Jump to content

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer


Recommended Posts

This is the hardest malware I have ever tried to move. Computer works fine, but when online ie explorer crashes and causes pop-ups directing viruses. Here are my latest logs:

ComboFix 10-04-08.01 - George Luis 2010-04-08 19:18:03.13.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1024.559 [GMT -7:00]

Running from: c:\documents and settings\George Luis\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\George Luis\Desktop\CFScript.txt

AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

.

((((((((((((((((((((((((( Files Created from 2010-03-09 to 2010-04-09 )))))))))))))))))))))))))))))))

.

2010-04-09 00:38 . 2010-04-09 00:38 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache

2010-04-07 13:53 . 2010-04-07 13:53 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2010-04-06 16:48 . 2010-04-06 16:48 552 ----a-w- c:\windows\system32\d3d8caps.dat

2010-04-06 16:47 . 2010-04-06 16:47 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

2010-04-06 16:45 . 2010-04-06 16:45 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

2010-04-06 16:41 . 2010-04-08 19:58 -------- d-----w- c:\documents and settings\George Luis\Application Data\6150093E713E195469E2421747CD2961

2010-03-19 19:04 . 2010-04-07 00:30 5918776 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

2010-03-19 19:02 . 2010-03-19 19:02 -------- d-----w- c:\documents and settings\George Luis\Application Data\Malwarebytes

2010-03-19 19:02 . 2010-03-30 07:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-03-19 19:02 . 2010-03-19 19:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-03-19 19:02 . 2010-03-30 07:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-03-19 19:02 . 2010-04-07 00:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-04-08 20:39 . 2009-02-03 20:24 -------- d-----w- c:\documents and settings\George Luis\Application Data\vlc

2010-04-08 16:54 . 2008-08-16 23:02 664 ----a-w- c:\windows\system32\d3d9caps.dat

2010-04-08 02:20 . 2008-07-31 19:50 -------- d-----w- c:\documents and settings\George Luis\Application Data\uTorrent

2010-03-21 21:27 . 2008-07-31 19:50 -------- d-----w- c:\program files\uTorrent

2010-03-21 21:10 . 2008-07-31 17:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2010-03-21 20:34 . 2008-07-31 20:12 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2010-03-19 18:57 . 2008-10-13 16:52 -------- d-----w- c:\program files\Microsoft

2010-03-15 18:08 . 2008-07-31 01:33 100056 ----a-w- c:\documents and settings\George Luis\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-03-09 21:03 . 2010-03-09 21:03 -------- d-----w- c:\documents and settings\George Luis\Application Data\Office Genuine Advantage

2010-03-09 19:52 . 2008-08-03 21:38 -------- d-----w- c:\documents and settings\George Luis\Application Data\Vso

2010-03-09 19:30 . 2008-08-17 00:28 -------- d-----w- c:\documents and settings\George Luis\Application Data\dvdcss

2010-03-06 23:50 . 2008-10-01 21:14 -------- d-----w- c:\program files\Microsoft Silverlight

2010-03-06 22:46 . 2008-07-31 18:00 -------- d-----w- c:\program files\Microsoft Works

2010-03-06 19:27 . 2009-10-17 21:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Vso

2010-03-06 19:23 . 2008-07-31 20:03 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-03-06 19:21 . 2008-08-08 18:01 -------- d-----w- c:\documents and settings\George Luis\Application Data\CyberScrub

2010-03-06 19:20 . 2008-08-26 00:01 -------- d-----w- c:\program files\CramMaster

2010-02-25 06:24 . 2004-08-04 12:00 916480 ------w- c:\windows\system32\wininet.dll

.

------- Sigcheck -------

[-] 2008-07-31 . D24EA301E2B36C4E975FD216CA85D8E7 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\TCPIP.SYS

[-] 2008-07-31 . D24EA301E2B36C4E975FD216CA85D8E7 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\TCPIP.SYS

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys

[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys

[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\TCPIP.SYS

[7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\tcpip.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-27 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-13 141600]

"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-11-16 2054360]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-03-30 437584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-7-31 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2008-05-02 09:42 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R0 mcctl;mcctl;c:\windows\system32\drivers\mcctl.sys [2008-10-28 4864]

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-11-16 108792]

R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2009-11-16 735960]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-03-19 303952]

R2 SonyFKC;FAN and Keyboard Control Service;c:\windows\system32\drivers\SonyFKC.sys [2001-12-06 12032]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-03-19 20824]

S2 SCRCAMDRV;ScreenCamera IM Device;c:\windows\system32\drivers\SCRCAMDRV.sys [2008-11-21 225536]

S3 mcdevice;mcdevice;c:\windows\system32\drivers\mcdevice.sys [2008-10-28 15872]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{621FCD24-4498-4324-A81E-07D331376EDF}]

2007-09-19 17:32 7680 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe

.

Contents of the 'Scheduled Tasks' folder

2008-12-11 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-12 19:34]

2010-04-08 c:\windows\Tasks\HP Usg Daily FY04.job

- c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\pexpress\hphped06.exe [2009-01-31 05:09]

2010-04-09 c:\windows\Tasks\OGALogon.job

- c:\windows\system32\OGAEXEC.exe [2009-08-03 23:07]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-04-08 19:32

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully

user: MBR read successfully

called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x872CFAC8]<<

kernel: MBR read successfully

detected MBR rootkit hooks:

\Driver\Disk -> CLASSPNP.SYS @ 0xf7812f28

\Driver\ACPI -> ACPI.sys @ 0xf7765cb8

\Driver\atapi -> atapi.sys @ 0xf76f7852

IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0598

ParseProcedure -> ntoskrnl.exe @ 0x8056ea15

\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0598

ParseProcedure -> ntoskrnl.exe @ 0x8056ea15

NDIS: Realtek RTL8139/810x Family Fast Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xf75f0bb0

PacketIndicateHandler -> NDIS.sys @ 0xf75fda21

SendHandler -> NDIS.sys @ 0xf75db87b

user & kernel MBR OK

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(972)

c:\windows\system32\WININET.dll

c:\windows\system32\Ati2evxx.dll

c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

c:\program files\common files\logishrd\bluetooth\LBTServ.dll

- - - - - - - > 'lsass.exe'(1036)

c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(664)

c:\windows\system32\WININET.dll

c:\program files\Logitech\SetPoint\lgscroll.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll

c:\program files\Microsoft Office\Office12\GrooveShellExtensions.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2010-04-08 19:40:16

ComboFix-quarantined-files.txt 2010-04-09 02:40

Pre-Run: 46,861,664,256 bytes free

Post-Run: 46,905,896,960 bytes free

- - End Of File - - 8DDAB666A8EAC23F23820C550BC6F70D

Malwarebytes' Anti-Malware 1.45

www.malwarebytes.org

Database version: 3973

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

2010-04-09 04:26:41 PM

mbam-log-2010-04-09 (16-26-41).txt

Scan type: Full scan (C:\|D:\|)

Objects scanned: 173600

Time elapsed: 1 hour(s), 34 minute(s), 25 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

C:\Documents and Settings\George Luis\Desktop\HelpAsst_mebroot_fix.exe

2010-04-09 at 19:49:29.71

HelpAssistant account was found to be Inactive

~~ Checking for termsrv32.dll ~~

termsrv32.dll not found

~~ Checking firewall ports ~~

HKLM\~\services\sharedaccess\parameters\firewallpolicy\domainprofile\globallyopenports\list

HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\globallyopenports\list

HelpAssistant profile not found in registry

~~ Checking mbr ~~

user & kernel MBR OK

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Status check on 2010-04-09 at 19:59:06.71

Full Name Remote Desktop Help Assistant Account

Account active No

Local Group Memberships

~~ Checking mbr ~~

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully

user: MBR read successfully

called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x872CEAC8]<<

kernel: MBR read successfully

user & kernel MBR OK

~~ Checking for termsrv32.dll ~~

termsrv32.dll not found

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\termservice\parameters

ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\termsrv.dll

~~ Checking profile list ~~

No HelpAssistant profile in List

~~ Checking for HelpAssistant directories ~~

none found

~~ Checking firewall ports ~~

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\domainprofile\GloballyOpenPorts\List]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

~~ EOF ~~

OTL logfile created on: 2010-04-09 07:44:31 PM - Run 3

OTL by OldTimer - Version 3.2.1.0 Folder = C:\Documents and Settings\George Luis\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy-MM-dd

1,024.00 Mb Total Physical Memory | 603.00 Mb Available Physical Memory | 59.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 87.00% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 76.32 Gb Total Space | 43.98 Gb Free Space | 57.63% Space Free | Partition Type: NTFS

Drive D: | 298.08 Gb Total Space | 93.97 Gb Free Space | 31.52% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

Drive F: | 28.29 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: ADMIN-8817046C

Current User Name: George Luis

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\George Luis\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Program Files\ESET\ESET Smart Security\ekrn.exe (ESET)

PRC - C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)

PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)

PRC - C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)

PRC - C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\George Luis\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll (Microsoft Corporation)

MOD - C:\Program Files\Logitech\SetPoint\lgscroll.dll (Logitech, Inc.)

========== Win32 Services (SafeList) ==========

SRV - (fsssvc) -- File not found

SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (EhttpSrv) -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe (ESET)

SRV - (ekrn) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe (ESET)

SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)

SRV - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)

SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)

SRV - (MSSQL$SONY_MEDIAMGR) -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (Microsoft Corporation)

SRV - (SQLAgent$SONY_MEDIAMGR) -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)

DRV - (epfwtdi) -- C:\WINDOWS\system32\drivers\epfwtdi.sys (ESET)

DRV - (epfw) -- C:\WINDOWS\system32\drivers\epfw.sys (ESET)

DRV - (ehdrv) -- C:\WINDOWS\system32\drivers\ehdrv.sys (ESET)

DRV - (eamon) -- C:\WINDOWS\system32\drivers\eamon.sys (ESET)

DRV - (Epfwndis) -- C:\WINDOWS\system32\drivers\epfwndis.sys (ESET)

DRV - (SCRCAMDRV) -- C:\WINDOWS\system32\drivers\SCRCAMDRV.sys (Windows ® 2000 DDK provider)

DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)

DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr.sys (Microsoft Corporation)

DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.)

DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.)

DRV - (L8042Kbd) -- C:\WINDOWS\system32\drivers\L8042Kbd.sys (Logitech, Inc.)

DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )

DRV - (tbhsd) -- C:\WINDOWS\system32\drivers\tbhsd.sys (RapidSolution Software AG)

DRV - (mcdevice) -- C:\WINDOWS\system32\drivers\mcdevice.sys (ShiningMorning Inc.)

DRV - (mcctl) -- C:\WINDOWS\system32\drivers\mcctl.sys (ShiningMorning Inc.)

DRV - (ltmodem5) -- C:\WINDOWS\system32\drivers\ltmdmnt.sys (LT)

DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)

DRV - (SonyFKC) -- C:\WINDOWS\system32\drivers\SonyFKC.sys (Sony Corporation)

DRV - (ac97intc) Intel® 82801 Audio Driver Install Service (WDM) -- C:\WINDOWS\system32\drivers\ac97intc.sys (Intel Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2010-03-21 13:41:39 | 000,000,000 | ---D | M]

[2009-06-07 14:29:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Luis\Application Data\Mozilla\Extensions

[2009-06-07 14:29:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Luis\Application Data\Mozilla\Extensions\mozswing@mozswing.org

[2009-04-03 12:33:22 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010-04-08 09:17:27 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found

O2 - BHO: (Windows Live Toolbar Beta) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - Reg Error: Value error. File not found

O3 - HKLM\..\Toolbar: (&Windows Live Toolbar Beta) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - Reg Error: Value error. File not found

O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar Beta) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - Reg Error: Value error. File not found

O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)

O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)

O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - Reg Error: Value error. File not found

O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - Reg Error: Value error. File not found

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1266080548825 (WUWebControl Class)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1266080762435 (MUWebControl Class)

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} http://www.trendsecure.com/easy_install/_a...asyInstallX.CAB (TSEasyInstallX Control)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)

O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll ()

O24 - Desktop WallPaper: C:\Documents and Settings\George Luis\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\George Luis\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009-04-05 14:27:48 | 000,000,047 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2005-11-08 14:21:55 | 000,045,056 | R--- | M] () - F:\AutoInstall.exe -- [ CDFS ]

O32 - AutoRun File - [2003-10-03 09:01:15 | 000,000,049 | R--- | M] () - F:\autorun.inf -- [ CDFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010-04-09 14:37:42 | 000,000,000 | ---D | C] -- C:\_OTL

[2010-04-09 14:36:45 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\George Luis\Desktop\OTL.exe

[2010-04-09 14:35:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun

[2010-04-09 14:21:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt

[2010-04-09 13:33:52 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2010-04-08 19:13:51 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2010-04-08 19:13:50 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2010-04-08 19:13:50 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2010-04-08 19:13:50 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2010-04-08 19:13:07 | 000,000,000 | ---D | C] -- C:\Qoobox

[2010-04-08 18:12:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp

[2010-04-07 06:52:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia

[2010-04-07 06:51:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe

[2010-04-06 09:47:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia

[2010-04-06 09:47:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe

[2010-04-06 09:47:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe

[2010-04-06 09:46:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Sun

[2010-04-06 09:41:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\George Luis\Application Data\6150093E713E195469E2421747CD2961

[2010-03-27 12:51:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\George Luis\My Documents\SGH-i637 My Documents

[2010-03-21 14:42:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\George Luis\Desktop\Solarsoul - Sunrise Dreams

[2010-03-19 12:02:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\George Luis\Application Data\Malwarebytes

[2010-03-19 12:02:50 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010-03-19 12:02:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2010-03-19 12:02:42 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010-03-19 12:02:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2009-06-22 08:04:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft

[2008-12-01 17:34:30 | 003,955,636 | ---- | C] (VeryPDF.com Inc ) -- C:\Documents and Settings\George Luis\Application Data\pdf2word.exe

[2008-10-23 16:22:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ESET

[2008-10-21 05:42:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft

[2008-08-03 14:38:52 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\George Luis\Application Data\pcouffin.sys

[2008-08-02 09:53:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple

[2008-07-31 10:45:25 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft

[2008-07-30 18:02:02 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft

========== Files - Modified Within 30 Days ==========

[2010-04-09 19:42:00 | 000,000,328 | ---- | M] () -- C:\WINDOWS\tasks\HP Usg Daily FY04.job

[2010-04-09 19:40:00 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job

[2010-04-09 19:39:44 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010-04-09 19:39:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010-04-09 19:39:35 | 000,055,160 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap

[2010-04-09 19:39:33 | 1073,319,936 | -HS- | M] () -- C:\hiberfil.sys

[2010-04-09 19:38:42 | 008,388,608 | ---- | M] () -- C:\Documents and Settings\George Luis\NTUSER.DAT

[2010-04-09 19:38:42 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\George Luis\ntuser.ini

[2010-04-09 14:33:44 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll

[2010-04-08 19:32:37 | 000,000,572 | ---- | M] () -- C:\WINDOWS\system.ini

[2010-04-08 19:26:04 | 000,489,296 | ---- | M] () -- C:\Documents and Settings\George Luis\Desktop\HelpAsst_mebroot_fix.exe

[2010-04-08 18:54:23 | 002,217,064 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010-04-08 18:20:52 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\George Luis\Desktop\OTL.exe

[2010-04-08 17:22:01 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010-04-08 17:12:40 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\George Luis\Local Settings\Application Data\housecall.guid.cache

[2010-04-08 13:36:47 | 000,078,848 | ---- | M] () -- C:\Documents and Settings\George Luis\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010-04-08 13:27:27 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2010-04-08 09:54:37 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010-04-08 09:17:27 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2010-04-06 09:48:05 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat

[2010-03-31 11:56:05 | 000,002,330 | ---- | M] () -- C:\Documents and Settings\George Luis\Desktop\Google Chrome.lnk

[2010-03-30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010-03-30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010-03-27 16:21:38 | 000,461,696 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010-03-27 16:21:38 | 000,079,824 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010-03-27 16:21:37 | 000,551,722 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2010-03-27 12:52:00 | 000,001,435 | ---- | M] () -- C:\Documents and Settings\George Luis\Desktop\SGH-i637 My Documents.LNK

[2010-03-21 15:48:14 | 011,188,185 | ---- | M] () -- C:\Documents and Settings\George Luis\Desktop\Swing 2 Harmony - Perasma.mp3

[2010-03-21 14:06:58 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2010-03-15 11:08:26 | 000,100,056 | ---- | M] () -- C:\Documents and Settings\George Luis\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

[2010-03-12 18:02:38 | 000,261,632 | ---- | M] () -- C:\WINDOWS\PEV.exe

========== Files Created - No Company Name ==========

[2010-04-09 13:37:23 | 000,000,195 | ---- | C] () -- C:\Documents and Settings\George Luis\mbr.log

[2010-04-09 13:34:41 | 000,363,008 | ---- | C] () -- C:\Documents and Settings\George Luis\Desktop\rkill.com

[2010-04-09 13:34:19 | 000,489,296 | ---- | C] () -- C:\Documents and Settings\George Luis\Desktop\HelpAsst_mebroot_fix.exe

[2010-04-08 19:13:50 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2010-04-08 19:13:50 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2010-04-08 19:13:50 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2010-04-08 18:23:24 | 1073,319,936 | -HS- | C] () -- C:\hiberfil.sys

[2010-04-08 17:48:43 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2010-04-08 17:48:43 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2010-04-08 17:12:40 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\George Luis\Local Settings\Application Data\housecall.guid.cache

[2010-04-06 09:48:05 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat

[2010-03-27 12:51:59 | 000,001,435 | ---- | C] () -- C:\Documents and Settings\George Luis\Desktop\SGH-i637 My Documents.LNK

[2010-03-12 14:46:05 | 011,188,185 | ---- | C] () -- C:\Documents and Settings\George Luis\Desktop\Swing 2 Harmony - Perasma.mp3

[2009-10-17 14:26:16 | 000,081,920 | ---- | C] () -- C:\Documents and Settings\George Luis\Application Data\ezpinst.exe

[2009-10-17 14:20:59 | 000,000,671 | ---- | C] () -- C:\Documents and Settings\George Luis\Application Data\vso_ts_preview.xml

[2009-04-05 14:30:48 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\acdbres.dll

[2009-02-23 16:11:42 | 000,000,339 | ---- | C] () -- C:\WINDOWS\pdf2word.INI

[2009-01-31 16:08:36 | 000,000,880 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log

[2008-11-04 11:34:24 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\George Luis\S-1-5-21-602162358-789336058-682003330-1003.rrr.LOG

[2008-10-24 09:55:00 | 000,000,153 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2008-10-12 10:24:39 | 000,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll

[2008-10-12 10:24:39 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll

[2008-10-12 10:24:39 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll

[2008-10-12 10:24:38 | 002,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll

[2008-09-05 23:30:42 | 000,190,976 | ---- | C] () -- C:\WINDOWS\System32\WgaLogon.dll

[2008-08-08 11:00:41 | 000,000,084 | ---- | C] () -- C:\WINDOWS\csact.ini

[2008-08-07 19:16:41 | 000,009,922 | ---- | C] () -- C:\Documents and Settings\George Luis\Local Settings\Application Data\Failed Copy

[2008-08-07 17:36:03 | 000,022,992 | ---- | C] () -- C:\Documents and Settings\George Luis\Local Settings\Application Data\.ipc_copyrecord

[2008-08-07 17:31:38 | 000,000,256 | ---- | C] () -- C:\Documents and Settings\George Luis\Local Settings\Application Data\iTunesPrefs

[2008-08-07 17:23:12 | 000,000,056 | ---- | C] () -- C:\Documents and Settings\George Luis\Local Settings\Application Data\84756-11986-27475-00TC1-94865

[2008-08-04 17:24:57 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\George Luis\Application Data\$_hpcst$.hpc

[2008-08-03 14:39:07 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\George Luis\Application Data\pcouffin.log

[2008-08-03 14:38:52 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\George Luis\Application Data\pcouffin.cat

[2008-08-03 14:38:52 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\George Luis\Application Data\pcouffin.inf

[2008-08-02 16:59:53 | 000,000,163 | ---- | C] () -- C:\Documents and Settings\George Luis\default.pls

[2008-08-02 16:59:17 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2008-08-02 16:37:26 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\George Luis\.rnd

[2008-08-01 11:48:06 | 000,078,848 | ---- | C] () -- C:\Documents and Settings\George Luis\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008-07-31 19:23:50 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\George Luis\Local Settings\Application Data\fusioncache.dat

[2008-07-31 12:42:48 | 000,000,392 | ---- | C] () -- C:\WINDOWS\lexstat.ini

[2008-07-30 18:06:48 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\George Luis\ntuser.ini

[2008-07-30 18:06:46 | 008,388,608 | ---- | C] () -- C:\Documents and Settings\George Luis\NTUSER.DAT

[2008-07-30 18:06:46 | 004,718,592 | -H-- | C] () -- C:\Documents and Settings\George Luis\ntuser.dat.rmbak

[2008-07-30 18:06:46 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\George Luis\NTUSER.DAT.LOG

[2008-03-20 18:06:36 | 001,481,728 | ---- | C] () -- C:\WINDOWS\System32\LegitCheckControl.dll

[2007-08-23 19:30:00 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 166 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B3D74A13

@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:820563D3

< End of report >

THANK YOU IN ADVANCE.

Link to post
Share on other sites

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.