | M]

[2010/05/10 15:24:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\grumpy\Application Data\Mozilla\Extensions
[2010/05/10 09:00:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\grumpy\Application Data\Mozilla\Firefox\Profiles\4iocrouq.default\extensions
[2010/05/10 15:07:19 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\grumpy\Application Data\Mozilla\Firefox\Profiles\4iocrouq.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/05/09 13:11:36 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/01/13 18:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll

O1 HOSTS File: ([2007/08/11 02:58:33 | 000,000,768 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [nvcpl] C:\Program Files\LeechLLC:mstorr.exe File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Program Files\LeechLLC:mstorr.exe) - C:\Program Files\LeechLLC:mstorr.exe File not found
O24 - Desktop WallPaper: C:\Documents and Settings\grumpy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\grumpy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/05/09 10:02:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (aswBoot.exe /M:625a940e56b) - C:\WINDOWS\System32\aswBoot.exe (ALWIL Software)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2010/05/09 10:01:51 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902053519425536)

========== Files/Folders - Created Within 90 Days ==========

[2010/05/11 08:01:18 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\grumpy\Desktop\OTL.exe
[2010/05/11 07:52:57 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/05/11 07:01:00 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/05/11 07:00:59 | 000,164,048 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/05/11 07:00:58 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/05/11 07:00:57 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/05/11 07:00:55 | 000,100,432 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/05/11 07:00:55 | 000,094,800 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/05/11 07:00:55 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/05/11 07:00:44 | 000,165,032 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/05/11 07:00:44 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/05/11 07:00:38 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/05/11 07:00:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/05/11 06:54:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/05/11 06:47:54 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\grumpy\Desktop\TFC.exe
[2010/05/11 05:49:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/05/11 03:00:17 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010/05/10 16:37:36 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/05/10 15:27:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\grumpy\Local Settings\Application Data\Yahoo
[2010/05/10 15:27:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2010/05/10 15:26:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2010/05/10 15:24:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP
[2010/05/10 15:24:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2010/05/10 15:24:41 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2010/05/10 15:05:34 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/05/10 14:13:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\grumpy\Application Data\Malwarebytes
[2010/05/10 09:00:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2010/05/10 09:00:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2010/05/10 09:00:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\grumpy\Application Data\Yahoo!
[2010/05/10 08:59:04 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2010/05/10 08:32:15 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\grumpy\PrivacIE
[2010/05/10 08:31:35 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\grumpy\IETldCache
[2010/05/10 08:27:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/05/10 08:25:51 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/05/10 07:32:22 | 000,360,448 | ---- | C] ( ) -- C:\WINDOWS\System32\lexlog.dll
[2010/05/10 07:32:15 | 000,000,000 | ---D | C] -- C:\Program Files\Dell_HostCD
[2010/05/10 07:31:31 | 000,000,000 | ---D | C] -- C:\Program Files\Dell
[2010/05/10 07:31:20 | 000,987,136 | ---- | C] ( ) -- C:\WINDOWS\System32\DKabusb1.dll
[2010/05/10 07:31:20 | 000,675,840 | ---- | C] ( ) -- C:\WINDOWS\System32\DKabpmui.dll
[2010/05/10 07:31:19 | 001,204,224 | ---- | C] ( ) -- C:\WINDOWS\System32\DKabserv.dll
[2010/05/10 07:31:18 | 000,336,792 | ---- | C] ( ) -- C:\WINDOWS\System32\DKabppls.exe
[2010/05/10 07:31:18 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\DKabprox.dll
[2010/05/10 07:31:18 | 000,114,688 | ---- | C] ( ) -- C:\WINDOWS\System32\DKabpplc.dll
[2010/05/10 07:31:17 | 000,561,152 | ---- | C] ( ) -- C:\WINDOWS\System32\DKablmpm.dll
[2010/05/10 07:31:17 | 000,532,480 | ---- | C] ( ) -- C:\WINDOWS\System32\DKabpar1.dll
[2010/05/10 07:31:14 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\DKabinpa.dll
[2010/05/10 07:31:12 | 001,056,768 | ---- | C] ( ) -- C:\WINDOWS\System32\DKabip1.dll
[2010/05/10 07:31:11 | 000,508,824 | ---- | C] ( ) -- C:\WINDOWS\System32\DKabcoms.exe
[2010/05/10 07:31:11 | 000,507,904 | ---- | C] ( ) -- C:\WINDOWS\System32\DKabhcp.dll
[2010/05/10 07:31:10 | 000,614,400 | ---- | C] ( ) -- C:\WINDOWS\System32\DKabcomc.dll
[2010/05/10 07:31:10 | 000,425,984 | ---- | C] ( ) -- C:\WINDOWS\System32\DKabcomm.dll
[2010/05/09 16:27:42 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2010/05/09 15:56:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard
[2010/05/09 15:53:52 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2010/05/09 15:46:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\grumpy\Application Data\HP
[2010/05/09 15:46:13 | 000,098,304 | ---- | C] (Hewlett Packard Company) -- C:\WINDOWS\System32\hpzjsn01.dll
[2010/05/09 15:41:25 | 000,000,000 | ---D | C] -- C:\Program Files\SopCast
[2010/05/09 14:56:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\grumpy\Local Settings\Application Data\Mozilla
[2010/05/09 14:56:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\grumpy\Application Data\Mozilla
[2010/05/09 14:30:39 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/09 14:30:38 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/05/09 14:30:38 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/09 14:30:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/05/09 14:29:16 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/05/09 14:29:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/05/09 14:23:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/05/09 13:47:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\grumpy\Application Data\acccore
[2010/05/09 13:47:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\grumpy\Local Settings\Application Data\AOL
[2010/05/09 13:47:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\grumpy\Local Settings\Application Data\AIM
[2010/05/09 13:46:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AIM
[2010/05/09 13:46:53 | 000,000,000 | ---D | C] -- C:\Program Files\AIM
[2010/05/09 13:46:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AOL
[2010/05/09 13:24:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\grumpy\Local Settings\Application Data\CutePDF Writer
[2010/05/09 13:23:33 | 000,000,000 | ---D | C] -- C:\Program Files\GPLGS
[2010/05/09 13:23:05 | 000,000,000 | ---D | C] -- C:\Program Files\Acro Software
[2010/05/09 13:22:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\grumpy\My Documents\Downloads
[2010/05/09 13:21:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\grumpy\Local Settings\Application Data\Temp
[2010/05/09 13:21:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\grumpy\Local Settings\Application Data\Google
[2010/05/09 13:20:26 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/05/09 13:19:29 | 000,000,000 | ---D | C] -- C:\Program Files\MWSnap
[2010/05/09 13:18:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/05/09 13:18:27 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010/05/09 13:18:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2010/05/09 13:17:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\grumpy\Local Settings\Application Data\Adobe
[2010/05/09 13:17:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2010/05/09 13:13:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2010/05/09 13:13:43 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp Detect
[2010/05/09 13:13:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\RegisteredPackages
[2010/05/09 13:13:01 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp
[2010/05/09 13:13:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\grumpy\Application Data\Winamp
[2010/05/09 13:11:35 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/05/09 12:34:25 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\grumpy\UserData
[2010/05/09 11:07:58 | 000,000,000 | R--D | C] -- C:\Documents and Settings\grumpy\Desktop\WORK
[2010/05/09 11:00:50 | 000,000,000 | -HSD | C] -- C:\Program Files\LeechLLC
[2010/05/09 10:59:24 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2010/05/09 10:58:37 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2010/05/09 10:52:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\grumpy\Desktop\MP3
[2010/05/09 10:49:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA
[2010/05/09 10:49:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\nView_Profiles
[2010/05/09 10:47:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\nview
[2010/05/09 10:47:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2010/05/09 10:45:19 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2010/05/09 10:41:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\grumpy\Application Data\Adobe
[2010/05/09 10:41:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\grumpy\Application Data\Macromedia
[2010/05/09 10:39:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2010/05/09 10:38:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2010/05/09 10:38:04 | 000,000,000 | ---D | C] -- C:\drvrtmp
[2010/05/09 10:38:02 | 000,000,000 | ---D | C] -- C:\dell
[2010/05/09 10:07:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\grumpy\Application Data\Identities
[2010/05/09 10:07:41 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2010/05/09 10:07:38 | 000,000,000 | R--D | C] -- C:\Documents and Settings\grumpy\My Documents\My Pictures
[2010/05/09 10:07:38 | 000,000,000 | R--D | C] -- C:\Documents and Settings\grumpy\My Documents\My Music
[2010/05/09 10:07:35 | 000,000,000 | --SD | C] -- C:\Documents and Settings\grumpy\Application Data\Microsoft
[2010/05/09 10:07:35 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\grumpy\Application Data
[2010/05/09 10:07:35 | 000,000,000 | R--D | C] -- C:\Documents and Settings\grumpy\Favorites
[2010/05/09 10:07:35 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\grumpy\Cookies
[2010/05/09 10:07:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\grumpy\Local Settings\Application Data\Microsoft
[2010/05/09 10:07:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\grumpy\Desktop
[2010/05/09 10:07:34 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\grumpy\SendTo
[2010/05/09 10:07:34 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\grumpy\Recent
[2010/05/09 10:07:34 | 000,000,000 | R--D | C] -- C:\Documents and Settings\grumpy\Start Menu
[2010/05/09 10:07:34 | 000,000,000 | R--D | C] -- C:\Documents and Settings\grumpy\My Documents
[2010/05/09 10:07:34 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\grumpy\Templates
[2010/05/09 10:07:34 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\grumpy\PrintHood
[2010/05/09 10:07:34 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\grumpy\NetHood
[2010/05/09 10:07:34 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\grumpy\Local Settings
[2010/05/09 10:06:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2010/05/09 10:06:54 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2010/05/09 10:06:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/05/09 10:06:53 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/05/09 10:06:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/05/09 10:05:34 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/05/09 10:05:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/05/09 10:03:53 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2010/05/09 10:03:52 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2010/05/09 10:03:52 | 000,029,184 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2010/05/09 10:02:55 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2010/05/09 10:02:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2010/05/09 10:02:31 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2010/05/09 10:02:31 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2010/05/09 10:01:28 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\DRM
[2010/05/09 10:01:19 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2010/05/09 10:01:19 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2010/05/09 10:01:10 | 000,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2010/05/09 10:00:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
[2010/05/09 10:00:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2010/05/09 10:00:36 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2010/05/09 10:00:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2010/05/09 10:00:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2010/05/09 10:00:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2010/05/09 10:00:24 | 000,000,000 | ---D | C] -- C:\Program Files\Movie Maker
[2010/05/09 10:00:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
[2010/05/09 10:00:01 | 000,000,000 | ---D | C] -- C:\Program Files\NetMeeting
[2010/05/09 09:59:58 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Express
[2010/05/09 09:59:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2010/05/09 09:59:51 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2010/05/09 09:59:50 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2010/05/09 09:59:21 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2010/05/09 09:59:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2010/05/09 09:59:09 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2010/05/09 09:59:09 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
[2010/05/09 09:59:09 | 000,000,000 | ---D | C] -- C:\Program Files\Online Services
[2010/05/09 09:59:03 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger
[2010/05/09 09:59:00 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone
[2010/05/09 09:58:25 | 000,000,000 | ---D | C] -- C:\Program Files\MSN
[2010/05/09 09:58:23 | 000,281,088 | ---- | C] (Cinematronics) -- C:\WINDOWS\System32\dllcache\pinball.exe
[2010/05/09 09:58:20 | 000,000,000 | ---D | C] -- C:\Program Files\Windows NT
[2010/05/09 09:58:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2010/05/09 09:58:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
[2010/05/09 09:58:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[2010/05/09 09:57:41 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2010/05/09 05:52:14 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2010/05/09 05:52:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2010/05/09 05:52:06 | 000,000,000 | R--D | C] -- C:\Program Files
[2010/05/09 05:52:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
[2010/05/09 05:52:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2010/05/09 05:52:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files
[2010/05/09 05:51:34 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu
[2010/05/09 05:51:34 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents
[2010/05/09 05:51:34 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Templates
[2010/05/09 05:51:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Favorites
[2010/05/09 05:51:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop
[2010/05/09 05:51:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2010/05/09 05:51:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2010/05/09 05:51:14 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2010/05/09 05:51:14 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data
[2010/05/09 05:50:47 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2010/05/09 05:50:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings
[2010/05/09 05:46:56 | 000,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2010/05/09 05:46:56 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2010/05/09 05:46:56 | 000,000,000 | R--D | C] -- C:\WINDOWS\Web
[2010/05/09 05:46:56 | 000,000,000 | -H-D | C] -- C:\WINDOWS\inf
[2010/05/09 05:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2010/05/09 05:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2010/05/09 05:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS
[2010/05/09 05:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2010/05/09 05:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2010/05/09 05:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2010/05/09 05:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2010/05/09 05:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32
[2010/05/09 05:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\system
[2010/05/09 05:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
[2010/05/09 05:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2010/05/09 05:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2010/05/09 05:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\security
[2010/05/09 05:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2010/05/09 05:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2010/05/09 05:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\repair
[2010/05/09 05:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2010/05/09 05:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\Provisioning
[2010/05/09 05:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\PeerNet
[2010/05/09 05:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\pchealth
[2010/05/09 05:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2010/05/09 05:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2010/05/09 05:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\Network Diagnostic
[2010/05/09 05:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2010/05/09 05:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\mui
[2010/05/09 05:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2010/05/09 05:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2010/05/09 05:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\Media
[2010/05/09 05:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\L2Schemas
[2010/05/09 05:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\java
[2010/05/09 05:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2010/05/09 05:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
[2010/05/09 05:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime
[2010/05/09 05:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
[2010/05/09 05:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2010/05/09 05:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\Help
[2010/05/09 05:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2010/05/09 05:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
[2010/05/09 05:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2010/05/09 05:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\ehome
[2010/05/09 05:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
[2010/05/09 05:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2010/05/09 05:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2010/05/09 05:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2010/05/09 05:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2010/05/09 05:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2010/05/09 05:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2010/05/09 05:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\config
[2010/05/09 05:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\Config
[2010/05/09 05:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2010/05/09 05:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins
[2010/05/09 05:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2010/05/09 05:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2010/05/09 05:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2010/05/09 05:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2010/05/09 05:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2010/05/09 05:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2010/05/09 05:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2010/05/09 05:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
[2010/05/09 05:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2010/05/09 05:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2010/05/09 05:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1025

========== Files - Modified Within 90 Days ==========

[2010/05/11 11:30:24 | 000,063,804 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/05/11 11:30:24 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/11 11:30:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/11 11:27:04 | 003,597,644 | -H-- | M] () -- C:\Documents and Settings\grumpy\Local Settings\Application Data\IconCache.db
[2010/05/11 11:26:10 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-1284227242-1644491937-1003UA.job
[2010/05/11 11:25:10 | 001,310,720 | ---- | M] () -- C:\Documents and Settings\grumpy\ntuser.dat
[2010/05/11 09:47:59 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\grumpy\ntuser.ini
[2010/05/11 08:01:22 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\grumpy\Desktop\OTL.exe
[2010/05/11 07:56:39 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\grumpy\Desktop\gmer.exe
[2010/05/11 07:54:16 | 001,310,720 | ---- | M] () -- C:\Documents and Settings\grumpy\ntuser.bak
[2010/05/11 07:52:57 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\grumpy\Desktop\NTREGOPT.lnk
[2010/05/11 07:52:57 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\grumpy\Desktop\ERUNT.lnk
[2010/05/11 07:11:42 | 000,000,599 | ---- | M] () -- C:\WINDOWS\System32\LexFiles.usr
[2010/05/11 07:01:00 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/05/11 07:00:56 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/05/11 06:48:14 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\grumpy\Desktop\TFC.exe
[2010/05/11 05:45:27 | 008,206,880 | ---- | M] () -- C:\Documents and Settings\grumpy\Desktop\SUPERAntiSpyware.exe
[2010/05/11 03:19:27 | 000,356,120 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/05/11 03:19:27 | 000,311,604 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/05/11 03:19:27 | 000,039,992 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/05/11 03:01:11 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/05/10 16:37:36 | 000,001,986 | ---- | M] () -- C:\Documents and Settings\grumpy\Desktop\HiJackThis.lnk
[2010/05/10 15:28:50 | 000,165,912 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/05/10 15:00:43 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/10 13:26:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-1284227242-1644491937-1003Core.job
[2010/05/10 08:31:58 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\grumpy\Desktop\INTERNET EXPLORER.lnk
[2010/05/10 07:39:34 | 000,027,884 | ---- | M] () -- C:\WINDOWS\System32\LexFiles.ulf
[2010/05/10 07:39:25 | 000,031,200 | ---- | M] () -- C:\Documents and Settings\grumpy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/05/09 15:58:03 | 000,113,025 | ---- | M] () -- C:\WINDOWS\hpoins07.dat
[2010/05/09 15:57:48 | 000,000,532 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/05/09 15:57:33 | 000,000,723 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP IMAGE ZONE EXPRESS.lnk
[2010/05/09 15:57:15 | 000,001,808 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2010/05/09 15:56:58 | 000,000,984 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP SOLUTION CENTER.lnk
[2010/05/09 15:41:26 | 000,000,666 | ---- | M] () -- C:\Documents and Settings\grumpy\Desktop\SOPCAST.lnk
[2010/05/09 14:56:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010/05/09 14:30:41 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MALWARE BYTES' ANTI-MALWARE.lnk
[2010/05/09 14:29:20 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\grumpy\Desktop\SPYBOT.lnk
[2010/05/09 13:47:07 | 000,000,360 | -H-- | M] () -- C:\IPH.PH
[2010/05/09 13:46:58 | 000,001,574 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AIM.lnk
[2010/05/09 13:21:56 | 000,002,293 | ---- | M] () -- C:\Documents and Settings\grumpy\Desktop\GOOGLE CHROME.lnk
[2010/05/09 13:19:30 | 000,000,606 | ---- | M] () -- C:\Documents and Settings\grumpy\Desktop\MWSNAP 3.lnk
[2010/05/09 13:18:37 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ADOBE READER 9.lnk
[2010/05/09 13:13:52 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WINAMP.lnk
[2010/05/09 13:13:32 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/05/09 13:11:37 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\FIREFOX.lnk
[2010/05/09 10:45:37 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/05/09 10:45:21 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/05/09 10:05:37 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2010/05/09 10:04:28 | 000,000,780 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/05/09 10:02:17 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/05/09 10:02:17 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/05/09 10:02:17 | 000,000,000 | ---- | M] () -- C:\WINDOWS\control.ini
[2010/05/09 10:02:17 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/05/09 10:02:17 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/05/09 10:02:14 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/05/09 10:02:14 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/05/09 10:02:05 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2010/05/09 10:01:19 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2010/05/09 10:01:19 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010/05/09 10:01:13 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/05/09 10:01:13 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2010/05/09 10:01:13 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010/05/09 10:01:13 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010/05/09 10:01:13 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010/05/09 10:01:13 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2010/05/09 09:59:29 | 000,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/05/09 09:59:19 | 000,000,037 | ---- | M] () -- C:\WINDOWS\vbaddin.ini
[2010/05/09 09:59:19 | 000,000,036 | ---- | M] () -- C:\WINDOWS\vb.ini
[2010/05/09 09:57:04 | 000,000,319 | -HS- | M] () -- C:\boot.ini
[2010/05/09 05:52:18 | 000,004,444 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF
[2010/05/09 05:52:05 | 000,000,231 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/05/06 16:59:57 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/05/06 16:59:36 | 000,165,032 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/05/06 16:39:23 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/05/06 16:39:00 | 000,164,048 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/05/06 16:34:27 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/05/06 16:33:59 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/05/06 16:33:55 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/05/06 16:33:47 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/05/06 16:33:29 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2010/05/11 07:52:57 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\grumpy\Desktop\NTREGOPT.lnk
[2010/05/11 07:52:57 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\grumpy\Desktop\ERUNT.lnk
[2010/05/11 07:01:59 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\grumpy\ntuser.tmp.LOG
[2010/05/11 07:01:00 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/05/11 05:45:21 | 008,206,880 | ---- | C] () -- C:\Documents and Settings\grumpy\Desktop\SUPERAntiSpyware.exe
[2010/05/10 16:37:36 | 000,001,986 | ---- | C] () -- C:\Documents and Settings\grumpy\Desktop\HiJackThis.lnk
[2010/05/10 14:57:48 | 001,310,720 | ---- | C] () -- C:\Documents and Settings\grumpy\ntuser.dat
[2010/05/10 14:57:48 | 001,310,720 | ---- | C] () -- C:\Documents and Settings\grumpy\ntuser.bak
[2010/05/10 08:31:58 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\grumpy\Desktop\INTERNET EXPLORER.lnk
[2010/05/10 07:45:02 | 000,000,599 | ---- | C] () -- C:\WINDOWS\System32\LexFiles.usr
[2010/05/10 07:31:21 | 000,020,254 | ---- | C] () -- C:\WINDOWS\System32\DKabpmui.chm
[2010/05/10 07:31:09 | 000,001,780 | ---- | C] () -- C:\WINDOWS\System32\DKab.loc
[2010/05/10 07:31:03 | 000,027,884 | ---- | C] () -- C:\WINDOWS\System32\LexFiles.ulf
[2010/05/09 15:57:33 | 000,000,723 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP IMAGE ZONE EXPRESS.lnk
[2010/05/09 15:57:15 | 000,001,808 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2010/05/09 15:56:58 | 000,000,984 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP SOLUTION CENTER.lnk
[2010/05/09 15:52:18 | 000,113,025 | ---- | C] () -- C:\WINDOWS\hpoins07.dat
[2010/05/09 15:52:18 | 000,021,124 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat
[2010/05/09 15:52:18 | 000,000,726 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2010/05/09 15:41:26 | 000,000,666 | ---- | C] () -- C:\Documents and Settings\grumpy\Desktop\SOPCAST.lnk
[2010/05/09 14:56:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/05/09 14:30:41 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MALWARE BYTES' ANTI-MALWARE.lnk
[2010/05/09 14:29:20 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\grumpy\Desktop\SPYBOT.lnk
[2010/05/09 13:46:58 | 000,001,574 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AIM.lnk
[2010/05/09 13:46:36 | 000,000,360 | -H-- | C] () -- C:\IPH.PH
[2010/05/09 13:23:07 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2010/05/09 13:21:56 | 000,002,293 | ---- | C] () -- C:\Documents and Settings\grumpy\Desktop\GOOGLE CHROME.lnk
[2010/05/09 13:21:07 | 000,000,982 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-1284227242-1644491937-1003UA.job
[2010/05/09 13:21:06 | 000,000,930 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-1284227242-1644491937-1003Core.job
[2010/05/09 13:19:30 | 000,000,606 | ---- | C] () -- C:\Documents and Settings\grumpy\Desktop\MWSNAP 3.lnk
[2010/05/09 13:18:37 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ADOBE READER 9.lnk
[2010/05/09 13:13:52 | 000,000,654 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WINAMP.lnk
[2010/05/09 13:11:37 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\FIREFOX.lnk
[2010/05/09 10:47:58 | 000,063,804 | ---- | C] () -- C:\WINDOWS\System32\nvapps.xml
[2010/05/09 10:47:41 | 000,016,960 | ---- | C] () -- C:\WINDOWS\System32\nvdisp.nvu
[2010/05/09 10:45:24 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/05/09 10:45:21 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/05/09 10:38:31 | 000,001,902 | ---- | C] () -- C:\WINDOWS\System32\SetupBD.din
[2010/05/09 10:38:04 | 000,005,110 | ---- | C] () -- C:\WINDOWS\System32\e100b325.din
[2010/05/09 10:07:36 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\grumpy\ntuser.ini
[2010/05/09 10:07:35 | 000,020,480 | -H-- | C] () -- C:\Documents and Settings\grumpy\ntuser.dat.LOG
[2010/05/09 10:05:37 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2010/05/09 10:04:28 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/05/09 10:04:16 | 000,028,288 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xjis.nls
[2010/05/09 10:03:48 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prcp.nls
[2010/05/09 10:03:48 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prc.nls
[2010/05/09 10:03:47 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2010/05/09 10:03:32 | 000,047,066 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ksc.nls
[2010/05/09 10:03:31 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2010/05/09 10:03:25 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2010/05/09 10:03:24 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2010/05/09 10:03:23 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2010/05/09 10:03:14 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2010/05/09 10:03:10 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2010/05/09 10:03:06 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2010/05/09 10:02:57 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2010/05/09 10:02:55 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_870.nls
[2010/05/09 10:02:54 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20949.nls
[2010/05/09 10:02:54 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20936.nls
[2010/05/09 10:02:54 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_864.nls
[2010/05/09 10:02:54 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_862.nls
[2010/05/09 10:02:54 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_858.nls
[2010/05/09 10:02:54 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_720.nls
[2010/05/09 10:02:54 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_708.nls
[2010/05/09 10:02:54 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28596.nls
[2010/05/09 10:02:54 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21027.nls
[2010/05/09 10:02:54 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21025.nls
[2010/05/09 10:02:53 | 000,180,770 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20932.nls
[2010/05/09 10:02:53 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20924.nls
[2010/05/09 10:02:53 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20880.nls
[2010/05/09 10:02:53 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20871.nls
[2010/05/09 10:02:53 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20838.nls
[2010/05/09 10:02:53 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20833.nls
[2010/05/09 10:02:53 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20424.nls
[2010/05/09 10:02:53 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20423.nls
[2010/05/09 10:02:53 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20420.nls
[2010/05/09 10:02:53 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20297.nls
[2010/05/09 10:02:53 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20290.nls
[2010/05/09 10:02:53 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20285.nls
[2010/05/09 10:02:53 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20284.nls
[2010/05/09 10:02:53 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20280.nls
[2010/05/09 10:02:52 | 000,187,938 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20005.nls
[2010/05/09 10:02:52 | 000,185,378 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20003.nls
[2010/05/09 10:02:52 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20004.nls
[2010/05/09 10:02:52 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20002.nls
[2010/05/09 10:02:52 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20278.nls
[2010/05/09 10:02:52 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20277.nls
[2010/05/09 10:02:52 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20273.nls
[2010/05/09 10:02:52 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20269.nls
[2010/05/09 10:02:52 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20108.nls
[2010/05/09 10:02:52 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20107.nls
[2010/05/09 10:02:52 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20106.nls
[2010/05/09 10:02:52 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20105.nls
[2010/05/09 10:02:51 | 000,189,986 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1361.nls
[2010/05/09 10:02:51 | 000,186,402 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20001.nls
[2010/05/09 10:02:51 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20000.nls
[2010/05/09 10:02:51 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1149.nls
[2010/05/09 10:02:51 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1148.nls
[2010/05/09 10:02:51 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1147.nls
[2010/05/09 10:02:51 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1146.nls
[2010/05/09 10:02:51 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1145.nls
[2010/05/09 10:02:51 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1144.nls
[2010/05/09 10:02:51 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1143.nls
[2010/05/09 10:02:51 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1142.nls
[2010/05/09 10:02:51 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1141.nls
[2010/05/09 10:02:50 | 000,195,618 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10002.nls
[2010/05/09 10:02:50 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10003.nls
[2010/05/09 10:02:50 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10008.nls
[2010/05/09 10:02:50 | 000,162,850 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10001.nls
[2010/05/09 10:02:50 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1140.nls
[2010/05/09 10:02:50 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1047.nls
[2010/05/09 10:02:50 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10021.nls
[2010/05/09 10:02:50 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10005.nls
[2010/05/09 10:02:50 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10004.nls
[2010/05/09 10:02:49 | 000,082,172 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bopomofo.nls
[2010/05/09 10:02:49 | 000,066,728 | ---- | C] () -- C:\WINDOWS\System32\dllcache\big5.nls
[2010/05/09 10:02:17 | 000,002,626 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/05/09 10:02:17 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2010/05/09 10:02:17 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2010/05/09 10:02:17 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS
[2010/05/09 10:02:17 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT
[2010/05/09 10:02:14 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/05/09 10:02:14 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/05/09 10:02:13 | 000,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
[2010/05/09 10:01:19 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2010/05/09 10:01:19 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010/05/09 10:01:13 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/05/09 10:01:13 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest
[2010/05/09 10:01:13 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010/05/09 10:01:13 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010/05/09 10:01:13 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010/05/09 10:01:13 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2010/05/09 10:00:59 | 004,399,505 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nls302en.lex
[2010/05/09 10:00:45 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp
[2010/05/09 10:00:45 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp
[2010/05/09 10:00:40 | 000,000,984 | ---- | C] () -- C:\WINDOWS\System32\dllcache\srframe.mmf
[2010/05/09 10:00:07 | 000,376,832 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msinfo.dll
[2010/05/09 09:59:29 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/05/09 09:58:48 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2010/05/09 09:58:47 | 000,093,702 | ---- | C] () -- C:\WINDOWS\System32\subrange.uce
[2010/05/09 09:58:47 | 000,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2010/05/09 09:58:47 | 000,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2010/05/09 09:58:47 | 000,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2010/05/09 09:58:47 | 000,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2010/05/09 09:58:47 | 000,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2010/05/09 09:58:47 | 000,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2010/05/09 09:58:47 | 000,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2010/05/09 09:58:47 | 000,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2010/05/09 09:58:47 | 000,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2010/05/09 09:58:47 | 000,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2010/05/09 09:58:46 | 000,060,458 | ---- | C] () -- C:\WINDOWS\System32\ideograf.uce
[2010/05/09 09:58:46 | 000,024,006 | ---- | C] () -- C:\WINDOWS\System32\gb2312.uce
[2010/05/09 09:58:46 | 000,022,984 | ---- | C] () -- C:\WINDOWS\System32\bopomofo.uce
[2010/05/09 09:58:46 | 000,016,740 | ---- | C] () -- C:\WINDOWS\System32\shiftjis.uce
[2010/05/09 09:58:46 | 000,012,876 | ---- | C] () -- C:\WINDOWS\System32\korean.uce
[2010/05/09 09:58:46 | 000,008,484 | ---- | C] () -- C:\WINDOWS\System32\kanji_2.uce
[2010/05/09 09:58:46 | 000,006,948 | ---- | C] () -- C:\WINDOWS\System32\kanji_1.uce
[2010/05/09 09:58:45 | 000,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
[2010/05/09 09:58:45 | 000,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2010/05/09 09:58:44 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h
[2010/05/09 09:58:39 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
[2010/05/09 05:52:18 | 000,004,444 | ---- | C] () -- C:\WINDOWS\System32\pid.PNF
[2010/05/09 05:52:17 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/05/09 05:52:08 | 001,685,606 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.spd
[2010/05/09 05:52:08 | 000,000,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.sdf
[2010/05/09 05:52:07 | 000,643,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ltts1033.lxa
[2010/05/09 05:52:07 | 000,605,050 | ---- | C] () -- C:\WINDOWS\System32\dllcache\r1033tts.lxa
[2010/05/09 05:52:04 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28603.nls
[2010/05/09 05:52:04 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28603.nls
[2010/05/09 05:52:02 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_857.nls
[2010/05/09 05:52:02 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_857.nls
[2010/05/09 05:52:02 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28599.nls
[2010/05/09 05:52:02 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28599.nls
[2010/05/09 05:52:01 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10081.nls
[2010/05/09 05:52:01 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10081.nls
[2010/05/09 05:51:59 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28595.nls
[2010/05/09 05:51:59 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28595.NLS
[2010/05/09 05:51:59 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10017.nls
[2010/05/09 05:51:59 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10017.nls
[2010/05/09 05:51:59 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10007.nls
[2010/05/09 05:51:59 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10007.nls
[2010/05/09 05:51:57 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28597.nls
[2010/05/09 05:51:57 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28597.NLS
[2010/05/09 05:51:57 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10006.nls
[2010/05/09 05:51:57 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10006.nls
[2010/05/09 05:51:56 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_869.nls
[2010/05/09 05:51:56 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_869.nls
[2010/05/09 05:51:56 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_737.nls
[2010/05/09 05:51:56 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_737.nls
[2010/05/09 05:51:56 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_875.nls
[2010/05/09 05:51:56 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_875.nls
[2010/05/09 05:51:55 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_866.nls
[2010/05/09 05:51:55 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_866.nls
[2010/05/09 05:51:55 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_855.nls
[2010/05/09 05:51:55 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_855.nls
[2010/05/09 05:51:55 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28594.nls
[2010/05/09 05:51:55 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28594.NLS
[2010/05/09 05:51:52 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_852.nls
[2010/05/09 05:51:52 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_852.nls
[2010/05/09 05:51:52 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10082.nls
[2010/05/09 05:51:52 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10082.nls
[2010/05/09 05:51:52 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10029.nls
[2010/05/09 05:51:52 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10029.nls
[2010/05/09 05:51:52 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10010.nls
[2010/05/09 05:51:52 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10010.nls
[2010/05/09 05:51:49 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20127.nls
[2010/05/09 05:51:49 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_20127.nls
[2010/05/09 05:51:43 | 000,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2010/05/09 05:51:34 | 000,144,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat
[2010/05/09 05:51:34 | 000,026,991 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
[2010/05/09 05:51:34 | 000,014,433 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
[2010/05/09 05:51:33 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2010/05/09 05:51:33 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2010/05/09 05:51:33 | 000,112,918 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat
[2010/05/09 05:51:33 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2010/05/09 05:51:33 | 000,034,747 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat
[2010/05/09 05:51:33 | 000,034,063 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2010/05/09 05:51:33 | 000,016,535 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2010/05/09 05:51:33 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2010/05/09 05:51:33 | 000,012,363 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2010/05/09 05:51:33 | 000,010,027 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2010/05/09 05:51:33 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2010/05/09 05:51:33 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2010/05/09 05:51:33 | 000,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
[2010/05/09 05:51:32 | 002,144,487 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2010/05/09 05:51:32 | 001,296,669 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP3.CAT
[2010/05/09 05:51:32 | 000,522,220 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2010/05/09 05:50:46 | 000,165,912 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/05/09 05:50:10 | 000,000,319 | -HS- | C] () -- C:\boot.ini
[2010/05/09 05:50:07 | 000,000,780 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf
[2006/12/27 16:34:00 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\softcoin.dll
[2006/12/27 16:34:00 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\gencoin.dll
[2006/06/01 17:22:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/06/01 17:22:00 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/06/01 17:22:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/06/01 17:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/06/01 17:22:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/06/01 17:22:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/06/01 17:22:00 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2001/07/06 15:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2010/05/09 13:46:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2010/05/11 07:00:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/05/09 13:47:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\grumpy\Application Data\acccore

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/05/09 10:02:17 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/05/09 09:57:04 | 000,000,319 | -HS- | M] () -- C:\boot.ini
[2010/05/09 10:02:17 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/05/09 10:02:17 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/05/09 13:47:07 | 000,000,360 | -H-- | M] () -- C:\IPH.PH
[2010/05/09 10:02:17 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/04/13 17:13:04 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/13 19:01:44 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/05/11 11:30:16 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2010/05/09 05:50:09 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2010/05/09 05:50:09 | 001,089,536 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2010/05/09 05:50:09 | 000,905,216 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010/05/06 16:33:29 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aavmker4.sys
[2010/05/06 16:33:47 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys
[2010/05/06 16:33:55 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswmon.sys
[2010/05/06 16:33:59 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswmon2.sys
[2010/05/06 16:34:27 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswRdr.sys
[2010/05/06 16:39:00 | 000,164,048 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswSP.sys
[2010/05/06 16:39:23 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswTdi.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
[2010/02/24 09:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxsmb.sys
[2010/02/11 08:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip6.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 638976 bytes -> C:\Program Files\LeechLLC:mstorr.exe
< End of report >
  • 0

#4
JaRvEy
Posted 11 May 2010 - 10:00 AM

JaRvEy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
I'm sorry. I think in the previous e-mail i pasted the OTL log file twice instead of making the last one the EXTRA log file. Here it is:

OTL Extras logfile created on: 5/11/2010 11:32:13 AM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\grumpy\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 545.00 Mb Available Physical Memory | 53.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.00 Gb Total Space | 116.34 Gb Free Space | 78.08% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: E510
Current User Name: grumpy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- (AOL Inc.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\WINDOWS\system32\DKabcoms.exe" = C:\WINDOWS\system32\DKabcoms.exe:*:Enabled:Dell Enhanced TCP/IP -- ( )


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B
"{65248369-7CB9-43A9-82C8-C438AE04DED4}" = 1500
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc
"{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware
"{7C9B95B7-B598-4398-B30F-7F6827192E6C}" = ProductContext
"{81E06318-EEB9-4D55-8CD5-7AC9148D5E66}" = 1500_Help
"{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme
"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
"{CBA30674-A242-4531-82B5-586B31F90E04}" = 1500Trb
"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = Fax
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{FE64AE29-0883-4C70-8388-DC026019C900}" = HP Image Zone Express
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AIM_7" = AIM 7
"avast5" = avast! Free Antivirus
"CutePDF Writer Installation" = CutePDF Writer 2.8
"Dell_HostCD" = Dell Software Uninstall
"ERUNT_is1" = ERUNT 1.1j
"HP Imaging Device Functions" = HP Imaging Device Functions 5.3
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MWSnap 3" = MWSnap 3
"NVIDIA Drivers" = NVIDIA Drivers
"PROSet" = Intel® PRO Network Connections Drivers
"SopCast" = SopCast 3.2.9
"SystemRequirementsLab" = System Requirements Lab
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/11/2010 11:24:50 AM | Computer Name = E510 | Source = nview_info | ID = 11141121
Description =

Error - 5/11/2010 11:24:50 AM | Computer Name = E510 | Source = nview_info | ID = 11141121
Description =

Error - 5/11/2010 11:24:50 AM | Computer Name = E510 | Source = nview_info | ID = 11141121
Description =

Error - 5/11/2010 11:24:50 AM | Computer Name = E510 | Source = nview_info | ID = 11141121
Description =

Error - 5/11/2010 11:24:50 AM | Computer Name = E510 | Source = nview_info | ID = 11141121
Description =

Error - 5/11/2010 11:24:50 AM | Computer Name = E510 | Source = nview_info | ID = 11141121
Description =

Error - 5/11/2010 11:24:50 AM | Computer Name = E510 | Source = nview_info | ID = 11141121
Description =

Error - 5/11/2010 11:24:50 AM | Computer Name = E510 | Source = nview_info | ID = 11141121
Description =

Error - 5/11/2010 11:24:50 AM | Computer Name = E510 | Source = nview_info | ID = 11141121
Description =

Error - 5/11/2010 11:24:50 AM | Computer Name = E510 | Source = nview_info | ID = 11141121
Description =

[ System Events ]
Error - 5/11/2010 8:49:17 AM | Computer Name = E510 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the -- service to connect.

Error - 5/11/2010 8:49:17 AM | Computer Name = E510 | Source = Service Control Manager | ID = 7000
Description = The -- service failed to start due to the following error: %%1053

Error - 5/11/2010 9:12:25 AM | Computer Name = E510 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the -- service to connect.

Error - 5/11/2010 9:12:25 AM | Computer Name = E510 | Source = Service Control Manager | ID = 7000
Description = The -- service failed to start due to the following error: %%1053

Error - 5/11/2010 9:49:23 AM | Computer Name = E510 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the -- service to connect.

Error - 5/11/2010 9:49:23 AM | Computer Name = E510 | Source = Service Control Manager | ID = 7000
Description = The -- service failed to start due to the following error: %%1053

Error - 5/11/2010 10:47:07 AM | Computer Name = E510 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the -- service to connect.

Error - 5/11/2010 10:47:07 AM | Computer Name = E510 | Source = Service Control Manager | ID = 7000
Description = The -- service failed to start due to the following error: %%1053

Error - 5/11/2010 11:30:41 AM | Computer Name = E510 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the -- service to connect.

Error - 5/11/2010 11:30:41 AM | Computer Name = E510 | Source = Service Control Manager | ID = 7000
Description = The -- service failed to start due to the following error: %%1053


< End of report >
  • 0

#5
RKinner
Posted 11 May 2010 - 10:18 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Disable Spybot's TeaTimer to make sure it won't interfere with fixes. You can re-enable it when you're clean again:

* Run Spybot-S&D in Advanced Mode
* If it is not already set to do this, go to the Mode menu
select
Advanced Mode
* On the left hand side, click on Tools
* Then click on the Resident icon in the list
* Uncheck
Resident TeaTimer
and OK any prompts.
* Restart your computer

This is your main problem:

O20 - HKLM Winlogon: UserInit - (C:\Program Files\LeechLLC:mstorr.exe) - C:\Program Files\LeechLLC:mstorr.exe File not found

OTL can't see the file but it is called out in the registry. The :mstor.exe means mstor.exe is an Alternate Data Stream. One of Microsoft's brilliant ideas which was supposed to make life easier but instead made it easier for malware to hide. UserInit is supposed to be C:\Windows\system32\userinit.exe,


I think Combofix knows how to fix the problem.

Download ComboFix as follows.
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Rename this file -- (call it george.exe ) to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on george to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Re-activate your protection programs at this time :!:

Ron
  • 0

#6
JaRvEy
Posted 12 May 2010 - 04:06 AM

JaRvEy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
I did as you said to create a log, RKinner. (see below)

Also, as soon as i turned the TeaTimer back on in Spybot, a bunch of spybot warning windows came up asking me to allow/deny changes. I didn't know what to do so I played it safe and hit deny. Although i must admit that over the last few days, i have allowed changes when requested after i installed some programs. I figured that if i'm installing a program and a spybot warning window pops up at the same time, i should allow the change. Now i'm unsure and just deny changes across the board. Am i doing the right thing?

ComboFix 10-05-11.05 - grumpy 05/12/2010 5:53.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.695 [GMT -4:00]
Running from: c:\documents and settings\grumpy\Desktop\george.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((( Files Created from 2010-04-12 to 2010-05-12 )))))))))))))))))))))))))))))))
.

2010-05-11 11:52 . 2010-05-11 11:53 -------- d-----w- c:\program files\ERUNT
2010-05-11 11:01 . 2010-05-06 20:33 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-11 11:00 . 2010-05-06 20:39 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-11 11:00 . 2010-05-06 20:34 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-11 11:00 . 2010-05-06 20:39 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-11 11:00 . 2010-05-06 20:33 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-05-11 11:00 . 2010-05-06 20:33 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-05-11 11:00 . 2010-05-06 20:33 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-05-11 11:00 . 2010-05-06 20:59 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-05-11 11:00 . 2010-05-06 20:59 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-11 11:00 . 2010-05-11 11:00 -------- d-----w- c:\program files\Alwil Software
2010-05-11 11:00 . 2010-05-11 11:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-05-11 09:49 . 2010-05-11 09:49 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-05-11 07:00 . 2010-05-11 07:00 -------- d-----w- c:\program files\MSXML 4.0
2010-05-10 20:37 . 2010-05-10 20:37 388096 ----a-r- c:\documents and settings\grumpy\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-05-10 20:37 . 2010-05-10 20:37 -------- d-----w- c:\program files\Trend Micro
2010-05-10 19:27 . 2010-05-10 19:27 -------- d-----w- c:\windows\system32\wbem\Repository
2010-05-10 13:00 . 2010-05-10 13:00 -------- d-----w- c:\documents and settings\grumpy\Application Data\Yahoo!
2010-05-10 12:59 . 2010-05-10 19:25 -------- d-----w- c:\program files\Yahoo!
2010-05-10 12:32 . 2010-05-10 12:32 -------- d-sh--w- c:\documents and settings\grumpy\PrivacIE
2010-05-10 12:31 . 2010-05-10 12:31 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-05-10 12:31 . 2010-05-10 12:31 -------- d-sh--w- c:\documents and settings\grumpy\IETldCache
2010-05-10 12:27 . 2010-05-10 12:27 -------- d-----w- c:\windows\ie8updates
2010-05-10 12:25 . 2010-05-10 19:27 -------- dc-h--w- c:\windows\ie8
2010-05-10 12:22 . 2010-02-25 06:24 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-05-10 12:22 . 2010-02-25 06:24 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-05-10 12:22 . 2010-02-25 06:24 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-05-10 12:22 . 2010-02-25 06:24 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-05-10 12:22 . 2010-02-25 06:24 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-05-10 12:22 . 2010-02-16 04:50 64000 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-05-10 11:32 . 2006-11-15 20:37 360448 ----a-w- c:\windows\system32\lexlog.dll
2010-05-10 11:32 . 2010-05-10 11:32 -------- d-----w- c:\program files\Dell_HostCD
2010-05-09 21:11 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-05-09 21:11 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys
2010-05-09 20:28 . 2009-01-07 22:21 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2010-05-09 20:27 . 2010-05-12 01:07 -------- d--h--w- c:\windows\$hf_mig$
2010-05-09 19:56 . 2010-05-09 19:56 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2010-05-09 19:55 . 2008-04-14 04:15 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2010-05-09 19:55 . 2008-04-14 04:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-05-09 19:55 . 2004-09-29 16:15 204800 ----a-w- c:\windows\system32\HPZipr12.dll
2010-05-09 19:55 . 2004-09-29 16:14 69632 ----a-w- c:\windows\system32\HPZipm12.exe
2010-05-09 19:55 . 2004-09-29 16:12 278584 ----a-w- c:\windows\system32\HPZidr12.dll
2010-05-09 19:55 . 2004-09-29 16:09 57344 ----a-w- c:\windows\system32\HPZisn12.dll
2010-05-09 19:55 . 2004-09-29 16:09 94208 ----a-w- c:\windows\system32\HPZipt12.dll
2010-05-09 19:55 . 2004-09-29 16:08 61440 ----a-w- c:\windows\system32\HPZinw12.exe
2010-05-09 19:55 . 1998-10-29 20:45 306688 ----a-w- c:\windows\IsUninst.exe
2010-05-09 19:53 . 2010-05-10 19:08 -------- d-----w- c:\program files\HP
2010-05-09 19:52 . 2010-05-09 19:58 113025 ----a-w- c:\windows\hpoins07.dat
2010-05-09 19:52 . 2005-05-24 20:52 21124 ------w- c:\windows\hpomdl07.dat
2010-05-09 19:46 . 2010-05-10 20:38 -------- d-----w- c:\documents and settings\grumpy\Application Data\HP
2010-05-09 19:46 . 2005-03-08 19:43 51120 ----a-w- c:\windows\system32\drivers\HPZid412.sys
2010-05-09 19:46 . 2005-03-08 19:43 16496 ----a-w- c:\windows\system32\drivers\HPZipr12.sys
2010-05-09 19:46 . 2005-04-08 15:51 258122 ----a-w- c:\windows\system32\hpovst08.dll
2010-05-09 19:46 . 2005-04-08 15:51 606208 ----a-w- c:\windows\system32\hpotscl.dll
2010-05-09 19:46 . 2005-02-05 02:58 98304 ----a-w- c:\windows\system32\hpzjsn01.dll
2010-05-09 19:46 . 2005-04-08 15:51 278528 ----a-w- c:\windows\system32\hpgwiamd.dll
2010-05-09 19:46 . 2005-03-08 19:41 139345 ----a-w- c:\windows\system32\hpzlnt12.dll
2010-05-09 19:46 . 2005-03-08 19:41 393216 ----a-w- c:\windows\system32\hpzcon12.dll
2010-05-09 19:46 . 2005-03-08 19:41 196608 ----a-w- c:\windows\system32\hpzcoi12.dll
2010-05-09 19:41 . 2010-05-10 19:24 -------- d-----w- c:\program files\SopCast
2010-05-09 18:56 . 2010-05-09 18:56 0 ----a-w- c:\windows\nsreg.dat
2010-05-09 18:56 . 2010-05-09 18:56 -------- d-----w- c:\documents and settings\grumpy\Local Settings\Application Data\Mozilla
2010-05-09 18:30 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-09 18:30 . 2010-05-10 19:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-09 18:30 . 2010-05-09 18:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-09 18:30 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-09 18:29 . 2010-05-10 19:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-05-09 18:29 . 2010-05-10 19:24 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-05-09 18:26 . 2010-02-16 14:08 2146304 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-05-09 18:26 . 2010-02-16 13:25 2066816 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-05-09 18:26 . 2010-02-16 13:25 2024448 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-05-09 18:26 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-05-09 17:47 . 2010-05-09 17:47 -------- d-----w- c:\documents and settings\grumpy\Application Data\acccore
2010-05-09 17:47 . 2010-05-09 18:46 -------- d-----w- c:\documents and settings\grumpy\Local Settings\Application Data\AIM
2010-05-09 17:47 . 2010-05-09 17:47 -------- d-----w- c:\documents and settings\grumpy\Local Settings\Application Data\AOL
2010-05-09 17:46 . 2010-05-09 17:46 -------- d-----w- c:\documents and settings\All Users\Application Data\AIM
2010-05-09 17:46 . 2010-05-10 19:23 -------- d-----w- c:\program files\AIM
2010-05-09 17:46 . 2010-05-10 19:23 -------- d-----w- c:\program files\Common Files\AOL
2010-05-09 17:29 . 2008-04-14 04:15 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2010-05-09 17:29 . 2008-04-14 04:15 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-05-09 17:24 . 2010-05-10 10:06 -------- d-----w- c:\documents and settings\grumpy\Local Settings\Application Data\CutePDF Writer
2010-05-09 17:23 . 2010-05-09 17:23 -------- d-----w- c:\program files\GPLGS
2010-05-09 17:23 . 2009-11-05 12:39 87552 ----a-w- c:\windows\system32\cpwmon2k.dll
2010-05-09 17:23 . 2010-05-09 17:23 -------- d-----w- c:\program files\Acro Software
2010-05-09 17:21 . 2010-05-09 17:21 -------- d-----w- c:\documents and settings\grumpy\Local Settings\Application Data\Temp
2010-05-09 17:21 . 2010-05-09 17:21 -------- d-----w- c:\documents and settings\grumpy\Local Settings\Application Data\Google
2010-05-09 17:19 . 2010-05-09 17:19 -------- d-----w- c:\program files\MWSnap
2010-05-09 17:18 . 2010-05-09 17:18 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Adobe
2010-05-09 17:18 . 2010-05-09 17:18 -------- d-----w- c:\program files\Common Files\Adobe
2010-05-09 17:17 . 2010-05-09 17:24 -------- d-----w- c:\documents and settings\grumpy\Local Settings\Application Data\Adobe
2010-05-09 17:17 . 2010-05-09 17:17 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-05-09 17:17 . 2010-05-09 17:31 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-05-09 16:34 . 2010-05-09 16:34 -------- d-sh--w- c:\documents and settings\grumpy\UserData
2010-05-09 16:15 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2010-05-09 15:00 . 2010-05-11 11:24 -------- d-sh--w- c:\program files\LeechLLC

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-10 19:27 . 2010-05-10 13:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-05-10 19:26 . 2010-05-09 17:13 -------- d-----w- c:\documents and settings\grumpy\Application Data\Winamp
2010-05-10 19:24 . 2010-05-10 19:24 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2010-05-10 19:24 . 2010-05-10 19:24 -------- d-----w- c:\program files\Common Files\HP
2010-05-10 19:24 . 2010-05-10 19:24 -------- d-----w- c:\program files\Hewlett-Packard
2010-05-10 19:07 . 2010-05-10 11:31 -------- d-----w- c:\program files\Dell
2010-05-10 18:13 . 2010-05-10 18:13 -------- d-----w- c:\documents and settings\grumpy\Application Data\Malwarebytes
2010-05-10 13:00 . 2010-05-10 13:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-05-10 11:39 . 2010-05-09 14:49 31200 ----a-w- c:\documents and settings\grumpy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-10 00:28 . 2010-05-09 14:01 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-05-09 23:43 . 2010-05-09 14:58 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-09 17:14 . 2010-05-09 17:13 -------- d-----w- c:\program files\Winamp
2010-05-09 17:13 . 2010-05-09 17:13 -------- d-----w- c:\program files\Winamp Detect
2010-05-09 14:59 . 2010-05-09 14:59 -------- d-----w- c:\program files\Intel
2010-05-09 14:49 . 2010-05-09 14:49 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA
2010-05-09 14:49 . 2010-05-09 14:49 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
2010-05-09 14:47 . 2010-05-09 14:47 -------- d-----w- c:\program files\Common Files\InstallShield
2010-05-09 14:45 . 2010-05-09 14:45 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-09 14:45 . 2010-05-09 14:45 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-05-09 14:45 . 2010-05-09 14:45 -------- d-----w- c:\program files\SystemRequirementsLab
2010-05-09 14:02 . 2010-05-09 14:02 -------- d-----w- c:\program files\microsoft frontpage
2010-05-09 13:59 . 2010-05-09 13:59 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2010-03-10 06:15 . 2008-04-14 04:42 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:24 . 2008-04-14 04:42 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2008-04-13 23:47 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 14:08 . 2008-04-13 23:54 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2008-04-14 00:01 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33 . 2008-04-14 04:41 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2008-04-13 23:30 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\grumpy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-05-09 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-01 7618560]
"nwiz"="nwiz.exe" [2006-06-01 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-06-01 86016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 49152]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /M:625a940e56b

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\WINDOWS\\system32\\DKabcoms.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5/11/2010 7:00 AM 164048]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/11/2010 7:01 AM 19024]
R3 dkab_device;dkab_device;c:\windows\system32\DKabcoms.exe -service --> c:\windows\system32\DKabcoms.exe -service [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - HTTPFILTER
.
Contents of the 'Scheduled Tasks' folder

2010-05-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-1284227242-1644491937-1003Core.job
- c:\documents and settings\grumpy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-09 17:21]

2010-05-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-1284227242-1644491937-1003UA.job
- c:\documents and settings\grumpy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-09 17:21]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
FF - ProfilePath - c:\documents and settings\grumpy\Application Data\Mozilla\Firefox\Profiles\4iocrouq.default\
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - plugin: c:\documents and settings\grumpy\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-nvcpl - c:\program files\LeechLLC:mstorr.exe
ActiveSetup-{P7Y0U4W6-281Q-NI2I-UX0D-15QQ6LM01OW3} - c:\program files\LeechLLC:mstorr.exe -ac



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-12 05:56
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

c:\windows\system32\lsass.exe [724] 0x864CB2E0
c:\program files\LeechLLC:mstorr.exe [3204] 0x859E7BC0
scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
nvcpl = c:\program files\LeechLLC:mstorr.exe???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(4000)
c:\windows\system32\WININET.dll
c:\windows\system32\nview.dll
c:\windows\system32\nvwddi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2010-05-12 05:57:36
ComboFix-quarantined-files.txt 2010-05-12 09:57

Pre-Run: 124,572,647,424 bytes free
Post-Run: 124,666,122,240 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - AC99A8C356833ADDE990C7CA5BE4318B
  • 0

#7
RKinner
Posted 12 May 2010 - 09:38 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Actually did not want you to re-enable TeaTimer yet. Got to change my write up to just say anti-virus program. Without knowing what it found I can't tell you if it was right or not. Best to turn it off again until we are done.

Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

Killall:

DirLook::
C:\Program Files\Common

File::
c:\program files\LeechLLC:mstorr.exe
c:\windows\system32\DKabcoms.exe

Driver::
dkab_device

Folder::
c:\program files\LeechLLC

Registry::
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
nvcpl=-


******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Drag it over to george and let it start as before.

Post the new log.

Ron
  • 0

#8
JaRvEy
Posted 12 May 2010 - 10:12 AM

JaRvEy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
I messed up, Ron. Here's what happened:

1) deactivated Spybot Teatimer - well i thought i did. maybe i clickced Spybot closed before it was really deactivated.

2) i create the notepad and drop it into Combofix.

3) ran Combofix and then my computer rebooted and i saw the Spybot allow/deny change box indicating i probably messed up on Teatimer.

4) received the log (see below)

5) then numerous Spybot allow/deny change boxes popped up (denied all)

I know your previous instructions said not to run Combofix more than once and therefore i didn't. What should i do now?







ComboFix 10-05-11.06 - grumpy 05/12/2010 11:55:36.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.764 [GMT -4:00]
Running from: c:\documents and settings\grumpy\Desktop\george.exe
Command switches used :: c:\documents and settings\grumpy\Desktop\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"c:\program files\LeechLLC:mstorr.exe"
"c:\windows\system32\DKabcoms.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\LeechLLC
c:\windows\system32\DKabcoms.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DKAB_DEVICE
-------\Service_dkab_device


((((((((((((((((((((((((( Files Created from 2010-04-12 to 2010-05-12 )))))))))))))))))))))))))))))))
.

2010-05-11 11:52 . 2010-05-11 11:53 -------- d-----w- c:\program files\ERUNT
2010-05-11 11:01 . 2010-05-06 20:33 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-11 11:00 . 2010-05-06 20:39 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-11 11:00 . 2010-05-06 20:34 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-11 11:00 . 2010-05-06 20:39 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-11 11:00 . 2010-05-06 20:33 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-05-11 11:00 . 2010-05-06 20:33 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-05-11 11:00 . 2010-05-06 20:33 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-05-11 11:00 . 2010-05-06 20:59 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-05-11 11:00 . 2010-05-06 20:59 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-11 11:00 . 2010-05-11 11:00 -------- d-----w- c:\program files\Alwil Software
2010-05-11 11:00 . 2010-05-11 11:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-05-11 09:49 . 2010-05-11 09:49 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-05-11 07:00 . 2010-05-11 07:00 -------- d-----w- c:\program files\MSXML 4.0
2010-05-10 20:37 . 2010-05-10 20:37 388096 ----a-r- c:\documents and settings\grumpy\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-05-10 20:37 . 2010-05-10 20:37 -------- d-----w- c:\program files\Trend Micro
2010-05-10 19:27 . 2010-05-10 19:27 -------- d-----w- c:\windows\system32\wbem\Repository
2010-05-10 13:00 . 2010-05-10 13:00 -------- d-----w- c:\documents and settings\grumpy\Application Data\Yahoo!
2010-05-10 12:59 . 2010-05-10 19:25 -------- d-----w- c:\program files\Yahoo!
2010-05-10 12:32 . 2010-05-10 12:32 -------- d-sh--w- c:\documents and settings\grumpy\PrivacIE
2010-05-10 12:31 . 2010-05-10 12:31 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-05-10 12:31 . 2010-05-10 12:31 -------- d-sh--w- c:\documents and settings\grumpy\IETldCache
2010-05-10 12:27 . 2010-05-10 12:27 -------- d-----w- c:\windows\ie8updates
2010-05-10 12:25 . 2010-05-10 19:27 -------- dc-h--w- c:\windows\ie8
2010-05-10 12:22 . 2010-02-25 06:24 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-05-10 12:22 . 2010-02-25 06:24 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-05-10 12:22 . 2010-02-25 06:24 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-05-10 12:22 . 2010-02-25 06:24 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-05-10 12:22 . 2010-02-25 06:24 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-05-10 12:22 . 2010-02-16 04:50 64000 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-05-10 11:32 . 2006-11-15 20:37 360448 ----a-w- c:\windows\system32\lexlog.dll
2010-05-10 11:32 . 2010-05-10 11:32 -------- d-----w- c:\program files\Dell_HostCD
2010-05-09 21:11 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-05-09 21:11 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys
2010-05-09 20:28 . 2009-01-07 22:21 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2010-05-09 20:27 . 2010-05-12 01:07 -------- d--h--w- c:\windows\$hf_mig$
2010-05-09 19:56 . 2010-05-09 19:56 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2010-05-09 19:55 . 2008-04-14 04:15 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2010-05-09 19:55 . 2008-04-14 04:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-05-09 19:55 . 2004-09-29 16:15 204800 ----a-w- c:\windows\system32\HPZipr12.dll
2010-05-09 19:55 . 2004-09-29 16:14 69632 ----a-w- c:\windows\system32\HPZipm12.exe
2010-05-09 19:55 . 2004-09-29 16:12 278584 ----a-w- c:\windows\system32\HPZidr12.dll
2010-05-09 19:55 . 2004-09-29 16:09 57344 ----a-w- c:\windows\system32\HPZisn12.dll
2010-05-09 19:55 . 2004-09-29 16:09 94208 ----a-w- c:\windows\system32\HPZipt12.dll
2010-05-09 19:55 . 2004-09-29 16:08 61440 ----a-w- c:\windows\system32\HPZinw12.exe
2010-05-09 19:55 . 1998-10-29 20:45 306688 ----a-w- c:\windows\IsUninst.exe
2010-05-09 19:53 . 2010-05-10 19:08 -------- d-----w- c:\program files\HP
2010-05-09 19:52 . 2010-05-09 19:58 113025 ----a-w- c:\windows\hpoins07.dat
2010-05-09 19:52 . 2005-05-24 20:52 21124 ------w- c:\windows\hpomdl07.dat
2010-05-09 19:46 . 2010-05-10 20:38 -------- d-----w- c:\documents and settings\grumpy\Application Data\HP
2010-05-09 19:46 . 2005-03-08 19:43 51120 ----a-w- c:\windows\system32\drivers\HPZid412.sys
2010-05-09 19:46 . 2005-03-08 19:43 16496 ----a-w- c:\windows\system32\drivers\HPZipr12.sys
2010-05-09 19:46 . 2005-04-08 15:51 258122 ----a-w- c:\windows\system32\hpovst08.dll
2010-05-09 19:46 . 2005-04-08 15:51 606208 ----a-w- c:\windows\system32\hpotscl.dll
2010-05-09 19:46 . 2005-02-05 02:58 98304 ----a-w- c:\windows\system32\hpzjsn01.dll
2010-05-09 19:46 . 2005-04-08 15:51 278528 ----a-w- c:\windows\system32\hpgwiamd.dll
2010-05-09 19:46 . 2005-03-08 19:41 139345 ----a-w- c:\windows\system32\hpzlnt12.dll
2010-05-09 19:46 . 2005-03-08 19:41 393216 ----a-w- c:\windows\system32\hpzcon12.dll
2010-05-09 19:46 . 2005-03-08 19:41 196608 ----a-w- c:\windows\system32\hpzcoi12.dll
2010-05-09 19:41 . 2010-05-10 19:24 -------- d-----w- c:\program files\SopCast
2010-05-09 18:56 . 2010-05-09 18:56 0 ----a-w- c:\windows\nsreg.dat
2010-05-09 18:56 . 2010-05-09 18:56 -------- d-----w- c:\documents and settings\grumpy\Local Settings\Application Data\Mozilla
2010-05-09 18:30 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-09 18:30 . 2010-05-10 19:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-09 18:30 . 2010-05-09 18:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-09 18:30 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-09 18:29 . 2010-05-10 19:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-05-09 18:29 . 2010-05-10 19:24 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-05-09 18:26 . 2010-02-16 14:08 2146304 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-05-09 18:26 . 2010-02-16 13:25 2066816 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-05-09 18:26 . 2010-02-16 13:25 2024448 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-05-09 18:26 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-05-09 17:47 . 2010-05-09 17:47 -------- d-----w- c:\documents and settings\grumpy\Application Data\acccore
2010-05-09 17:47 . 2010-05-09 18:46 -------- d-----w- c:\documents and settings\grumpy\Local Settings\Application Data\AIM
2010-05-09 17:47 . 2010-05-09 17:47 -------- d-----w- c:\documents and settings\grumpy\Local Settings\Application Data\AOL
2010-05-09 17:46 . 2010-05-09 17:46 -------- d-----w- c:\documents and settings\All Users\Application Data\AIM
2010-05-09 17:46 . 2010-05-10 19:23 -------- d-----w- c:\program files\AIM
2010-05-09 17:46 . 2010-05-10 19:23 -------- d-----w- c:\program files\Common Files\AOL
2010-05-09 17:29 . 2008-04-14 04:15 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2010-05-09 17:29 . 2008-04-14 04:15 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-05-09 17:24 . 2010-05-10 10:06 -------- d-----w- c:\documents and settings\grumpy\Local Settings\Application Data\CutePDF Writer
2010-05-09 17:23 . 2010-05-09 17:23 -------- d-----w- c:\program files\GPLGS
2010-05-09 17:23 . 2009-11-05 12:39 87552 ----a-w- c:\windows\system32\cpwmon2k.dll
2010-05-09 17:23 . 2010-05-09 17:23 -------- d-----w- c:\program files\Acro Software
2010-05-09 17:21 . 2010-05-09 17:21 -------- d-----w- c:\documents and settings\grumpy\Local Settings\Application Data\Temp
2010-05-09 17:21 . 2010-05-09 17:21 -------- d-----w- c:\documents and settings\grumpy\Local Settings\Application Data\Google
2010-05-09 17:19 . 2010-05-09 17:19 -------- d-----w- c:\program files\MWSnap
2010-05-09 17:18 . 2010-05-09 17:18 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Adobe
2010-05-09 17:18 . 2010-05-09 17:18 -------- d-----w- c:\program files\Common Files\Adobe
2010-05-09 17:17 . 2010-05-09 17:24 -------- d-----w- c:\documents and settings\grumpy\Local Settings\Application Data\Adobe
2010-05-09 17:17 . 2010-05-09 17:17 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-05-09 17:17 . 2010-05-09 17:31 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-05-09 16:34 . 2010-05-09 16:34 -------- d-sh--w- c:\documents and settings\grumpy\UserData
2010-05-09 16:15 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-10 19:27 . 2010-05-10 13:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-05-10 19:26 . 2010-05-09 17:13 -------- d-----w- c:\documents and settings\grumpy\Application Data\Winamp
2010-05-10 19:24 . 2010-05-10 19:24 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2010-05-10 19:24 . 2010-05-10 19:24 -------- d-----w- c:\program files\Common Files\HP
2010-05-10 19:24 . 2010-05-10 19:24 -------- d-----w- c:\program files\Hewlett-Packard
2010-05-10 19:07 . 2010-05-10 11:31 -------- d-----w- c:\program files\Dell
2010-05-10 18:13 . 2010-05-10 18:13 -------- d-----w- c:\documents and settings\grumpy\Application Data\Malwarebytes
2010-05-10 13:00 . 2010-05-10 13:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-05-10 11:39 . 2010-05-09 14:49 31200 ----a-w- c:\documents and settings\grumpy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-10 00:28 . 2010-05-09 14:01 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-05-09 23:43 . 2010-05-09 14:58 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-09 17:14 . 2010-05-09 17:13 -------- d-----w- c:\program files\Winamp
2010-05-09 17:13 . 2010-05-09 17:13 -------- d-----w- c:\program files\Winamp Detect
2010-05-09 14:59 . 2010-05-09 14:59 -------- d-----w- c:\program files\Intel
2010-05-09 14:49 . 2010-05-09 14:49 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA
2010-05-09 14:49 . 2010-05-09 14:49 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
2010-05-09 14:47 . 2010-05-09 14:47 -------- d-----w- c:\program files\Common Files\InstallShield
2010-05-09 14:45 . 2010-05-09 14:45 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-09 14:45 . 2010-05-09 14:45 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-05-09 14:45 . 2010-05-09 14:45 -------- d-----w- c:\program files\SystemRequirementsLab
2010-05-09 14:02 . 2010-05-09 14:02 -------- d-----w- c:\program files\microsoft frontpage
2010-05-09 13:59 . 2010-05-09 13:59 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2010-03-10 06:15 . 2008-04-14 04:42 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:24 . 2008-04-14 04:42 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2008-04-13 23:47 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 14:08 . 2008-04-13 23:54 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2008-04-14 00:01 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33 . 2008-04-14 04:41 100864 ----a-w- c:\windows\system32\6to4svc.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\program files\Common ----



((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\grumpy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-05-09 136176]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-01 7618560]
"nwiz"="nwiz.exe" [2006-06-01 1519616]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 86016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 49152]
"nvcpl"="c:\program files\LeechLLC:mstorr.exe" [BU]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /M:625a940e56b

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5/11/2010 7:00 AM 164048]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/11/2010 7:01 AM 19024]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{P7Y0U4W6-281Q-NI2I-UX0D-15QQ6LM01OW3}]
c:\program files\LeechLLC:mstorr.exe -ac [BU]
.
Contents of the 'Scheduled Tasks' folder

2010-05-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-1284227242-1644491937-1003Core.job
- c:\documents and settings\grumpy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-09 17:21]

2010-05-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-1284227242-1644491937-1003UA.job
- c:\documents and settings\grumpy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-09 17:21]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
FF - ProfilePath - c:\documents and settings\grumpy\Application Data\Mozilla\Firefox\Profiles\4iocrouq.default\
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - plugin: c:\documents and settings\grumpy\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-12 12:00
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
nvcpl = c:\program files\LeechLLC:mstorr.exe???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3160)
c:\windows\system32\WININET.dll
c:\windows\system32\nview.dll
c:\windows\system32\nvwddi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\rundll32.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-05-12 12:03:12 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-12 16:03
ComboFix2.txt 2010-05-12 09:57

Pre-Run: 124,626,026,496 bytes free
Post-Run: 124,522,315,776 bytes free

- - End Of File - - 802CC289931642D01406BA4FD1072010
  • 0

#9
RKinner
Posted 12 May 2010 - 10:43 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

Killall:

RegLock::
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{P7Y0U4W6-281Q-NI2I-UX0D-15QQ6LM01OW3}]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{P7Y0U4W6-281Q-NI2I-UX0D-15QQ6LM01OW3}]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
"nvcpl"=-


******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Drag it over to george and let it start as before.

Post the new log.

Ron
  • 0

#10
JaRvEy
Posted 12 May 2010 - 11:01 AM

JaRvEy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
Ok. I checked twice to make sure Teatimer was off. The log is below.

Quick question: Why is there an additional IE desktop icon whenever I use Combofix?






ComboFix 10-05-11.06 - grumpy 05/12/2010 12:51:51.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.690 [GMT -4:00]
Running from: c:\documents and settings\grumpy\Desktop\george.exe
Command switches used :: c:\documents and settings\grumpy\Desktop\CFScript.txt
AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((( Files Created from 2010-04-12 to 2010-05-12 )))))))))))))))))))))))))))))))
.

2010-05-11 11:52 . 2010-05-11 11:53 -------- d-----w- c:\program files\ERUNT
2010-05-11 11:01 . 2010-05-06 20:33 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-11 11:00 . 2010-05-06 20:39 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-11 11:00 . 2010-05-06 20:34 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-11 11:00 . 2010-05-06 20:39 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-11 11:00 . 2010-05-06 20:33 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-05-11 11:00 . 2010-05-06 20:33 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-05-11 11:00 . 2010-05-06 20:33 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-05-11 11:00 . 2010-05-06 20:59 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-05-11 11:00 . 2010-05-06 20:59 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-11 11:00 . 2010-05-11 11:00 -------- d-----w- c:\program files\Alwil Software
2010-05-11 11:00 . 2010-05-11 11:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-05-11 09:49 . 2010-05-11 09:49 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-05-11 07:00 . 2010-05-11 07:00 -------- d-----w- c:\program files\MSXML 4.0
2010-05-10 20:37 . 2010-05-10 20:37 388096 ----a-r- c:\documents and settings\grumpy\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-05-10 20:37 . 2010-05-10 20:37 -------- d-----w- c:\program files\Trend Micro
2010-05-10 19:27 . 2010-05-10 19:27 -------- d-----w- c:\windows\system32\wbem\Repository
2010-05-10 13:00 . 2010-05-10 13:00 -------- d-----w- c:\documents and settings\grumpy\Application Data\Yahoo!
2010-05-10 12:59 . 2010-05-10 19:25 -------- d-----w- c:\program files\Yahoo!
2010-05-10 12:32 . 2010-05-10 12:32 -------- d-sh--w- c:\documents and settings\grumpy\PrivacIE
2010-05-10 12:31 . 2010-05-10 12:31 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-05-10 12:31 . 2010-05-10 12:31 -------- d-sh--w- c:\documents and settings\grumpy\IETldCache
2010-05-10 12:27 . 2010-05-10 12:27 -------- d-----w- c:\windows\ie8updates
2010-05-10 12:25 . 2010-05-10 19:27 -------- dc-h--w- c:\windows\ie8
2010-05-10 12:22 . 2010-02-25 06:24 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-05-10 12:22 . 2010-02-25 06:24 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-05-10 12:22 . 2010-02-25 06:24 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-05-10 12:22 . 2010-02-25 06:24 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-05-10 12:22 . 2010-02-25 06:24 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-05-10 12:22 . 2010-02-16 04:50 64000 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-05-10 11:32 . 2006-11-15 20:37 360448 ----a-w- c:\windows\system32\lexlog.dll
2010-05-10 11:32 . 2010-05-10 11:32 -------- d-----w- c:\program files\Dell_HostCD
2010-05-09 21:11 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-05-09 21:11 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys
2010-05-09 20:28 . 2009-01-07 22:21 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2010-05-09 20:27 . 2010-05-12 01:07 -------- d--h--w- c:\windows\$hf_mig$
2010-05-09 19:56 . 2010-05-09 19:56 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2010-05-09 19:55 . 2008-04-14 04:15 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2010-05-09 19:55 . 2008-04-14 04:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-05-09 19:55 . 2004-09-29 16:15 204800 ----a-w- c:\windows\system32\HPZipr12.dll
2010-05-09 19:55 . 2004-09-29 16:14 69632 ----a-w- c:\windows\system32\HPZipm12.exe
2010-05-09 19:55 . 2004-09-29 16:12 278584 ----a-w- c:\windows\system32\HPZidr12.dll
2010-05-09 19:55 . 2004-09-29 16:09 57344 ----a-w- c:\windows\system32\HPZisn12.dll
2010-05-09 19:55 . 2004-09-29 16:09 94208 ----a-w- c:\windows\system32\HPZipt12.dll
2010-05-09 19:55 . 2004-09-29 16:08 61440 ----a-w- c:\windows\system32\HPZinw12.exe
2010-05-09 19:55 . 1998-10-29 20:45 306688 ----a-w- c:\windows\IsUninst.exe
2010-05-09 19:53 . 2010-05-10 19:08 -------- d-----w- c:\program files\HP
2010-05-09 19:52 . 2010-05-09 19:58 113025 ----a-w- c:\windows\hpoins07.dat
2010-05-09 19:52 . 2005-05-24 20:52 21124 ------w- c:\windows\hpomdl07.dat
2010-05-09 19:46 . 2010-05-10 20:38 -------- d-----w- c:\documents and settings\grumpy\Application Data\HP
2010-05-09 19:46 . 2005-03-08 19:43 51120 ----a-w- c:\windows\system32\drivers\HPZid412.sys
2010-05-09 19:46 . 2005-03-08 19:43 16496 ----a-w- c:\windows\system32\drivers\HPZipr12.sys
2010-05-09 19:46 . 2005-04-08 15:51 258122 ----a-w- c:\windows\system32\hpovst08.dll
2010-05-09 19:46 . 2005-04-08 15:51 606208 ----a-w- c:\windows\system32\hpotscl.dll
2010-05-09 19:46 . 2005-02-05 02:58 98304 ----a-w- c:\windows\system32\hpzjsn01.dll
2010-05-09 19:46 . 2005-04-08 15:51 278528 ----a-w- c:\windows\system32\hpgwiamd.dll
2010-05-09 19:46 . 2005-03-08 19:41 139345 ----a-w- c:\windows\system32\hpzlnt12.dll
2010-05-09 19:46 . 2005-03-08 19:41 393216 ----a-w- c:\windows\system32\hpzcon12.dll
2010-05-09 19:46 . 2005-03-08 19:41 196608 ----a-w- c:\windows\system32\hpzcoi12.dll
2010-05-09 19:41 . 2010-05-10 19:24 -------- d-----w- c:\program files\SopCast
2010-05-09 18:56 . 2010-05-09 18:56 0 ----a-w- c:\windows\nsreg.dat
2010-05-09 18:56 . 2010-05-09 18:56 -------- d-----w- c:\documents and settings\grumpy\Local Settings\Application Data\Mozilla
2010-05-09 18:30 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-09 18:30 . 2010-05-10 19:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-09 18:30 . 2010-05-09 18:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-09 18:30 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-09 18:29 . 2010-05-10 19:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-05-09 18:29 . 2010-05-10 19:24 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-05-09 18:26 . 2010-02-16 14:08 2146304 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-05-09 18:26 . 2010-02-16 13:25 2066816 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-05-09 18:26 . 2010-02-16 13:25 2024448 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-05-09 18:26 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-05-09 17:47 . 2010-05-09 17:47 -------- d-----w- c:\documents and settings\grumpy\Application Data\acccore
2010-05-09 17:47 . 2010-05-09 18:46 -------- d-----w- c:\documents and settings\grumpy\Local Settings\Application Data\AIM
2010-05-09 17:47 . 2010-05-09 17:47 -------- d-----w- c:\documents and settings\grumpy\Local Settings\Application Data\AOL
2010-05-09 17:46 . 2010-05-09 17:46 -------- d-----w- c:\documents and settings\All Users\Application Data\AIM
2010-05-09 17:46 . 2010-05-10 19:23 -------- d-----w- c:\program files\AIM
2010-05-09 17:46 . 2010-05-10 19:23 -------- d-----w- c:\program files\Common Files\AOL
2010-05-09 17:29 . 2008-04-14 04:15 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2010-05-09 17:29 . 2008-04-14 04:15 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-05-09 17:24 . 2010-05-10 10:06 -------- d-----w- c:\documents and settings\grumpy\Local Settings\Application Data\CutePDF Writer
2010-05-09 17:23 . 2010-05-09 17:23 -------- d-----w- c:\program files\GPLGS
2010-05-09 17:23 . 2009-11-05 12:39 87552 ----a-w- c:\windows\system32\cpwmon2k.dll
2010-05-09 17:23 . 2010-05-09 17:23 -------- d-----w- c:\program files\Acro Software
2010-05-09 17:21 . 2010-05-09 17:21 -------- d-----w- c:\documents and settings\grumpy\Local Settings\Application Data\Temp
2010-05-09 17:21 . 2010-05-09 17:21 -------- d-----w- c:\documents and settings\grumpy\Local Settings\Application Data\Google
2010-05-09 17:19 . 2010-05-09 17:19 -------- d-----w- c:\program files\MWSnap
2010-05-09 17:18 . 2010-05-09 17:18 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Adobe
2010-05-09 17:18 . 2010-05-09 17:18 -------- d-----w- c:\program files\Common Files\Adobe
2010-05-09 17:17 . 2010-05-09 17:24 -------- d-----w- c:\documents and settings\grumpy\Local Settings\Application Data\Adobe
2010-05-09 17:17 . 2010-05-09 17:17 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-05-09 17:17 . 2010-05-09 17:31 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-05-09 16:34 . 2010-05-09 16:34 -------- d-sh--w- c:\documents and settings\grumpy\UserData
2010-05-09 16:15 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-10 19:27 . 2010-05-10 13:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-05-10 19:26 . 2010-05-09 17:13 -------- d-----w- c:\documents and settings\grumpy\Application Data\Winamp
2010-05-10 19:24 . 2010-05-10 19:24 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2010-05-10 19:24 . 2010-05-10 19:24 -------- d-----w- c:\program files\Common Files\HP
2010-05-10 19:24 . 2010-05-10 19:24 -------- d-----w- c:\program files\Hewlett-Packard
2010-05-10 19:07 . 2010-05-10 11:31 -------- d-----w- c:\program files\Dell
2010-05-10 18:13 . 2010-05-10 18:13 -------- d-----w- c:\documents and settings\grumpy\Application Data\Malwarebytes
2010-05-10 13:00 . 2010-05-10 13:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-05-10 11:39 . 2010-05-09 14:49 31200 ----a-w- c:\documents and settings\grumpy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-10 00:28 . 2010-05-09 14:01 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-05-09 23:43 . 2010-05-09 14:58 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-09 17:14 . 2010-05-09 17:13 -------- d-----w- c:\program files\Winamp
2010-05-09 17:13 . 2010-05-09 17:13 -------- d-----w- c:\program files\Winamp Detect
2010-05-09 14:59 . 2010-05-09 14:59 -------- d-----w- c:\program files\Intel
2010-05-09 14:49 . 2010-05-09 14:49 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA
2010-05-09 14:49 . 2010-05-09 14:49 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
2010-05-09 14:47 . 2010-05-09 14:47 -------- d-----w- c:\program files\Common Files\InstallShield
2010-05-09 14:45 . 2010-05-09 14:45 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-09 14:45 . 2010-05-09 14:45 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-05-09 14:45 . 2010-05-09 14:45 -------- d-----w- c:\program files\SystemRequirementsLab
2010-05-09 14:02 . 2010-05-09 14:02 -------- d-----w- c:\program files\microsoft frontpage
2010-05-09 13:59 . 2010-05-09 13:59 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2010-03-10 06:15 . 2008-04-14 04:42 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:24 . 2008-04-14 04:42 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2008-04-13 23:47 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 14:08 . 2008-04-13 23:54 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2008-04-14 00:01 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33 . 2008-04-14 04:41 100864 ----a-w- c:\windows\system32\6to4svc.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\grumpy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-05-09 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-01 7618560]
"nwiz"="nwiz.exe" [2006-06-01 1519616]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 86016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 49152]
"nvcpl"="c:\program files\LeechLLC:mstorr.exe" [BU]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /M:625a940e56b

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5/11/2010 7:00 AM 164048]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/11/2010 7:01 AM 19024]
.
Contents of the 'Scheduled Tasks' folder

2010-05-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-1284227242-1644491937-1003Core.job
- c:\documents and settings\grumpy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-09 17:21]

2010-05-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-1284227242-1644491937-1003UA.job
- c:\documents and settings\grumpy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-09 17:21]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
FF - ProfilePath - c:\documents and settings\grumpy\Application Data\Mozilla\Firefox\Profiles\4iocrouq.default\
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - plugin: c:\documents and settings\grumpy\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-12 12:55
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
nvcpl = c:\program files\LeechLLC:mstorr.exe???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2676)
c:\windows\system32\WININET.dll
c:\windows\system32\nview.dll
c:\windows\system32\nvwddi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\RunDLL32.exe
c:\windows\system32\rundll32.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-05-12 12:58:16 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-12 16:58
ComboFix2.txt 2010-05-12 16:03
ComboFix3.txt 2010-05-12 09:57

Pre-Run: 124,563,800,064 bytes free
Post-Run: 124,544,479,232 bytes free

- - End Of File - - 7BA3D878027F8F06510DF2550E6C4728
  • 0

Advertisements

#11
RKinner
Posted 12 May 2010 - 11:33 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Can you run GMER again per the guide? Need to see if there is still something hiding.

Ron
  • 0

#12
JaRvEy
Posted 12 May 2010 - 11:49 AM

JaRvEy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
I didn't reinstall GMER. I just clicked the current program icon on my desktop and this is what i received:


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-05-12 13:47:35
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\grumpy\LOCALS~1\Temp\pxtdapog.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0xF49F7AC6]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0xF49F78EA]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0xF49F7A24]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- EOF - GMER 1.0.15 ----
  • 0

#13
RKinner
Posted 12 May 2010 - 12:21 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
GMER says you are clean. Combofix still complains about a hidden registry entry but I think we got rid of the file it points to so don't think it can hurt you. Do you have any problems?

Ron
  • 0

#14
JaRvEy
Posted 12 May 2010 - 12:43 PM

JaRvEy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
I just ran:
1) Malwarebytes' quick scan = clean
2) Avast = clean

Running Spybot now and Malwarebytes' full scan later.

No real problems right now. before my add/remove programs wasn't loading right. but i rebooted twice and it seems ok now.

What's up with the extra internet explorer icon after Combofix, Ron? That seems odd to me.
  • 0

#15
RKinner
Posted 12 May 2010 - 12:56 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
No idea. Are they identical or does one have a little shortcut arrow?

Right click on each and check the properties and see if they are both going to the same place.

Ron
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP