Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Virus, or Malware trying to turn off my internet

Started by thefreed , Nov 03 2010 01:09 AM

  • Please log in to reply

#1
thefreed
Posted 03 November 2010 - 01:09 AM

thefreed

    Member

  • Member
  • PipPip
  • 38 posts
A couple nights ago I've got the message that said internet unplugged... but then the windows update worked.
I thought this was odd so I looked at my modem and they're supposed to be flashing but they weren't... Just the light was on all the time.

Anyway I formatted my computer and got avast and malwarebytes but I got it again. This time Avast's shields helped me out a couple times but whenever I turn it off or after awhile it happens again.

Anyway this is my hijackthis log... Please help me OUTTT!!!! ;(

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:05:44 AM, on 11/3/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\NetmarbleGlobal\MarbleStation\MarbleStation.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Rawr\My Documents\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://global.netmarble.com/
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MarbleStation] C:\NetmarbleGlobal\MarbleStation\GlbMSLauncher.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 4023 bytes
  • 0

Advertisements

#2
thefreed
Posted 03 November 2010 - 03:04 AM

thefreed

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
TL logfile created on: 11/3/2010 1:25:23 AM - Run 1
OTL by OldTimer - Version 3.2.17.2 Folder = C:\Documents and Settings\Rawr\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

255.00 Mb Total Physical Memory | 22.00 Mb Available Physical Memory | 9.00% Memory free
626.00 Mb Paging File | 348.00 Mb Available in Paging File | 56.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 55.07 Gb Free Space | 73.90% Space Free | Partition Type: NTFS

Computer Name: HOOD-EC203CCE7C | User Name: Rawr | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/03 01:21:19 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rawr\My Documents\Downloads\OTL.exe
PRC - [2010/10/26 23:10:10 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/10/26 23:10:00 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/10/19 20:15:48 | 003,356,272 | ---- | M] (CJINTERNET) -- C:\NetmarbleGlobal\MarbleStation\MarbleStation.exe
PRC - [2010/09/07 09:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 09:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/04/06 15:50:00 | 000,494,920 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2010/01/15 05:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2002/10/23 11:15:08 | 000,086,016 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
PRC - [2002/07/15 17:36:54 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
PRC - [2002/06/26 18:36:58 | 000,090,112 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMTray.exe


========== Modules (SafeList) ==========

MOD - [2010/11/03 01:21:19 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rawr\My Documents\Downloads\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/09/13 09:24:00 | 003,511,496 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2010/09/07 09:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 09:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 09:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/01/15 05:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2002/09/27 12:56:20 | 000,139,264 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- c:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)
SRV - [2002/07/15 17:36:54 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Driver Services (SafeList) ==========

DRV - [2010/09/07 08:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 08:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 08:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 08:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/09/07 08:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/07 08:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2004/08/03 15:29:28 | 000,701,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2002/10/16 01:11:22 | 000,019,968 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL)
DRV - [2002/10/15 01:00:00 | 000,101,431 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\IdeChnDr.sys -- (IdeChnDr) Intel®
DRV - [2002/10/15 01:00:00 | 000,013,891 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\IdeBusDr.sys -- (IdeBusDr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1935655697-861567501-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://global.netmarble.com/
IE - HKU\S-1-5-21-1935655697-861567501-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/01 03:16:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/01 03:16:43 | 000,000,000 | ---D | M]

[2010/11/01 03:16:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rawr\Application Data\Mozilla\Extensions
[2010/11/01 03:26:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rawr\Application Data\Mozilla\Firefox\Profiles\ebr1prf7.default\extensions
[2010/11/01 03:16:43 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2004/08/04 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PRONoMgr.exe] c:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe (Intel® Corporation)
O4 - HKLM..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe (Analog Devices, Inc.)
O4 - HKU\S-1-5-21-1935655697-861567501-1801674531-1003..\Run: [MarbleStation] C:\NetmarbleGlobal\MarbleStation\GlbMSLauncher.exe (CJINTERNET)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1935655697-861567501-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/11/01 03:57:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/02 23:48:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2010/11/02 23:34:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/11/02 22:59:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-us
[2010/11/02 22:59:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2010/11/02 22:59:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2010/11/02 22:59:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2010/11/02 22:59:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2010/11/02 22:53:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2010/11/02 22:48:10 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2010/11/02 21:50:14 | 000,000,000 | ---D | C] -- C:\Program Files\Veetle
[2010/11/01 19:53:34 | 003,511,496 | ---- | C] (INCA Internet Co., Ltd.) -- C:\WINDOWS\System32\GameMon.des
[2010/11/01 19:53:07 | 000,004,682 | ---- | C] (INCA Internet Co., Ltd.) -- C:\WINDOWS\System32\npptNT2.sys
[2010/11/01 19:53:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\INCA Shared
[2010/11/01 19:02:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rawr\Application Data\InstallShield Installation Information
[2010/11/01 06:12:32 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010/11/01 06:05:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\KB905474
[2010/11/01 06:00:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2010/11/01 05:50:06 | 000,000,000 | ---D | C] -- C:\Download
[2010/11/01 04:26:55 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
[2010/11/01 04:25:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2010/11/01 04:25:39 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2010/11/01 04:09:37 | 000,000,000 | ---D | C] -- C:\IntelPRO
[2010/11/01 04:08:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2010/11/01 04:08:11 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2010/11/01 04:08:11 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2010/11/01 04:08:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2010/11/01 04:03:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rawr\Application Data\Malwarebytes
[2010/11/01 04:02:24 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/01 04:02:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/11/01 04:02:17 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/01 04:02:16 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/11/01 04:01:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rawr\Application Data\Identities
[2010/11/01 04:01:52 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2010/11/01 04:01:49 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Rawr\My Documents\My Pictures
[2010/11/01 04:01:49 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Rawr\My Documents\My Music
[2010/11/01 04:01:45 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Rawr\Application Data\Microsoft
[2010/11/01 04:01:45 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Rawr\Cookies
[2010/11/01 04:01:45 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Rawr\Application Data
[2010/11/01 04:01:45 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Rawr\Favorites
[2010/11/01 04:01:45 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Rawr\Local Settings
[2010/11/01 04:01:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rawr\Local Settings\Application Data\Microsoft
[2010/11/01 04:01:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rawr\Desktop
[2010/11/01 04:01:44 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Rawr\SendTo
[2010/11/01 04:01:44 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Rawr\Recent
[2010/11/01 04:01:44 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Rawr\Start Menu
[2010/11/01 04:01:44 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Rawr\My Documents
[2010/11/01 04:01:44 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Rawr\Templates
[2010/11/01 04:01:44 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Rawr\PrintHood
[2010/11/01 04:01:44 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Rawr\NetHood
[2010/11/01 04:00:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2010/11/01 04:00:52 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2010/11/01 04:00:52 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/11/01 04:00:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/11/01 04:00:44 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/11/01 04:00:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/11/01 03:59:33 | 000,165,584 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/11/01 03:59:33 | 000,046,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/11/01 03:59:33 | 000,023,376 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/11/01 03:59:33 | 000,017,744 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/11/01 03:59:32 | 000,100,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/11/01 03:59:32 | 000,094,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/11/01 03:59:31 | 000,028,880 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/11/01 03:59:01 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2010/11/01 03:59:01 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2010/11/01 03:58:58 | 000,038,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2010/11/01 03:58:57 | 000,167,592 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/11/01 03:58:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/11/01 03:58:42 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/11/01 03:57:58 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2010/11/01 03:57:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2010/11/01 03:57:26 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2010/11/01 03:57:26 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2010/11/01 03:55:54 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\DRM
[2010/11/01 03:55:41 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2010/11/01 03:55:41 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2010/11/01 03:55:28 | 000,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2010/11/01 03:55:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
[2010/11/01 03:54:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2010/11/01 03:54:41 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2010/11/01 03:54:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2010/11/01 03:54:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2010/11/01 03:54:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2010/11/01 03:54:30 | 000,000,000 | ---D | C] -- C:\Program Files\Movie Maker
[2010/11/01 03:54:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
[2010/11/01 03:54:21 | 000,000,000 | ---D | C] -- C:\Program Files\NetMeeting
[2010/11/01 03:54:18 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Express
[2010/11/01 03:54:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2010/11/01 03:54:12 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2010/11/01 03:54:09 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2010/11/01 03:53:32 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2010/11/01 03:53:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2010/11/01 03:53:16 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2010/11/01 03:53:16 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
[2010/11/01 03:53:16 | 000,000,000 | ---D | C] -- C:\Program Files\Online Services
[2010/11/01 03:53:10 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger
[2010/11/01 03:53:07 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone
[2010/11/01 03:52:37 | 000,000,000 | ---D | C] -- C:\Program Files\MSN
[2010/11/01 03:52:35 | 000,000,000 | ---D | C] -- C:\Program Files\Windows NT
[2010/11/01 03:52:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
[2010/11/01 03:52:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[2010/11/01 03:52:22 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2010/11/01 03:45:55 | 000,378,408 | ---- | C] (CJInternet Inc.) -- C:\WINDOWS\glbNMDownloaderUpdater.exe
[2010/11/01 03:45:53 | 000,804,368 | ---- | C] (CJ internet) -- C:\WINDOWS\GlbNMUpdater.exe
[2010/11/01 03:45:51 | 000,534,064 | ---- | C] (Netmarble) -- C:\WINDOWS\GlbNMWebMessenger.exe
[2010/11/01 03:45:51 | 000,380,928 | ---- | C] (Netmarble) -- C:\WINDOWS\GlbNMWebMessengerModule.dll
[2010/11/01 03:44:58 | 000,475,136 | ---- | C] (Netmarble) -- C:\WINDOWS\npGlbNMFFUpdaterModule.dll
[2010/11/01 03:44:58 | 000,090,112 | ---- | C] (Netmarble) -- C:\WINDOWS\GlbNMVistaUpdater.exe
[2010/11/01 03:44:58 | 000,000,000 | ---D | C] -- C:\NetmarbleGlobal
[2010/11/01 03:41:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rawr\Desktop\Web Design
[2010/11/01 03:39:25 | 000,049,152 | ---- | C] (SoundMAX) -- C:\WINDOWS\System32\S11thk32.dll
[2010/11/01 03:39:25 | 000,045,056 | ---- | C] (adi) -- C:\WINDOWS\System32\CleanUp.exe
[2010/11/01 03:39:25 | 000,040,820 | ---- | C] (SoundMAX) -- C:\WINDOWS\System32\Syncor11.dll
[2010/11/01 03:39:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\VirtualEar
[2010/11/01 03:39:25 | 000,000,000 | ---D | C] -- C:\Program Files\Analog Devices
[2010/11/01 03:21:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rawr\Local Settings\Application Data\WinZip
[2010/11/01 03:20:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/11/01 03:20:34 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2010/11/01 03:19:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rawr\My Documents\Downloads
[2010/11/01 03:18:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rawr\Application Data\Macromedia
[2010/11/01 03:18:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rawr\Application Data\Adobe
[2010/11/01 03:18:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee Security Scan
[2010/11/01 03:18:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2010/11/01 03:18:24 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2010/11/01 03:16:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rawr\Local Settings\Application Data\Mozilla
[2010/11/01 03:16:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rawr\Application Data\Mozilla
[2010/11/01 03:16:42 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/11/01 03:16:33 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/11/01 03:13:12 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2010/11/01 03:10:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2010/10/31 19:44:13 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2010/10/31 19:44:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2010/10/31 19:44:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
[2010/10/31 19:44:08 | 000,000,000 | R--D | C] -- C:\Program Files
[2010/10/31 19:44:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2010/10/31 19:44:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files
[2010/10/31 19:43:48 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu
[2010/10/31 19:43:48 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents
[2010/10/31 19:43:48 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Templates
[2010/10/31 19:43:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Favorites
[2010/10/31 19:43:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop
[2010/10/31 19:43:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2010/10/31 19:43:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2010/10/31 19:43:29 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2010/10/31 19:43:29 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data
[2010/10/31 19:43:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings
[2010/10/31 19:43:09 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2010/10/31 19:37:42 | 000,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2010/10/31 19:37:42 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2010/10/31 19:37:42 | 000,000,000 | R--D | C] -- C:\WINDOWS\Web
[2010/10/31 19:37:42 | 000,000,000 | -H-D | C] -- C:\WINDOWS\inf
[2010/10/31 19:37:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2010/10/31 19:37:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2010/10/31 19:37:42 | 000,000,000 | ---D | C] -- C:\WINDOWS
[2010/10/31 19:37:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2010/10/31 19:37:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2010/10/31 19:37:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2010/10/31 19:37:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2010/10/31 19:37:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32
[2010/10/31 19:37:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\system
[2010/10/31 19:37:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
[2010/10/31 19:37:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2010/10/31 19:37:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2010/10/31 19:37:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\security
[2010/10/31 19:37:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2010/10/31 19:37:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\repair
[2010/10/31 19:37:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2010/10/31 19:37:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\Provisioning
[2010/10/31 19:37:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\PeerNet
[2010/10/31 19:37:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\pchealth
[2010/10/31 19:37:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2010/10/31 19:37:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2010/10/31 19:37:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2010/10/31 19:37:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\mui
[2010/10/31 19:37:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2010/10/31 19:37:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2010/10/31 19:37:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\Media
[2010/10/31 19:37:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\java
[2010/10/31 19:37:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2010/10/31 19:37:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
[2010/10/31 19:37:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime
[2010/10/31 19:37:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
[2010/10/31 19:37:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2010/10/31 19:37:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\Help
[2010/10/31 19:37:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2010/10/31 19:37:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
[2010/10/31 19:37:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\ehome
[2010/10/31 19:37:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
[2010/10/31 19:37:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2010/10/31 19:37:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2010/10/31 19:37:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2010/10/31 19:37:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2010/10/31 19:37:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2010/10/31 19:37:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2010/10/31 19:37:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\config
[2010/10/31 19:37:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\Config
[2010/10/31 19:37:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2010/10/31 19:37:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins
[2010/10/31 19:37:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2010/10/31 19:37:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2010/10/31 19:37:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2010/10/31 19:37:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2010/10/31 19:37:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2010/10/31 19:37:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2010/10/31 19:37:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2010/10/31 19:37:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
[2010/10/31 19:37:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2010/10/31 19:37:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2010/10/31 19:37:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1025
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/03 01:05:11 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2010/11/03 01:05:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/03 01:04:59 | 267,243,520 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/03 00:00:16 | 000,311,934 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/03 00:00:16 | 000,040,196 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/02 23:36:01 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/11/02 23:35:37 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\Rawr\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/11/02 23:34:46 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/02 23:34:16 | 000,097,456 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/11/02 23:22:33 | 000,002,675 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/11/02 22:53:17 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/11/02 01:44:36 | 000,001,670 | ---- | M] () -- C:\Documents and Settings\Rawr\Desktop\MiniFighter.Lnk
[2010/11/02 01:44:36 | 000,001,660 | ---- | M] () -- C:\Documents and Settings\Rawr\Desktop\Uncharted Waters Online.lnk
[2010/11/02 01:44:36 | 000,000,788 | ---- | M] () -- C:\Documents and Settings\Rawr\Desktop\MarbleStation.lnk
[2010/11/01 19:21:22 | 000,001,613 | ---- | M] () -- C:\Documents and Settings\Rawr\Application Data\Microsoft\Internet Explorer\Quick Launch\MarbleStation.lnk
[2010/11/01 19:02:46 | 000,001,050 | ---- | M] () -- C:\Documents and Settings\Rawr\Desktop\Netmarble.lnk
[2010/11/01 05:04:13 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/11/01 04:02:32 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/01 04:02:01 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Rawr\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2010/11/01 04:00:47 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2010/11/01 03:59:59 | 000,000,643 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/11/01 03:59:34 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/11/01 03:59:32 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/11/01 03:57:03 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/11/01 03:57:03 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/11/01 03:57:03 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/11/01 03:57:03 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/11/01 03:56:53 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/11/01 03:56:53 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/11/01 03:56:42 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2010/11/01 03:53:43 | 000,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/11/01 03:51:25 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/11/01 03:39:25 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\msssc.dll
[2010/11/01 03:21:16 | 000,001,660 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2010/11/01 03:18:24 | 000,001,611 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010/11/01 03:16:50 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010/11/01 03:16:44 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Rawr\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/11/01 03:16:44 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/10/13 13:27:48 | 000,090,112 | ---- | M] (Netmarble) -- C:\WINDOWS\GlbNMVistaUpdater.exe
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/02 23:54:33 | 267,243,520 | -HS- | C] () -- C:\hiberfil.sys
[2010/11/02 01:44:36 | 000,001,670 | ---- | C] () -- C:\Documents and Settings\Rawr\Desktop\MiniFighter.Lnk
[2010/11/01 19:53:07 | 000,005,174 | ---- | C] () -- C:\WINDOWS\System32\nppt9x.vxd
[2010/11/01 19:02:46 | 000,001,050 | ---- | C] () -- C:\Documents and Settings\Rawr\Desktop\Netmarble.lnk
[2010/11/01 19:02:44 | 000,001,660 | ---- | C] () -- C:\Documents and Settings\Rawr\Desktop\Uncharted Waters Online.lnk
[2010/11/01 19:02:44 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\Rawr\Desktop\MarbleStation.lnk
[2010/11/01 19:01:33 | 000,001,613 | ---- | C] () -- C:\Documents and Settings\Rawr\Application Data\Microsoft\Internet Explorer\Quick Launch\MarbleStation.lnk
[2010/11/01 06:05:55 | 000,000,260 | ---- | C] () -- C:\WINDOWS\tasks\WGASetup.job
[2010/11/01 05:24:23 | 000,613,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.chm
[2010/11/01 05:24:23 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud9.wav
[2010/11/01 05:24:23 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud8.wav
[2010/11/01 05:24:23 | 000,067,374 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.adm
[2010/11/01 05:24:23 | 000,023,195 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplay.chm
[2010/11/01 05:24:23 | 000,010,457 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.hta
[2010/11/01 05:24:23 | 000,001,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.css
[2010/11/01 05:24:23 | 000,000,855 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpocm.inf
[2010/11/01 05:24:23 | 000,000,420 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmploc.js
[2010/11/01 05:24:22 | 000,354,468 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud1.wav
[2010/11/01 05:24:22 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud7.wav
[2010/11/01 05:24:22 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud6.wav
[2010/11/01 05:24:22 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud3.wav
[2010/11/01 05:24:22 | 000,086,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud5.wav
[2010/11/01 05:24:22 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud4.wav
[2010/11/01 05:24:22 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud2.wav
[2010/11/01 05:24:22 | 000,017,272 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmdm.inf
[2010/11/01 05:24:22 | 000,008,677 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm7.gif
[2010/11/01 05:24:22 | 000,007,892 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm9.gif
[2010/11/01 05:24:22 | 000,007,636 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm2.gif
[2010/11/01 05:24:22 | 000,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm4.gif
[2010/11/01 05:24:22 | 000,006,769 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmfsdk.inf
[2010/11/01 05:24:22 | 000,006,241 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm3.gif
[2010/11/01 05:24:22 | 000,006,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm6.gif
[2010/11/01 05:24:22 | 000,005,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm1.gif
[2010/11/01 05:24:22 | 000,004,193 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm8.gif
[2010/11/01 05:24:22 | 000,002,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm5.gif
[2010/11/01 05:24:20 | 000,300,969 | ---- | C] () -- C:\WINDOWS\System32\dllcache\viz.wmv
[2010/11/01 05:24:20 | 000,017,489 | ---- | C] () -- C:\WINDOWS\System32\dllcache\videobg.gif
[2010/11/01 05:24:20 | 000,005,290 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vidsamp.gif
[2010/11/01 05:24:17 | 000,023,829 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tourbg.gif
[2010/11/01 05:24:17 | 000,003,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tour.js
[2010/11/01 05:24:17 | 000,002,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplay.gif
[2010/11/01 05:24:17 | 000,002,450 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpause.gif
[2010/11/01 05:24:17 | 000,002,375 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplayh.gif
[2010/11/01 05:24:17 | 000,002,371 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpauseh.gif
[2010/11/01 05:24:16 | 000,001,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taon.gif
[2010/11/01 05:24:16 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taonh.gif
[2010/11/01 05:24:16 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoff.gif
[2010/11/01 05:24:16 | 000,001,367 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoffh.gif
[2010/11/01 05:24:14 | 000,001,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\snd.htm
[2010/11/01 05:24:13 | 000,000,908 | ---- | C] () -- C:\WINDOWS\System32\dllcache\skins.inf
[2010/11/01 05:24:12 | 000,572,557 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rtuner.wmv
[2010/11/01 05:24:11 | 000,077,307 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plyr_err.chm
[2010/11/01 05:24:08 | 000,375,519 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nuskin.wmv
[2010/11/01 05:24:08 | 000,022,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npds.zip
[2010/11/01 05:24:08 | 000,000,403 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip
[2010/11/01 05:24:06 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2010/11/01 05:23:59 | 000,018,286 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.inf
[2010/11/01 05:23:59 | 000,002,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogoh.gif
[2010/11/01 05:23:59 | 000,002,545 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogo.gif
[2010/11/01 05:23:58 | 000,457,607 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mdlib.wmv
[2010/11/01 05:23:38 | 000,005,971 | ---- | C] () -- C:\WINDOWS\System32\dllcache\events.js
[2010/11/01 05:23:25 | 000,381,425 | ---- | C] () -- C:\WINDOWS\System32\dllcache\copycd.wmv
[2010/11/01 05:23:25 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2010/11/01 05:23:25 | 000,009,585 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.css
[2010/11/01 05:23:25 | 000,006,878 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.js
[2010/11/01 05:23:24 | 000,008,298 | ---- | C] () -- C:\WINDOWS\System32\dllcache\contents.htm
[2010/11/01 05:23:24 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnth.gif
[2010/11/01 05:23:24 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnt.gif
[2010/11/01 05:23:24 | 000,000,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cntd.gif
[2010/11/01 05:23:24 | 000,000,760 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapph.gif
[2010/11/01 05:23:24 | 000,000,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapp.gif
[2010/11/01 05:23:22 | 000,000,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bktrh.gif
[2010/11/01 05:18:50 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2010/11/01 05:04:13 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/11/01 04:09:50 | 000,005,110 | R--- | C] () -- C:\WINDOWS\System32\e100b325.din
[2010/11/01 04:02:32 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/01 04:02:01 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Rawr\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2010/11/01 04:01:52 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\Rawr\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/11/01 04:00:47 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2010/11/01 03:59:52 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/11/01 03:59:34 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/11/01 03:57:03 | 000,002,626 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/11/01 03:57:03 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2010/11/01 03:57:03 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2010/11/01 03:57:03 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS
[2010/11/01 03:57:03 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT
[2010/11/01 03:56:53 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/11/01 03:56:53 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/11/01 03:56:52 | 000,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
[2010/11/01 03:55:13 | 004,399,505 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nls302en.lex
[2010/11/01 03:54:50 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp
[2010/11/01 03:54:50 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp
[2010/11/01 03:54:45 | 000,000,984 | ---- | C] () -- C:\WINDOWS\System32\dllcache\srframe.mmf
[2010/11/01 03:53:43 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/11/01 03:52:56 | 000,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2010/11/01 03:52:56 | 000,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2010/11/01 03:52:56 | 000,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2010/11/01 03:52:56 | 000,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2010/11/01 03:52:56 | 000,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2010/11/01 03:52:56 | 000,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2010/11/01 03:52:56 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2010/11/01 03:52:55 | 000,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2010/11/01 03:52:55 | 000,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2010/11/01 03:52:55 | 000,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2010/11/01 03:52:55 | 000,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2010/11/01 03:52:53 | 000,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
[2010/11/01 03:52:53 | 000,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2010/11/01 03:52:52 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h
[2010/11/01 03:52:47 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
[2010/11/01 03:39:25 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2010/11/01 03:21:16 | 000,001,660 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2010/11/01 03:18:24 | 000,001,611 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010/11/01 03:16:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/11/01 03:16:44 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Rawr\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/11/01 03:16:44 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/10/31 19:48:02 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2010/10/31 19:48:01 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2010/10/31 19:47:56 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2010/10/31 19:47:55 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2010/10/31 19:47:53 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\korwbrkr.lex
[2010/10/31 19:47:53 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2010/10/31 19:47:53 | 000,002,060 | ---- | C] () -- C:\WINDOWS\System32\noise.jpn
[2010/10/31 19:47:53 | 000,001,486 | ---- | C] () -- C:\WINDOWS\System32\noise.kor
[2010/10/31 19:47:45 | 000,146,126 | ---- | C] () -- C:\WINDOWS\System32\array30.tab
[2010/10/31 19:47:45 | 000,110,566 | ---- | C] () -- C:\WINDOWS\System32\arphr.tbl
[2010/10/31 19:47:45 | 000,018,600 | ---- | C] () -- C:\WINDOWS\System32\arrayhw.tab
[2010/10/31 19:47:45 | 000,016,312 | ---- | C] () -- C:\WINDOWS\System32\arptr.tbl
[2010/10/31 19:47:44 | 000,211,938 | ---- | C] () -- C:\WINDOWS\System32\lcphrase.tbl
[2010/10/31 19:47:44 | 000,116,285 | ---- | C] () -- C:\WINDOWS\System32\msdayi.tbl
[2010/10/31 19:47:44 | 000,044,370 | ---- | C] () -- C:\WINDOWS\System32\acode.tbl
[2010/10/31 19:47:44 | 000,044,370 | ---- | C] () -- C:\WINDOWS\System32\a234.tbl
[2010/10/31 19:47:44 | 000,043,242 | ---- | C] () -- C:\WINDOWS\System32\phoncode.tbl
[2010/10/31 19:47:44 | 000,024,114 | ---- | C] () -- C:\WINDOWS\System32\lcptr.tbl
[2010/10/31 19:47:44 | 000,004,071 | ---- | C] () -- C:\WINDOWS\System32\phon.tbl
[2010/10/31 19:47:44 | 000,002,714 | ---- | C] () -- C:\WINDOWS\System32\phonptr.tbl
[2010/10/31 19:47:44 | 000,001,460 | ---- | C] () -- C:\WINDOWS\System32\a15.tbl
[2010/10/31 19:47:44 | 000,000,700 | ---- | C] () -- C:\WINDOWS\System32\dayiptr.tbl
[2010/10/31 19:47:44 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\dayiphr.tbl
[2010/10/31 19:47:37 | 001,223,500 | ---- | C] () -- C:\WINDOWS\System32\WINZM.MB
[2010/10/31 19:47:36 | 001,783,864 | ---- | C] () -- C:\WINDOWS\System32\WINPY.MB
[2010/10/31 19:47:36 | 001,564,868 | ---- | C] () -- C:\WINDOWS\System32\WINSP.MB
[2010/10/31 19:47:32 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2010/10/31 19:47:32 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2010/10/31 19:47:20 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2010/10/31 19:44:16 | 000,002,675 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/10/31 19:44:12 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/10/31 19:44:10 | 001,685,606 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.spd
[2010/10/31 19:44:10 | 000,000,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.sdf
[2010/10/31 19:44:09 | 000,643,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ltts1033.lxa
[2010/10/31 19:44:09 | 000,605,050 | ---- | C] () -- C:\WINDOWS\System32\dllcache\r1033tts.lxa
[2010/10/31 19:43:57 | 000,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2010/10/31 19:43:47 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2010/10/31 19:43:47 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2010/10/31 19:43:46 | 001,042,903 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
[2010/10/31 19:43:46 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2010/10/31 19:43:46 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2010/10/31 19:43:46 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2010/10/31 19:43:46 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2010/10/31 19:43:46 | 000,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
[2010/10/31 19:43:08 | 000,097,456 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/31 19:42:38 | 000,000,211 | -HS- | C] () -- C:\boot.ini
[2010/10/31 19:42:35 | 000,000,643 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf
[2002/10/07 19:15:36 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== LOP Check ==========

[2010/11/01 03:58:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/11/01 03:21:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/11/03 01:05:11 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

========== Purity Check ==========



< End of report >





OTL Extras logfile created on: 11/3/2010 1:25:23 AM - Run 1
OTL by OldTimer - Version 3.2.17.2 Folder = C:\Documents and Settings\Rawr\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

255.00 Mb Total Physical Memory | 22.00 Mb Available Physical Memory | 9.00% Memory free
626.00 Mb Paging File | 348.00 Mb Available in Paging File | 56.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 55.07 Gb Free Space | 73.90% Space Free | Partition Type: NTFS

Computer Name: HOOD-EC203CCE7C | User Name: Rawr | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\WINDOWS\System32\shdocvw.dll (Microsoft Corporation)
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1935655697-861567501-1801674531-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\NetmarbleGlobal\GlbNetmarbleDownLoader\glbNMDownload.exe" = C:\NetmarbleGlobal\GlbNetmarbleDownLoader\glbNMDownload.exe:*:Enabled:glbNMDownload -- ()
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{160B3255-2B39-4E0A-90C5-711AE4CCDE0B}" = Netmarble NPAPI Plugin Updater Installer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{9984DF60-1C5B-11D3-ACA1-908A4FC10801}" = Intel Application Accelerator
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{EF4EF65F-4D62-44D7-82C9-1AECCBA74C50}" = Intel® PROSet
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"avast5" = avast! Free Antivirus
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"PROSet" = Intel® PRO Network Adapters and Drivers
"Veetle TV" = Veetle TV 0.9.18
"Windows XP Service Pack" = Windows XP Service Pack 3

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1935655697-861567501-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{6AF31E48-F4B3-4110-88BB-CA38D625D0B7}" = Uncharted Waters Online

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/1/2010 7:06:26 AM | Computer Name = HOOD-EC203CCE7C | Source = Application Error | ID = 1005
Description = Windows cannot access the file D:\v6.4_PRO2KXP_only.exe for one of
the following reasons: there is a problem with the network connection, the disk
that the file is stored on, or the storage drivers installed on this computer;
or the disk is missing. Windows closed the program DriverInstaller
because of this error. Program: DriverInstaller
File: D:\v6.4_PRO2KXP_only.exe The error
value is listed in the Additional Data section. User Action 1. Open the file again.
This situation might be a temporary problem that corrects itself when the program
runs again. 2. If the file still cannot be accessed and - It is on the network, your
network administrator should verify that there is not a problem with the network
and that the server can be contacted. - It is on a removable disk, for example,
a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3.
Check and repair the file system by running CHKDSK. To run CHKDSK, click Start,
click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F,
and then press ENTER. 4. If the problem persists, restore the file from a backup
copy. 5. Determine whether other files on the same disk can be opened. If not, the
disk might be damaged. If it is a hard disk, contact your administrator or computer
hardware vendor for further assistance. Additional Data Error value: C0000010 Disk
type: 5

Error - 11/1/2010 7:06:29 AM | Computer Name = HOOD-EC203CCE7C | Source = Application Error | ID = 1000
Description = Faulting application v6.4_PRO2KXP_only.exe, version 4.0.100.1124,
faulting module v6.4_PRO2KXP_only.exe, version 4.0.100.1124, fault address 0x0000762a.

Error - 11/1/2010 6:34:47 AM | Computer Name = HOOD-EC203CCE7C | Source = Application Hang | ID = 1002
Description = Hanging application explorer.exe, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/1/2010 7:55:34 AM | Computer Name = HOOD-EC203CCE7C | Source = Application Hang | ID = 1002
Description = Hanging application plugin-container.exe, version 1.9.2.3951, hang
module hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/3/2010 2:39:49 AM | Computer Name = HOOD-EC203CCE7C | Source = Application Error | ID = 1000
Description = Faulting application avastui.exe, version 5.0.677.0, faulting module
msvcr90.dll, version 9.0.30729.4148, fault address 0x0003753d.

[ System Events ]
Error - 11/1/2010 9:22:01 AM | Computer Name = HOOD-EC203CCE7C | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.100.10 for the Network Card with network
address 000CF16B9CAF has been denied by the DHCP server 76.85.238.65 (The DHCP Server
sent a DHCPNACK message).

Error - 11/1/2010 9:27:17 AM | Computer Name = HOOD-EC203CCE7C | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Windows Internet Explorer 7 for Windows XP.

Error - 11/1/2010 9:12:53 PM | Computer Name = HOOD-EC203CCE7C | Source = Service Control Manager | ID = 7031
Description = The avast! Antivirus service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 5000 milliseconds:
Restart the service.

Error - 11/3/2010 12:43:07 AM | Computer Name = HOOD-EC203CCE7C | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.100.10 for the Network Card with network
address 000CF16B9CAF has been denied by the DHCP server 76.85.238.65 (The DHCP Server
sent a DHCPNACK message).

Error - 11/3/2010 1:53:42 AM | Computer Name = HOOD-EC203CCE7C | Source = Dhcp | ID = 1002
Description = The IP address lease 76.91.174.81 for the Network Card with network
address 000CF16B9CAF has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 11/3/2010 1:54:15 AM | Computer Name = HOOD-EC203CCE7C | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.100.10
on the Network Card with network address 000CF16B9CAF.

Error - 11/3/2010 2:39:08 AM | Computer Name = HOOD-EC203CCE7C | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 11/3/2010 2:40:06 AM | Computer Name = HOOD-EC203CCE7C | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Aavmker4 aswSP aswTdi Fips intelppm

Error - 11/3/2010 2:48:20 AM | Computer Name = HOOD-EC203CCE7C | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 11/3/2010 2:48:38 AM | Computer Name = HOOD-EC203CCE7C | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}


< End of report >
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP