gmer
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-16 15:08:19
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\E\LOCALS~1\Temp\pxtdqpow.sys
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\System32\svchost.exe[1032] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0092000A
.text C:\WINDOWS\System32\svchost.exe[1032] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0093000A
.text C:\WINDOWS\System32\svchost.exe[1032] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0091000C
.text C:\WINDOWS\System32\svchost.exe[1032] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 0185000A
.text C:\WINDOWS\System32\svchost.exe[1032] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00DF000A
.text C:\WINDOWS\Explorer.EXE[1584] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B7000A
.text C:\WINDOWS\Explorer.EXE[1584] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00BD000A
.text C:\WINDOWS\Explorer.EXE[1584] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B6000C
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Tcpip \Device\Ip sosnf32.sys (SOSNF32/CYBERsitter LLC)
AttachedDevice \Driver\Tcpip \Device\Tcp sosnf32.sys (SOSNF32/CYBERsitter LLC)
AttachedDevice \Driver\Tcpip \Device\Udp sosnf32.sys (SOSNF32/CYBERsitter LLC)
AttachedDevice \Driver\Tcpip \Device\RawIp sosnf32.sys (SOSNF32/CYBERsitter LLC)
---- Threads - GMER 1.0.15 ----
Thread System [4:264] 828F4298
---- Registry - GMER 1.0.15 ----
Reg HKLM\SOFTWARE\Classes\CLSID\{519B1951-8979-4280-9284-EC68FDDC8DBD}\SOSNF@STA 3CD4A82EA3AF5FDE
Reg HKLM\SOFTWARE\Classes\CLSID\{519B1951-8979-4280-9284-EC68FDDC8DBD}\SOSNF@STB A53F6418CF3781B5
---- EOF - GMER 1.0.15 ----
otl
OTL logfile created on: 6/16/2010 3:23:40 PM - Run 2
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\E\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
511.00 Mb Total Physical Memory | 131.00 Mb Available Physical Memory | 26.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 24.77 Gb Free Space | 66.50% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 149.05 Gb Total Space | 97.50 Gb Free Space | 65.42% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: KEW
Current User Name: E
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/06/14 20:36:59 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\E\Desktop\OTL.exe
PRC - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/04/01 12:58:04 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/02/13 12:52:30 | 001,633,664 | ---- | M] (Solid Oak Software) -- C:\Program Files\SOS\SOSNF\sosnflsv.exe
PRC - [2010/02/13 12:52:28 | 001,106,304 | ---- | M] (Solid Oak Software) -- C:\Program Files\SOS\SOSNF\sosnfusv.exe
PRC - [2010/02/13 12:52:26 | 001,182,080 | ---- | M] (Solid Oak Software) -- C:\Program Files\SOS\SOSNF\sosnffsv.exe
PRC - [2009/09/04 13:16:54 | 000,158,448 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneLauncher.exe
PRC - [2009/09/04 13:16:54 | 000,058,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ZuneBusEnum.exe
PRC - [2009/04/08 05:38:14 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2007/06/15 12:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\System32\bgsvcgen.exe
PRC - [2006/03/03 21:03:10 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe
PRC - [2001/08/17 17:36:42 | 000,024,064 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\devldr32.exe
========== Modules (SafeList) ==========
MOD - [2010/06/14 20:36:59 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\E\Desktop\OTL.exe
MOD - [2008/04/13 19:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- -- (Symantec Core LC)
SRV - File not found [Auto | Stopped] -- -- (Automatic LiveUpdate Scheduler)
SRV - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/02/13 12:52:30 | 001,633,664 | ---- | M] (Solid Oak Software) [Auto | Running] -- C:\Program Files\SOS\SOSNF\sosnflsv.exe -- (SOSNFLSV)
SRV - [2010/02/13 12:52:28 | 001,106,304 | ---- | M] (Solid Oak Software) [Auto | Running] -- C:\Program Files\SOS\SOSNF\sosnfusv.exe -- (sosnfusv)
SRV - [2010/02/13 12:52:26 | 001,182,080 | ---- | M] (Solid Oak Software) [Auto | Running] -- C:\Program Files\SOS\SOSNF\sosnffsv.exe -- (SOSNFFSV)
SRV - [2009/09/04 13:17:00 | 000,447,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2009/09/04 13:16:54 | 005,893,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2009/09/04 13:16:54 | 000,058,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\ZuneBusEnum.exe -- (ZuneBusEnum)
SRV - [2009/04/08 05:38:14 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2007/06/15 12:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\WINDOWS\System32\bgsvcgen.exe -- (bgsvcgen)
SRV - [2006/03/03 21:03:10 | 000,069,632 | ---- | M] (HP) [Unknown | Running] -- C:\WINDOWS\System32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2005/06/10 21:35:34 | 000,000,000 | ---D | M] [On_Demand | Stopped] -- C:\WINDOWS\system32\msdtc -- (MSDTC)
========== Driver Services (SafeList) ==========
DRV - [2010/02/13 12:52:22 | 000,047,488 | ---- | M] (CYBERsitter LLC) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\sosnf32.sys -- (sosnf32)
DRV - [2009/09/02 00:28:46 | 000,040,832 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\System32\DRIVERS\zumbus.sys -- (zumbus)
DRV - [2008/04/13 13:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\gameenum.sys -- (gameenum)
DRV - [2007/06/20 04:00:00 | 000,009,200 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2007/06/20 04:00:00 | 000,009,072 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2007/06/15 12:26:38 | 000,513,152 | ---- | M] (Windows ® 2000/XP) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\WmaCDriverV32.sys -- (WmaCDriverV32)
DRV - [2006/11/02 08:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\WinUSB.sys -- (WinUSB)
DRV - [2006/09/22 17:33:38 | 000,515,200 | ---- | M] (Windows ® 2000/XP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\SndTDriverV32.sys -- (SndTDriverV32)
DRV - [2006/02/20 19:17:00 | 000,033,408 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdrbsdrv.sys -- (cdrbsdrv)
DRV - [2005/08/15 09:05:59 | 000,060,928 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\w600bus.sys -- (w600bus) Sony Ericsson W600 driver (WDM)
DRV - [2005/07/18 13:26:40 | 000,085,952 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\w600obex.sys -- (w600obex)
DRV - [2005/07/18 13:25:36 | 000,088,080 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\w600mgmt.sys -- (w600mgmt)
DRV - [2005/07/18 13:24:32 | 000,096,672 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\w600mdm.sys -- (w600mdm)
DRV - [2005/07/18 13:24:26 | 000,008,336 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\w600mdfl.sys -- (w600mdfl)
DRV - [2005/06/11 11:33:44 | 000,004,608 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2004/08/03 17:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv)
DRV - [2001/08/17 07:19:34 | 000,036,480 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\sfmanm.sys -- (sfman) Creative SoundFont Manager Driver (WDM)
DRV - [2001/08/17 07:19:28 | 000,006,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\ctlfacem.sys -- (emu10k1) Creative Interface Manager Driver (WDM)
DRV - [2001/08/17 07:19:26 | 000,283,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\emu10k1m.sys -- (emu10k) Creative SB Live! (WDM)
DRV - [2001/08/17 07:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\ctljystk.sys -- (ctljystk)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://login.live.co...n...5&mkt=en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8C 4F F7 82 2D F6 CA 01 [binary data]
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/06 16:59:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/13 22:57:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Navigator 9.0.0.6\extensions\\Components: C:\Program Files\Netscape\Navigator 9\components [2010/06/03 23:16:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Navigator 9.0.0.6\extensions\\Plugins: C:\Program Files\Netscape\Navigator 9\plugins [2010/06/09 08:22:20 | 000,000,000 | ---D | M]
[2010/06/06 16:59:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\E\Application Data\Mozilla\Extensions
[2010/06/16 15:11:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\E\Application Data\Mozilla\Firefox\Profiles\f1tc91t3.default\extensions
[2010/06/16 15:10:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\E\Application Data\Mozilla\Firefox\Profiles\f1tc91t3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/06/16 15:11:05 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/13 22:57:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/06/13 22:57:34 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
O1 HOSTS File: ([2010/06/13 22:00:45 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DCA BHO) - {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files\Upromise\dca-bho.dll (Compete, Inc.)
O2 - BHO: (Upromise TurboSaver) - {EDC0F17F-F4B7-47e4-B73E-887FAEB376FA} - C:\Program Files\Upromise\upromisetoolbar.dll (Upromise, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Auto run of VideoCam Suite 1.0.lnk = C:\Program Files\Panasonic\VideoCamSuite\VideoCamSuiteAutoStart.exe (Matsushita Electric Industrial Co., Ltd.)
O4 - Startup: C:\Documents and Settings\E\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll (Upromise, Inc.)
O9 - Extra 'Tools' menuitem : Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll (Upromise, Inc.)
O9 - Extra Button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail....ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\web\wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\web\wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/06/10 21:39:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 90 Days ==========
[2010/06/14 23:52:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\E\Local Settings\Application Data\Temp
[2010/06/14 20:43:30 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/06/14 17:33:16 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\E\Desktop\OTL.exe
[2010/06/14 17:32:08 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\E\Desktop\erunt_setup.exe
[2010/06/13 23:48:07 | 000,201,728 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\E\Desktop\OTC.exe
[2010/06/13 23:11:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Sun
[2010/06/13 23:11:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/06/13 22:27:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\E\Desktop\anti-virus
[2010/06/13 22:24:53 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/06/13 22:10:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/06/13 21:30:37 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/06/13 21:22:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/06/13 16:02:48 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/06/11 21:29:57 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\E\Recent
[2010/06/09 08:27:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\E\My Documents\Downloads
[2010/06/06 17:04:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\McAfee
[2010/06/06 16:59:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\E\Local Settings\Application Data\Mozilla
[2010/06/06 16:59:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\E\Application Data\Mozilla
[2010/06/06 16:58:06 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/06/04 08:27:22 | 000,000,000 | R--D | C] -- C:\Documents and Settings\E\My Documents\My Videos
[2010/06/03 23:22:20 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/06/03 23:21:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/06/03 23:14:10 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/06/03 23:08:00 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/06/03 22:45:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\E\Local Settings\Application Data\Apple
[2010/06/03 21:16:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\E\Application Data\Apple Computer
[2010/06/03 21:10:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/05/30 14:14:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo! Companion
[2010/05/30 14:14:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\E\Application Data\Yahoo!
[2010/05/27 20:49:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Performance
[2010/05/27 20:49:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\E\Local Settings\Application Data\Microsoft Corporation
[2010/05/27 20:48:15 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows 7 Upgrade Advisor
[2010/05/25 10:11:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\E\Local Settings\Application Data\Adobe
[2010/05/24 21:16:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\E\Local Settings\Application Data\Netscape
[2010/05/24 21:16:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\E\Application Data\Netscape
[2010/05/24 21:16:20 | 000,000,000 | ---D | C] -- C:\Program Files\Netscape
[2010/05/24 21:13:30 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/24 21:13:29 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/05/24 21:13:29 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/23 08:55:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\E\Application Data\Malwarebytes
[2010/05/20 01:52:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\E\Local Settings\Application Data\Google
[2010/05/17 21:20:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\E\Application Data\Sun
[2010/05/17 20:58:42 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\E\IECompatCache
[2010/05/17 20:57:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\E\Application Data\HP
[2010/05/17 20:57:48 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\E\PrivacIE
[2010/05/17 20:57:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\E\Local Settings\Application Data\Apple Computer
[2010/05/17 20:56:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\E\Application Data\Identities
[2010/05/17 20:56:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\E\My Documents\My Music
[2010/05/17 20:56:35 | 000,000,000 | R--D | C] -- C:\Documents and Settings\E\My Documents\My Pictures
[2010/05/17 20:52:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\E\Application Data\Adobe
[2010/05/17 20:41:42 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\E\IETldCache
[2010/05/17 20:41:22 | 000,000,000 | --SD | C] -- C:\Documents and Settings\E\Application Data\Microsoft
[2010/05/17 20:41:22 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\E\SendTo
[2010/05/17 20:41:22 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\E\Application Data
[2010/05/17 20:41:22 | 000,000,000 | R--D | C] -- C:\Documents and Settings\E\My Documents
[2010/05/17 20:41:22 | 000,000,000 | R--D | C] -- C:\Documents and Settings\E\Favorites
[2010/05/17 20:41:22 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\E\Cookies
[2010/05/17 20:41:22 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\E\PrintHood
[2010/05/17 20:41:22 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\E\NetHood
[2010/05/17 20:41:22 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\E\Local Settings
[2010/05/17 20:41:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\E\Local Settings\Application Data\Microsoft
[2010/05/17 20:41:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\E\Application Data\Macromedia
[2010/05/17 20:41:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\E\Desktop
[2010/05/17 20:41:21 | 000,000,000 | R--D | C] -- C:\Documents and Settings\E\Start Menu
[2010/05/17 20:41:21 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\E\Templates
[2010/05/16 19:01:13 | 000,157,712 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2010/05/16 12:01:26 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/05/16 12:01:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Alwil Software
[2010/05/16 08:36:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\MSN6
[2010/04/27 23:49:30 | 000,000,000 | ---D | C] -- C:\Program Files\Upromise
[2003/12/09 14:16:52 | 000,442,368 | ---- | C] ( ) -- C:\WINDOWS\System32\comintfs.dll
========== Files - Modified Within 90 Days ==========
[2010/06/16 15:21:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/06/16 15:10:54 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/16 15:09:53 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/06/16 15:09:50 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/16 15:09:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/16 15:09:42 | 535,896,064 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/16 15:08:40 | 001,310,720 | -H-- | M] () -- C:\Documents and Settings\E\NTUSER.DAT
[2010/06/16 15:08:40 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\E\ntuser.ini
[2010/06/16 15:08:31 | 003,767,398 | -H-- | M] () -- C:\Documents and Settings\E\Local Settings\Application Data\IconCache.db
[2010/06/16 11:34:24 | 000,118,272 | ---- | M] () -- C:\Documents and Settings\E\My Documents\malware.doc
[2010/06/14 20:43:35 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\E\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/06/14 20:43:30 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\E\Desktop\NTREGOPT.lnk
[2010/06/14 20:43:30 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\E\Desktop\ERUNT.lnk
[2010/06/14 20:36:59 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\E\Desktop\OTL.exe
[2010/06/14 20:36:16 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\E\Desktop\gmer.zip
[2010/06/14 20:36:02 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\E\Desktop\erunt_setup.exe
[2010/06/14 16:45:08 | 000,003,879 | ---- | M] () -- C:\Documents and Settings\E\My Documents\kasp.html
[2010/06/14 03:50:41 | 000,201,728 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\E\Desktop\OTC.exe
[2010/06/13 22:01:36 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/06/13 22:00:45 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/06/13 21:30:46 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/06/13 10:32:11 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/06/11 21:33:54 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\E\My Documents\Pappasito.doc
[2010/06/06 18:16:49 | 000,039,424 | ---- | M] () -- C:\Documents and Settings\E\Desktop\debt stuff.xls
[2010/06/06 16:58:16 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Mozilla Firefox.lnk
[2010/06/05 22:17:10 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/06/04 08:26:49 | 000,003,584 | ---- | M] () -- C:\Documents and Settings\E\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/04 06:06:52 | 000,002,055 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\iTunes.lnk
[2010/06/04 00:08:59 | 000,057,108 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/05/30 14:14:20 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\E\Desktop\CCleaner.lnk
[2010/05/27 20:48:34 | 000,070,368 | ---- | M] () -- C:\Documents and Settings\E\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/05/27 20:48:17 | 000,001,862 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Windows 7 Upgrade Advisor.lnk
[2010/05/24 21:16:32 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010/05/24 21:16:23 | 000,001,709 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Netscape Navigator.lnk
[2010/05/23 02:10:06 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/05/23 02:10:06 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/05/16 07:59:30 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Google Earth.lnk
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
========== Files Created - No Company Name ==========
[2010/06/16 11:34:24 | 000,118,272 | ---- | C] () -- C:\Documents and Settings\E\My Documents\malware.doc
[2010/06/14 20:43:35 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\E\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/06/14 20:43:30 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\E\Desktop\NTREGOPT.lnk
[2010/06/14 20:43:30 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\E\Desktop\ERUNT.lnk
[2010/06/14 17:29:36 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\E\Desktop\gmer.zip
[2010/06/14 16:45:08 | 000,003,879 | ---- | C] () -- C:\Documents and Settings\E\My Documents\kasp.html
[2010/06/13 21:30:45 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/06/13 21:30:41 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/06/13 21:22:59 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/06/13 21:22:59 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/06/13 15:51:57 | 535,896,064 | -HS- | C] () -- C:\hiberfil.sys
[2010/06/06 16:58:16 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Mozilla Firefox.lnk
[2010/06/04 08:26:48 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\E\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/04 01:16:04 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\E\My Documents\Pappasito.doc
[2010/06/04 00:08:59 | 000,057,108 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/06/03 23:23:41 | 000,002,055 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\iTunes.lnk
[2010/05/30 14:14:20 | 000,000,654 | ---- | C] () -- C:\Documents and Settings\E\Desktop\CCleaner.lnk
[2010/05/27 20:48:17 | 000,001,862 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Windows 7 Upgrade Advisor.lnk
[2010/05/27 18:25:03 | 000,039,424 | ---- | C] () -- C:\Documents and Settings\E\Desktop\debt stuff.xls
[2010/05/24 21:16:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/05/24 21:16:23 | 000,001,709 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Netscape Navigator.lnk
[2010/05/23 02:10:06 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/05/17 20:41:23 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\E\ntuser.ini
[2010/05/17 20:41:21 | 001,310,720 | -H-- | C] () -- C:\Documents and Settings\E\NTUSER.DAT
[2010/05/17 20:41:21 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\E\ntuser.dat
[2010/05/16 07:59:30 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Google Earth.lnk
[2009/02/05 23:10:02 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/02/04 18:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/08/09 12:08:04 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2007/02/26 17:19:58 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2007/02/26 16:42:49 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2006/10/21 12:59:59 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\Manipulate.dll
[2006/09/24 13:53:54 | 000,268,242 | ---- | C] () -- C:\WINDOWS\System32\erdmpg-parse.dll
[2006/09/24 13:53:42 | 002,518,779 | ---- | C] () -- C:\WINDOWS\System32\erdmpg-enc.dll
[2006/09/24 13:52:04 | 000,030,693 | ---- | C] () -- C:\WINDOWS\System32\erdmpg-int.dll
[2005/11/17 12:57:30 | 000,258,560 | ---- | C] () -- C:\WINDOWS\System32\MusicTagsAX.dll
[2005/10/14 22:10:24 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\comLyricGetter.dll
[2004/02/01 14:21:56 | 000,097,280 | ---- | C] () -- C:\WINDOWS\System32\Uncommon.dll
[2003/08/07 15:01:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/07 04:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
========== LOP Check ==========
[2010/06/13 11:34:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Alwil Software
[2009/11/03 09:20:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\LogMeIn
[2007/09/12 23:01:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\MoodLogic
[2007/10/11 07:57:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Napster
[2010/02/21 00:38:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\SOS
[2008/01/15 09:46:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
[2008/08/02 16:36:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TomTom
[2010/06/03 23:23:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/06/03 21:14:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/05/24 21:16:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\E\Application Data\Netscape
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2005/06/10 21:39:28 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2005/06/10 21:23:32 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/06/13 21:30:46 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2003/11/14 11:16:28 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/06/16 15:09:42 | 535,896,064 | -HS- | M] () -- C:\hiberfil.sys
[2003/11/14 11:16:28 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/05/09 17:22:37 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2003/11/14 11:16:28 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 07:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/10/10 23:45:32 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2008/10/15 08:21:49 | 000,262,144 | ---- | M] () -- C:\ntuser.dat
[2009/07/06 01:08:31 | 000,001,024 | -H-- | M] () -- C:\ntuser.dat
[2010/06/16 15:09:41 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys
[2010/06/13 15:27:03 | 000,000,512 | ---- | M] () -- C:\rkill.log
[2007/10/12 09:51:48 | 000,001,748 | ---- | M] () -- C:\smbios.bin
[2009/08/22 09:28:25 | 000,000,029 | ---- | M] () -- C:\wizard.txt
[2007/10/28 01:14:10 | 000,000,146 | ---- | M] () -- C:\YServer.txt
< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2006/04/10 15:02:32 | 000,074,240 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp054.dll
[2007/04/09 14:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2005/06/10 16:09:24 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005/06/10 16:09:24 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005/06/10 16:09:24 | 000,880,640 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %systemroot%\system32\user32.dll /md5 >
[2008/04/13 19:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll
< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/13 19:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll
========== Alternate Data Streams ==========
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:4B7BEAFF
< End of report >
Sign In
Create Account
