Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Unknown Virus - Part of Windows Not Working [Closed]

Started by SardonicWhisper , Dec 23 2009 06:12 PM

  • This topic is locked This topic is locked

#1
SardonicWhisper
Posted 23 December 2009 - 06:12 PM

SardonicWhisper

    Member

  • Member
  • PipPip
  • 41 posts
I tried being as descriptive as I could in the title but it's a very difficult problem.

What started the problem is described in this topic.

I went through the Malware Removal Guide topic, but it didn't solve the problem.

MalwareBytes Log:

Malwarebytes' Anti-Malware 1.42
Database version: 3414
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

12/23/2009 12:16:27 AM
mbam-log-2009-12-23 (00-16-27).txt

Scan type: Quick Scan
Objects scanned: 162499
Time elapsed: 5 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


OTL Log:

OTL logfile created on: 12/23/2009 11:47:10 AM - Run 1
OTL by OldTimer - Version 3.1.19.0 Folder = C:\Documents and Settings\Axel\My Documents\Downloads
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 290.00 Mb Available Physical Memory | 57.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): c:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS2 | %ProgramFiles% = C:\Program Files
Drive C: | 69.50 Gb Total Space | 0.31 Gb Free Space | 0.45% Space Free | Partition Type: NTFS
Drive D: | 5.02 Gb Total Space | 1.18 Gb Free Space | 23.47% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
Drive F: | 467.06 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: AXEL2
Current User Name: Axel
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/12/23 11:44:31 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Axel\My Documents\Downloads\OTL.exe
PRC - [2009/12/02 09:17:44 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/11/24 18:51:40 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/11/24 18:51:35 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/11/24 18:51:21 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/11/24 18:48:48 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/11/24 18:43:56 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2004/08/04 07:00:00 | 01,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS2\explorer.exe


========== Modules (SafeList) ==========

MOD - [2009/12/23 11:44:31 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Axel\My Documents\Downloads\OTL.exe
MOD - [2004/08/04 07:00:00 | 01,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS2\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/11/24 18:51:35 | 00,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/24 18:51:21 | 00,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/24 18:48:48 | 00,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/24 18:43:56 | 00,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS2\system32\blank.htm
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/17 23:43:56 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/17 23:43:46 | 00,000,000 | ---D | M]

[2009/12/17 23:44:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Axel\Application Data\Mozilla\Extensions
[2009/12/17 23:44:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Axel\Application Data\Mozilla\Firefox\Profiles\jq7b4q6u.default\extensions
[2009/12/23 08:38:02 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2006/08/07 18:18:03 | 00,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2005/04/27 15:10:49 | 00,102,400 | ---- | M] (RealNetworks) -- C:\Program Files\Mozilla Firefox\plugins\npracplug.dll

O1 HOSTS File: (734 bytes) - C:\WINDOWS2\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS2\ime\IMKR6_1\imekrmig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS2\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS2\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS2\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS2\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Axel\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.245.130 167.206.245.129
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS2\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/12/17 23:27:28 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 06:07:38 | 00,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/08/04 07:00:00 | 00,000,110 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS2\system32\ias [2009/12/18 18:41:46 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS2\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16892003295952896)

========== Files/Folders - Created Within 14 Days ==========

[2009/12/23 11:28:58 | 00,000,000 | ---D | C] -- C:\WINDOWS2\Minidump
[2009/12/23 02:21:12 | 00,000,000 | ---D | C] -- C:\WINDOWS2\ERDNT
[2009/12/23 00:26:53 | 00,023,120 | ---- | C] (ALWIL Software) -- C:\WINDOWS2\System32\drivers\aswRdr.sys
[2009/12/23 00:26:52 | 00,048,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS2\System32\drivers\aswTdi.sys
[2009/12/23 00:26:51 | 00,027,408 | ---- | C] (ALWIL Software) -- C:\WINDOWS2\System32\drivers\aavmker4.sys
[2009/12/23 00:26:49 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS2\System32\AvastSS.scr
[2009/12/23 00:26:49 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS2\System32\drivers\aswFsBlk.sys
[2009/12/23 00:26:48 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS2\System32\drivers\aswSP.sys
[2009/12/23 00:26:48 | 00,094,160 | ---- | C] (ALWIL Software) -- C:\WINDOWS2\System32\drivers\aswmon2.sys
[2009/12/23 00:26:48 | 00,093,424 | ---- | C] (ALWIL Software) -- C:\WINDOWS2\System32\drivers\aswmon.sys
[2009/12/23 00:26:25 | 01,280,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS2\System32\aswBoot.exe
[2009/12/23 00:03:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Axel\Application Data\Malwarebytes
[2009/12/23 00:03:23 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS2\System32\drivers\mbamswissarmy.sys
[2009/12/23 00:02:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS2\Application Data\Malwarebytes
[2009/12/23 00:02:34 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS2\System32\drivers\mbam.sys
[2009/12/22 23:45:03 | 00,000,000 | ---D | C] -- C:\WINDOWS2\ERUNTSTUFF
[2009/12/21 01:32:40 | 00,000,000 | ---D | C] -- C:\WINDOWS2\ServicePackFiles
[2009/12/18 19:10:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Axel\Application Data\WinRAR
[2009/12/18 18:46:05 | 00,000,000 | ---D | C] -- C:\WINDOWS2\Prefetch
[2009/12/18 18:29:57 | 00,020,992 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS2\System32\drivers\RTL8139.sys
[2009/12/18 15:17:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Axel\Application Data\Lavasoft
[2009/12/18 14:59:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Axel\My Documents\EA Games
[2009/12/18 14:57:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Axel\Desktop\Mijana
[2009/12/18 03:43:54 | 00,000,000 | ---D | C] -- C:\Program Files\EA GAMES
[2009/12/18 03:27:51 | 00,000,000 | ---D | C] -- C:\WINDOWS2\System32\CatRoot_bak
[2009/12/18 03:00:40 | 00,000,000 | -H-D | C] -- C:\WINDOWS2\$MSI31Uninstall_KB893803v2$
[2009/12/18 03:00:20 | 00,000,000 | ---D | C] -- C:\WINDOWS2\System32\PreInstall
[2009/12/18 03:00:17 | 00,000,000 | -H-D | C] -- C:\WINDOWS2\$hf_mig$
[2009/12/18 00:51:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Axel\Application Data\Macromedia
[2009/12/18 00:51:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Axel\Application Data\Adobe
[2009/12/17 23:48:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Axel\My Documents\Downloads
[2009/12/17 23:43:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Axel\Local Settings\Application Data\Mozilla
[2009/12/17 23:43:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Axel\Application Data\Mozilla
[2009/12/17 23:42:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Axel\My Documents\Set-up Files
[2009/12/17 23:41:11 | 00,000,000 | ---D | C] -- C:\WINDOWS2\System32\SoftwareDistribution
[2009/12/17 23:38:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Axel\Application Data\Identities
[2009/12/17 23:38:01 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Axel\My Documents\My Pictures
[2009/12/17 23:38:01 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Axel\My Documents\My Music
[2009/12/17 23:37:55 | 00,000,000 | --SD | C] -- C:\Documents and Settings\Axel\Application Data\Microsoft
[2009/12/17 23:37:55 | 00,000,000 | --SD | C] -- C:\Documents and Settings\Axel\Cookies
[2009/12/17 23:37:55 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Axel\SendTo
[2009/12/17 23:37:55 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Axel\Recent
[2009/12/17 23:37:55 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Axel\Application Data
[2009/12/17 23:37:55 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Axel\Start Menu
[2009/12/17 23:37:55 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Axel\My Documents
[2009/12/17 23:37:55 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Axel\Favorites
[2009/12/17 23:37:55 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Axel\Templates
[2009/12/17 23:37:55 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Axel\PrintHood
[2009/12/17 23:37:55 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Axel\NetHood
[2009/12/17 23:37:55 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Axel\Local Settings
[2009/12/17 23:37:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Axel\Local Settings\Application Data\Microsoft
[2009/12/17 23:37:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Axel\Desktop
[2009/12/17 23:33:07 | 00,000,000 | ---D | C] -- C:\WINDOWS2\SoftwareDistribution
[2009/12/17 23:33:05 | 00,000,000 | --SD | C] -- C:\WINDOWS2\System32\Microsoft
[2009/12/17 23:27:44 | 00,000,000 | ---D | C] -- C:\WINDOWS2\System32\xircom
[2009/12/17 23:25:51 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\All Users.WINDOWS2\DRM
[2009/12/17 23:25:34 | 00,000,000 | --SD | C] -- C:\WINDOWS2\Downloaded Program Files
[2009/12/17 23:25:34 | 00,000,000 | R--D | C] -- C:\WINDOWS2\Offline Web Pages
[2009/12/17 23:25:14 | 00,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2009/12/17 23:24:46 | 00,000,000 | ---D | C] -- C:\WINDOWS2\System32\DirectX
[2009/12/17 23:24:13 | 00,000,000 | --SD | C] -- C:\WINDOWS2\Tasks
[2009/12/17 23:24:09 | 00,000,000 | ---D | C] -- C:\WINDOWS2\srchasst
[2009/12/17 23:24:07 | 00,000,000 | ---D | C] -- C:\WINDOWS2\System32\Macromed
[2009/12/17 23:23:50 | 00,000,000 | ---D | C] -- C:\WINDOWS2\System32\Restore
[2009/12/17 23:23:17 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users.WINDOWS2\Documents\My Pictures
[2009/12/17 23:23:00 | 00,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2009/12/17 23:22:50 | 00,000,000 | ---D | C] -- C:\WINDOWS2\Registration
[2009/12/17 23:22:01 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users.WINDOWS2\Documents\My Music
[2009/12/17 23:21:25 | 00,000,000 | ---D | C] -- C:\WINDOWS2\System32\MsDtc
[2009/12/17 23:21:23 | 00,000,000 | ---D | C] -- C:\WINDOWS2\System32\Com
[2009/12/17 17:51:52 | 00,606,684 | ---- | C] (LT) -- C:\WINDOWS2\System32\drivers\ltmdmnt.sys
[2009/12/17 17:44:39 | 00,000,000 | -HSD | C] -- C:\WINDOWS2\Installer
[2009/12/17 17:42:47 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users.WINDOWS2\Start Menu
[2009/12/17 17:42:47 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users.WINDOWS2\Documents
[2009/12/17 17:42:47 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users.WINDOWS2\Templates
[2009/12/17 17:42:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS2\Favorites
[2009/12/17 17:42:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS2\Desktop
[2009/12/17 17:42:33 | 00,000,000 | ---D | C] -- C:\WINDOWS2\System32\CatRoot2
[2009/12/17 17:42:33 | 00,000,000 | ---D | C] -- C:\WINDOWS2\System32\CatRoot
[2009/12/17 17:42:26 | 00,000,000 | --SD | C] -- C:\Documents and Settings\All Users.WINDOWS2\Application Data\Microsoft
[2009/12/17 17:42:26 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\All Users.WINDOWS2\Application Data
[2009/12/17 17:34:19 | 00,000,000 | R-SD | C] -- C:\WINDOWS2\Fonts
[2009/12/17 17:34:19 | 00,000,000 | RHSD | C] -- C:\WINDOWS2\System32\dllcache
[2009/12/17 17:34:19 | 00,000,000 | R--D | C] -- C:\WINDOWS2\Web
[2009/12/17 17:34:19 | 00,000,000 | -H-D | C] -- C:\WINDOWS2\inf
[2009/12/17 17:34:19 | 00,000,000 | ---D | C] -- C:\WINDOWS2\WinSxS
[2009/12/17 17:34:19 | 00,000,000 | ---D | C] -- C:\WINDOWS2\System32\wins
[2009/12/17 17:34:19 | 00,000,000 | ---D | C] -- C:\WINDOWS2
[2009/12/17 17:34:19 | 00,000,000 | ---D | C] -- C:\WINDOWS2\System32\wbem
[2009/12/17 17:34:19 | 00,000,000 | ---D | C] -- C:\WINDOWS2\System32\usmt
[2009/12/17 17:34:19 | 00,000,000 | ---D | C] -- C:\WINDOWS2\twain_32
[2009/12/17 17:34:19 | 00,000,000 | ---D | C] -- C:\WINDOWS2\Temp
[2009/12/17 17:34:19 | 00,000,000 | ---D | C] -- C:\WINDOWS2\system32
[2009/12/17 17:34:19 | 00,000,000 | ---D | C] -- C:\WINDOWS2\system
[2009/12/17 17:34:19 | 00,000,000 | ---D | C] -- C:\WINDOWS2\System32\spool
[2009/12/17 17:34:19 | 00,000,000 | ---D | C] -- C:\WINDOWS2\System32\ShellExt
[2009/12/17 17:34:19 | 00,000,000 | ---D | C] -- C:\WINDOWS2\System32\Setup
[2009/12/17 17:34:19 | 00,000,000 | ---D | C] -- C:\WINDOWS2\security
[2009/12/17 17:34:19 | 00,000,000 | ---D | C] -- C:\WINDOWS2\Resources
[2009/12/17 17:34:19 | 00,000,000 | ---D | C] -- C:\WINDOWS2\repair
[2009/12/17 17:34:19 | 00,000,000 | ---D | C] -- C:\WINDOWS2\System32\ras
[2009/12/17 17:34:19 | 00,000,000 | ---D | C] -- C:\WINDOWS2\Provisioning
[2009/12/17 17:34:19 | 00,000,000 | ---D | C] -- C:\WINDOWS2\PeerNet
[2009/12/17 17:34:19 | 00,000,000 | ---D | C] -- C:\WINDOWS2\pchealth
[2009/12/17 17:34:19 | 00,000,000 | ---D | C] -- C:\WINDOWS2\System32\oobe
[2009/12/17 17:34:19 | 00,000,000 | ---D | C] -- C:\WINDOWS2\System32\npp
[2009/12/17 17:34:19 | 00,000,000 | ---D | C] -- C:\WINDOWS2\System32\mui
[2009/12/17 17:34:19 | 00,000,000 | ---D | C] -- C:\WINDOWS2\mui
[2009/12/17 17:34:19 | 00,000,000 | ---D | C] -- C:\WINDOWS2\msapps
[2009/12/17 17:34:19 | 00,000,000 | ---D | C] -- C:\WINDOWS2\msagent
[2009/12/17 17:34:19 | 00,000,000 | ---D | C] -- C:\WINDOWS2\Media
[2009/12/17 17:34:19 | 00,000,000 | ---D | C] -- C:\WINDOWS2\java
[2009/12/17 17:34:19 | 00,000,000 | ---D | C] -- C:\WINDOWS2\System32\inetsrv
[2009/12/17 17:34:19 | 00,000,000 | ---D | C] -- C:\WINDOWS2\System32\IME
[2009/12/17 17:34:19 | 00,000,000 | ---D | C] -- C:\WINDOWS2\ime
[2009/12/17 17:34:19 | 00,000,000 | ---D | C] -- C:\WINDOWS2\System32\icsxml
[2009/12/17 17:34:19 | 00,000,000 | ---D | C] -- C:\WINDOWS2\System32\ias
[2009/12/17 17:34:19 | 00,000,000 | ---D | C] -- C:\WINDOWS2\Help
[2009/12/17 17:34:19 | 00,000,000 | ---D | C] -- C:\WINDOWS2\System32\export
[2009/12/17 17:34:19 | 00,000,000 | ---D | C] -- C:\WINDOWS2\System32\drivers\etc
[2009/12/17 17:34:19 | 00,000,000 | ---D | C] -- C:\WINDOWS2\System32\drivers
[2009/12/17 17:34:19 | 00,000,000 | ---D | C] -- C:\WINDOWS2\Driver Cache
[2009/12/17 17:34:19 | 00,000,000 | ---D | C] -- C:\WINDOWS2\System32\drivers\disdn
[2009/12/17 17:34:19 | 00,000,000 | ---D | C] -- C:\WINDOWS2\System32\dhcp
[2009/12/17 17:34:19 | 00,000,000 | ---D | C] -- C:\WINDOWS2\Debug
[2009/12/17 17:34:19 | 00,000,000 | ---D | C] -- C:\WINDOWS2\Cursors
[2009/12/17 17:34:19 | 00,000,000 | ---D | C] -- C:\WINDOWS2\Connection Wizard
[2009/12/17 17:34:19 | 00,000,000 | ---D | C] -- C:\WINDOWS2\System32\config
[2009/12/17 17:34:19 | 00,000,000 | ---D | C] -- C:\WINDOWS2\Config
[2009/12/17 17:34:19 | 00,000,000 | ---D | C] -- C:\WINDOWS2\AppPatch
[2009/12/17 17:34:19 | 00,000,000 | ---D | C] -- C:\WINDOWS2\addins
[2009/12/17 17:34:19 | 00,000,000 | ---D | C] -- C:\WINDOWS2\System32\3com_dmi
[2009/12/17 17:34:19 | 00,000,000 | ---D | C] -- C:\WINDOWS2\System32\3076
[2009/12/17 17:34:19 | 00,000,000 | ---D | C] -- C:\WINDOWS2\System32\2052
[2009/12/17 17:34:19 | 00,000,000 | ---D | C] -- C:\WINDOWS2\System32\1054
[2009/12/17 17:34:19 | 00,000,000 | ---D | C] -- C:\WINDOWS2\System32\1042
[2009/12/17 17:34:19 | 00,000,000 | ---D | C] -- C:\WINDOWS2\System32\1041
[2009/12/17 17:34:19 | 00,000,000 | ---D | C] -- C:\WINDOWS2\System32\1037
[2009/12/17 17:34:19 | 00,000,000 | ---D | C] -- C:\WINDOWS2\System32\1033
[2009/12/17 17:34:19 | 00,000,000 | ---D | C] -- C:\WINDOWS2\System32\1031
[2009/12/17 17:34:19 | 00,000,000 | ---D | C] -- C:\WINDOWS2\System32\1028
[2009/12/17 17:34:19 | 00,000,000 | ---D | C] -- C:\WINDOWS2\System32\1025
[2009/12/13 11:38:06 | 00,000,000 | ---D | C] -- C:\2fdba7db7da457586f2871dafb6db562
[2009/04/10 13:11:37 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/04/10 13:11:37 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/04/10 13:11:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/04/10 13:11:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2006/01/27 18:38:41 | 00,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll

========== Files - Modified Within 14 Days ==========

[2009/12/23 11:43:18 | 00,000,006 | -H-- | M] () -- C:\WINDOWS2\tasks\SA.DAT
[2009/12/23 11:43:06 | 00,002,048 | --S- | M] () -- C:\WINDOWS2\bootstat.dat
[2009/12/23 11:36:15 | 01,048,576 | -H-- | M] () -- C:\Documents and Settings\Axel\NTUSER.DAT
[2009/12/23 11:36:15 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Axel\ntuser.ini
[2009/12/23 11:28:47 | 53,642,8544 | ---- | M] () -- C:\WINDOWS2\MEMORY.DMP
[2009/12/23 00:26:53 | 00,001,720 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS2\Desktop\avast! Antivirus.lnk
[2009/12/23 00:26:48 | 00,002,626 | ---- | M] () -- C:\WINDOWS2\System32\CONFIG.NT
[2009/12/23 00:03:25 | 00,000,707 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS2\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/22 23:44:44 | 00,000,778 | ---- | M] () -- C:\Documents and Settings\Axel\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/12/22 21:24:49 | 00,356,120 | ---- | M] () -- C:\WINDOWS2\System32\PerfStringBackup.INI
[2009/12/22 21:24:49 | 00,311,604 | ---- | M] () -- C:\WINDOWS2\System32\perfh009.dat
[2009/12/22 21:24:49 | 00,039,992 | ---- | M] () -- C:\WINDOWS2\System32\perfc009.dat
[2009/12/22 19:43:47 | 00,001,393 | ---- | M] () -- C:\WINDOWS2\imsins.BAK
[2009/12/21 10:08:43 | 00,157,160 | ---- | M] () -- C:\WINDOWS2\System32\FNTCACHE.DAT
[2009/12/21 01:29:18 | 00,002,206 | ---- | M] () -- C:\WINDOWS2\System32\wpa.dbl
[2009/12/18 18:44:39 | 00,000,314 | ---- | M] () -- C:\WINDOWS2\System32\$winnt$.inf
[2009/12/18 18:42:31 | 00,316,640 | ---- | M] () -- C:\WINDOWS2\WMSysPr9.prx
[2009/12/18 18:42:29 | 00,023,392 | ---- | M] () -- C:\WINDOWS2\System32\nscompat.tlb
[2009/12/18 18:42:29 | 00,016,832 | ---- | M] () -- C:\WINDOWS2\System32\amcompat.tlb
[2009/12/18 18:42:15 | 00,004,205 | ---- | M] () -- C:\WINDOWS2\ODBCINST.INI
[2009/12/18 18:41:06 | 00,000,488 | RH-- | M] () -- C:\WINDOWS2\System32\WindowsLogon.manifest
[2009/12/18 18:41:06 | 00,000,488 | RH-- | M] () -- C:\WINDOWS2\System32\logonui.exe.manifest
[2009/12/18 18:40:58 | 00,000,749 | RH-- | M] () -- C:\WINDOWS2\System32\wuaucpl.cpl.manifest
[2009/12/18 18:40:58 | 00,000,749 | RH-- | M] () -- C:\WINDOWS2\WindowsShell.Manifest
[2009/12/18 18:40:58 | 00,000,749 | RH-- | M] () -- C:\WINDOWS2\System32\sapi.cpl.manifest
[2009/12/18 18:40:58 | 00,000,749 | RH-- | M] () -- C:\WINDOWS2\System32\nwc.cpl.manifest
[2009/12/18 18:40:58 | 00,000,749 | RH-- | M] () -- C:\WINDOWS2\System32\ncpa.cpl.manifest
[2009/12/18 18:40:58 | 00,000,749 | RH-- | M] () -- C:\WINDOWS2\System32\cdplayer.exe.manifest
[2009/12/18 18:40:42 | 00,000,477 | ---- | M] () -- C:\WINDOWS2\win.ini
[2009/12/18 18:40:01 | 00,022,720 | ---- | M] () -- C:\WINDOWS2\System32\emptyregdb.dat
[2009/12/18 18:37:43 | 00,000,323 | -HS- | M] () -- C:\boot.ini
[2009/12/18 18:20:57 | 00,000,231 | ---- | M] () -- C:\WINDOWS2\system.ini
[2009/12/18 16:13:26 | 06,409,336 | -H-- | M] () -- C:\Documents and Settings\Axel\Local Settings\Application Data\IconCache.db
[2009/12/18 14:42:55 | 00,237,680 | ---- | M] () -- C:\WINDOWS2\setupapi.old
[2009/12/17 23:43:59 | 00,000,000 | ---- | M] () -- C:\WINDOWS2\nsreg.dat
[2009/12/17 23:43:49 | 00,001,613 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS2\Desktop\Mozilla Firefox.lnk
[2009/12/17 23:39:25 | 00,034,552 | ---- | M] () -- C:\Documents and Settings\Axel\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/12/17 23:32:43 | 00,008,192 | ---- | M] () -- C:\WINDOWS2\REGLOCS.OLD
[2009/12/17 23:27:28 | 00,000,000 | ---- | M] () -- C:\WINDOWS2\control.ini
[2009/12/17 23:27:28 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/12/17 23:22:57 | 00,000,037 | ---- | M] () -- C:\WINDOWS2\vbaddin.ini
[2009/12/17 23:22:57 | 00,000,036 | ---- | M] () -- C:\WINDOWS2\vb.ini
[2009/12/15 11:24:48 | 00,293,376 | ---- | M] () -- C:\Documents and Settings\Axel\Desktop\gmer.exe

========== Files Created - No Company Name ==========

[2009/12/23 10:45:39 | 00,293,376 | ---- | C] () -- C:\Documents and Settings\Axel\Desktop\gmer.exe
[2009/12/23 00:26:53 | 00,001,720 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS2\Desktop\avast! Antivirus.lnk
[2009/12/23 00:26:25 | 00,380,928 | ---- | C] () -- C:\WINDOWS2\System32\actskin4.ocx
[2009/12/23 00:03:25 | 00,000,707 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS2\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/22 23:44:44 | 00,000,778 | ---- | C] () -- C:\Documents and Settings\Axel\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/12/22 19:41:29 | 53,642,8544 | ---- | C] () -- C:\WINDOWS2\MEMORY.DMP
[2009/12/19 20:50:02 | 01,290,752 | ---- | C] () -- C:\WINDOWS2\System32\dllcache\quartz.dll
[2009/12/18 18:41:06 | 00,000,488 | RH-- | C] () -- C:\WINDOWS2\System32\logonui.exe.manifest
[2009/12/18 18:40:58 | 00,000,749 | RH-- | C] () -- C:\WINDOWS2\System32\wuaucpl.cpl.manifest
[2009/12/18 18:40:58 | 00,000,749 | RH-- | C] () -- C:\WINDOWS2\WindowsShell.Manifest
[2009/12/18 18:40:58 | 00,000,749 | RH-- | C] () -- C:\WINDOWS2\System32\sapi.cpl.manifest
[2009/12/18 18:40:58 | 00,000,749 | RH-- | C] () -- C:\WINDOWS2\System32\ncpa.cpl.manifest
[2009/12/18 18:21:22 | 00,016,254 | ---- | C] () -- C:\WINDOWS2\System32\PINTLPAE.HLP
[2009/12/18 18:21:22 | 00,014,821 | ---- | C] () -- C:\WINDOWS2\System32\PINTLPAD.HLP
[2009/12/18 18:20:41 | 00,797,189 | ---- | C] () -- C:\WINDOWS2\System32\dllcache\NT5IIS.CAT
[2009/12/18 18:20:41 | 00,399,645 | ---- | C] () -- C:\WINDOWS2\System32\dllcache\MAPIMIG.CAT
[2009/12/18 18:20:41 | 00,168,806 | ---- | C] () -- C:\WINDOWS2\System32\dllcache\startoc.cat
[2009/12/18 18:20:41 | 00,037,484 | ---- | C] () -- C:\WINDOWS2\System32\dllcache\MW770.CAT
[2009/12/18 18:20:41 | 00,031,281 | ---- | C] () -- C:\WINDOWS2\System32\dllcache\FP4.CAT
[2009/12/18 18:20:41 | 00,024,209 | ---- | C] () -- C:\WINDOWS2\System32\dllcache\msn7.cat
[2009/12/18 18:20:41 | 00,013,753 | ---- | C] () -- C:\WINDOWS2\System32\dllcache\IMS.CAT
[2009/12/18 18:20:41 | 00,013,472 | ---- | C] () -- C:\WINDOWS2\System32\dllcache\HPCRDP.CAT
[2009/12/18 18:20:41 | 00,011,651 | ---- | C] () -- C:\WINDOWS2\System32\dllcache\msn9.cat
[2009/12/18 18:20:41 | 00,009,581 | ---- | C] () -- C:\WINDOWS2\System32\dllcache\MSMSGS.CAT
[2009/12/18 18:20:41 | 00,008,574 | ---- | C] () -- C:\WINDOWS2\System32\dllcache\IASNT4.CAT
[2009/12/18 18:20:41 | 00,007,245 | ---- | C] () -- C:\WINDOWS2\System32\dllcache\MSTSWEB.CAT
[2009/12/18 18:20:41 | 00,007,029 | ---- | C] () -- C:\WINDOWS2\System32\dllcache\OEMBIOS.CAT
[2009/12/18 18:20:40 | 02,012,670 | ---- | C] () -- C:\WINDOWS2\System32\dllcache\NT5.CAT
[2009/12/18 18:20:40 | 01,042,903 | ---- | C] () -- C:\WINDOWS2\System32\dllcache\SP2.CAT
[2009/12/18 18:20:40 | 00,382,952 | ---- | C] () -- C:\WINDOWS2\System32\dllcache\NT5INF.CAT
[2009/12/17 23:43:59 | 00,000,000 | ---- | C] () -- C:\WINDOWS2\nsreg.dat
[2009/12/17 23:43:49 | 00,001,613 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS2\Desktop\Mozilla Firefox.lnk
[2009/12/17 23:37:57 | 00,000,178 | -HS- | C] () -- C:\Documents and Settings\Axel\ntuser.ini
[2009/12/17 23:37:55 | 01,048,576 | -H-- | C] () -- C:\Documents and Settings\Axel\NTUSER.DAT
[2009/12/17 23:32:43 | 00,008,192 | ---- | C] () -- C:\WINDOWS2\REGLOCS.OLD
[2009/12/17 23:31:17 | 00,002,048 | --S- | C] () -- C:\WINDOWS2\bootstat.dat
[2009/12/17 23:27:28 | 00,002,626 | ---- | C] () -- C:\WINDOWS2\System32\CONFIG.NT
[2009/12/17 23:27:28 | 00,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT
[2009/12/17 23:27:16 | 00,023,392 | ---- | C] () -- C:\WINDOWS2\System32\nscompat.tlb
[2009/12/17 23:27:16 | 00,016,832 | ---- | C] () -- C:\WINDOWS2\System32\amcompat.tlb
[2009/12/17 23:27:14 | 00,316,640 | ---- | C] () -- C:\WINDOWS2\WMSysPr9.prx
[2009/12/17 23:25:34 | 00,000,488 | RH-- | C] () -- C:\WINDOWS2\System32\WindowsLogon.manifest
[2009/12/17 23:25:23 | 00,000,749 | RH-- | C] () -- C:\WINDOWS2\System32\nwc.cpl.manifest
[2009/12/17 23:25:23 | 00,000,749 | RH-- | C] () -- C:\WINDOWS2\System32\cdplayer.exe.manifest
[2009/12/17 23:24:22 | 00,048,680 | -HS- | C] () -- C:\WINDOWS2\winnt256.bmp
[2009/12/17 23:24:22 | 00,048,680 | -HS- | C] () -- C:\WINDOWS2\winnt.bmp
[2009/12/17 23:23:15 | 00,022,720 | ---- | C] () -- C:\WINDOWS2\System32\emptyregdb.dat
[2009/12/17 23:21:42 | 00,065,954 | ---- | C] () -- C:\WINDOWS2\Prairie Wind.bmp
[2009/12/17 23:21:42 | 00,065,832 | ---- | C] () -- C:\WINDOWS2\Santa Fe Stucco.bmp
[2009/12/17 23:21:42 | 00,026,680 | ---- | C] () -- C:\WINDOWS2\River Sumida.bmp
[2009/12/17 23:21:42 | 00,017,362 | ---- | C] () -- C:\WINDOWS2\Rhododendron.bmp
[2009/12/17 23:21:42 | 00,009,522 | ---- | C] () -- C:\WINDOWS2\Zapotec.bmp
[2009/12/17 23:21:41 | 00,093,702 | ---- | C] () -- C:\WINDOWS2\System32\subrange.uce
[2009/12/17 23:21:41 | 00,065,978 | ---- | C] () -- C:\WINDOWS2\Soap Bubbles.bmp
[2009/12/17 23:21:41 | 00,026,582 | ---- | C] () -- C:\WINDOWS2\Greenstone.bmp
[2009/12/17 23:21:41 | 00,017,336 | ---- | C] () -- C:\WINDOWS2\Gone Fishing.bmp
[2009/12/17 23:21:41 | 00,017,062 | ---- | C] () -- C:\WINDOWS2\Coffee Bean.bmp
[2009/12/17 23:21:41 | 00,016,730 | ---- | C] () -- C:\WINDOWS2\FeatherTexture.bmp
[2009/12/17 23:21:41 | 00,001,272 | ---- | C] () -- C:\WINDOWS2\Blue Lace 16.bmp
[2009/12/17 23:21:40 | 00,060,458 | ---- | C] () -- C:\WINDOWS2\System32\ideograf.uce
[2009/12/17 23:21:40 | 00,024,006 | ---- | C] () -- C:\WINDOWS2\System32\gb2312.uce
[2009/12/17 23:21:40 | 00,022,984 | ---- | C] () -- C:\WINDOWS2\System32\bopomofo.uce
[2009/12/17 23:21:40 | 00,016,740 | ---- | C] () -- C:\WINDOWS2\System32\shiftjis.uce
[2009/12/17 23:21:40 | 00,012,876 | ---- | C] () -- C:\WINDOWS2\System32\korean.uce
[2009/12/17 23:21:40 | 00,008,484 | ---- | C] () -- C:\WINDOWS2\System32\kanji_2.uce
[2009/12/17 23:21:40 | 00,006,948 | ---- | C] () -- C:\WINDOWS2\System32\kanji_1.uce
[2009/12/17 23:21:38 | 00,003,286 | ---- | C] () -- C:\WINDOWS2\System32\tslabels.h
[2009/12/17 23:21:38 | 00,001,161 | ---- | C] () -- C:\WINDOWS2\System32\usrlogon.cmd
[2009/12/17 23:21:37 | 00,000,768 | ---- | C] () -- C:\WINDOWS2\System32\msdtcprf.h
[2009/12/17 23:21:32 | 00,063,488 | ---- | C] () -- C:\WINDOWS2\System32\wmimgmt.msc
[2009/12/17 17:44:44 | 00,001,393 | ---- | C] () -- C:\WINDOWS2\imsins.BAK
[2009/12/17 17:44:18 | 00,066,594 | ---- | C] () -- C:\WINDOWS2\System32\c_864.nls
[2009/12/17 17:44:18 | 00,066,082 | ---- | C] () -- C:\WINDOWS2\System32\c_708.nls
[2009/12/17 17:44:18 | 00,066,082 | ---- | C] () -- C:\WINDOWS2\System32\C_28596.NLS
[2009/12/17 17:44:18 | 00,066,082 | ---- | C] () -- C:\WINDOWS2\System32\c_10004.nls
[2009/12/17 17:44:16 | 00,066,594 | ---- | C] () -- C:\WINDOWS2\System32\c_862.nls
[2009/12/17 17:44:16 | 00,066,082 | ---- | C] () -- C:\WINDOWS2\System32\c_10005.nls
[2009/12/17 17:44:12 | 00,066,082 | ---- | C] () -- C:\WINDOWS2\System32\c_10021.nls
[2009/12/17 17:44:11 | 01,158,818 | ---- | C] () -- C:\WINDOWS2\System32\korwbrkr.lex
[2009/12/17 17:44:11 | 00,002,060 | ---- | C] () -- C:\WINDOWS2\System32\noise.jpn
[2009/12/17 17:44:11 | 00,001,486 | ---- | C] () -- C:\WINDOWS2\System32\noise.kor
[2009/12/17 17:44:02 | 00,211,938 | ---- | C] () -- C:\WINDOWS2\System32\lcphrase.tbl
[2009/12/17 17:44:02 | 00,146,126 | ---- | C] () -- C:\WINDOWS2\System32\array30.tab
[2009/12/17 17:44:02 | 00,110,566 | ---- | C] () -- C:\WINDOWS2\System32\arphr.tbl
[2009/12/17 17:44:02 | 00,018,600 | ---- | C] () -- C:\WINDOWS2\System32\arrayhw.tab
[2009/12/17 17:44:02 | 00,016,312 | ---- | C] () -- C:\WINDOWS2\System32\arptr.tbl
[2009/12/17 17:44:01 | 00,043,242 | ---- | C] () -- C:\WINDOWS2\System32\phoncode.tbl
[2009/12/17 17:44:01 | 00,024,114 | ---- | C] () -- C:\WINDOWS2\System32\lcptr.tbl
[2009/12/17 17:44:01 | 00,004,071 | ---- | C] () -- C:\WINDOWS2\System32\phon.tbl
[2009/12/17 17:44:01 | 00,002,714 | ---- | C] () -- C:\WINDOWS2\System32\phonptr.tbl
[2009/12/17 17:43:59 | 00,195,618 | ---- | C] () -- C:\WINDOWS2\System32\c_10002.nls
[2009/12/17 17:43:59 | 00,116,285 | ---- | C] () -- C:\WINDOWS2\System32\msdayi.tbl
[2009/12/17 17:43:59 | 00,082,172 | ---- | C] () -- C:\WINDOWS2\System32\bopomofo.nls
[2009/12/17 17:43:59 | 00,066,728 | ---- | C] () -- C:\WINDOWS2\System32\big5.nls
[2009/12/17 17:43:59 | 00,044,370 | ---- | C] () -- C:\WINDOWS2\System32\acode.tbl
[2009/12/17 17:43:59 | 00,044,370 | ---- | C] () -- C:\WINDOWS2\System32\a234.tbl
[2009/12/17 17:43:59 | 00,001,460 | ---- | C] () -- C:\WINDOWS2\System32\a15.tbl
[2009/12/17 17:43:59 | 00,000,700 | ---- | C] () -- C:\WINDOWS2\System32\dayiptr.tbl
[2009/12/17 17:43:59 | 00,000,520 | ---- | C] () -- C:\WINDOWS2\System32\dayiphr.tbl
[2009/12/17 17:43:53 | 01,223,500 | ---- | C] () -- C:\WINDOWS2\System32\WINZM.MB
[2009/12/17 17:43:52 | 01,783,864 | ---- | C] () -- C:\WINDOWS2\System32\WINPY.MB
[2009/12/17 17:43:52 | 01,564,868 | ---- | C] () -- C:\WINDOWS2\System32\WINSP.MB
[2009/12/17 17:43:52 | 00,173,602 | ---- | C] () -- C:\WINDOWS2\System32\c_10008.nls
[2009/12/17 17:43:52 | 00,083,748 | ---- | C] () -- C:\WINDOWS2\System32\prcp.nls
[2009/12/17 17:43:52 | 00,083,748 | ---- | C] () -- C:\WINDOWS2\System32\prc.nls
[2009/12/17 17:43:42 | 00,189,986 | ---- | C] () -- C:\WINDOWS2\System32\c_1361.nls
[2009/12/17 17:43:42 | 00,177,698 | ---- | C] () -- C:\WINDOWS2\System32\c_10003.nls
[2009/12/17 17:43:20 | 00,180,770 | ---- | C] () -- C:\WINDOWS2\System32\c_20932.nls
[2009/12/17 17:43:20 | 00,180,258 | ---- | C] () -- C:\WINDOWS2\System32\c_20000.nls
[2009/12/17 17:43:20 | 00,177,698 | ---- | C] () -- C:\WINDOWS2\System32\c_20949.nls
[2009/12/17 17:43:20 | 00,173,602 | ---- | C] () -- C:\WINDOWS2\System32\c_20936.nls
[2009/12/17 17:43:20 | 00,162,850 | ---- | C] () -- C:\WINDOWS2\System32\c_10001.nls
[2009/12/17 17:43:20 | 00,066,082 | ---- | C] () -- C:\WINDOWS2\System32\c_21027.nls
[2009/12/17 17:43:20 | 00,066,082 | ---- | C] () -- C:\WINDOWS2\System32\c_20290.nls
[2009/12/17 17:43:19 | 00,028,288 | ---- | C] () -- C:\WINDOWS2\System32\xjis.nls
[2009/12/17 17:43:14 | 00,066,082 | ---- | C] () -- C:\WINDOWS2\System32\c_28603.nls
[2009/12/17 17:43:13 | 00,066,082 | ---- | C] () -- C:\WINDOWS2\System32\c_28599.nls
[2009/12/17 17:43:11 | 00,066,082 | ---- | C] () -- C:\WINDOWS2\System32\C_28595.NLS
[2009/12/17 17:43:10 | 00,066,082 | ---- | C] () -- C:\WINDOWS2\System32\C_28597.NLS
[2009/12/17 17:43:08 | 00,066,082 | ---- | C] () -- C:\WINDOWS2\System32\C_28594.NLS
[2009/12/17 17:43:05 | 00,066,082 | ---- | C] () -- C:\WINDOWS2\System32\c_20127.nls
[2009/12/17 17:43:01 | 00,001,688 | ---- | C] () -- C:\WINDOWS2\System32\AUTOEXEC.NT
[2009/12/17 17:42:46 | 00,007,334 | ---- | C] () -- C:\WINDOWS2\System32\dllcache\wmerrenu.cat
[2009/12/17 17:42:26 | 00,237,680 | ---- | C] () -- C:\WINDOWS2\setupapi.old
[2009/12/17 17:41:53 | 00,157,160 | ---- | C] () -- C:\WINDOWS2\System32\FNTCACHE.DAT
[2009/12/17 17:40:55 | 00,000,314 | ---- | C] () -- C:\WINDOWS2\System32\$winnt$.inf
[2008/11/06 02:12:28 | 00,018,199 | ---- | C] () -- C:\Program Files\Common Files\nupunaga.bat
[2008/11/06 02:12:28 | 00,018,130 | ---- | C] () -- C:\Program Files\Common Files\jyxep.exe
[2008/11/06 02:12:28 | 00,014,676 | ---- | C] () -- C:\Program Files\Common Files\fywu._sy
[2008/11/06 02:12:28 | 00,012,197 | ---- | C] () -- C:\Program Files\Common Files\ifica.ban
[2008/11/06 02:12:27 | 00,018,506 | ---- | C] () -- C:\Program Files\Common Files\paguhyva.scr
[2008/11/06 02:12:27 | 00,010,051 | ---- | C] () -- C:\Program Files\Common Files\rukufysyg.db
[2004/08/04 07:00:00 | 00,027,440 | ---- | C] () -- C:\WINDOWS2\System32\drivers\secdrv.sys

========== LOP Check ==========


========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2002/07/15 20:20:56 | 03,534,931 | ---- | M] () -- C:\0712i32.exe
[2002/07/15 20:53:56 | 03,537,441 | ---- | M] () -- C:\0715i32.exe
[2005/10/31 10:56:00 | 00,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe


< MD5 for: AGP440.SYS >
[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS2\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\agp440.sys
[2004/08/04 07:00:00 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS2\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS2\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\atapi.sys
[2004/08/04 07:00:00 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 07:00:00 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS2\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS2\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\eventlog.dll
[2004/08/04 07:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 07:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS2\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS2\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\netlogon.dll
[2009/02/06 13:46:09 | 00,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS2\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 13:46:09 | 00,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS2\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2009/02/06 13:46:09 | 00,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS2\SoftwareDistribution\Download\78cf8552430e25a8f24bc1e4dfb1970e\sp2qfe\netlogon.dll
[2009/02/06 13:46:09 | 00,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS2\SoftwareDistribution\Download\de81b460c3abcfc5b8494c785a5f3944\sp2qfe\netlogon.dll
[2004/08/04 07:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 07:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS2\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 07:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll
[2004/08/04 07:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS2\system32\scecli.dll
[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS2\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\scecli.dll

< %systemroot%\*. /mp /s >
< End of report >


Extras Log:

OTL Extras logfile created on: 12/23/2009 11:47:10 AM - Run 1
OTL by OldTimer - Version 3.1.19.0 Folder = C:\Documents and Settings\Axel\My Documents\Downloads
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 290.00 Mb Available Physical Memory | 57.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): c:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS2 | %ProgramFiles% = C:\Program Files
Drive C: | 69.50 Gb Total Space | 0.31 Gb Free Space | 0.45% Space Free | Partition Type: NTFS
Drive D: | 5.02 Gb Total Space | 1.18 Gb Free Space | 23.47% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
Drive F: | 467.06 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: AXEL2
Current User Name: Axel
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS2\system32\usmt\migwiz.exe" = C:\WINDOWS2\system32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"avast!" = avast! Antivirus
"ERUNT_is1" = ERUNT 1.1j
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.5.6)" = Mozilla Firefox (3.5.6)
"WinRAR archiver" = WinRAR archiver

========== Last 10 Event Log Errors ==========

[ System Events ]
Error - 12/18/2009 5:32:24 AM | Computer Name = AXEL2 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 12/18/2009 5:32:34 AM | Computer Name = AXEL2 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 12/18/2009 5:32:58 AM | Computer Name = AXEL2 | Source = Service Control Manager | ID = 7001
Description = The DHCP Client service depends on the NetBios over Tcpip service
which failed to start because of the following error: %%31

Error - 12/18/2009 5:32:58 AM | Computer Name = AXEL2 | Source = Service Control Manager | ID = 7001
Description = The DNS Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%31

Error - 12/18/2009 5:32:58 AM | Computer Name = AXEL2 | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD service which
failed to start because of the following error: %%31

Error - 12/18/2009 5:32:58 AM | Computer Name = AXEL2 | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 12/18/2009 5:32:58 AM | Computer Name = AXEL2 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD AmdK7 Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip

Error - 12/18/2009 5:42:24 AM | Computer Name = AXEL2 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}


< End of report >


I couldn't get a GMER log because when I tried running it my computer crashed (as described in the other topic).

Thanks to anyone who helps :)!

Edited by SardonicWhisper, 23 December 2009 - 06:13 PM.

  • 0

Advertisements

#2
emeraldnzl
Posted 29 December 2009 - 12:57 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello SardonicWhisper,

Please just post your logs normally i.e. don't use the quote box. Easier to read without them. :)

Now

Please download ComboFix from one of these locations:

NOTE: If you are guest watching this topic. ComboFix is a very powerful tool. The disclaimer clearly states that you should not use it without supervision. There is good reason for this as ComboFix can, and sometimes does, run into conflict on a computer and render it unusable.

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#3
SardonicWhisper
Posted 29 December 2009 - 04:30 PM

SardonicWhisper

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
ComboFix 09-12-29.03 - Axel 12/29/2009 17:02:51.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.280 [GMT -5:00]
Running from: c:\documents and settings\Axel\My Documents\Downloads\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 091229-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Cookies\hpothb07.dat
c:\documents and settings\New Account\Cookies\hpothb07.dat
c:\documents and settings\Owner\Application Data\vuma.inf
c:\program files\Common Files\nupunaga.bat
c:\recycler\S-1-5-21-773119264-74049757-2802022764-1003
c:\recycler\S-1-5-21-773119264-74049757-2802022764-1011
C:\s

.
((((((((((((((((((((((((( Files Created from 2009-11-28 to 2009-12-29 )))))))))))))))))))))))))))))))
.

2009-12-23 05:26 . 2009-11-24 23:48 23120 ----a-w- c:\windows2\system32\drivers\aswRdr.sys
2009-12-23 05:26 . 2009-11-24 23:49 48560 ----a-w- c:\windows2\system32\drivers\aswTdi.sys
2009-12-23 05:26 . 2009-11-24 23:47 27408 ----a-w- c:\windows2\system32\drivers\aavmker4.sys
2009-12-23 05:26 . 2009-11-24 23:50 20560 ----a-w- c:\windows2\system32\drivers\aswFsBlk.sys
2009-12-23 05:26 . 2009-11-24 23:47 97480 ----a-w- c:\windows2\system32\AvastSS.scr
2009-12-23 05:26 . 2009-11-24 23:51 93424 ----a-w- c:\windows2\system32\drivers\aswmon.sys
2009-12-23 05:26 . 2009-11-24 23:50 94160 ----a-w- c:\windows2\system32\drivers\aswmon2.sys
2009-12-23 05:26 . 2009-11-24 23:50 114768 ----a-w- c:\windows2\system32\drivers\aswSP.sys
2009-12-23 05:26 . 2009-11-24 23:54 1280480 ----a-w- c:\windows2\system32\aswBoot.exe
2009-12-23 05:26 . 2003-03-18 21:20 1060864 ----a-w- c:\windows2\system32\MFC71.dll
2009-12-23 05:26 . 2003-03-18 20:14 499712 ----a-w- c:\windows2\system32\MSVCP71.dll
2009-12-23 05:26 . 2003-02-21 03:42 348160 ----a-w- c:\windows2\system32\MSVCR71.dll
2009-12-23 05:03 . 2009-12-23 05:03 -------- d-----w- c:\documents and settings\Axel\Application Data\Malwarebytes
2009-12-23 05:03 . 2009-12-03 21:14 38224 ----a-w- c:\windows2\system32\drivers\mbamswissarmy.sys
2009-12-23 05:02 . 2009-12-23 05:02 -------- d-----w- c:\documents and settings\All Users.WINDOWS2\Application Data\Malwarebytes
2009-12-23 05:02 . 2009-12-03 21:13 19160 ----a-w- c:\windows2\system32\drivers\mbam.sys
2009-12-23 04:45 . 2009-12-23 04:45 -------- d-----w- c:\windows2\ERUNTSTUFF
2009-12-21 06:32 . 2009-12-21 06:32 -------- d-----w- c:\windows2\ServicePackFiles
2009-12-20 01:57 . 2009-06-10 14:21 84992 -c----w- c:\windows2\system32\dllcache\avifil32.dll
2009-12-20 01:57 . 2008-07-07 20:32 253952 -c----w- c:\windows2\system32\dllcache\es.dll
2009-12-20 01:57 . 2009-03-21 14:18 986112 -c----w- c:\windows2\system32\dllcache\kernel32.dll
2009-12-20 01:57 . 2009-07-29 04:53 119808 -c----w- c:\windows2\system32\dllcache\t2embed.dll
2009-12-20 01:57 . 2009-07-29 04:53 82432 -c----w- c:\windows2\system32\dllcache\fontsub.dll
2009-12-20 01:57 . 2009-10-12 13:54 69632 -c----w- c:\windows2\system32\dllcache\raschap.dll
2009-12-20 01:57 . 2009-10-12 13:54 112128 -c----w- c:\windows2\system32\dllcache\rastls.dll
2009-12-20 01:50 . 2009-02-09 10:20 453120 -c----w- c:\windows2\system32\dllcache\wmiprvsd.dll
2009-12-20 01:50 . 2009-02-06 16:39 227840 -c----w- c:\windows2\system32\dllcache\wmiprvse.exe
2009-12-20 01:50 . 2009-03-06 14:44 283648 -c----w- c:\windows2\system32\dllcache\pdh.dll
2009-12-20 01:50 . 2009-02-09 10:20 399360 -c----w- c:\windows2\system32\dllcache\rpcss.dll
2009-12-20 01:50 . 2009-02-06 17:14 110592 -c----w- c:\windows2\system32\dllcache\services.exe
2009-12-20 01:50 . 2009-02-06 16:54 35328 -c----w- c:\windows2\system32\dllcache\sc.exe
2009-12-20 01:50 . 2009-02-09 10:20 714752 -c----w- c:\windows2\system32\dllcache\ntdll.dll
2009-12-20 01:50 . 2009-02-09 10:20 616960 -c----w- c:\windows2\system32\dllcache\advapi32.dll
2009-12-20 01:50 . 2009-02-09 10:20 473088 -c----w- c:\windows2\system32\dllcache\fastprox.dll
2009-12-20 01:50 . 2005-07-26 04:39 60416 -c----w- c:\windows2\system32\dllcache\colbact.dll
2009-12-20 01:50 . 2009-05-07 15:44 344064 -c----w- c:\windows2\system32\dllcache\localspl.dll
2009-12-20 01:50 . 2009-06-03 19:27 1290752 -c----w- c:\windows2\system32\dllcache\quartz.dll
2009-12-20 01:48 . 2009-08-04 13:13 2015744 -c----w- c:\windows2\system32\dllcache\ntkrpamp.exe
2009-12-20 01:48 . 2009-08-04 13:13 2057728 -c----w- c:\windows2\system32\dllcache\ntkrnlpa.exe
2009-12-20 01:48 . 2009-08-04 13:58 2136064 -c----w- c:\windows2\system32\dllcache\ntkrnlmp.exe
2009-12-20 01:48 . 2009-08-05 09:11 204800 -c----w- c:\windows2\system32\dllcache\mswebdvd.dll
2009-12-20 01:48 . 2009-07-31 04:57 1172480 -c----w- c:\windows2\system32\dllcache\msxml3.dll
2009-12-20 01:48 . 2008-04-21 10:02 215552 -c----w- c:\windows2\system32\dllcache\wordpad.exe
2009-12-20 01:48 . 2009-08-14 12:19 1850112 -c----w- c:\windows2\system32\dllcache\win32k.sys
2009-12-20 01:48 . 2008-06-24 16:23 74240 -c----w- c:\windows2\system32\dllcache\mscms.dll
2009-12-20 01:48 . 2009-06-12 11:50 76288 -c----w- c:\windows2\system32\dllcache\telnet.exe
2009-12-20 01:48 . 2009-04-03 17:15 485376 -c----w- c:\windows2\system32\dllcache\wmspdmod.dll
2009-12-20 01:46 . 2008-12-11 11:57 333184 -c----w- c:\windows2\system32\dllcache\srv.sys
2009-12-20 01:46 . 2008-07-03 13:16 8454656 -c----w- c:\windows2\system32\dllcache\shell32.dll
2009-12-20 01:46 . 2009-10-13 10:53 266752 -c----w- c:\windows2\system32\dllcache\oakley.dll
2009-12-20 01:46 . 2009-06-05 07:42 655872 -c----w- c:\windows2\system32\dllcache\mstscax.dll
2009-12-20 01:45 . 2009-08-25 09:47 352256 -c----w- c:\windows2\system32\dllcache\winhttp.dll
2009-12-20 01:45 . 2008-10-23 13:01 283648 -c----w- c:\windows2\system32\dllcache\gdi32.dll
2009-12-20 01:45 . 2009-08-21 09:46 450560 -c----w- c:\windows2\system32\dllcache\jscript.dll
2009-12-20 01:45 . 2007-12-18 14:40 417792 -c----w- c:\windows2\system32\dllcache\vbscript.dll
2009-12-20 01:45 . 2009-09-11 14:33 133632 -c----w- c:\windows2\system32\dllcache\msv1_0.dll
2009-12-20 01:45 . 2009-06-25 08:44 724480 -c----w- c:\windows2\system32\dllcache\lsasrv.dll
2009-12-20 01:45 . 2009-06-25 08:44 59392 -c----w- c:\windows2\system32\dllcache\wdigest.dll
2009-12-20 01:45 . 2009-06-25 08:44 56320 -c----w- c:\windows2\system32\dllcache\secur32.dll
2009-12-20 01:45 . 2009-06-25 08:44 298496 -c----w- c:\windows2\system32\dllcache\kerberos.dll
2009-12-20 01:45 . 2009-06-25 08:44 168448 -c----w- c:\windows2\system32\dllcache\schannel.dll
2009-12-20 01:45 . 2009-06-22 11:34 92544 -c----w- c:\windows2\system32\dllcache\ksecdd.sys
2009-12-20 01:17 . 2008-06-13 13:10 272128 -c----w- c:\windows2\system32\dllcache\bthport.sys
2009-12-20 01:17 . 2008-06-13 13:10 272128 ------w- c:\windows2\system32\drivers\bthport.sys
2009-12-20 01:15 . 2008-10-15 16:57 332800 -c----w- c:\windows2\system32\dllcache\netapi32.dll
2009-12-18 23:29 . 2004-08-04 03:31 20992 ----a-w- c:\windows2\system32\drivers\RTL8139.sys
2009-12-18 23:20 . 2004-08-04 12:00 24661 ----a-w- c:\windows2\system32\spxcoins.dll
2009-12-18 23:20 . 2004-08-04 12:00 13312 ----a-w- c:\windows2\system32\irclass.dll
2009-12-18 20:17 . 2009-12-18 20:17 -------- d-----w- c:\documents and settings\Axel\Application Data\Lavasoft
2009-12-18 19:40 . 2004-08-04 12:00 4096 ----a-w- c:\documents and settings\All Users.WINDOWS2\Application Data\Microsoft\USMT\iconlib.dll
2009-12-18 08:43 . 2009-12-18 09:09 -------- d-----w- c:\program files\EA GAMES
2009-12-18 08:27 . 2009-12-18 08:58 -------- d-----w- c:\windows2\system32\CatRoot_bak
2009-12-18 08:00 . 2008-07-09 07:38 26488 ----a-w- c:\windows2\system32\spupdsvc.exe
2009-12-18 08:00 . 2009-12-22 07:26 -------- d--h--w- c:\windows2\$hf_mig$

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-24 00:23 . 2006-07-05 04:36 -------- d-----w- c:\program files\DivX
2009-12-23 05:03 . 2009-06-19 03:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-23 04:44 . 2009-06-19 03:42 -------- d-----w- c:\program files\ERUNT
2009-12-18 23:40 . 2009-12-18 04:23 22720 ----a-w- c:\windows2\system32\emptyregdb.dat
2009-12-18 07:00 . 2009-12-18 04:26 76493 ----a-w- c:\windows2\pchealth\helpctr\OfflineCache\index.dat
2009-12-18 04:43 . 2009-12-18 04:43 0 ----a-w- c:\windows2\nsreg.dat
2009-12-18 04:39 . 2009-12-18 04:39 34552 ----a-w- c:\documents and settings\Axel\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-12 20:33 . 2009-12-12 20:33 -------- d-----w- c:\documents and settings\Administrator\Application Data\Lavasoft
2009-12-12 13:05 . 2008-07-08 18:23 -------- d-----w- c:\documents and settings\Owner\Application Data\skypePM
2009-12-12 07:46 . 2009-11-27 03:27 -------- d-----w- c:\program files\SimPE
2009-12-02 00:17 . 2009-12-02 00:17 -------- d-----w- c:\documents and settings\New Account\Application Data\Lavasoft
2009-11-29 07:45 . 2009-11-29 07:45 -------- d-----w- c:\documents and settings\New Account\Application Data\Malwarebytes
2009-10-31 18:36 . 2006-12-26 05:17 -------- d-----w- c:\documents and settings\Owner\Application Data\ATI
2009-10-31 18:28 . 2006-12-26 05:13 -------- d-----w- c:\program files\ATI Technologies
2009-10-31 04:12 . 2007-08-21 00:53 -------- d-----w- c:\documents and settings\Owner\Application Data\.purple
2009-10-29 05:48 . 2004-08-04 12:00 662016 ----a-w- c:\windows2\system32\wininet.dll
2009-10-21 06:00 . 2004-08-04 12:00 75776 ----a-w- c:\windows2\system32\strmfilt.dll
2009-10-21 06:00 . 2004-08-04 12:00 25088 ----a-w- c:\windows2\system32\httpapi.dll
2009-10-20 14:58 . 2004-08-04 12:00 263552 ----a-w- c:\windows2\system32\drivers\http.sys
2009-10-13 10:53 . 2004-08-04 12:00 266752 ----a-w- c:\windows2\system32\oakley.dll
2009-10-12 13:54 . 2004-08-04 12:00 69632 ----a-w- c:\windows2\system32\raschap.dll
2009-10-12 13:54 . 2004-08-04 12:00 112128 ----a-w- c:\windows2\system32\rastls.dll
2008-11-06 07:12 . 2008-11-06 07:12 18130 ----a-w- c:\program files\Common Files\jyxep.exe
2008-11-06 07:12 . 2008-11-06 07:12 14676 ----a-w- c:\program files\Common Files\fywu._sy
2008-11-06 07:12 . 2008-11-06 07:12 12197 ----a-w- c:\program files\Common Files\ifica.ban
2008-11-06 07:12 . 2008-11-06 07:12 18506 ----a-w- c:\program files\Common Files\paguhyva.scr
2008-11-06 07:12 . 2008-11-06 07:12 10051 ----a-w- c:\program files\Common Files\rukufysyg.db
2006-01-27 23:38 . 2006-01-27 23:38 774144 ----a-w- c:\program files\RngInterstitial.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows2\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows2\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows2\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"IMEKRMIG6.1"="c:\windows2\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 44032]
"MSPY2002"="c:\windows2\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
AUTOPLAY.0XE [2001-9-17 36864]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [2008-8-30 225280]

c:\documents and settings\Axel's Account\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-1-2 113664]

c:\documents and settings\Axel\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS2\\system32\\usmt\\migwiz.exe"=

R1 aswSP;avast! Self Protection;c:\windows2\system32\drivers\aswSP.sys [12/23/2009 12:26 AM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows2\system32\drivers\aswFsBlk.sys [12/23/2009 12:26 AM 20560]
.
.
------- Supplementary Scan -------
.
FF - ProfilePath - c:\documents and settings\Axel\Application Data\Mozilla\Firefox\Profiles\jq7b4q6u.default\
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npracplug.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-29 17:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-12-29 17:15:20
ComboFix-quarantined-files.txt 2009-12-29 22:15

Pre-Run: 172,777,472 bytes free
Post-Run: 188,137,472 bytes free

- - End Of File - - 11628B138C1497B1136B62CB2CF4219B
  • 0

#4
emeraldnzl
Posted 29 December 2009 - 04:46 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello SardonicWhisper,

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

http://www.geekstogo...88#entry1721188
KillAll::

Collect::
c:\program files\Common Files\jyxep.exe
c:\program files\Common Files\fywu._sy
c:\program files\Common Files\ifica.ban
c:\program files\Common Files\paguhyva.scr
c:\program files\Common Files\rukufysyg.db

Reboot::


Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt. Please post that here for further review.
  • 0

#5
SardonicWhisper
Posted 29 December 2009 - 07:10 PM

SardonicWhisper

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
I'm not sure if it worked right, it asked me if I wanted to update ComboFix, I wasn't sure so I just hit No. It then proceeded to scan and hopefully did what it was supposed to :). Should I have hit Yes?

----------------------------

ComboFix 09-12-29.03 - Axel 12/29/2009 19:21:06.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.326 [GMT -5:00]
Running from: c:\documents and settings\Axel\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Axel\My Documents\Downloads\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 091229-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

file zipped: c:\program files\Common Files\fywu._sy
file zipped: c:\program files\Common Files\ifica.ban
file zipped: c:\program files\Common Files\jyxep.exe
file zipped: c:\program files\Common Files\paguhyva.scr
file zipped: c:\program files\Common Files\rukufysyg.db
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Common Files\fywu._sy
c:\program files\Common Files\ifica.ban
c:\program files\Common Files\jyxep.exe
c:\program files\Common Files\paguhyva.scr
c:\program files\Common Files\rukufysyg.db

.
((((((((((((((((((((((((( Files Created from 2009-11-28 to 2009-12-30 )))))))))))))))))))))))))))))))
.

2009-12-23 05:26 . 2009-11-24 23:48 23120 ----a-w- c:\windows2\system32\drivers\aswRdr.sys
2009-12-23 05:26 . 2009-11-24 23:49 48560 ----a-w- c:\windows2\system32\drivers\aswTdi.sys
2009-12-23 05:26 . 2009-11-24 23:47 27408 ----a-w- c:\windows2\system32\drivers\aavmker4.sys
2009-12-23 05:26 . 2009-11-24 23:50 20560 ----a-w- c:\windows2\system32\drivers\aswFsBlk.sys
2009-12-23 05:26 . 2009-11-24 23:47 97480 ----a-w- c:\windows2\system32\AvastSS.scr
2009-12-23 05:26 . 2009-11-24 23:51 93424 ----a-w- c:\windows2\system32\drivers\aswmon.sys
2009-12-23 05:26 . 2009-11-24 23:50 94160 ----a-w- c:\windows2\system32\drivers\aswmon2.sys
2009-12-23 05:26 . 2009-11-24 23:50 114768 ----a-w- c:\windows2\system32\drivers\aswSP.sys
2009-12-23 05:26 . 2009-11-24 23:54 1280480 ----a-w- c:\windows2\system32\aswBoot.exe
2009-12-23 05:26 . 2003-03-18 21:20 1060864 ----a-w- c:\windows2\system32\MFC71.dll
2009-12-23 05:26 . 2003-03-18 20:14 499712 ----a-w- c:\windows2\system32\MSVCP71.dll
2009-12-23 05:26 . 2003-02-21 03:42 348160 ----a-w- c:\windows2\system32\MSVCR71.dll
2009-12-23 05:03 . 2009-12-23 05:03 -------- d-----w- c:\documents and settings\Axel\Application Data\Malwarebytes
2009-12-23 05:03 . 2009-12-03 21:14 38224 ----a-w- c:\windows2\system32\drivers\mbamswissarmy.sys
2009-12-23 05:02 . 2009-12-23 05:02 -------- d-----w- c:\documents and settings\All Users.WINDOWS2\Application Data\Malwarebytes
2009-12-23 05:02 . 2009-12-03 21:13 19160 ----a-w- c:\windows2\system32\drivers\mbam.sys
2009-12-23 04:45 . 2009-12-23 04:45 -------- d-----w- c:\windows2\ERUNTSTUFF
2009-12-21 06:32 . 2009-12-21 06:32 -------- d-----w- c:\windows2\ServicePackFiles
2009-12-20 01:57 . 2009-06-10 14:21 84992 -c----w- c:\windows2\system32\dllcache\avifil32.dll
2009-12-20 01:57 . 2008-07-07 20:32 253952 -c----w- c:\windows2\system32\dllcache\es.dll
2009-12-20 01:57 . 2009-03-21 14:18 986112 -c----w- c:\windows2\system32\dllcache\kernel32.dll
2009-12-20 01:57 . 2009-07-29 04:53 119808 -c----w- c:\windows2\system32\dllcache\t2embed.dll
2009-12-20 01:57 . 2009-07-29 04:53 82432 -c----w- c:\windows2\system32\dllcache\fontsub.dll
2009-12-20 01:57 . 2009-10-12 13:54 69632 -c----w- c:\windows2\system32\dllcache\raschap.dll
2009-12-20 01:57 . 2009-10-12 13:54 112128 -c----w- c:\windows2\system32\dllcache\rastls.dll
2009-12-20 01:50 . 2009-02-09 10:20 453120 -c----w- c:\windows2\system32\dllcache\wmiprvsd.dll
2009-12-20 01:50 . 2009-02-06 16:39 227840 -c----w- c:\windows2\system32\dllcache\wmiprvse.exe
2009-12-20 01:50 . 2009-03-06 14:44 283648 -c----w- c:\windows2\system32\dllcache\pdh.dll
2009-12-20 01:50 . 2009-02-09 10:20 399360 -c----w- c:\windows2\system32\dllcache\rpcss.dll
2009-12-20 01:50 . 2009-02-06 17:14 110592 -c----w- c:\windows2\system32\dllcache\services.exe
2009-12-20 01:50 . 2009-02-06 16:54 35328 -c----w- c:\windows2\system32\dllcache\sc.exe
2009-12-20 01:50 . 2009-02-09 10:20 714752 -c----w- c:\windows2\system32\dllcache\ntdll.dll
2009-12-20 01:50 . 2009-02-09 10:20 616960 -c----w- c:\windows2\system32\dllcache\advapi32.dll
2009-12-20 01:50 . 2009-02-09 10:20 473088 -c----w- c:\windows2\system32\dllcache\fastprox.dll
2009-12-20 01:50 . 2005-07-26 04:39 60416 -c----w- c:\windows2\system32\dllcache\colbact.dll
2009-12-20 01:50 . 2009-05-07 15:44 344064 -c----w- c:\windows2\system32\dllcache\localspl.dll
2009-12-20 01:50 . 2009-06-03 19:27 1290752 -c----w- c:\windows2\system32\dllcache\quartz.dll
2009-12-20 01:48 . 2009-08-04 13:13 2015744 -c----w- c:\windows2\system32\dllcache\ntkrpamp.exe
2009-12-20 01:48 . 2009-08-04 13:13 2057728 -c----w- c:\windows2\system32\dllcache\ntkrnlpa.exe
2009-12-20 01:48 . 2009-08-04 13:58 2136064 -c----w- c:\windows2\system32\dllcache\ntkrnlmp.exe
2009-12-20 01:48 . 2009-08-05 09:11 204800 -c----w- c:\windows2\system32\dllcache\mswebdvd.dll
2009-12-20 01:48 . 2009-07-31 04:57 1172480 -c----w- c:\windows2\system32\dllcache\msxml3.dll
2009-12-20 01:48 . 2008-04-21 10:02 215552 -c----w- c:\windows2\system32\dllcache\wordpad.exe
2009-12-20 01:48 . 2009-08-14 12:19 1850112 -c----w- c:\windows2\system32\dllcache\win32k.sys
2009-12-20 01:48 . 2008-06-24 16:23 74240 -c----w- c:\windows2\system32\dllcache\mscms.dll
2009-12-20 01:48 . 2009-06-12 11:50 76288 -c----w- c:\windows2\system32\dllcache\telnet.exe
2009-12-20 01:48 . 2009-04-03 17:15 485376 -c----w- c:\windows2\system32\dllcache\wmspdmod.dll
2009-12-20 01:46 . 2008-12-11 11:57 333184 -c----w- c:\windows2\system32\dllcache\srv.sys
2009-12-20 01:46 . 2008-07-03 13:16 8454656 -c----w- c:\windows2\system32\dllcache\shell32.dll
2009-12-20 01:46 . 2009-10-13 10:53 266752 -c----w- c:\windows2\system32\dllcache\oakley.dll
2009-12-20 01:46 . 2009-06-05 07:42 655872 -c----w- c:\windows2\system32\dllcache\mstscax.dll
2009-12-20 01:45 . 2009-08-25 09:47 352256 -c----w- c:\windows2\system32\dllcache\winhttp.dll
2009-12-20 01:45 . 2008-10-23 13:01 283648 -c----w- c:\windows2\system32\dllcache\gdi32.dll
2009-12-20 01:45 . 2009-08-21 09:46 450560 -c----w- c:\windows2\system32\dllcache\jscript.dll
2009-12-20 01:45 . 2007-12-18 14:40 417792 -c----w- c:\windows2\system32\dllcache\vbscript.dll
2009-12-20 01:45 . 2009-09-11 14:33 133632 -c----w- c:\windows2\system32\dllcache\msv1_0.dll
2009-12-20 01:45 . 2009-06-25 08:44 724480 -c----w- c:\windows2\system32\dllcache\lsasrv.dll
2009-12-20 01:45 . 2009-06-25 08:44 59392 -c----w- c:\windows2\system32\dllcache\wdigest.dll
2009-12-20 01:45 . 2009-06-25 08:44 56320 -c----w- c:\windows2\system32\dllcache\secur32.dll
2009-12-20 01:45 . 2009-06-25 08:44 298496 -c----w- c:\windows2\system32\dllcache\kerberos.dll
2009-12-20 01:45 . 2009-06-25 08:44 168448 -c----w- c:\windows2\system32\dllcache\schannel.dll
2009-12-20 01:45 . 2009-06-22 11:34 92544 -c----w- c:\windows2\system32\dllcache\ksecdd.sys
2009-12-20 01:17 . 2008-06-13 13:10 272128 -c----w- c:\windows2\system32\dllcache\bthport.sys
2009-12-20 01:17 . 2008-06-13 13:10 272128 ------w- c:\windows2\system32\drivers\bthport.sys
2009-12-20 01:15 . 2008-10-15 16:57 332800 -c----w- c:\windows2\system32\dllcache\netapi32.dll
2009-12-18 23:29 . 2004-08-04 03:31 20992 ----a-w- c:\windows2\system32\drivers\RTL8139.sys
2009-12-18 23:20 . 2004-08-04 12:00 24661 ----a-w- c:\windows2\system32\spxcoins.dll
2009-12-18 23:20 . 2004-08-04 12:00 13312 ----a-w- c:\windows2\system32\irclass.dll
2009-12-18 20:17 . 2009-12-18 20:17 -------- d-----w- c:\documents and settings\Axel\Application Data\Lavasoft
2009-12-18 08:43 . 2009-12-18 09:09 -------- d-----w- c:\program files\EA GAMES
2009-12-18 08:27 . 2009-12-18 08:58 -------- d-----w- c:\windows2\system32\CatRoot_bak
2009-12-18 08:00 . 2008-07-09 07:38 26488 ----a-w- c:\windows2\system32\spupdsvc.exe
2009-12-18 08:00 . 2009-12-22 07:26 -------- d--h--w- c:\windows2\$hf_mig$

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-24 00:23 . 2006-07-05 04:36 -------- d-----w- c:\program files\DivX
2009-12-23 05:03 . 2009-06-19 03:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-23 04:44 . 2009-06-19 03:42 -------- d-----w- c:\program files\ERUNT
2009-12-18 23:40 . 2009-12-18 04:23 22720 ----a-w- c:\windows2\system32\emptyregdb.dat
2009-12-18 07:00 . 2009-12-18 04:26 76493 ----a-w- c:\windows2\pchealth\helpctr\OfflineCache\index.dat
2009-12-18 04:43 . 2009-12-18 04:43 0 ----a-w- c:\windows2\nsreg.dat
2009-12-18 04:39 . 2009-12-18 04:39 34552 ----a-w- c:\documents and settings\Axel\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-12 20:33 . 2009-12-12 20:33 -------- d-----w- c:\documents and settings\Administrator\Application Data\Lavasoft
2009-12-12 13:05 . 2008-07-08 18:23 -------- d-----w- c:\documents and settings\Owner\Application Data\skypePM
2009-12-12 07:46 . 2009-11-27 03:27 -------- d-----w- c:\program files\SimPE
2009-12-02 00:17 . 2009-12-02 00:17 -------- d-----w- c:\documents and settings\New Account\Application Data\Lavasoft
2009-11-29 07:45 . 2009-11-29 07:45 -------- d-----w- c:\documents and settings\New Account\Application Data\Malwarebytes
2009-10-31 18:36 . 2006-12-26 05:17 -------- d-----w- c:\documents and settings\Owner\Application Data\ATI
2009-10-31 18:28 . 2006-12-26 05:13 -------- d-----w- c:\program files\ATI Technologies
2009-10-31 04:12 . 2007-08-21 00:53 -------- d-----w- c:\documents and settings\Owner\Application Data\.purple
2009-10-29 05:48 . 2004-08-04 12:00 662016 ------w- c:\windows2\system32\wininet.dll
2009-10-21 06:00 . 2004-08-04 12:00 75776 ----a-w- c:\windows2\system32\strmfilt.dll
2009-10-21 06:00 . 2004-08-04 12:00 25088 ----a-w- c:\windows2\system32\httpapi.dll
2009-10-20 14:58 . 2004-08-04 12:00 263552 ----a-w- c:\windows2\system32\drivers\http.sys
2009-10-13 10:53 . 2004-08-04 12:00 266752 ----a-w- c:\windows2\system32\oakley.dll
2009-10-12 13:54 . 2004-08-04 12:00 69632 ----a-w- c:\windows2\system32\raschap.dll
2009-10-12 13:54 . 2004-08-04 12:00 112128 ----a-w- c:\windows2\system32\rastls.dll
2006-01-27 23:38 . 2006-01-27 23:38 774144 ----a-w- c:\program files\RngInterstitial.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows2\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows2\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows2\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"IMEKRMIG6.1"="c:\windows2\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 44032]
"MSPY2002"="c:\windows2\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
AUTOPLAY.0XE [2001-9-17 36864]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [2008-8-30 225280]

c:\documents and settings\Axel's Account\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-1-2 113664]

c:\documents and settings\Axel\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS2\\system32\\usmt\\migwiz.exe"=

R1 aswSP;avast! Self Protection;c:\windows2\system32\drivers\aswSP.sys [12/23/2009 12:26 AM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows2\system32\drivers\aswFsBlk.sys [12/23/2009 12:26 AM 20560]
.
.
------- Supplementary Scan -------
.
FF - ProfilePath - c:\documents and settings\Axel\Application Data\Mozilla\Firefox\Profiles\jq7b4q6u.default\
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npracplug.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-29 19:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Completion time: 2009-12-29 19:41:48 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-30 00:41
ComboFix2.txt 2009-12-29 22:15

Pre-Run: 179,240,960 bytes free
Post-Run: 148,795,392 bytes free

- - End Of File - - FBC0E11F7647D471CAA35C4640EF728C
  • 0

#6
emeraldnzl
Posted 29 December 2009 - 07:33 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello SardonicWhisper,

Should I have hit Yes?


Yes but no harm done:D

Now

You have used Malwarebytes before. If you still have it on your machine please update and run. Post the scan report back here.

If you no-longer have Malwarebytes please download from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Next

Kaspersky on line scanner is very thorough. It can take a long time and for periods may seem not to be working. Just be patient and let it do its job.

Kaspersky works with Internet Explorer and Firefox. It uses Java Runtime Environment (JRE) .

Please download Go here to update your Java.

Now go to Kaspersky website and perform an online antivirus scan.

Note: you will need to turn off your security programs to allow Kaspersky to do its job.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Copy and paste that information in your next post.

So when you return please post
  • MBAM log
  • Kaspersky scan results
  • and tell me how your computer is now
  • 0

#7
SardonicWhisper
Posted 01 January 2010 - 05:04 PM

SardonicWhisper

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Sorry for the delayed response, holidays have been hectic :). Anyway, I let that Kaspersky scanner run for almost two days but it was stuck at a file for the entire time :\ (It was called ccd-tcny.r06). So I finally closed out of it, I know you said it can take a long time but should it really be stuck on a file for two days?

I restarted my computer but I still get a blank black screen when I try going into the other Windows. And it used to give me 30 seconds to choose between the two Windows but now it flashes the screen for 2 seconds and goes into this Windows automatically.

Here is the MBAM log...

--------------------------------

Malwarebytes' Anti-Malware 1.42
Database version: 3453
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

12/29/2009 9:09:00 PM
mbam-log-2009-12-29 (21-09-00).txt

Scan type: Quick Scan
Objects scanned: 164063
Time elapsed: 6 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#8
emeraldnzl
Posted 01 January 2010 - 05:11 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

I let that Kaspersky scanner run for almost two days but it was stuck at a file for the entire time :\ (It was called ccd-tcny.r06).


Hmm... Do this:

Disable resident protections (Antivirus...); remember to re-enable them after the scan

Download Lop S&D

Double-click Lop S&D.exe (If you are running on Vista you will need to right-click on the file and choose Run As Administrator.)
Choose the language, then choose Option 1 (Search)
Wait till the end of the scan
Post the log which is created: (%SystemDrive%\lopR.txt)
  • 0

#9
SardonicWhisper
Posted 01 January 2010 - 05:38 PM

SardonicWhisper

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : AMD Athlon™ XP 2200+ )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : Axel ( Administrator )
BOOT : Normal boot
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:69 Go (Free:0 Go)
D:\ (Local Disk) - FAT32 - Total:5 Go (Free:1 Go)
E:\ (CD or DVD)
F:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( Fri 01/01/2010|18:22 )

--------------------\\ Listing folders in APPLIC~1

[07/26/2002|11:23] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Adobe
[07/24/2008|10:53] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Apple Computer
[03/25/2008|05:41] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> BullGuard
[07/26/2002|11:23] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Identities
[07/26/2002|11:23] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> InterTrust
[12/12/2009|03:33] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Lavasoft
[04/10/2009|01:11] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Microsoft
[07/26/2002|11:23] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Share-to-Web Upload Folder
[07/26/2002|11:23] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Symantec
[07/26/2002|11:23] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> VERITAS

[12/17/2009|11:27] C:\DOCUME~1\ADMINI~1.AXE\APPLIC~1\<DIR> Microsoft

[10/09/2006|12:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Activision
[07/24/2006|06:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe
[07/24/2006|06:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe Systems
[02/03/2008|03:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Age of Empires 3
[10/08/2006|10:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL
[05/20/2004|12:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL Downloads
[03/28/2009|11:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple
[08/31/2009|01:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer
[10/31/2009|01:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> ATI
[04/13/2009|06:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> avg8
[06/21/2005|10:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Broderbund Software
[09/30/2009|12:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> F-Secure
[12/12/2009|02:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Google Updater
[01/29/2005|04:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> GTek
[07/28/2006|08:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> InstallShield
[12/26/2007|12:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Logitech
[06/18/2009|10:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Malwarebytes
[09/12/2007|03:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[06/26/2008|03:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft Games
[07/26/2002|11:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Motive
[12/25/2002|03:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> MSN6
[01/30/2006|12:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> PopCap
[05/20/2004|04:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Pure Networks
[10/08/2003|02:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> QuickTime
[04/13/2007|10:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Riverdeep Interactive Learning Limited
[07/26/2002|11:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Sbsi
[11/18/2007|02:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SimCity Societies
[07/08/2008|01:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Skype
[03/16/2004|09:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Softdisk LLC
[10/09/2006|02:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Spybot - Search & Destroy
[09/18/2009|10:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Symantec
[07/20/2008|01:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TEMP
[08/05/2008|04:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Trymedia
[03/01/2005|06:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Viewpoint
[07/29/2007|04:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage
[05/30/2008|06:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> WLInstaller
[04/18/2008|03:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Yahoo! Companion

[12/23/2009|12:02] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> Malwarebytes
[12/29/2009|09:13] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> McAfee
[12/18/2009|02:40] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> Microsoft

[12/18/2009|12:51] C:\DOCUME~1\Axel\APPLIC~1\<DIR> Adobe
[12/17/2009|11:38] C:\DOCUME~1\Axel\APPLIC~1\<DIR> Identities
[12/18/2009|03:17] C:\DOCUME~1\Axel\APPLIC~1\<DIR> Lavasoft
[12/18/2009|12:51] C:\DOCUME~1\Axel\APPLIC~1\<DIR> Macromedia
[12/23/2009|12:03] C:\DOCUME~1\Axel\APPLIC~1\<DIR> Malwarebytes
[12/23/2009|08:29] C:\DOCUME~1\Axel\APPLIC~1\<DIR> Microsoft
[12/17/2009|11:44] C:\DOCUME~1\Axel\APPLIC~1\<DIR> Mozilla
[12/29/2009|09:13] C:\DOCUME~1\Axel\APPLIC~1\<DIR> Sun
[12/18/2009|07:10] C:\DOCUME~1\Axel\APPLIC~1\<DIR> WinRAR

[07/09/2006|11:52] C:\DOCUME~1\AXEL'S~1\APPLIC~1\<DIR> .gaim
[07/24/2006|09:27] C:\DOCUME~1\AXEL'S~1\APPLIC~1\<DIR> Adobe
[11/21/2004|05:16] C:\DOCUME~1\AXEL'S~1\APPLIC~1\<DIR> AdobeUM
[09/29/2004|02:10] C:\DOCUME~1\AXEL'S~1\APPLIC~1\<DIR> Aim
[10/08/2006|09:59] C:\DOCUME~1\AXEL'S~1\APPLIC~1\<DIR> AOL
[12/25/2004|11:09] C:\DOCUME~1\AXEL'S~1\APPLIC~1\<DIR> Apple Computer
[05/31/2004|06:59] C:\DOCUME~1\AXEL'S~1\APPLIC~1\<DIR> ArcSoft
[02/02/2005|08:47] C:\DOCUME~1\AXEL'S~1\APPLIC~1\<DIR> Atari
[06/17/2008|12:07] C:\DOCUME~1\AXEL'S~1\APPLIC~1\<DIR> BullGuard
[06/27/2006|08:00] C:\DOCUME~1\AXEL'S~1\APPLIC~1\<DIR> Google
[07/02/2004|07:56] C:\DOCUME~1\AXEL'S~1\APPLIC~1\<DIR> GTek
[05/29/2004|12:23] C:\DOCUME~1\AXEL'S~1\APPLIC~1\<DIR> Help
[07/26/2002|11:23] C:\DOCUME~1\AXEL'S~1\APPLIC~1\<DIR> Identities
[07/26/2002|11:23] C:\DOCUME~1\AXEL'S~1\APPLIC~1\<DIR> InterTrust
[05/09/2005|02:02] C:\DOCUME~1\AXEL'S~1\APPLIC~1\<DIR> InterVideo
[05/30/2004|09:08] C:\DOCUME~1\AXEL'S~1\APPLIC~1\<DIR> Jasc
[05/30/2004|04:46] C:\DOCUME~1\AXEL'S~1\APPLIC~1\<DIR> Jasc Software Inc
[02/16/2005|08:12] C:\DOCUME~1\AXEL'S~1\APPLIC~1\<DIR> Lavasoft
[02/02/2005|08:46] C:\DOCUME~1\AXEL'S~1\APPLIC~1\<DIR> Leadertech
[06/17/2008|12:06] C:\DOCUME~1\AXEL'S~1\APPLIC~1\<DIR> Logitech
[06/12/2006|07:30] C:\DOCUME~1\AXEL'S~1\APPLIC~1\<DIR> Macromedia
[04/10/2009|01:11] C:\DOCUME~1\AXEL'S~1\APPLIC~1\<DIR> Microsoft
[02/05/2006|07:30] C:\DOCUME~1\AXEL'S~1\APPLIC~1\<DIR> Microsoft Games
[07/21/2004|12:18] C:\DOCUME~1\AXEL'S~1\APPLIC~1\<DIR> Motive
[11/30/2004|06:19] C:\DOCUME~1\AXEL'S~1\APPLIC~1\<DIR> Mozilla
[05/02/2006|03:46] C:\DOCUME~1\AXEL'S~1\APPLIC~1\<DIR> MSN6
[12/25/2005|11:27] C:\DOCUME~1\AXEL'S~1\APPLIC~1\<DIR> My Games
[06/06/2005|11:05] C:\DOCUME~1\AXEL'S~1\APPLIC~1\<DIR> Rex-Services
[06/09/2004|03:00] C:\DOCUME~1\AXEL'S~1\APPLIC~1\<DIR> Share-to-Web Upload Folder
[11/07/2006|06:31] C:\DOCUME~1\AXEL'S~1\APPLIC~1\<DIR> Skype
[07/18/2006|11:06] C:\DOCUME~1\AXEL'S~1\APPLIC~1\<DIR> SmartFTP
[03/06/2005|10:18] C:\DOCUME~1\AXEL'S~1\APPLIC~1\<DIR> Sun
[07/26/2002|11:23] C:\DOCUME~1\AXEL'S~1\APPLIC~1\<DIR> Symantec
[07/26/2002|11:23] C:\DOCUME~1\AXEL'S~1\APPLIC~1\<DIR> VERITAS
[06/17/2008|12:08] C:\DOCUME~1\AXEL'S~1\APPLIC~1\<DIR> Yahoo!
[02/20/2005|07:04] C:\DOCUME~1\AXEL'S~1\APPLIC~1\<DIR> Yahoo! Messenger

[07/26/2002|11:23] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Adobe
[07/26/2002|11:23] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Identities
[07/26/2002|11:23] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> InterTrust
[12/01/2007|03:13] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft
[07/26/2002|11:23] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Share-to-Web Upload Folder
[07/26/2002|11:23] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Symantec
[07/26/2002|11:23] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> VERITAS

[12/17/2009|11:27] C:\DOCUME~1\DEFAUL~1.WIN\APPLIC~1\<DIR> Microsoft

[04/10/2009|01:11] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft

[12/17/2009|11:33] C:\DOCUME~1\LOCALS~1.NTA\APPLIC~1\<DIR> Microsoft

[04/10/2009|01:11] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft

[12/17/2009|11:32] C:\DOCUME~1\NETWOR~1.NTA\APPLIC~1\<DIR> Microsoft

[08/01/2008|01:52] C:\DOCUME~1\NEWACC~1\APPLIC~1\<DIR> .purple
[07/30/2008|03:03] C:\DOCUME~1\NEWACC~1\APPLIC~1\<DIR> Adobe
[07/20/2008|01:35] C:\DOCUME~1\NEWACC~1\APPLIC~1\<DIR> Apple Computer
[11/24/2008|12:35] C:\DOCUME~1\NEWACC~1\APPLIC~1\<DIR> BullGuard
[07/26/2002|11:23] C:\DOCUME~1\NEWACC~1\APPLIC~1\<DIR> Identities
[07/26/2002|11:23] C:\DOCUME~1\NEWACC~1\APPLIC~1\<DIR> InterTrust
[07/20/2008|01:30] C:\DOCUME~1\NEWACC~1\APPLIC~1\<DIR> iPod Copy Expert
[12/01/2009|07:17] C:\DOCUME~1\NEWACC~1\APPLIC~1\<DIR> Lavasoft
[07/20/2008|01:28] C:\DOCUME~1\NEWACC~1\APPLIC~1\<DIR> Logitech
[07/20/2008|01:33] C:\DOCUME~1\NEWACC~1\APPLIC~1\<DIR> Macromedia
[11/29/2009|02:45] C:\DOCUME~1\NEWACC~1\APPLIC~1\<DIR> Malwarebytes
[04/10/2009|01:11] C:\DOCUME~1\NEWACC~1\APPLIC~1\<DIR> Microsoft
[04/21/2009|10:20] C:\DOCUME~1\NEWACC~1\APPLIC~1\<DIR> Mozilla
[07/26/2002|11:23] C:\DOCUME~1\NEWACC~1\APPLIC~1\<DIR> Share-to-Web Upload Folder
[07/21/2008|10:47] C:\DOCUME~1\NEWACC~1\APPLIC~1\<DIR> Sun
[07/26/2002|11:23] C:\DOCUME~1\NEWACC~1\APPLIC~1\<DIR> Symantec
[07/24/2008|10:38] C:\DOCUME~1\NEWACC~1\APPLIC~1\<DIR> uTorrent
[07/26/2002|11:23] C:\DOCUME~1\NEWACC~1\APPLIC~1\<DIR> VERITAS
[07/26/2008|07:44] C:\DOCUME~1\NEWACC~1\APPLIC~1\<DIR> XericDesign

[08/20/2007|07:53] C:\DOCUME~1\Owner\APPLIC~1\<DIR> .gaim
[10/30/2009|11:12] C:\DOCUME~1\Owner\APPLIC~1\<DIR> .purple
[07/03/2008|01:48] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Adobe
[06/25/2003|05:53] C:\DOCUME~1\Owner\APPLIC~1\<DIR> AdobeUM
[12/26/2006|07:09] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Aim
[10/08/2006|09:59] C:\DOCUME~1\Owner\APPLIC~1\<DIR> AOL
[03/28/2009|11:07] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Apple Computer
[01/01/2003|07:58] C:\DOCUME~1\Owner\APPLIC~1\<DIR> ArcSoft
[03/18/2008|06:51] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Atari
[10/31/2009|01:36] C:\DOCUME~1\Owner\APPLIC~1\<DIR> ATI
[03/19/2004|01:38] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Corel
[06/23/2008|10:36] C:\DOCUME~1\Owner\APPLIC~1\<DIR> DivX
[08/13/2007|08:48] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Earthsim
[12/26/2006|07:13] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Google
[09/07/2003|06:56] C:\DOCUME~1\Owner\APPLIC~1\<DIR> GTek
[07/28/2008|06:41] C:\DOCUME~1\Owner\APPLIC~1\<DIR> gtk-2.0
[09/01/2003|12:33] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Help
[07/26/2002|11:23] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Identities
[07/20/2008|01:11] C:\DOCUME~1\Owner\APPLIC~1\<DIR> InstallShield
[12/26/2002|02:15] C:\DOCUME~1\Owner\APPLIC~1\<DIR> InterVideo
[10/09/2006|12:22] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Lavasoft
[03/19/2004|01:50] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Leadertech
[08/13/2007|09:48] C:\DOCUME~1\Owner\APPLIC~1\<DIR> LimeWire
[12/26/2007|12:29] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Logitech
[07/31/2006|10:50] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Macromedia
[06/18/2009|10:46] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Malwarebytes
[05/30/2008|06:47] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Microsoft
[06/26/2008|03:46] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Microsoft Games
[07/08/2008|11:06] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Move Networks
[06/06/2008|06:35] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Mozilla
[05/02/2006|03:46] C:\DOCUME~1\Owner\APPLIC~1\<DIR> MSN6
[07/20/2008|01:08] C:\DOCUME~1\Owner\APPLIC~1\<DIR> My Games
[10/09/2006|12:08] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Neopets Toolbar
[04/19/2009|05:17] C:\DOCUME~1\Owner\APPLIC~1\<DIR> OpenOffice.org
[08/02/2006|12:51] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Opera
[09/19/2008|05:36] C:\DOCUME~1\Owner\APPLIC~1\<DIR> SecuROM
[07/26/2002|11:23] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Share-to-Web Upload Folder
[08/10/2008|09:24] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Skype
[12/12/2009|08:05] C:\DOCUME~1\Owner\APPLIC~1\<DIR> skypePM
[07/08/2007|09:31] C:\DOCUME~1\Owner\APPLIC~1\<DIR> SmartFTP
[08/08/2006|03:28] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Sun
[11/04/2008|08:58] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Symantec
[12/10/2007|07:24] C:\DOCUME~1\Owner\APPLIC~1\<DIR> uTorrent
[07/26/2002|11:23] C:\DOCUME~1\Owner\APPLIC~1\<DIR> VERITAS
[10/09/2008|02:01] C:\DOCUME~1\Owner\APPLIC~1\<DIR> vlc
[04/18/2008|03:42] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Yahoo!
[05/20/2004|04:16] C:\DOCUME~1\Owner\APPLIC~1\<DIR> You've Got Pictures Screensaver

--------------------\\ Scheduled Tasks located in C:\WINDOWS2\Tasks

[01/01/2010 05:22 PM][--ah-----] C:\WINDOWS2\tasks\SA.DAT
[08/04/2004 07:00 AM][-r-h-----] C:\WINDOWS2\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[09/16/2004|05:23] C:\Program Files\<DIR> Aaslund Software
[09/29/2009|07:28] C:\Program Files\<DIR> Activision Value
[12/29/2004|04:38] C:\Program Files\<DIR> Admilli Service
[08/06/2006|05:39] C:\Program Files\<DIR> Adobe
[01/31/2005|10:11] C:\Program Files\<DIR> AIM Toolbar
[05/16/2004|08:08] C:\Program Files\<DIR> AIM95
[06/23/2008|10:52] C:\Program Files\<DIR> alaplaya
[04/13/2009|04:12] C:\Program Files\<DIR> Alwil Software
[10/08/2006|09:56] C:\Program Files\<DIR> America Online 9.0b
[06/18/2007|04:27] C:\Program Files\<DIR> AmiPic
[01/31/2005|10:11] C:\Program Files\<DIR> AnfyTeam
[03/28/2009|11:06] C:\Program Files\<DIR> Apple Software Update
[06/22/2004|06:08] C:\Program Files\<DIR> ASCII
[03/18/2008|06:53] C:\Program Files\<DIR> Atari
[07/26/2002|11:32] C:\Program Files\<DIR> AtBackup
[10/31/2009|01:28] C:\Program Files\<DIR> ATI Technologies
[07/07/2008|09:30] C:\Program Files\<DIR> Audacity
[04/10/2009|01:18] C:\Program Files\<DIR> AVG
[10/08/2006|10:15] C:\Program Files\<DIR> Avi2Dvd
[12/26/2006|07:10] C:\Program Files\<DIR> AviSynth 2.5
[10/09/2006|12:08] C:\Program Files\<DIR> AWS
[07/29/2003|06:22] C:\Program Files\<DIR> Biography Software
[01/09/2003|09:12] C:\Program Files\<DIR> Blubster
[10/08/2006|10:18] C:\Program Files\<DIR> Cakewalk
[10/08/2006|10:21] C:\Program Files\<DIR> Click'N Design 3D
[12/29/2009|07:30] C:\Program Files\<DIR> Common Files
[12/17/2009|11:23] C:\Program Files\<DIR> ComPlus Applications
[10/08/2006|10:35] C:\Program Files\<DIR> Corel
[10/08/2006|11:58] C:\Program Files\<DIR> Creative
[01/13/2003|02:49] C:\Program Files\<DIR> Cryo Interactive Entertainment
[12/23/2009|07:23] C:\Program Files\<DIR> DivX
[12/18/2009|04:09] C:\Program Files\<DIR> EA GAMES
[12/26/2006|07:12] C:\Program Files\<DIR> eGames
[04/14/2006|10:53] C:\Program Files\<DIR> e-Games
[02/15/2009|03:15] C:\Program Files\<DIR> Electronic Arts
[10/08/2006|10:41] C:\Program Files\<DIR> eMule
[02/12/2005|07:00] C:\Program Files\<DIR> Enterbrain
[12/22/2009|11:44] C:\Program Files\<DIR> ERUNT
[12/25/2005|12:31] C:\Program Files\<DIR> Firaxis Games
[12/10/2007|07:17] C:\Program Files\<DIR> FlashGet
[10/09/2006|02:37] C:\Program Files\<DIR> Free Offers from Freeze.com
[09/29/2009|11:12] C:\Program Files\<DIR> Freeze.com
[10/08/2006|10:09] C:\Program Files\<DIR> Furcadia
[08/20/2007|07:51] C:\Program Files\<DIR> Gaim
[10/08/2006|10:41] C:\Program Files\<DIR> Game_Maker5
[07/15/2008|09:25] C:\Program Files\<DIR> GameBiz
[11/09/2008|01:23] C:\Program Files\<DIR> GameSpy Arcade
[07/15/2008|09:30] C:\Program Files\<DIR> Google
[04/07/2007|07:27] C:\Program Files\<DIR> Gpotato
[10/09/2006|02:43] C:\Program Files\<DIR> Grisoft
[02/01/2005|06:54] C:\Program Files\<DIR> Hasbro Interactive
[04/12/2003|01:08] C:\Program Files\<DIR> Hewlett-Packard
[07/26/2002|11:40] C:\Program Files\<DIR> hp center
[02/05/2003|11:45] C:\Program Files\<DIR> hp deskjet 5550 series
[07/26/2002|11:40] C:\Program Files\<DIR> HP Instant Support
[07/26/2002|11:40] C:\Program Files\<DIR> HP Photosmart 11
[08/06/2002|08:46] C:\Program Files\<DIR> HPSelect
[02/10/2005|06:15] C:\Program Files\<DIR> iMesh
[12/25/2002|10:48] C:\Program Files\<DIR> Infogrames
[07/16/2003|11:18] C:\Program Files\<DIR> Infogrames Interactive
[09/29/2009|07:28] C:\Program Files\<DIR> InstallShield Installation Information
[07/24/2003|06:31] C:\Program Files\<DIR> Intel
[07/24/2003|06:29] C:\Program Files\<DIR> Intel Play
[12/26/2002|02:31] C:\Program Files\<DIR> InterActual
[12/21/2009|01:36] C:\Program Files\<DIR> Internet Explorer
[02/26/2005|04:42] C:\Program Files\<DIR> iPod
[07/20/2008|01:30] C:\Program Files\<DIR> iPod Copy Expert
[07/23/2008|04:21] C:\Program Files\<DIR> iPod To Computer Transfer
[12/25/2004|11:08] C:\Program Files\<DIR> iTunes
[05/30/2004|04:46] C:\Program Files\<DIR> Jasc Software Inc
[12/29/2009|09:23] C:\Program Files\<DIR> Java
[03/30/2004|07:15] C:\Program Files\<DIR> JavaSoft
[04/24/2008|08:26] C:\Program Files\<DIR> Jetico
[10/08/2006|10:10] C:\Program Files\<DIR> Kazaa
[02/01/2005|06:55] C:\Program Files\<DIR> KO Fader
[02/16/2005|08:11] C:\Program Files\<DIR> Lavasoft
[08/13/2007|08:48] C:\Program Files\<DIR> LimeWire
[12/26/2007|12:25] C:\Program Files\<DIR> Logitech
[12/23/2009|12:03] C:\Program Files\<DIR> Malwarebytes' Anti-Malware
[09/19/2004|04:43] C:\Program Files\<DIR> Maxis
[12/27/2002|10:20] C:\Program Files\<DIR> Memorex
[12/21/2009|01:41] C:\Program Files\<DIR> Messenger
[12/25/2003|09:57] C:\Program Files\<DIR> Microsoft ActiveSync
[07/30/2007|02:10] C:\Program Files\<DIR> Microsoft CAPICOM 2.1.0.2
[07/26/2002|11:41] C:\Program Files\<DIR> microsoft frontpage
[11/09/2008|12:54] C:\Program Files\<DIR> Microsoft Games
[12/25/2003|09:56] C:\Program Files\<DIR> Microsoft Office
[10/28/2009|03:12] C:\Program Files\<DIR> Monte Cristo
[12/17/2009|11:24] C:\Program Files\<DIR> Movie Maker
[01/01/2010|05:24] C:\Program Files\<DIR> Mozilla Firefox
[07/26/2002|11:41] C:\Program Files\<DIR> MSN
[10/08/2006|11:23] C:\Program Files\<DIR> MSN Apps
[07/26/2002|11:41] C:\Program Files\<DIR> MSN Gaming Zone
[04/09/2009|09:33] C:\Program Files\<DIR> MSN Messenger
[12/28/2004|01:48] C:\Program Files\<DIR> MSN Toolbar
[02/02/2006|08:30] C:\Program Files\<DIR> MSXML 4.0
[07/23/2008|04:24] C:\Program Files\<DIR> Music Rescue
[12/31/2002|11:06] C:\Program Files\<DIR> MUSICMATCH
[12/17/2009|11:23] C:\Program Files\<DIR> NetMeeting
[08/11/2004|06:11] C:\Program Files\<DIR> Netscape
[10/08/2006|11:53] C:\Program Files\<DIR> Office Tracker
[12/17/2009|11:22] C:\Program Files\<DIR> Online Services
[09/29/2009|11:20] C:\Program Files\<DIR> OpenOffice.org 3
[05/08/2008|10:37] C:\Program Files\<DIR> Osiris Games
[10/08/2006|11:53] C:\Program Files\<DIR> OTServer
[12/21/2009|01:35] C:\Program Files\<DIR> Outlook Express
[11/04/2008|09:01] C:\Program Files\<DIR> Panda Security
[10/09/2006|12:00] C:\Program Files\<DIR> PeerGuardian2
[09/09/2007|08:33] C:\Program Files\<DIR> PerfectWorld
[07/23/2003|05:55] C:\Program Files\<DIR> PF.Magic
[07/04/2008|02:28] C:\Program Files\<DIR> Pidgin
[11/18/2004|09:56] C:\Program Files\<DIR> Pogo Games
[09/09/2007|08:16] C:\Program Files\<DIR> PrintMaster Gold 17
[12/26/2006|07:19] C:\Program Files\<DIR> QUICKENW
[08/27/2009|10:57] C:\Program Files\<DIR> QuickTime
[01/27/2006|06:38] C:\Program Files\<DIR> Real
[07/26/2002|11:43] C:\Program Files\<DIR> RecordNow
[08/05/2008|03:34] C:\Program Files\<DIR> ReflexiveArcade
[08/05/2008|05:33] C:\Program Files\<DIR> Risk II
[10/09/2006|12:01] C:\Program Files\<DIR> RMP2
[05/20/2007|10:51] C:\Program Files\<DIR> RuffRose
[04/13/2004|02:16] C:\Program Files\<DIR> S3
[03/28/2009|11:07] C:\Program Files\<DIR> Safari
[02/01/2005|07:05] C:\Program Files\<DIR> ScreenSaver.com
[10/09/2006|12:03] C:\Program Files\<DIR> Silkroad
[12/12/2009|02:46] C:\Program Files\<DIR> SimPE
[10/08/2006|10:13] C:\Program Files\<DIR> SimTheme Park
[07/08/2008|01:17] C:\Program Files\<DIR> Skype
[07/08/2007|09:30] C:\Program Files\<DIR> SmartFTP Client 2.0
[07/18/2006|11:05] C:\Program Files\<DIR> SmartFTP Client 2.0 Setup Files
[09/29/2009|09:17] C:\Program Files\<DIR> Software2000
[07/26/2002|11:45] C:\Program Files\<DIR> Sonic
[10/09/2006|02:05] C:\Program Files\<DIR> Spybot - Search & Destroy
[12/09/2007|09:00] C:\Program Files\<DIR> Sword of The New World
[03/01/2005|09:17] C:\Program Files\<DIR> Symantec
[10/21/2003|02:59] C:\Program Files\<DIR> Take2 Interactive
[01/26/2003|04:31] C:\Program Files\<DIR> The Learning Company
[08/06/2006|08:54] C:\Program Files\<DIR> Transparent
[02/01/2005|07:07] C:\Program Files\<DIR> Tropico
[11/18/2004|09:56] C:\Program Files\<DIR> Trymedia
[10/08/2006|11:37] C:\Program Files\<DIR> Ubi Soft
[08/07/2006|06:01] C:\Program Files\<DIR> Uninstall Information
[09/10/2003|06:34] C:\Program Files\<DIR> USB Driver Vers. 3.2
[07/21/2008|12:00] C:\Program Files\<DIR> uTorrent
[07/26/2002|11:45] C:\Program Files\<DIR> VERITAS Software
[10/09/2008|01:58] C:\Program Files\<DIR> VideoLAN
[03/01/2005|06:43] C:\Program Files\<DIR> Viewpoint
[07/14/2004|04:57] C:\Program Files\<DIR> Visioneer OneTouch
[07/20/2008|01:20] C:\Program Files\<DIR> Voyage Century Online
[07/20/2008|01:27] C:\Program Files\<DIR> Web Publish
[02/01/2005|07:08] C:\Program Files\<DIR> WildTangent
[08/03/2003|09:36] C:\Program Files\<DIR> Winamp3
[12/17/2009|11:24] C:\Program Files\<DIR> Windows Media Player
[12/17/2009|11:21] C:\Program Files\<DIR> Windows NT
[12/17/2009|11:25] C:\Program Files\<DIR> WindowsUpdate
[01/03/2003|06:37] C:\Program Files\<DIR> WinMX
[12/18/2009|07:10] C:\Program Files\<DIR> WinRAR
[07/24/2006|10:14] C:\Program Files\<DIR> WinZip
[04/15/2006|02:59] C:\Program Files\<DIR> Wizet
[07/26/2008|07:44] C:\Program Files\<DIR> XericDesign
[07/26/2002|11:47] C:\Program Files\<DIR> xerox
[02/01/2005|07:09] C:\Program Files\<DIR> Yahoo SiteBuilder
[04/18/2008|03:41] C:\Program Files\<DIR> Yahoo!

--------------------\\ Listing Folders in C:\Program Files\Common Files

[10/08/2006|08:08] C:\Program Files\Common Files\<DIR> Adobe
[07/24/2006|06:54] C:\Program Files\Common Files\<DIR> Adobe Systems Shared
[10/08/2006|10:08] C:\Program Files\Common Files\<DIR> AOL
[10/08/2003|02:27] C:\Program Files\Common Files\<DIR> aolback
[07/26/2002|11:33] C:\Program Files\Common Files\<DIR> Borland Shared
[12/25/2003|09:57] C:\Program Files\Common Files\<DIR> DESIGNER
[02/12/2005|07:00] C:\Program Files\Common Files\<DIR> Enterbrain
[07/03/2008|12:30] C:\Program Files\Common Files\<DIR> eSellerate
[07/09/2006|11:51] C:\Program Files\Common Files\<DIR> GTK
[04/12/2003|01:08] C:\Program Files\Common Files\<DIR> Hewlett-Packard
[03/01/2008|12:06] C:\Program Files\Common Files\<DIR> INCA Shared
[07/28/2006|08:00] C:\Program Files\Common Files\<DIR> InstallShield
[03/06/2005|09:04] C:\Program Files\Common Files\<DIR> Java
[01/25/2006|07:38] C:\Program Files\Common Files\<DIR> L&H
[12/26/2007|12:26] C:\Program Files\Common Files\<DIR> Logitech
[10/30/2009|02:16] C:\Program Files\Common Files\<DIR> Microsoft Shared
[09/29/2009|11:25] C:\Program Files\Common Files\<DIR> Motive
[07/26/2002|11:33] C:\Program Files\Common Files\<DIR> MSSoap
[10/08/2003|02:25] C:\Program Files\Common Files\<DIR> Nullsoft
[07/30/2007|02:04] C:\Program Files\Common Files\<DIR> ODBC
[07/03/2003|12:25] C:\Program Files\Common Files\<DIR> Real
[04/21/2009|10:18] C:\Program Files\Common Files\<DIR> Services
[07/08/2008|01:16] C:\Program Files\Common Files\<DIR> Skype
[07/26/2002|11:33] C:\Program Files\Common Files\<DIR> SpeechEngines
[09/19/2009|10:33] C:\Program Files\Common Files\<DIR> Symantec Shared
[12/17/2009|11:23] C:\Program Files\Common Files\<DIR> System
[05/30/2008|06:44] C:\Program Files\Common Files\<DIR> WindowsLiveInstaller

--------------------\\ Process

( 24 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

No Lop folder found !

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-01 18:23:59
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections


No other infections found !

[F:1906][D:15]-> C:\DOCUME~1\Axel\LOCALS~1\Temp
[F:14][D:0]-> C:\DOCUME~1\Axel\Cookies
[F:8][D:3]-> C:\DOCUME~1\Axel\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - Fri 01/01/2010|18:24 - Option : [1]

--------------------\\ Scan completed at 18:24:39
  • 0

#10
emeraldnzl
Posted 01 January 2010 - 05:44 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello SardonicWhisper,

Please run the MGA Diagnostic Tool and post back the report it produces:
  • Download MGADiag to your desktop.
  • Double-click on MGADiag.exe to launch the program
  • Click "Continue"
  • Ensure that the "Windows" tab is selected (it should be by default).
  • Click the "Copy" button to copy the MGA Diagnostic Report to the Windows clipboard.
  • Paste the MGA Diagnostic Report back here in your next reply.

  • 0

Advertisements

#11
SardonicWhisper
Posted 01 January 2010 - 05:48 PM

SardonicWhisper

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Diagnostic Report (1.9.0011.0):
-----------------------------------------
WGA Data-->
Validation Status: Validation Control not Installed
Validation Code: 0

Cached Validation Code: N/A
Windows Product Key: *****-*****-2CXKV-GMP22-HF2BQ
Windows Product Key Hash: 25dG7mX6zCS/Ri0MYOSCvb3ct0w=
Windows Product ID: 76477-OEM-2111907-00101
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 5.1.2600.2.00010300.2.0.hom
ID: {CF3371B8-DA56-4CBA-9539-E9ADFC870BA2}(1)
Is Admin: Yes
TestCab: 0x0
WGA Version: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005
Resolution Status: N/A

WgaER Data-->
ThreatID(s): N/A
Version: N/A

WGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: B4D0AA8B-543-80070002_025D1FF3-230-1

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\IEXPLORE.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{CF3371B8-DA56-4CBA-9539-E9ADFC870BA2}</UGUID><Version>1.9.0011.0</Version><OS>5.1.2600.2.00010300.2.0.hom</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-HF2BQ</PKey><PID>76477-OEM-2111907-00101</PID><PIDType>2</PIDType><SID>S-1-5-21-2000478354-583907252-839522115</SID><SYSTEM><Manufacturer>HP Pavilion 05</Manufacturer><Model>P9851A-ABA 523N</Model></SYSTEM><BIOS><Manufacturer>Phoenix Technologies, LTD</Manufacturer><Version>AM35305</Version><SMBIOSVersion major="2" minor="3"/><Date>20020820000000.000000+000</Date><SLPBIOS>Compaq,Hewlett,Hewlett,Compaq</SLPBIOS></BIOS><HWID>13E334070184205B</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData> <Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Licensing Data-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: yes
Marker string from BIOS: 1E0D3:Compaq Computer Corporation|1085B:Hewlett-Packard Company
Marker string from OEMBIOS.DAT: Compaq,Hewlett,Hewlett,Compaq

OEM Activation 2.0 Data-->
N/A
  • 0

#12
emeraldnzl
Posted 01 January 2010 - 06:24 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Let's see if you can run this one:

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

  • 0

#13
SardonicWhisper
Posted 01 January 2010 - 07:17 PM

SardonicWhisper

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Ahhh! I had to stop the scan early. It found something called Win32/Agent.NVP trojan in two places but right after it found them my computer started flashing "LOW DISK SPACE" and I looked and it was losing disk space like crazy. It only had 604 MB on it since I created the second Windows which took up some space, but all of the sudden it dropped to 54 MB and then 304 KB and that's when I turned it off.

What will happen if it hits 0?

Edited by SardonicWhisper, 01 January 2010 - 07:17 PM.

  • 0

#14
emeraldnzl
Posted 01 January 2010 - 07:57 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

What will happen if it hits 0?


Under 5% free space your computer is in danger of crashing and being unable to boot up.

I should have noticed that. Your OTL log shows only 0.45% Space Free.

You have less then 5% of your drive free. This has likely messed up the Master File Table

Under that 15% free space is less than optimum.

Assuming your machine is not passed the point of no return you need to urgently uninstall any programs you nolonger use and remove any data you don't want or that can be backed up somewhere else.
  • 0

#15
SardonicWhisper
Posted 01 January 2010 - 09:18 PM

SardonicWhisper

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Okay I went into Safe Mode and cleared 10.8 GB of data :).

But what was eating my disk space? Was it the scanner using it to scan? Or was it the trojan it found? Am I safe to try running that scan again?

I also found a program in my files I didn't recognize called Admilli Service. I looked it up online and all I can find is info from Spyware sites calling it spyware. Should I delete it?

Edited by SardonicWhisper, 01 January 2010 - 09:22 PM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP