Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

EDITED: Stumped: Would love some assistance!

Started by n00tch , Oct 28 2010 12:06 PM

  • Please log in to reply

#1
n00tch
Posted 28 October 2010 - 12:06 PM

n00tch

    New Member

  • Member
  • Pip
  • 1 posts
EDIT 2: I have posted the requested information, and cut out the other logs. Thanks for your patience.

I've been doing battle with a persistent and nasty bit of malware. I was able to boot into UBCD4Win and cull a good portion of the infection using Clamwin AV. After removing the malware that was detected, I ran Malwarebytes and Super Anti Spyware which did not detect any further infection.

Upon trying to access the internet with Firefox and Safari, I found that my internet connection was borked. I then dropped down to command line and tried to ping www.google.com. No dice. I then tried to ping my name servers (4.2.2.1 and 4.2.2.2), and was successful.

I then checked my hosts file, which had been unadulterated. At this point, I figured the malware had corrupted my winsock and proceeded run netsh int ip reset c:\resetlog.txt, which did correct some issues but still left me without name resolution. I then tried running Winsockfix which did not fix anything either. I even went to the extent of removing Winsock and Winsock2 from HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\, and reinstalling from the inf files, but this was futile as well.

I'm stumped at this point. I've included the OTL log, and I have the Clamwin AV log, a Hijack This log, my ipconfig, and the list of top level helpers from the netsh interface available as well. I'd love to have any and all help, as I don't have my original XP install cd anymore, and I can't afford to upgrade to Win 7 atm. Thanks in advance.

Oh, and before I forget, I think I have a remnant from the infection "Windows Script Host: Cannot find script file 'nar.vbs'" that pops up when I try to access my thumb drive by double clicking on it in the My Computer window. I hope this helps! *crosses his fingers*


OTL logfile created on: 10/28/2010 1:35:42 PM - Run 1
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Documents and Settings\n00tch\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 82.00% Memory free
6.00 Gb Paging File | 6.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 279.45 Gb Total Space | 24.11 Gb Free Space | 8.63% Space Free | Partition Type: NTFS
Drive F: | 983.70 Mb Total Space | 881.47 Mb Free Space | 89.61% Space Free | Partition Type: FAT

Computer Name: ROLAND | User Name: n00tch | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/10/28 13:32:12 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\n00tch\Desktop\OTL.exe
PRC - [2010/10/20 10:04:37 | 002,500,552 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2010/10/20 10:04:32 | 001,901,056 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2010/05/27 12:56:26 | 000,389,120 | R--- | M] (Teleca) -- C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
PRC - [2010/03/17 16:22:52 | 001,019,904 | R--- | M] (Teleca Sweden AB) -- C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
PRC - [2010/03/17 16:08:04 | 000,462,848 | R--- | M] (Teleca AB) -- C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
PRC - [2009/12/11 15:50:34 | 000,557,056 | R--- | M] (Teleca AB) -- C:\Program Files\Common Files\Teleca Shared\Generic.exe
PRC - [2009/11/19 17:19:48 | 000,598,016 | R--- | M] (Teleca Sweden AB) -- C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe
PRC - [2009/10/14 15:31:02 | 000,098,304 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2009/06/16 10:58:08 | 000,020,480 | ---- | M] (Memeo) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
PRC - [2009/06/03 10:25:16 | 000,106,496 | R--- | M] (Popwire AB) -- C:\Program Files\Common Files\Teleca Shared\logger.exe
PRC - [2009/05/19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/04/14 13:14:26 | 000,139,264 | ---- | M] (Teleca Sweden AB) -- C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
PRC - [2009/03/12 12:53:46 | 000,254,036 | ---- | M] (IDT, Inc.) -- c:\Program Files\IDT\IntelXPV_v103\WDM\stacsv.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/10/28 13:32:12 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\n00tch\Desktop\OTL.exe
MOD - [2010/10/20 10:05:29 | 000,285,480 | ---- | M] (COMODO) -- C:\WINDOWS\system32\guard32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/10/27 13:14:50 | 000,535,424 | ---- | M] (Sysinternals - www.sysinternals.com) [On_Demand | Stopped] -- C:\Documents and Settings\Administrator\Local Settings\Temp\PZAO.exe -- (PZAO)
SRV - [2010/10/20 10:04:32 | 001,901,056 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2010/09/02 00:34:48 | 000,469,888 | ---- | M] (Sysinternals - www.sysinternals.com) [Disabled | Stopped] -- C:\Documents and Settings\n00tch\Local Settings\Temp\CHA.exe -- (CHA)
SRV - [2010/07/25 01:26:02 | 000,884,736 | ---- | M] () [Auto | Stopped] -- C:\Program Files\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/11/04 19:36:44 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/10/20 13:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2009/10/14 15:31:02 | 000,098,304 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2009/08/05 23:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/06/16 10:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
SRV - [2009/05/19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/03/12 12:53:46 | 000,254,036 | ---- | M] (IDT, Inc.) [Auto | Running] -- c:\Program Files\IDT\IntelXPV_v103\WDM\stacsv.exe -- (STacSV)
SRV - [2009/02/18 17:21:00 | 002,769,658 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2007/05/28 11:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Stopped] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\afd.sys -- (AFD)
DRV - [2010/10/20 10:05:28 | 000,091,560 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\inspect.sys -- (Inspect)
DRV - [2010/10/20 10:05:28 | 000,025,240 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2010/10/20 10:05:28 | 000,015,592 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmderd.sys -- (cmderd)
DRV - [2010/10/20 10:05:27 | 000,239,240 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2010/06/07 18:57:00 | 010,531,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2010/05/27 12:37:06 | 004,830,720 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009/10/20 13:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2009/08/28 17:42:18 | 000,241,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel®
DRV - [2009/08/05 23:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/06/17 07:20:34 | 000,012,648 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2009/06/10 00:49:32 | 000,024,576 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2009/03/12 12:53:46 | 001,550,613 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2009/02/13 13:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2009/01/25 21:04:32 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/08/14 08:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\adfs.sys -- (adfs)
DRV - [2008/04/13 13:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/05/03 11:19:32 | 000,012,112 | ---- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se32.sys -- (se32)
DRV - [2001/12/19 12:45:00 | 000,008,576 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\VCdRom.sys -- (vcdrom)
DRV - [2001/08/17 14:05:44 | 000,141,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Icam3.sys -- (ICAM3NT5)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.578
FF - prefs.js..extensions.enabledItems: {d47a9f51-8281-43fa-f450-f28ef8735e9a}:2.0.4
FF - prefs.js..extensions.enabledItems: {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}:7.0.0.0
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.11
FF - prefs.js..extensions.enabledItems: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.2.2
FF - prefs.js..extensions.enabledItems: {3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}:0.8.19
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.9
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.8
FF - prefs.js..extensions.enabledItems: [email protected]:1.5.4
FF - prefs.js..extensions.enabledItems: [email protected]:2.22.1
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.38
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/21 03:15:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/20 16:15:03 | 000,000,000 | ---D | M]

[2008/07/29 23:26:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\n00tch\Application Data\Mozilla\Extensions
[2010/10/28 00:30:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\n00tch\Application Data\Mozilla\Firefox\Profiles\hc5ut97j.default\extensions
[2010/05/01 11:42:25 | 000,000,000 | ---D | M] (ShowIP) -- C:\Documents and Settings\n00tch\Application Data\Mozilla\Firefox\Profiles\hc5ut97j.default\extensions\{3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}
[2010/08/10 17:40:15 | 000,000,000 | ---D | M] (Stylish) -- C:\Documents and Settings\n00tch\Application Data\Mozilla\Firefox\Profiles\hc5ut97j.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
[2010/09/18 12:15:24 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Documents and Settings\n00tch\Application Data\Mozilla\Firefox\Profiles\hc5ut97j.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2010/09/18 12:15:25 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Documents and Settings\n00tch\Application Data\Mozilla\Firefox\Profiles\hc5ut97j.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2010/06/24 14:39:27 | 000,000,000 | ---D | M] (FireFTP) -- C:\Documents and Settings\n00tch\Application Data\Mozilla\Firefox\Profiles\hc5ut97j.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2010/05/01 11:42:21 | 000,000,000 | ---D | M] (Web Developer) -- C:\Documents and Settings\n00tch\Application Data\Mozilla\Firefox\Profiles\hc5ut97j.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2010/09/18 12:15:25 | 000,000,000 | ---D | M] (Pixlr Grabber) -- C:\Documents and Settings\n00tch\Application Data\Mozilla\Firefox\Profiles\hc5ut97j.default\extensions\{d47a9f51-8281-43fa-f450-f28ef8735e9a}
[2010/09/18 12:15:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\n00tch\Application Data\Mozilla\Firefox\Profiles\hc5ut97j.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2010/05/01 11:42:25 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\n00tch\Application Data\Mozilla\Firefox\Profiles\hc5ut97j.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/05/07 15:56:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\n00tch\Application Data\Mozilla\Firefox\Profiles\hc5ut97j.default\extensions\[email protected]
[2010/09/18 12:15:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\n00tch\Application Data\Mozilla\Firefox\Profiles\hc5ut97j.default\extensions\[email protected]
[2010/04/14 13:48:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\n00tch\Application Data\Mozilla\Firefox\Profiles\hc5ut97j.default\extensions\[email protected]
[2010/10/27 13:42:20 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/28 23:01:22 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll

O1 HOSTS File: ([2010/10/28 03:13:48 | 000,000,732 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [Mobile Connectivity Suite] C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe (Teleca Sweden AB)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {41564D57-9980-0010-8000-00AA00389B71} http://download.micr...01F/wmvadvd.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/html - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\n00tch\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\n00tch\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\cbXQgdCU) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/29 00:02:43 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/07/28 18:36:10 | 000,000,088 | RHS- | M] () - F:\Autorun.inf -- [ FAT ]
O33 - MountPoints2\{0ede0293-1882-11df-b1ed-001cc04bad7d}\Shell - "" = AutoRun
O33 - MountPoints2\{0ede0293-1882-11df-b1ed-001cc04bad7d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0ede0293-1882-11df-b1ed-001cc04bad7d}\Shell\AutoRun\command - "" = F:\WD SmartWare.exe -- File not found
O33 - MountPoints2\{8ecf3b04-b54c-11de-b1b8-001cc04bad7d}\Shell\AutoRun\command - "" = setupSNK.exe
O33 - MountPoints2\{bd0bc4d7-b48b-11de-b1b3-001cc04bad7d}\Shell\AutoRun\command - "" = G:\Autoplay.exe -- File not found
O33 - MountPoints2\{e2cf0499-de79-11df-b3ad-001cc04bad7d}\Shell - "" = AutoRun
O33 - MountPoints2\{e2cf0499-de79-11df-b3ad-001cc04bad7d}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/28 13:35:30 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\n00tch\Desktop\OTL.exe
[2010/10/28 03:31:43 | 000,000,000 | ---D | C] -- C:\RE4 Install
[2010/10/28 00:30:05 | 001,445,888 | ---- | C] (Option^Explicit Software Solutions) -- C:\Documents and Settings\n00tch\Desktop\WinsockxpFix.exe
[2010/10/27 10:01:21 | 000,000,000 | ---D | C] -- C:\ClamWinPortable
[2010/10/25 17:28:13 | 000,014,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsgXP_2k3.dll
[2010/10/25 17:25:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\n00tch\Application Data\Teleca
[2010/10/25 17:25:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\n00tch\Local Settings\Application Data\HTC
[2010/10/25 17:25:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HTC
[2010/10/25 17:25:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Teleca Shared
[2010/10/25 17:25:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Teleca
[2010/10/25 17:23:28 | 001,122,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WdfCoInstaller01007.dll
[2010/10/25 17:23:28 | 000,024,576 | ---- | C] (HTC, Corporation) -- C:\WINDOWS\System32\drivers\ANDROIDUSB.sys
[2010/10/25 17:23:26 | 000,000,000 | ---D | C] -- C:\Program Files\Spirent Communications
[2010/10/25 17:23:23 | 000,000,000 | ---D | C] -- C:\Program Files\HTC
[2010/10/25 16:49:45 | 000,000,000 | ---D | C] -- C:\android-sdk-windows
[2010/10/23 02:25:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\n00tch\Desktop\stuff3
[2010/10/20 16:21:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2010/10/14 16:53:19 | 000,000,000 | ---D | C] -- C:\Program Files\Vogster Entertainment
[2010/10/10 23:27:28 | 000,000,000 | ---D | C] -- C:\temp
[2010/10/07 17:08:45 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\n00tch\Desktop\HijackThis.exe
[2010/10/05 21:38:32 | 000,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstee.sys
[2010/10/05 21:38:29 | 000,010,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndisip.sys
[2010/10/05 21:38:27 | 000,015,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\streamip.sys
[2010/10/05 21:38:26 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ipsink.ax
[2010/10/05 21:38:26 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ipsink.ax
[2010/10/05 21:38:25 | 000,011,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\slip.sys
[2010/10/05 21:38:22 | 000,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wstcodec.sys
[2010/10/05 21:38:20 | 000,085,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nabtsfec.sys
[2010/10/05 21:38:17 | 000,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ccdecode.sys
[2010/10/05 21:38:10 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Icam3EXT.dll
[2010/10/05 21:38:10 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam3ext.dll
[2010/10/05 21:38:04 | 000,141,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\Icam3.sys
[2010/10/05 21:38:04 | 000,141,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam3.sys
[2010/10/05 21:38:02 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kswdmcap.ax
[2010/10/05 21:38:02 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kswdmcap.ax
[2010/10/05 21:38:02 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kstvtune.ax
[2010/10/05 21:38:02 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kstvtune.ax
[2010/10/05 21:38:02 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vfwwdm32.dll
[2010/10/05 21:38:02 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vfwwdm32.dll
[2010/10/05 21:38:02 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksxbar.ax
[2010/10/05 21:38:02 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksxbar.ax
[2010/09/30 14:05:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\n00tch\Desktop\New Folder
[2010/09/30 12:47:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\n00tch\Desktop\USB Backup
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/28 13:34:58 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/28 13:34:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/28 13:32:12 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\n00tch\Desktop\OTL.exe
[2010/10/28 12:12:05 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-117609710-329068152-839522115-1003UA.job
[2010/10/28 03:13:48 | 000,000,732 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/10/28 00:27:06 | 001,445,888 | ---- | M] (Option^Explicit Software Solutions) -- C:\Documents and Settings\n00tch\Desktop\WinsockxpFix.exe
[2010/10/28 00:12:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-117609710-329068152-839522115-1003Core.job
[2010/10/25 17:28:17 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ANDROIDUSB_01007.Wdf
[2010/10/25 17:28:16 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2010/10/25 16:44:42 | 000,000,111 | ---- | M] () -- C:\Documents and Settings\n00tch\Desktop\recovery-RA-heroc-v1.5.2.img
[2010/10/25 16:15:39 | 000,716,239 | ---- | M] () -- C:\Documents and Settings\n00tch\Desktop\ultimatekill.gif
[2010/10/25 06:40:51 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\n00tch\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/23 01:15:55 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdw.DAT
[2010/10/23 01:11:39 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2010/10/22 18:36:18 | 000,046,985 | ---- | M] () -- C:\Documents and Settings\n00tch\Desktop\new.m3u
[2010/10/20 10:05:29 | 000,285,480 | ---- | M] (COMODO) -- C:\WINDOWS\System32\guard32.dll
[2010/10/20 10:05:28 | 000,091,560 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys
[2010/10/20 10:05:28 | 000,025,240 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys
[2010/10/20 10:05:28 | 000,015,592 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmderd.sys
[2010/10/20 10:05:27 | 000,239,240 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdGuard.sys
[2010/10/18 23:29:41 | 000,000,096 | -H-- | M] () -- C:\WINDOWS\System32\HsInfo.dat
[2010/10/14 16:59:19 | 000,001,852 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CrimeCraft.lnk
[2010/10/14 16:15:34 | 000,001,943 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/10/13 23:06:17 | 000,536,848 | ---- | M] () -- C:\Documents and Settings\n00tch\Desktop\IMG_0115a.jpg
[2010/10/13 22:55:12 | 001,113,554 | ---- | M] () -- C:\Documents and Settings\n00tch\Desktop\IMG_0115.JPG
[2010/10/13 22:35:17 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/10/12 12:43:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/10/09 14:56:26 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\n00tch\Desktop\Poison the well- opposite of november
[2010/10/07 17:08:46 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\n00tch\Desktop\HijackThis.exe
[2010/10/06 23:52:41 | 000,090,590 | ---- | M] () -- C:\Documents and Settings\n00tch\Desktop\concept3.jpg
[2010/10/06 23:52:27 | 000,241,616 | ---- | M] () -- C:\Documents and Settings\n00tch\Desktop\hex12.jpg
[2010/10/06 23:52:16 | 000,151,368 | ---- | M] () -- C:\Documents and Settings\n00tch\Desktop\gameheader1.jpg
[2010/10/06 23:51:54 | 000,041,400 | ---- | M] () -- C:\Documents and Settings\n00tch\Desktop\firebrand.jpg
[2010/10/06 23:51:27 | 000,788,732 | ---- | M] () -- C:\Documents and Settings\n00tch\Desktop\ITWW4.jpg
[2010/10/06 23:44:06 | 002,102,574 | ---- | M] () -- C:\Documents and Settings\n00tch\Desktop\Morgan Singing.wav
[2010/10/06 23:44:00 | 000,949,592 | ---- | M] () -- C:\Documents and Settings\n00tch\Desktop\marshmallow1.mpg
[2010/10/06 23:26:39 | 000,090,675 | ---- | M] () -- C:\Documents and Settings\n00tch\Desktop\moredrinks.jpg
[2010/10/06 23:25:42 | 000,113,483 | ---- | M] () -- C:\Documents and Settings\n00tch\Desktop\thegang.jpg
[2010/10/06 23:25:30 | 000,132,618 | ---- | M] () -- C:\Documents and Settings\n00tch\Desktop\therespie!.jpg
[2010/10/06 23:25:08 | 000,090,483 | ---- | M] () -- C:\Documents and Settings\n00tch\Desktop\mummypumpkin.jpg
[2010/10/06 23:24:46 | 000,135,251 | ---- | M] () -- C:\Documents and Settings\n00tch\Desktop\drinks.jpg
[2010/10/06 23:24:31 | 000,115,512 | ---- | M] () -- C:\Documents and Settings\n00tch\Desktop\TIM!.jpg
[2010/10/02 23:30:01 | 000,564,898 | ---- | M] () -- C:\Documents and Settings\n00tch\Desktop\IMAG0053.jpg
[2010/10/02 23:29:48 | 000,653,785 | ---- | M] () -- C:\Documents and Settings\n00tch\Desktop\IMAG0048.jpg
[2010/10/02 23:29:35 | 000,084,163 | ---- | M] () -- C:\Documents and Settings\n00tch\Desktop\IMAG0049.jpg
[2010/10/02 22:13:29 | 000,545,056 | ---- | M] () -- C:\Documents and Settings\n00tch\Desktop\bungee.jpg
[2010/10/02 22:10:33 | 000,730,650 | ---- | M] () -- C:\Documents and Settings\n00tch\Desktop\modern.jpg
[2010/10/02 21:18:14 | 001,135,049 | ---- | M] () -- C:\Documents and Settings\n00tch\Desktop\victorian.jpg
[2010/09/30 17:57:55 | 000,220,450 | ---- | M] () -- C:\Documents and Settings\n00tch\Desktop\Tardi2_filtered.jpg
[2010/09/30 17:55:18 | 000,007,544 | ---- | M] () -- C:\Documents and Settings\n00tch\Desktop\DSC_7590.xmp
[2010/09/30 17:48:13 | 000,229,074 | ---- | M] () -- C:\Documents and Settings\n00tch\Desktop\Tardis.jpg
[2010/09/30 17:45:39 | 000,145,210 | ---- | M] () -- C:\Documents and Settings\n00tch\Desktop\Gir!.jpg
[2010/09/30 17:42:23 | 000,198,045 | ---- | M] () -- C:\Documents and Settings\n00tch\Desktop\Tardi.jpg
[2010/09/30 17:41:38 | 000,122,219 | ---- | M] () -- C:\Documents and Settings\n00tch\Desktop\Gir.jpg
[2010/09/30 17:35:56 | 000,007,541 | ---- | M] () -- C:\Documents and Settings\n00tch\Desktop\DSC_7596.xmp
[2010/09/30 17:34:52 | 000,007,542 | ---- | M] () -- C:\Documents and Settings\n00tch\Desktop\DSC_7588.xmp
[2010/09/30 16:30:42 | 010,868,286 | ---- | M] () -- C:\Documents and Settings\n00tch\Desktop\DSC_7596.NEF
[2010/09/30 16:28:14 | 010,630,090 | ---- | M] () -- C:\Documents and Settings\n00tch\Desktop\DSC_7590.NEF
[2010/09/30 16:24:42 | 010,004,263 | ---- | M] () -- C:\Documents and Settings\n00tch\Desktop\DSC_7588.NEF
[2010/09/30 16:24:18 | 009,932,135 | ---- | M] () -- C:\Documents and Settings\n00tch\Desktop\DSC_7587.NEF
[2010/09/30 16:24:14 | 009,995,051 | ---- | M] () -- C:\Documents and Settings\n00tch\Desktop\DSC_7586.NEF
[2010/09/29 23:04:37 | 000,001,984 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/28 02:38:33 | 000,024,362 | ---- | C] () -- C:\Documents and Settings\n00tch\Desktop\nettcpip.inf
[2010/10/25 17:28:17 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ANDROIDUSB_01007.Wdf
[2010/10/25 17:28:16 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2010/10/25 16:44:42 | 000,000,111 | ---- | C] () -- C:\Documents and Settings\n00tch\Desktop\recovery-RA-heroc-v1.5.2.img
[2010/10/25 16:15:39 | 000,716,239 | ---- | C] () -- C:\Documents and Settings\n00tch\Desktop\ultimatekill.gif
[2010/10/14 17:42:09 | 000,000,096 | -H-- | C] () -- C:\WINDOWS\System32\HsInfo.dat
[2010/10/14 16:59:19 | 000,001,852 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CrimeCraft.lnk
[2010/10/13 23:06:16 | 000,536,848 | ---- | C] () -- C:\Documents and Settings\n00tch\Desktop\IMG_0115a.jpg
[2010/10/13 22:55:11 | 001,113,554 | ---- | C] () -- C:\Documents and Settings\n00tch\Desktop\IMG_0115.JPG
[2010/10/09 15:06:35 | 000,046,985 | ---- | C] () -- C:\Documents and Settings\n00tch\Desktop\new.m3u
[2010/10/09 14:56:26 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\n00tch\Desktop\Poison the well- opposite of november
[2010/10/06 23:52:41 | 000,090,590 | ---- | C] () -- C:\Documents and Settings\n00tch\Desktop\concept3.jpg
[2010/10/06 23:52:27 | 000,241,616 | ---- | C] () -- C:\Documents and Settings\n00tch\Desktop\hex12.jpg
[2010/10/06 23:52:16 | 000,151,368 | ---- | C] () -- C:\Documents and Settings\n00tch\Desktop\gameheader1.jpg
[2010/10/06 23:51:54 | 000,041,400 | ---- | C] () -- C:\Documents and Settings\n00tch\Desktop\firebrand.jpg
[2010/10/06 23:51:26 | 000,788,732 | ---- | C] () -- C:\Documents and Settings\n00tch\Desktop\ITWW4.jpg
[2010/10/06 23:44:04 | 002,102,574 | ---- | C] () -- C:\Documents and Settings\n00tch\Desktop\Morgan Singing.wav
[2010/10/06 23:44:00 | 000,949,592 | ---- | C] () -- C:\Documents and Settings\n00tch\Desktop\marshmallow1.mpg
[2010/10/06 23:26:38 | 000,090,675 | ---- | C] () -- C:\Documents and Settings\n00tch\Desktop\moredrinks.jpg
[2010/10/06 23:25:42 | 000,113,483 | ---- | C] () -- C:\Documents and Settings\n00tch\Desktop\thegang.jpg
[2010/10/06 23:25:29 | 000,132,618 | ---- | C] () -- C:\Documents and Settings\n00tch\Desktop\therespie!.jpg
[2010/10/06 23:25:07 | 000,090,483 | ---- | C] () -- C:\Documents and Settings\n00tch\Desktop\mummypumpkin.jpg
[2010/10/06 23:24:45 | 000,135,251 | ---- | C] () -- C:\Documents and Settings\n00tch\Desktop\drinks.jpg
[2010/10/06 23:24:31 | 000,115,512 | ---- | C] () -- C:\Documents and Settings\n00tch\Desktop\TIM!.jpg
[2010/10/02 23:30:01 | 000,564,898 | ---- | C] () -- C:\Documents and Settings\n00tch\Desktop\IMAG0053.jpg
[2010/10/02 23:29:47 | 000,653,785 | ---- | C] () -- C:\Documents and Settings\n00tch\Desktop\IMAG0048.jpg
[2010/10/02 23:29:35 | 000,084,163 | ---- | C] () -- C:\Documents and Settings\n00tch\Desktop\IMAG0049.jpg
[2010/10/02 22:13:28 | 000,545,056 | ---- | C] () -- C:\Documents and Settings\n00tch\Desktop\bungee.jpg
[2010/10/02 22:10:33 | 000,730,650 | ---- | C] () -- C:\Documents and Settings\n00tch\Desktop\modern.jpg
[2010/10/02 21:18:14 | 001,135,049 | ---- | C] () -- C:\Documents and Settings\n00tch\Desktop\victorian.jpg
[2010/09/30 17:57:55 | 000,220,450 | ---- | C] () -- C:\Documents and Settings\n00tch\Desktop\Tardi2_filtered.jpg
[2010/09/30 17:48:13 | 000,229,074 | ---- | C] () -- C:\Documents and Settings\n00tch\Desktop\Tardis.jpg
[2010/09/30 17:45:39 | 000,145,210 | ---- | C] () -- C:\Documents and Settings\n00tch\Desktop\Gir!.jpg
[2010/09/30 17:42:22 | 000,198,045 | ---- | C] () -- C:\Documents and Settings\n00tch\Desktop\Tardi.jpg
[2010/09/30 17:41:37 | 000,122,219 | ---- | C] () -- C:\Documents and Settings\n00tch\Desktop\Gir.jpg
[2010/09/30 17:36:40 | 000,007,544 | ---- | C] () -- C:\Documents and Settings\n00tch\Desktop\DSC_7590.xmp
[2010/09/30 17:35:56 | 000,007,541 | ---- | C] () -- C:\Documents and Settings\n00tch\Desktop\DSC_7596.xmp
[2010/09/30 17:34:52 | 000,007,542 | ---- | C] () -- C:\Documents and Settings\n00tch\Desktop\DSC_7588.xmp
[2010/09/30 16:30:42 | 010,868,286 | ---- | C] () -- C:\Documents and Settings\n00tch\Desktop\DSC_7596.NEF
[2010/09/30 16:28:14 | 010,630,090 | ---- | C] () -- C:\Documents and Settings\n00tch\Desktop\DSC_7590.NEF
[2010/09/30 16:24:42 | 010,004,263 | ---- | C] () -- C:\Documents and Settings\n00tch\Desktop\DSC_7588.NEF
[2010/09/30 16:24:18 | 009,932,135 | ---- | C] () -- C:\Documents and Settings\n00tch\Desktop\DSC_7587.NEF
[2010/09/30 16:24:14 | 009,995,051 | ---- | C] () -- C:\Documents and Settings\n00tch\Desktop\DSC_7586.NEF
[2010/08/26 22:38:33 | 000,313,384 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/06/25 20:33:41 | 000,052,736 | ---- | C] () -- C:\Documents and Settings\n00tch\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/17 07:00:34 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/06/06 09:20:02 | 000,065,344 | ---- | C] () -- C:\WINDOWS\System32\PDFreDirectMonNT.dll
[2010/03/04 10:25:48 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/12/30 18:38:51 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\n00tch\Local Settings\Application Data\fusioncache.dat
[2009/10/20 13:19:30 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2009/09/26 13:37:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ViewNX.INI
[2009/09/04 21:55:48 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Synth Basics
[2009/09/04 21:55:48 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\n00tch\Application Data\Super Strings
[2009/09/04 21:55:48 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdw.DAT
[2009/09/04 21:48:52 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Sync Schema
[2009/09/04 21:48:52 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\n00tch\Application Data\String Ensemble
[2009/09/04 21:48:52 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2009/07/22 19:37:34 | 000,000,130 | ---- | C] () -- C:\WINDOWS\cfplogvw.INI
[2009/04/22 00:19:06 | 000,172,173 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2009/02/15 11:02:44 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/01/25 21:04:32 | 000,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008/11/18 11:27:33 | 000,139,336 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008/11/18 11:27:03 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\n00tch\Application Data\PnkBstrK.sys
[2008/11/18 11:26:11 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2008/07/30 23:00:03 | 000,000,028 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/07/30 02:12:21 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\winsusrx.dll
[2008/07/30 02:12:20 | 000,000,136 | ---- | C] () -- C:\WINDOWS\System32\winsusrm.dll
[2008/07/28 18:54:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/06/11 09:47:12 | 000,119,296 | ---- | C] () -- C:\WINDOWS\System32\zlibwapi.dll
[2008/02/05 14:28:20 | 000,000,051 | ---- | C] () -- C:\Documents and Settings\n00tch\Local Settings\Application Data\setup.txt

Edited by n00tch, 28 October 2010 - 01:25 PM.

  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP