Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Unknown Virus - Part of Windows Not Working [Closed]


  • This topic is locked This topic is locked

#16
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

I didn't recognize called Admilli Service.


That's interesting, it is a bad one and should have been picked up by MBAM and ComboFix.

I did wondered whether we were missing something when we ran the LopR one but nothing showed.

Leave the Eset one for now and let's do this:

Firstly update and run Malwarebytes again.

Post the scan results back here.

Next

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any
"<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
  • Click NO
  • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
  • Now click the Scan button.
    Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in GMER.txt
  • Save it where you can easily find it, such as your desktop.
Post the contents of GMER.txt in your next reply.

So when you return please post
  • MBAM log
  • GMER.txt

  • 0

Advertisements


#17
SardonicWhisper

SardonicWhisper

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
So I ran GMER and it produced a HUGE list of stuff, but of course with my luck, my computer was frozen. I couldn't move the mouse, I couldn't do anything. I had to shut down and restart. I couldn't click to get the log, does it save it somewhere anyway or should I try running it again?

Here's MBAM... it found something this time!

-------------------------------------------------

Malwarebytes' Anti-Malware 1.43
Database version: 3474
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

1/1/2010 10:46:20 PM
mbam-log-2010-01-01 (22-46-20).txt

Scan type: Quick Scan
Objects scanned: 166793
Time elapsed: 5 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS2\system32\jgaw400.dll (Trojan.Hiloti) -> Quarantined and deleted successfully.
  • 0

#18
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
If you weren't able to do this

GMER will produce a log. Click on the [Save..] button

I don't think it will be there.

GMER is very good at finding rootkit infections so it is my preferred one.

Why don't we try running it again. Make sure any anti-malware programs or firewalls are disabled.

If it's a very big log it might be better to upload it here:

To attach a file, do the following:

* Click Add Reply
* Under the reply panel is the Attachments Editor
* Browse to find the attachment file you want to upload, highlight the file by clicking once on it, then click the green Upload button
* Once it has uploaded, click the Manage Current Attachments drop down box
* On the left you will see a icon like a letter with a little green cross on it. Please click on that and it should upload to the thread.

If you run in to trouble tell me and we will find an alternative.
  • 0

#19
SardonicWhisper

SardonicWhisper

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
So I ran it again, and the same thing happened but this time it found even less files, but my screen was frozen again. Then I tried running it a third time, this time it found no files at all, but my screen wasn't frozen, so I clicked the "OK" box on the pop-up saying it found nothing. After I clicked it, my screen froze again, or so I thought. All three times my screen wasn't frozen, but instead both my mouse and keyboard were somehow disabled. I can't move the mouse and I can't bring up the start menu with the Windows key. I thought that was because the screen was frozen, but then one of those Windows notification things popped up about cleaning unused icons or whatever. So apparently the screen isn't frozen, I just have no way of interacting with it until I restart.

And as I was typing this the following pop-up came up

"Windows - Delayed Write Fail

Windows was unable to save all the data for the file \WINDOWS2\system32\config\AppEvent.Evt. The data has been lost. This error may be caused by a failure of your computer hardware or network connection. Please try to save this file elsewhere."
  • 0

#20
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

Windows was unable to save all the data for the file \WINDOWS2\system32\config\AppEvent.Evt. The data has been lost. This error may be caused by a failure of your computer hardware or network connection.


May be related to the earlier problem of lack of space.

Let's leave GMER for now.

I think there may be some corrupted or missing system files and possibly other systemic problems..

An approach that may go a long way to fixing this is to update your Windows to SP3.

You will need to use Internet Explorer to download:

Again you may need to remove data or programs to allow room, then:

Please go to Windows updates

You may need to allow Microsoft to install an active x component to check your machine before it downloads. Let it do that.

Come back if you have any difficulties.

After that

  • Close all windows and open OTL again.
  • Click Run Scan and let the program run uninterrupted
  • It will produce a log for you. Post the log here.

Edited by emeraldnzl, 03 January 2010 - 03:28 PM.
spelling

  • 0

#21
SardonicWhisper

SardonicWhisper

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
OTL logfile created on: 1/3/2010 6:56:38 PM - Run 2
OTL by OldTimer - Version 3.1.19.0 Folder = C:\Documents and Settings\Axel\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 279.00 Mb Available Physical Memory | 55.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): c:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS2 | %ProgramFiles% = C:\Program Files
Drive C: | 69.50 Gb Total Space | 9.50 Gb Free Space | 13.66% Space Free | Partition Type: NTFS
Drive D: | 5.02 Gb Total Space | 1.18 Gb Free Space | 23.47% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
Drive F: | 467.06 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: AXEL2
Current User Name: Axel
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/12/29 21:23:32 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/12/29 21:23:32 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/12/23 11:44:31 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Axel\My Documents\Downloads\OTL.exe
PRC - [2009/12/02 09:17:44 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2008/04/13 19:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS2\system32\wscntfy.exe
PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS2\explorer.exe


========== Modules (SafeList) ==========

MOD - [2009/12/23 11:44:31 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Axel\My Documents\Downloads\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2009/12/29 21:23:32 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2008/04/13 19:12:11 | 00,006,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)


========== Driver Services (SafeList) ==========

DRV - [2008/04/13 13:45:29 | 00,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS2\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/04/13 11:39:15 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS2\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2004/08/04 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS2\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/03 22:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS2\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/08/03 17:41:36 | 00,606,684 | ---- | M] (LT) [Kernel | On_Demand | Running] -- C:\WINDOWS2\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2001/08/17 09:00:04 | 00,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS2\system32\drivers\msmpu401.sys -- (ms_mpu401)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS2\system32\blank.htm
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/17 23:43:56 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/29 21:19:41 | 00,000,000 | ---D | M]

[2009/12/17 23:44:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Axel\Application Data\Mozilla\Extensions
[2009/12/17 23:44:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Axel\Application Data\Mozilla\Firefox\Profiles\jq7b4q6u.default\extensions
[2010/01/01 17:34:56 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2006/08/07 18:18:03 | 00,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2005/04/27 15:10:49 | 00,102,400 | ---- | M] (RealNetworks) -- C:\Program Files\Mozilla Firefox\plugins\npracplug.dll

O1 HOSTS File: (27 bytes) - C:\WINDOWS2\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS2\ime\IMKR6_1\imekrmig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS2\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS2\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS2\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS2\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - Startup: C:\Documents and Settings\Axel\Start Menu\Programs\StartUp\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1262559911921 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.245.130 167.206.245.129
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS2\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/12/17 23:27:28 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 06:07:38 | 00,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/08/04 07:00:00 | 00,000,110 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{521e6042-eb5a-11de-b79f-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{521e6042-eb5a-11de-b79f-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{521e6042-eb5a-11de-b79f-806d6172696f}\Shell\AutoRun\command - "" = F:\SETUP.EXE -- [2004/08/04 07:00:00 | 01,314,816 | R--- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/01/03 18:51:13 | 00,000,000 | --SD | C] -- C:\Documents and Settings\Axel\Temporary Internet Files
[2010/01/03 18:51:13 | 00,000,000 | --SD | C] -- C:\Documents and Settings\Axel\History
[2010/01/03 18:51:13 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Axel\My Documents\My Pictures
[2010/01/03 18:50:29 | 00,000,000 | ---D | C] -- C:\WINDOWS2\Prefetch
[2010/01/03 18:26:30 | 00,000,000 | ---D | C] -- C:\WINDOWS2\LastGood.Tmp
[2010/01/03 18:22:48 | 00,000,000 | ---D | C] -- C:\WINDOWS2\System32\en-us
[2010/01/03 18:22:47 | 00,000,000 | ---D | C] -- C:\WINDOWS2\System32\scripting
[2010/01/03 18:22:47 | 00,000,000 | ---D | C] -- C:\WINDOWS2\l2schemas
[2010/01/03 18:22:46 | 00,000,000 | ---D | C] -- C:\WINDOWS2\System32\en
[2010/01/03 18:22:46 | 00,000,000 | ---D | C] -- C:\WINDOWS2\System32\bits
[2010/01/03 18:17:11 | 00,000,000 | ---D | C] -- C:\WINDOWS2\network diagnostic
[2010/01/03 18:16:06 | 00,000,000 | ---D | C] -- C:\WINDOWS2\System32\ReinstallBackups
[2010/01/03 18:12:40 | 00,000,000 | -H-D | C] -- C:\WINDOWS2\$NtServicePackUninstall$
[2010/01/03 18:12:38 | 00,000,000 | ---D | C] -- C:\WINDOWS2\EHome
[2010/01/03 18:09:52 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users.WINDOWS2\Documents\My Music
[2010/01/03 18:04:44 | 00,000,000 | --SD | C] -- C:\Documents and Settings\Axel\UserData
[2010/01/01 21:42:28 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2010/01/01 19:26:41 | 00,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/01/01 18:46:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS2\Application Data\Office Genuine Advantage
[2010/01/01 18:46:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS2\Application Data\Windows Genuine Advantage
[2010/01/01 18:22:14 | 00,000,000 | ---D | C] -- C:\Lop SD
[2009/12/29 21:25:23 | 00,000,000 | ---D | C] -- C:\WINDOWS2\Sun
[2009/12/29 21:24:20 | 00,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS2\System32\javacpl.cpl
[2009/12/29 21:24:17 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS2\System32\javaws.exe
[2009/12/29 21:24:17 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS2\System32\javaw.exe
[2009/12/29 21:24:17 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS2\System32\java.exe
[2009/12/29 21:19:41 | 00,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS2\System32\deploytk.dll
[2009/12/29 21:13:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS2\Application Data\McAfee
[2009/12/29 21:13:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Axel\Application Data\Sun
[2009/12/29 16:54:53 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/12/29 16:53:52 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS2\SWXCACLS.exe
[2009/12/29 16:53:52 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS2\SWREG.exe
[2009/12/29 16:53:52 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS2\SWSC.exe
[2009/12/29 16:53:52 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS2\NIRCMD.exe
[2009/12/29 16:52:57 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/12/23 19:21:38 | 01,850,432 | ---- | C] (Electronic Arts) -- C:\Documents and Settings\Axel\Desktop\Sims2Launcher.exe
[2009/12/23 11:28:58 | 00,000,000 | ---D | C] -- C:\WINDOWS2\Minidump
[2009/12/23 02:21:12 | 00,000,000 | ---D | C] -- C:\WINDOWS2\ERDNT
[2009/12/23 00:26:25 | 01,060,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\MFC71.dll
[2009/12/23 00:26:25 | 00,499,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\MSVCP71.dll
[2009/12/23 00:26:25 | 00,348,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\MSVCR71.dll
[2009/12/23 00:03:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Axel\Application Data\Malwarebytes
[2009/12/23 00:03:23 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS2\System32\drivers\mbamswissarmy.sys
[2009/12/23 00:02:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS2\Application Data\Malwarebytes
[2009/12/23 00:02:34 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS2\System32\drivers\mbam.sys
[2009/12/22 23:45:03 | 00,000,000 | ---D | C] -- C:\WINDOWS2\ERUNTSTUFF
[2009/12/21 01:32:40 | 00,000,000 | ---D | C] -- C:\WINDOWS2\ServicePackFiles
[2009/12/19 20:57:24 | 00,084,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\avifil32.dll
[2009/12/19 20:57:21 | 00,253,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\es.dll
[2009/12/19 20:57:15 | 00,989,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\kernel32.dll
[2009/12/19 20:57:15 | 00,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\secur32.dll
[2009/12/19 20:57:10 | 00,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\t2embed.dll
[2009/12/19 20:57:10 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\fontsub.dll
[2009/12/19 20:57:05 | 00,149,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\rastls.dll
[2009/12/19 20:57:05 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\raschap.dll
[2009/12/19 20:54:40 | 01,001,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\wmvdmoe2.dll
[2009/12/19 20:54:40 | 00,897,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\wmspdmoe.dll
[2009/12/19 20:54:40 | 00,809,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\wmvdmod.dll
[2009/12/19 20:54:40 | 00,303,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\wmstream.dll
[2009/12/19 20:54:40 | 00,278,559 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\wmv8ds32.ax
[2009/12/19 20:54:40 | 00,258,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\wmvds32.ax
[2009/12/19 20:54:39 | 01,119,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\wmsdmoe2.dll
[2009/12/19 20:54:39 | 00,759,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\wmsdmod.dll
[2009/12/19 20:54:39 | 00,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\wmpns.dll
[2009/12/19 20:54:39 | 00,115,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\wmsdmoe.dll
[2009/12/19 20:54:39 | 00,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\wmpshell.dll
[2009/12/19 20:54:39 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\wmpui.dll
[2009/12/19 20:54:38 | 02,940,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\wmploc.dll
[2009/12/19 20:54:38 | 00,276,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\wmphoto.dll
[2009/12/19 20:54:38 | 00,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\wmpband.dll
[2009/12/19 20:54:38 | 00,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\wmplayer.exe
[2009/12/19 20:54:38 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\wmpcore.dll
[2009/12/19 20:54:38 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\wmpcd.dll
[2009/12/19 20:54:36 | 00,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\wmpasf.dll
[2009/12/19 20:54:36 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\wmp.ocx
[2009/12/19 20:54:27 | 00,151,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\wmidx.dll
[2009/12/19 20:54:26 | 00,670,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\wmadmoe.dll
[2009/12/19 20:54:26 | 00,408,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\wmadmod.dll
[2009/12/19 20:54:26 | 00,230,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\wmasf.dll
[2009/12/19 20:54:26 | 00,168,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\wmerror.dll
[2009/12/19 20:54:26 | 00,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\wmdmlog.dll
[2009/12/19 20:54:26 | 00,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\wmdmps.dll
[2009/12/19 20:54:25 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\wlanapi.dll
[2009/12/19 20:54:18 | 00,712,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\windowscodecs.dll
[2009/12/19 20:54:18 | 00,346,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\windowscodecsext.dll
[2009/12/19 20:54:15 | 00,025,471 | ---- | C] (Intel® Corporation) -- C:\WINDOWS2\System32\drivers\watv10nt.sys
[2009/12/19 20:54:15 | 00,022,271 | ---- | C] (Intel® Corporation) -- C:\WINDOWS2\System32\drivers\watv06nt.sys
[2009/12/19 20:54:14 | 00,011,935 | ---- | C] (Intel® Corporation) -- C:\WINDOWS2\System32\drivers\wadv11nt.sys
[2009/12/19 20:54:14 | 00,011,871 | ---- | C] (Intel® Corporation) -- C:\WINDOWS2\System32\drivers\wadv09nt.sys
[2009/12/19 20:54:14 | 00,011,807 | ---- | C] (Intel® Corporation) -- C:\WINDOWS2\System32\drivers\wadv07nt.sys
[2009/12/19 20:54:14 | 00,011,295 | ---- | C] (Intel® Corporation) -- C:\WINDOWS2\System32\drivers\wadv08nt.sys
[2009/12/19 20:54:08 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\vidcap.ax
[2009/12/19 20:54:07 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\verclsid.exe
[2009/12/19 20:54:07 | 00,011,325 | ---- | C] (Intel® Corporation) -- C:\WINDOWS2\System32\drivers\vchnt5.dll
[2009/12/19 20:54:04 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\drivers\usb8023x.sys
[2009/12/19 20:53:54 | 00,208,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\unregmp2.exe
[2009/12/19 20:53:50 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\tsgqec.dll
[2009/12/19 20:53:39 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\spupdwxp.exe
[2009/12/19 20:53:35 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\spdwnwxp.exe
[2009/12/19 20:53:32 | 00,086,016 | ---- | C] (Sipro Lab Telecom Inc.) -- C:\WINDOWS2\System32\dllcache\sl_anet.acm
[2009/12/19 20:53:32 | 00,073,796 | ---- | C] (Smart Link) -- C:\WINDOWS2\System32\slserv.exe
[2009/12/19 20:53:32 | 00,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS2\System32\slrundll.exe
[2009/12/19 20:53:32 | 00,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS2\slrundll.exe
[2009/12/19 20:53:32 | 00,013,240 | ---- | C] (Smart Link) -- C:\WINDOWS2\System32\drivers\slwdmsup.sys
[2009/12/19 20:53:32 | 00,005,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\drivers\smbali.sys
[2009/12/19 20:53:31 | 00,404,990 | ---- | C] (Smart Link) -- C:\WINDOWS2\System32\drivers\slntamr.sys
[2009/12/19 20:53:31 | 00,286,792 | ---- | C] (Smart Link) -- C:\WINDOWS2\System32\slextspk.dll
[2009/12/19 20:53:31 | 00,188,508 | ---- | C] (Smart Link) -- C:\WINDOWS2\System32\slgen.dll
[2009/12/19 20:53:31 | 00,129,535 | ---- | C] (Smart Link) -- C:\WINDOWS2\System32\drivers\slnt7554.sys
[2009/12/19 20:53:31 | 00,095,424 | ---- | C] (Smart Link) -- C:\WINDOWS2\System32\drivers\slnthal.sys
[2009/12/19 20:53:31 | 00,073,832 | ---- | C] (Smart Link) -- C:\WINDOWS2\System32\slcoinst.dll
[2009/12/19 20:53:30 | 00,003,901 | ---- | C] (Intel® Corporation) -- C:\WINDOWS2\System32\drivers\siint5.dll
[2009/12/19 20:53:29 | 00,152,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\shmedia.dll
[2009/12/19 20:53:23 | 00,774,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\setup_wm.exe
[2009/12/19 20:53:23 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\setupn.exe
[2009/12/19 20:53:20 | 00,166,912 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS2\System32\drivers\s3gnbm.sys
[2009/12/19 20:53:19 | 00,397,056 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS2\System32\s3gnb.dll
[2009/12/19 20:53:18 | 00,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\rhttpaa.dll
[2009/12/19 20:53:18 | 00,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\drivers\rndismpx.sys
[2009/12/19 20:53:17 | 00,013,776 | ---- | C] (Smart Link) -- C:\WINDOWS2\System32\drivers\recagent.sys
[2009/12/19 20:53:16 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\rasqec.dll
[2009/12/19 20:53:14 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\qutil.dll
[2009/12/19 20:53:12 | 00,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\qagent.dll
[2009/12/19 20:53:12 | 00,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\qcliprov.dll
[2009/12/19 20:53:09 | 00,412,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\photometadatahandler.dll
[2009/12/19 20:53:04 | 00,144,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\onex.dll
[2009/12/19 20:52:59 | 01,897,408 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS2\System32\drivers\nv4_mini.sys
[2009/12/19 20:52:58 | 04,274,816 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS2\System32\nv4_disp.dll
[2009/12/19 20:52:56 | 00,180,360 | ---- | C] (Smart Link) -- C:\WINDOWS2\System32\drivers\ntmtlfax.sys
[2009/12/19 20:52:51 | 00,364,544 | ---- | C] (Microsoft Corporation (written by Digital Renaissance Inc.)) -- C:\WINDOWS2\System32\dllcache\npdsplay.dll
[2009/12/19 20:52:51 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\npwmsdrm.dll
[2009/12/19 20:52:50 | 00,226,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\npdrmv2.dll
[2009/12/19 20:52:47 | 00,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\napmontr.dll
[2009/12/19 20:52:47 | 00,176,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\napstat.exe
[2009/12/19 20:52:47 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\napipsec.dll
[2009/12/19 20:52:46 | 00,452,736 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS2\System32\drivers\mtxparhm.sys
[2009/12/19 20:52:46 | 00,012,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\drivers\mutohpen.sys
[2009/12/19 20:52:45 | 01,737,856 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS2\System32\mtxparhd.dll
[2009/12/19 20:52:44 | 01,372,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\msxml6.dll
[2009/12/19 20:52:44 | 01,309,184 | ---- | C] (Smart Link) -- C:\WINDOWS2\System32\drivers\mtlstrm.sys
[2009/12/19 20:52:44 | 00,126,686 | ---- | C] (Smart Link) -- C:\WINDOWS2\System32\drivers\mtlmnt5.sys
[2009/12/19 20:52:44 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\msxml6r.dll
[2009/12/19 20:52:44 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\msxml6r.dll
[2009/12/19 20:52:42 | 00,245,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\mswmdm.dll
[2009/12/19 20:52:40 | 00,356,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\msscp.dll
[2009/12/19 20:52:40 | 00,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\mssha.dll
[2009/12/19 20:52:40 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\msshavmsg.dll
[2009/12/19 20:52:40 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\msscds32.ax
[2009/12/19 20:52:39 | 00,201,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\mspmsp.dll
[2009/12/19 20:52:39 | 00,052,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\mspmsnsv.dll
[2009/12/19 20:52:34 | 00,259,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\msnetobj.dll
[2009/12/19 20:52:20 | 00,294,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\msaud32.acm
[2009/12/19 20:52:20 | 00,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\msadds32.ax
[2009/12/19 20:52:19 | 00,368,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\mpvis.dll
[2009/12/19 20:52:18 | 00,262,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\mpg4ds32.ax
[2009/12/19 20:52:18 | 00,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\mplay32.exe
[2009/12/19 20:52:18 | 00,004,639 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\mplayer2.exe
[2009/12/19 20:52:17 | 00,384,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\mp4sdmod.dll
[2009/12/19 20:52:17 | 00,310,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\mp43dmod.dll
[2009/12/19 20:52:17 | 00,240,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\mpg4dmod.dll
[2009/12/19 20:52:14 | 00,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\mmcex.dll
[2009/12/19 20:52:14 | 00,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\mmcfxcommon.dll
[2009/12/19 20:52:14 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\mmcperf.exe
[2009/12/19 20:52:13 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\microsoft.managementconsole.dll
[2009/12/19 20:52:12 | 00,786,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\migrate.exe
[2009/12/19 20:52:10 | 00,086,016 | ---- | C] (Conexant) -- C:\WINDOWS2\System32\mdmxsdk.dll
[2009/12/19 20:52:10 | 00,011,868 | ---- | C] (Conexant) -- C:\WINDOWS2\System32\drivers\mdmxsdk.sys
[2009/12/19 20:52:03 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\laprxy.dll
[2009/12/19 20:51:46 | 00,290,816 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\WINDOWS2\System32\dllcache\l3codeca.acm
[2009/12/19 20:51:46 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\l2gpstore.dll
[2009/12/19 20:51:44 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\kbdpash.dll
[2009/12/19 20:51:44 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\kbdnepr.dll
[2009/12/19 20:51:44 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\kbdiultn.dll
[2009/12/19 20:51:44 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\kbdbhc.dll
[2009/12/19 20:51:28 | 01,041,536 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS2\System32\drivers\hsfdpsp2.sys
[2009/12/19 20:51:28 | 00,685,056 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS2\System32\drivers\hsfcxts2.sys
[2009/12/19 20:51:28 | 00,220,032 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS2\System32\drivers\hsfbs2s2.sys
[2009/12/19 20:51:28 | 00,032,285 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS2\System32\hsfcisp2.dll
[2009/12/19 20:51:26 | 00,144,384 | ---- | C] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS2\System32\drivers\hdaudbus.sys
[2009/12/19 20:51:26 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\hccoin.dll
[2009/12/19 20:51:19 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\faxpatch.exe
[2009/12/19 20:51:16 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\eapphost.dll
[2009/12/19 20:51:16 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\eappcfg.dll
[2009/12/19 20:51:16 | 00,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\eappgnui.dll
[2009/12/19 20:51:16 | 00,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\eapqec.dll
[2009/12/19 20:51:16 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\eappprxy.dll
[2009/12/19 20:51:15 | 00,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\eapp3hst.dll
[2009/12/19 20:51:15 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\eapolqec.dll
[2009/12/19 20:51:11 | 00,695,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\drmv2clt.dll
[2009/12/19 20:51:11 | 00,299,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\drmclien.dll
[2009/12/19 20:51:11 | 00,087,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\drmstor.dll
[2009/12/19 20:51:09 | 00,650,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dot3ui.dll
[2009/12/19 20:51:08 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dot3cfg.dll
[2009/12/19 20:51:08 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dot3msm.dll
[2009/12/19 20:51:08 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dot3gpclnt.dll
[2009/12/19 20:51:08 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dot3api.dll
[2009/12/19 20:51:08 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dot3dlg.dll
[2009/12/19 20:51:07 | 00,294,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\dlimport.exe
[2009/12/19 20:51:06 | 00,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dhcpqec.dll
[2009/12/19 20:51:06 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dimsroam.dll
[2009/12/19 20:51:01 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\custsat.dll
[2009/12/19 20:50:53 | 00,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\cewmdm.dll
[2009/12/19 20:50:53 | 00,015,423 | ---- | C] (Intel® Corporation) -- C:\WINDOWS2\System32\drivers\ch7xxnt5.dll
[2009/12/19 20:50:50 | 00,036,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\drivers\bthprint.sys
[2009/12/19 20:50:49 | 00,286,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\blackbox.dll
[2009/12/19 20:50:49 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\bitsprx4.dll
[2009/12/19 20:50:48 | 00,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\azroles.dll
[2009/12/19 20:50:48 | 00,025,471 | ---- | C] (Intel® Corporation) -- C:\WINDOWS2\System32\drivers\atv04nt5.dll
[2009/12/19 20:50:48 | 00,021,183 | ---- | C] (Intel® Corporation) -- C:\WINDOWS2\System32\drivers\atv01nt5.dll
[2009/12/19 20:50:48 | 00,017,279 | ---- | C] (Intel® Corporation) -- C:\WINDOWS2\System32\drivers\atv10nt5.dll
[2009/12/19 20:50:48 | 00,014,143 | ---- | C] (Intel® Corporation) -- C:\WINDOWS2\System32\drivers\atv06nt5.dll
[2009/12/19 20:50:48 | 00,011,359 | ---- | C] (Intel® Corporation) -- C:\WINDOWS2\System32\drivers\atv02nt5.dll
[2009/12/19 20:50:47 | 00,516,768 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS2\System32\ativvaxx.dll
[2009/12/19 20:50:47 | 00,032,768 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS2\System32\ativtmxx.dll
[2009/12/19 20:50:47 | 00,023,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS2\System32\ativmvxx.ax
[2009/12/19 20:50:46 | 00,073,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS2\System32\drivers\atintuxx.sys
[2009/12/19 20:50:46 | 00,063,488 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS2\System32\drivers\atinxsxx.sys
[2009/12/19 20:50:46 | 00,031,744 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS2\System32\drivers\atinxbxx.sys
[2009/12/19 20:50:46 | 00,028,672 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS2\System32\drivers\atinsnxx.sys
[2009/12/19 20:50:46 | 00,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS2\System32\drivers\atinttxx.sys
[2009/12/19 20:50:46 | 00,009,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS2\System32\ativdaxx.ax
[2009/12/19 20:50:45 | 01,888,992 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS2\System32\ati3duag.dll
[2009/12/19 20:50:45 | 00,104,960 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS2\System32\drivers\atinrvxx.sys
[2009/12/19 20:50:45 | 00,057,856 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS2\System32\drivers\atinbtxx.sys
[2009/12/19 20:50:45 | 00,052,224 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS2\System32\drivers\atinraxx.sys
[2009/12/19 20:50:45 | 00,014,336 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS2\System32\drivers\atinpdxx.sys
[2009/12/19 20:50:45 | 00,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS2\System32\drivers\atinmdxx.sys
[2009/12/19 20:50:44 | 00,870,784 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS2\System32\ati3d1ag.dll
[2009/12/19 20:50:44 | 00,701,440 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS2\System32\drivers\ati2mtag.sys
[2009/12/19 20:50:44 | 00,377,984 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS2\System32\ati2dvaa.dll
[2009/12/19 20:50:44 | 00,327,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS2\System32\drivers\ati2mtaa.sys
[2009/12/19 20:50:44 | 00,229,376 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS2\System32\ati2cqag.dll
[2009/12/19 20:50:44 | 00,201,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS2\System32\ati2dvag.dll
[2009/12/19 20:50:44 | 00,036,463 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS2\System32\drivers\ati1tuxx.sys
[2009/12/19 20:50:44 | 00,034,735 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS2\System32\drivers\ati1xsxx.sys
[2009/12/19 20:50:44 | 00,029,455 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS2\System32\drivers\ati1xbxx.sys
[2009/12/19 20:50:44 | 00,021,343 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS2\System32\drivers\ati1ttxx.sys
[2009/12/19 20:50:43 | 00,063,663 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS2\System32\drivers\ati1rvxx.sys
[2009/12/19 20:50:43 | 00,056,623 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS2\System32\drivers\ati1btxx.sys
[2009/12/19 20:50:43 | 00,030,671 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS2\System32\drivers\ati1raxx.sys
[2009/12/19 20:50:43 | 00,026,367 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS2\System32\drivers\ati1snxx.sys
[2009/12/19 20:50:43 | 00,012,047 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS2\System32\drivers\ati1pdxx.sys
[2009/12/19 20:50:43 | 00,011,615 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS2\System32\drivers\ati1mdxx.sys
[2009/12/19 20:50:40 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\asferror.dll
[2009/12/19 20:50:35 | 00,004,255 | ---- | C] (Intel® Corporation) -- C:\WINDOWS2\System32\drivers\adv01nt5.dll
[2009/12/19 20:50:35 | 00,003,967 | ---- | C] (Intel® Corporation) -- C:\WINDOWS2\System32\drivers\adv02nt5.dll
[2009/12/19 20:50:35 | 00,003,775 | ---- | C] (Intel® Corporation) -- C:\WINDOWS2\System32\drivers\adv11nt5.dll
[2009/12/19 20:50:35 | 00,003,711 | ---- | C] (Intel® Corporation) -- C:\WINDOWS2\System32\drivers\adv09nt5.dll
[2009/12/19 20:50:35 | 00,003,647 | ---- | C] (Intel® Corporation) -- C:\WINDOWS2\System32\drivers\adv07nt5.dll
[2009/12/19 20:50:35 | 00,003,615 | ---- | C] (Intel® Corporation) -- C:\WINDOWS2\System32\drivers\adv05nt5.dll
[2009/12/19 20:50:35 | 00,003,135 | ---- | C] (Intel® Corporation) -- C:\WINDOWS2\System32\drivers\adv08nt5.dll
[2009/12/19 20:50:33 | 00,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\aaclient.dll
[2009/12/19 20:50:24 | 02,189,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\ntoskrnl.exe
[2009/12/19 20:50:23 | 02,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\ntkrpamp.exe
[2009/12/19 20:50:22 | 02,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\ntkrnlpa.exe
[2009/12/19 20:50:21 | 02,145,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\ntkrnlmp.exe
[2009/12/19 20:50:20 | 00,730,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\lsasrv.dll
[2009/12/19 20:50:08 | 00,345,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\localspl.dll
[2009/12/19 20:49:59 | 00,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\wmpdxm.dll
[2009/12/19 20:49:57 | 04,874,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\wmp.dll
[2009/12/19 20:49:48 | 00,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\msasn1.dll
[2009/12/19 20:49:45 | 00,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\atl.dll
[2009/12/19 20:49:43 | 00,455,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\mrxsmb.sys
[2009/12/19 20:49:40 | 00,331,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\msadce.dll
[2009/12/19 20:49:37 | 00,691,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\inetcomm.dll
[2009/12/19 20:49:32 | 00,361,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\tcpip.sys
[2009/12/19 20:49:32 | 00,245,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\mswsock.dll
[2009/12/19 20:49:32 | 00,225,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\tcpip6.sys
[2009/12/19 20:49:32 | 00,147,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\dnsapi.dll
[2009/12/19 20:49:32 | 00,138,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\afd.sys
[2009/12/19 20:49:28 | 00,585,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\rpcrt4.dll
[2009/12/19 20:48:46 | 00,204,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\mswebdvd.dll
[2009/12/19 20:48:42 | 01,172,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\msxml3.dll
[2009/12/19 20:48:39 | 00,689,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\xpsp3res.dll
[2009/12/19 20:48:34 | 01,850,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\win32k.sys
[2009/12/19 20:48:11 | 00,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\mscms.dll
[2009/12/19 20:48:06 | 00,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\telnet.exe
[2009/12/19 20:48:05 | 00,485,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\wmspdmod.dll
[2009/12/19 20:48:00 | 01,435,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\query.dll
[2009/12/19 20:47:41 | 00,132,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\wkssvc.dll
[2009/12/19 20:47:38 | 00,147,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\schannel.dll
[2009/12/19 20:47:33 | 00,247,326 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\strmdll.dll
[2009/12/19 20:47:27 | 02,109,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\wmvcore.dll
[2009/12/19 20:47:26 | 01,053,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\wmnetmgr.dll
[2009/12/19 20:47:25 | 00,103,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\logagent.exe
[2009/12/19 20:47:09 | 00,956,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\msdtctm.dll
[2009/12/19 20:47:09 | 00,428,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\msdtcprx.dll
[2009/12/19 20:47:09 | 00,161,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\msdtcuiu.dll
[2009/12/19 20:47:09 | 00,091,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\mtxoci.dll
[2009/12/19 20:47:09 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\mtxclu.dll
[2009/12/19 20:47:09 | 00,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\msdtclog.dll
[2009/12/19 20:47:01 | 00,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\rmcast.sys
[2009/12/19 20:46:59 | 00,333,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\srv.sys
[2009/12/19 20:46:38 | 08,461,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\shell32.dll
[2009/12/19 20:46:15 | 00,270,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\oakley.dll
[2009/12/19 20:46:03 | 00,655,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\mstscax.dll
[2009/12/19 20:45:59 | 00,354,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\winhttp.dll
[2009/12/19 20:45:53 | 00,286,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\gdi32.dll
[2009/12/19 20:45:43 | 00,301,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\kerberos.dll
[2009/12/19 20:45:43 | 00,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\msv1_0.dll
[2009/12/19 20:45:43 | 00,092,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\ksecdd.sys
[2009/12/19 20:45:43 | 00,054,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\wdigest.dll
[2009/12/19 20:17:00 | 00,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\bthport.sys
[2009/12/19 20:16:23 | 00,667,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\wininet.dll
[2009/12/19 20:16:23 | 00,627,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\urlmon.dll
[2009/12/19 20:16:22 | 01,509,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\shdocvw.dll
[2009/12/19 20:16:21 | 03,070,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\mshtml.dll
[2009/12/19 20:16:12 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\tdc.ocx
[2009/12/19 20:16:09 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\ieencode.dll
[2009/12/19 20:15:52 | 00,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\netapi32.dll
[2009/12/18 19:10:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Axel\Application Data\WinRAR
[2009/12/18 18:29:57 | 00,020,992 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS2\System32\drivers\RTL8139.sys
[2009/12/18 18:21:32 | 00,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\tintlgnt.ime
[2009/12/18 18:21:32 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\cintlgnt.ime
[2009/12/18 18:21:27 | 00,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\pintlgnt.ime
[2009/12/18 18:20:55 | 00,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS2\System32\spxcoins.dll
[2009/12/18 18:20:55 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\irclass.dll
[2009/12/18 15:17:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Axel\Application Data\Lavasoft
[2009/12/18 14:59:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Axel\My Documents\EA Games
[2009/12/18 14:57:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Axel\Desktop\Mijana
[2009/12/18 03:43:54 | 00,000,000 | ---D | C] -- C:\Program Files\EA GAMES
[2009/12/18 03:00:40 | 00,000,000 | -H-D | C] -- C:\WINDOWS2\$MSI31Uninstall_KB893803v2$
[2009/12/18 03:00:20 | 00,000,000 | ---D | C] -- C:\WINDOWS2\System32\PreInstall
[2009/12/18 03:00:19 | 00,026,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\spupdsvc.exe
[2009/12/18 03:00:19 | 00,017,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\spmsg.dll
[2009/12/18 03:00:17 | 00,000,000 | -H-D | C] -- C:\WINDOWS2\$hf_mig$
[2009/12/18 00:51:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Axel\Application Data\Macromedia
[2009/12/18 00:51:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Axel\Application Data\Adobe
[2009/12/17 23:48:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Axel\My Documents\Downloads
[2009/12/17 23:43:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Axel\Local Settings\Application Data\Mozilla
[2009/12/17 23:43:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Axel\Application Data\Mozilla
[2009/12/17 23:42:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Axel\My Documents\Set-up Files
[2009/12/17 23:41:11 | 00,000,000 | ---D | C] -- C:\WINDOWS2\System32\SoftwareDistribution
[2009/12/17 23:38:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Axel\Application Data\Identities
[2009/12/17 23:38:01 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Axel\My Documents\My Music
[2009/12/17 23:37:55 | 00,000,000 | --SD | C] -- C:\Documents and Settings\Axel\Application Data\Microsoft
[2009/12/17 23:37:55 | 00,000,000 | --SD | C] -- C:\Documents and Settings\Axel\Cookies
[2009/12/17 23:37:55 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Axel\SendTo
[2009/12/17 23:37:55 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Axel\Recent
[2009/12/17 23:37:55 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Axel\Application Data
[2009/12/17 23:37:55 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Axel\Start Menu
[2009/12/17 23:37:55 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Axel\My Documents
[2009/12/17 23:37:55 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Axel\Favorites
[2009/12/17 23:37:55 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Axel\Templates
[2009/12/17 23:37:55 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Axel\PrintHood
[2009/12/17 23:37:55 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Axel\NetHood
[2009/12/17 23:37:55 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Axel\Local Settings
[2009/12/17 23:37:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Axel\Local Settings\Application Data\Microsoft
[2009/12/17 23:37:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Axel\Desktop
[2009/12/17 23:33:07 | 00,000,000 | ---D | C] -- C:\WINDOWS2\SoftwareDistribution
[2009/12/17 23:33:05 | 00,000,000 | --SD | C] -- C:\WINDOWS2\System32\Microsoft
[2009/12/17 23:27:44 | 00,000,000 | ---D | C] -- C:\WINDOWS2\System32\xircom
[2009/12/17 23:26:58 | 00,112,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\mapi32.dll
[2009/12/17 23:25:51 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\All Users.WINDOWS2\DRM
[2009/12/17 23:25:34 | 00,000,000 | --SD | C] -- C:\WINDOWS2\Downloaded Program Files
[2009/12/17 23:25:34 | 00,000,000 | R--D | C] -- C:\WINDOWS2\Offline Web Pages
[2009/12/17 23:25:14 | 00,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2009/12/17 23:24:46 | 00,000,000 | ---D | C] -- C:\WINDOWS2\System32\DirectX
[2009/12/17 23:24:25 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\atrace.dll
[2009/12/17 23:24:14 | 00,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\acctres.dll
[2009/12/17 23:24:14 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\nmevtmsg.dll
[2009/12/17 23:24:13 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\icfgnt5.dll
[2009/12/17 23:24:13 | 00,000,000 | --SD | C] -- C:\WINDOWS2\Tasks
[2009/12/17 23:24:09 | 00,000,000 | ---D | C] -- C:\WINDOWS2\srchasst
[2009/12/17 23:24:07 | 00,000,000 | ---D | C] -- C:\WINDOWS2\System32\Macromed
[2009/12/17 23:24:03 | 01,929,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\wuaueng.dll
[2009/12/17 23:24:03 | 00,327,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\wucltui.dll
[2009/12/17 23:24:03 | 00,327,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\wucltui.dll
[2009/12/17 23:24:03 | 00,209,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\wuweb.dll
[2009/12/17 23:24:03 | 00,183,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\wuaueng1.dll
[2009/12/17 23:24:03 | 00,035,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\wups.dll
[2009/12/17 23:24:03 | 00,035,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\wups.dll
[2009/12/17 23:24:02 | 00,575,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\wuapi.dll
[2009/12/17 23:24:02 | 00,575,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\wuapi.dll
[2009/12/17 23:24:02 | 00,217,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\wuaucpl.cpl
[2009/12/17 23:24:02 | 00,165,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\wuauclt1.exe
[2009/12/17 23:24:02 | 00,053,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\wuauclt.exe
[2009/12/17 23:24:02 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\qmgrprxy.dll
[2009/12/17 23:24:02 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\bitsprx2.dll
[2009/12/17 23:24:02 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\bitsprx3.dll
[2009/12/17 23:23:54 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\safrslv.dll
[2009/12/17 23:23:54 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\safrcdlg.dll
[2009/12/17 23:23:54 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\racpldlg.dll
[2009/12/17 23:23:54 | 00,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\safrdm.dll
[2009/12/17 23:23:50 | 00,239,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\srrstr.dll
[2009/12/17 23:23:50 | 00,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\fltmc.exe
[2009/12/17 23:23:50 | 00,000,000 | ---D | C] -- C:\WINDOWS2\System32\Restore
[2009/12/17 23:23:49 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\ils.dll
[2009/12/17 23:23:49 | 00,034,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\mnmdd.dll
[2009/12/17 23:23:49 | 00,032,768 | ---- | C] (Intel Corporation) -- C:\WINDOWS2\System32\isrdbg32.dll
[2009/12/17 23:23:49 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\nmmkcert.dll
[2009/12/17 23:23:48 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\msconf.dll
[2009/12/17 23:23:44 | 00,252,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\msoeacct.dll
[2009/12/17 23:23:44 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\msoert2.dll
[2009/12/17 23:23:42 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\inetres.dll
[2009/12/17 23:23:40 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\mstinit.exe
[2009/12/17 23:23:38 | 00,274,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\inetcfg.dll
[2009/12/17 23:23:38 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\isign32.dll
[2009/12/17 23:23:38 | 00,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\icwdial.dll
[2009/12/17 23:23:38 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\icwphbk.dll
[2009/12/17 23:23:17 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users.WINDOWS2\Documents\My Pictures
[2009/12/17 23:23:00 | 00,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2009/12/17 23:22:50 | 00,000,000 | ---D | C] -- C:\WINDOWS2\Registration
[2009/12/17 23:21:54 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\write.exe
[2009/12/17 23:21:47 | 00,138,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\sndvol32.exe
[2009/12/17 23:21:46 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\avtapi.dll
[2009/12/17 23:21:46 | 00,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\avwav.dll
[2009/12/17 23:21:46 | 00,044,544 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS2\System32\hticons.dll
[2009/12/17 23:21:46 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\winchat.exe
[2009/12/17 23:21:46 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\avmeter.dll
[2009/12/17 23:21:40 | 00,605,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\getuname.dll
[2009/12/17 23:21:40 | 00,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\calc.exe
[2009/12/17 23:21:40 | 00,080,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\charmap.exe
[2009/12/17 23:21:39 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\mshearts.exe
[2009/12/17 23:21:39 | 00,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\winmine.exe
[2009/12/17 23:21:39 | 00,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\sol.exe
[2009/12/17 23:21:39 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\freecell.exe
[2009/12/17 23:21:39 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\reset.exe
[2009/12/17 23:21:38 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\regini.exe
[2009/12/17 23:21:38 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\qwinsta.exe
[2009/12/17 23:21:38 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\msg.exe
[2009/12/17 23:21:38 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\tsshutdn.exe
[2009/12/17 23:21:38 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\qappsrv.exe
[2009/12/17 23:21:38 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\tskill.exe
[2009/12/17 23:21:38 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\rwinsta.exe
[2009/12/17 23:21:38 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\logoff.exe
[2009/12/17 23:21:38 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\tsdiscon.exe
[2009/12/17 23:21:38 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\tscon.exe
[2009/12/17 23:21:38 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\shadow.exe
[2009/12/17 23:21:38 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\rdpcfgex.dll
[2009/12/17 23:21:37 | 00,034,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\mtxlegih.dll
[2009/12/17 23:21:37 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\cdmodem.dll
[2009/12/17 23:21:37 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dcomcnfg.exe
[2009/12/17 23:21:37 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\mtxex.dll
[2009/12/17 23:21:36 | 00,167,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\comsnap.dll
[2009/12/17 23:21:36 | 00,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\comrepl.dll
[2009/12/17 23:21:36 | 00,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\stclient.dll
[2009/12/17 23:21:36 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\mtxdm.dll
[2009/12/17 23:21:36 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\comaddin.dll
[2009/12/17 23:21:30 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\accwiz.exe
[2009/12/17 23:21:30 | 00,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\access.cpl
[2009/12/17 23:21:29 | 00,347,136 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS2\System32\hypertrm.dll
[2009/12/17 23:21:29 | 00,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\sndrec32.exe
[2009/12/17 23:21:29 | 00,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\mplay32.exe
[2009/12/17 23:21:28 | 00,343,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\mspaint.exe
[2009/12/17 23:21:27 | 00,538,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\spider.exe
[2009/12/17 23:21:27 | 00,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\clipbrd.exe
[2009/12/17 23:21:27 | 00,093,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\tscfgwmi.dll
[2009/12/17 23:21:26 | 00,677,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\mstsc.exe
[2009/12/17 23:21:26 | 00,147,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\rdchost.dll
[2009/12/17 23:21:26 | 00,087,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\rdpwsx.dll
[2009/12/17 23:21:26 | 00,067,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\rdshost.exe
[2009/12/17 23:21:26 | 00,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\tscupgrd.exe
[2009/12/17 23:21:26 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\rdsaddin.exe
[2009/12/17 23:21:25 | 00,428,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\msdtcprx.dll
[2009/12/17 23:21:25 | 00,161,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\msdtcuiu.dll
[2009/12/17 23:21:25 | 00,091,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\mtxoci.dll
[2009/12/17 23:21:25 | 00,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\rdpclip.exe
[2009/12/17 23:21:25 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\cfgbkend.dll
[2009/12/17 23:21:25 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\rdpsnd.dll
[2009/12/17 23:21:25 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\qprocess.exe
[2009/12/17 23:21:25 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\icaapi.dll
[2009/12/17 23:21:25 | 00,000,000 | ---D | C] -- C:\WINDOWS2\System32\MsDtc
[2009/12/17 23:21:24 | 00,956,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\msdtctm.dll
[2009/12/17 23:21:24 | 00,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\msdtclog.dll
[2009/12/17 23:21:24 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\xolehlp.dll
[2009/12/17 23:21:23 | 00,625,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\catsrvut.dll
[2009/12/17 23:21:23 | 00,226,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\catsrv.dll
[2009/12/17 23:21:23 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\clbcatex.dll
[2009/12/17 23:21:23 | 00,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\catsrvps.dll
[2009/12/17 23:21:23 | 00,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\colbact.dll
[2009/12/17 23:21:23 | 00,000,000 | ---D | C] -- C:\WINDOWS2\System32\Com
[2009/12/17 23:21:22 | 01,267,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\comsvcs.dll
[2009/12/17 23:21:22 | 00,539,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\comuid.dll
[2009/12/17 23:21:17 | 00,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\cmprops.dll
[2009/12/17 23:21:17 | 00,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\licwmi.dll
[2009/12/17 23:21:17 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\servdeps.dll
[2009/12/17 23:21:17 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\mmfutil.dll
[2009/12/17 17:52:26 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\ksuser.dll
[2009/12/17 17:52:26 | 00,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\drivers\msmpu401.sys
[2009/12/17 17:52:25 | 00,129,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\ksproxy.ax
[2009/12/17 17:51:52 | 00,606,684 | ---- | C] (LT) -- C:\WINDOWS2\System32\drivers\ltmdmnt.sys
[2009/12/17 17:44:39 | 00,000,000 | -HSD | C] -- C:\WINDOWS2\Installer
[2009/12/17 17:44:29 | 00,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\winar30.ime
[2009/12/17 17:44:29 | 00,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\quick.ime
[2009/12/17 17:44:29 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\winime.ime
[2009/12/17 17:44:29 | 00,065,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\unicdime.ime
[2009/12/17 17:44:29 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\miniime.tpl
[2009/12/17 17:44:28 | 00,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\phon.ime
[2009/12/17 17:44:28 | 00,078,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dayi.ime
[2009/12/17 17:44:28 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\chajei.ime
[2009/12/17 17:44:28 | 00,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\uniime.dll
[2009/12/17 17:44:28 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\romanime.ime
[2009/12/17 17:44:23 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\winzm.ime
[2009/12/17 17:44:23 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\winsp.ime
[2009/12/17 17:44:22 | 00,811,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\imjp81k.dll
[2009/12/17 17:44:22 | 00,340,023 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\imjp81.ime
[2009/12/17 17:44:22 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\winpy.ime
[2009/12/17 17:44:20 | 00,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\Thawbrkr.dll
[2009/12/17 17:44:20 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\c_iscii.dll
[2009/12/17 17:44:18 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\kbdusa.dll
[2009/12/17 17:44:12 | 01,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\chsbrkr.dll
[2009/12/17 17:44:12 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\ftlx041e.dll
[2009/12/17 17:44:11 | 00,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\chtbrkr.dll
[2009/12/17 17:44:11 | 00,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\korwbrkr.dll
[2009/12/17 17:44:10 | 01,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\msir3jp.lex
[2009/12/17 17:44:10 | 00,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\msir3jp.dll
[2009/12/17 17:43:52 | 00,218,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\c_g18030.dll
[2009/12/17 17:43:52 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\wingb.ime
[2009/12/17 17:43:20 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\c_is2022.dll
[2009/12/17 17:43:04 | 00,176,157 | ---- | C] (Digi International, Inc.) -- C:\WINDOWS2\System32\dgrpsetu.dll
[2009/12/17 17:43:03 | 00,103,424 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS2\System32\EqnClass.Dll
[2009/12/17 17:43:03 | 00,013,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System\WFWNET.DRV
[2009/12/17 17:43:03 | 00,004,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System\TIMER.DRV
[2009/12/17 17:43:03 | 00,003,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System\SYSTEM.DRV
[2009/12/17 17:43:03 | 00,002,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System\VGA.DRV
[2009/12/17 17:43:03 | 00,001,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System\SOUND.DRV
[2009/12/17 17:43:02 | 00,069,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System\AVICAP.DLL
[2009/12/17 17:43:02 | 00,002,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System\MOUSE.DRV
[2009/12/17 17:43:02 | 00,002,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System\KEYBOARD.DRV
[2009/12/17 17:43:01 | 00,146,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System\winspool.drv
[2009/12/17 17:43:00 | 00,074,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\storprop.dll
[2009/12/17 17:42:47 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users.WINDOWS2\Start Menu
[2009/12/17 17:42:47 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users.WINDOWS2\Documents
[2009/12/17 17:42:47 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users.WINDOWS2\Templates
[2009/12/17 17:42:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS2\Favorites
[2009/12/17 17:42:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS2\Desktop
[2009/12/17 17:42:33 | 00,000,000 | ---D | C] -- C:\WINDOWS2\System32\CatRoot2
[2009/12/17 17:42:33 | 00,000,000 | ---D | C] -- C:\WINDOWS2\System32\CatRoot
[2009/12/17 17:42:26 | 00,000,000 | --SD | C] -- C:\Documents and Settings\All Users.WINDOWS2\Application Data\Microsoft
[2009/12/17 17:42:26 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\All Users.WINDOWS2\Application Data
[2009/12/17 17:34:19 | 00,000,000 | R-SD | C] -- C:\WINDOWS2\Fonts
[2009/12/17 17:34:19 | 00,000,000 | RHSD | C] -- C:\WINDOWS2\System32\dllcache
[2009/12/17 17:34:19 | 00,000,000 | R--D | C] -- C:\WINDOWS2\Web
[2009/12/17 17:34:19 | 00,000,000 | -H-D | C] -- C:\WINDOWS2\inf
[2009/12/17 17:34:19 | 00,000,000 | ---D | C] -- C:\WINDOWS2\WinSxS
[2009/12/17 17:34:19 | 00,000,000 | ---D | C] -- C:\WINDOWS2\System32\wins
[2009/12/17 17:34:19 | 00,000,000 | ---D | C] -- C:\WINDOWS2
[2009/12/17 17:34:19 | 00,000,000 | ---D | C] -- C:\WINDOWS2\System32\wbem
[2009/12/17 17:34:19 | 00,000,000 | ---D | C] -- C:\WINDOWS2\System32\usmt
[2009/12/17 17:34:19 | 00,000,000 | ---D | C] -- C:\WINDOWS2\twain_32
[2009/12/17 17:34:19 | 00,000,000 | ---D | C] -- C:\WINDOWS2\Temp
[2009/12/17 17:34:19 | 00,000,000 | ---D | C] -- C:\WINDOWS2\system32
[2009/12/17 17:34:19 | 00,000,000 | ---D | C] -- C:\WINDOWS2\system
[2009/12/17 17:34:19 | 00,000,000 | ---D | C] -- C:\WINDOWS2\System32\spool
[2009/12/17 17:34:19 | 00,000,000 | ---D | C] -- C:\WINDOWS2\System32\ShellExt
[2009/12/17 17:34:19 | 00,000,000 | ---D | C] -- C:\WINDOWS2\System32\Setup
[2009/12/17 17:34:19 | 00,000,000 | ---D | C] -- C:\WINDOWS2\security
[2009/12/17 17:34:19 | 00,000,000 | ---D | C] -- C:\WINDOWS2\Resources
[2009/12/17 17:34:19 | 00,000,000 | ---D | C] -- C:\WINDOWS2\repair
[2009/12/17 17:34:19 | 00,000,000 | ---D | C] -- C:\WINDOWS2\System32\ras
[2009/12/17 17:34:19 | 00,000,000 | ---D | C] -- C:\WINDOWS2\Provisioning
[2009/12/17 17:34:19 | 00,000,000 | ---D | C] -- C:\WINDOWS2\PeerNet
[2009/12/17 17:34:19 | 00,000,000 | ---D | C] -- C:\WINDOWS2\pchealth
[2009/12/17 17:34:19 | 00,000,000 | ---D | C] -- C:\WINDOWS2\System32\oobe
[2009/12/17 17:34:19 | 00,000,000 | ---D | C] -- C:\WINDOWS2\System32\npp
[2009/12/17 17:34:19 | 00,000,000 | ---D | C] -- C:\WINDOWS2\System32\mui
[2009/12/17 17:34:19 | 00,000,000 | ---D | C] -- C:\WINDOWS2\mui
[2009/12/17 17:34:19 | 00,000,000 | ---D | C] -- C:\WINDOWS2\msapps
[2009/12/17 17:34:19 | 00,000,000 | ---D | C] -- C:\WINDOWS2\msagent
[2009/12/17 17:34:19 | 00,000,000 | ---D | C] -- C:\WINDOWS2\Media
[2009/12/17 17:34:19 | 00,000,000 | ---D | C] -- C:\WINDOWS2\java
[2009/12/17 17:34:19 | 00,000,000 | ---D | C] -- C:\WINDOWS2\System32\inetsrv
[2009/12/17 17:34:19 | 00,000,000 | ---D | C] -- C:\WINDOWS2\System32\IME
[2009/12/17 17:34:19 | 00,000,000 | ---D | C] -- C:\WINDOWS2\ime
[2009/12/17 17:34:19 | 00,000,000 | ---D | C] -- C:\WINDOWS2\System32\icsxml
[2009/12/17 17:34:19 | 00,000,000 | ---D | C] -- C:\WINDOWS2\System32\ias
[2009/12/17 17:34:19 | 00,000,000 | ---D | C] -- C:\WINDOWS2\Help
[2009/12/17 17:34:19 | 00,000,000 | ---D | C] -- C:\WINDOWS2\System32\export
[2009/12/17 17:34:19 | 00,000,000 | ---D | C] -- C:\WINDOWS2\System32\drivers\etc
[2009/12/17 17:34:19 | 00,000,000 | ---D | C] -- C:\WINDOWS2\System32\drivers
[2009/12/17 17:34:19 | 00,000,000 | ---D | C] -- C:\WINDOWS2\Driver Cache
[2009/12/17 17:34:19 | 00,000,000 | ---D | C] -- C:\WINDOWS2\System32\drivers\disdn
[2009/12/17 17:34:19 | 00,000,000 | ---D | C] -- C:\WINDOWS2\System32\dhcp
[2009/12/17 17:34:19 | 00,000,000 | ---D | C] -- C:\WINDOWS2\Debug
[2009/12/17 17:34:19 | 00,000,000 | ---D | C] -- C:\WINDOWS2\Cursors
[2009/12/17 17:34:19 | 00,000,000 | ---D | C] -- C:\WINDOWS2\Connection Wizard
[2009/12/17 17:34:19 | 00,000,000 | ---D | C] -- C:\WINDOWS2\System32\config
[2009/12/17 17:34:19 | 00,000,000 | ---D | C] -- C:\WINDOWS2\Config
[2009/12/17 17:34:19 | 00,000,000 | ---D | C] -- C:\WINDOWS2\AppPatch
[2009/12/17 17:34:19 | 00,000,000 | ---D | C] -- C:\WINDOWS2\addins
[2009/12/17 17:34:19 | 00,000,000 | ---D | C] -- C:\WINDOWS2\System32\3com_dmi
[2009/12/17 17:34:19 | 00,000,000 | ---D | C] -- C:\WINDOWS2\System32\3076
[2009/12/17 17:34:19 | 00,000,000 | ---D | C] -- C:\WINDOWS2\System32\2052
[2009/12/17 17:34:19 | 00,000,000 | ---D | C] -- C:\WINDOWS2\System32\1054
[2009/12/17 17:34:19 | 00,000,000 | ---D | C] -- C:\WINDOWS2\System32\1042
[2009/12/17 17:34:19 | 00,000,000 | ---D | C] -- C:\WINDOWS2\System32\1041
[2009/12/17 17:34:19 | 00,000,000 | ---D | C] -- C:\WINDOWS2\System32\1037
[2009/12/17 17:34:19 | 00,000,000 | ---D | C] -- C:\WINDOWS2\System32\1033
[2009/12/17 17:34:19 | 00,000,000 | ---D | C] -- C:\WINDOWS2\System32\1031
[2009/12/17 17:34:19 | 00,000,000 | ---D | C] -- C:\WINDOWS2\System32\1028
[2009/12/17 17:34:19 | 00,000,000 | ---D | C] -- C:\WINDOWS2\System32\1025
[2009/12/13 11:38:06 | 00,000,000 | ---D | C] -- C:\2fdba7db7da457586f2871dafb6db562
[2009/04/10 13:11:37 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/04/10 13:11:37 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/04/10 13:11:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/04/10 13:11:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2006/01/27 18:38:41 | 00,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[2 C:\WINDOWS2\*.tmp files -> C:\WINDOWS2\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/01/03 18:54:45 | 00,034,944 | ---- | M] () -- C:\Documents and Settings\Axel\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/01/03 18:52:18 | 00,311,604 | ---- | M] () -- C:\WINDOWS2\System32\perfh009.dat
[2010/01/03 18:52:18 | 00,039,992 | ---- | M] () -- C:\WINDOWS2\System32\perfc009.dat
[2010/01/03 18:52:17 | 00,356,120 | ---- | M] () -- C:\WINDOWS2\System32\PerfStringBackup.INI
[2010/01/03 18:51:32 | 00,316,640 | ---- | M] () -- C:\WINDOWS2\WMSysPr9.prx
[2010/01/03 18:50:43 | 00,002,206 | ---- | M] () -- C:\WINDOWS2\System32\wpa.dbl
[2010/01/03 18:50:29 | 00,000,006 | -H-- | M] () -- C:\WINDOWS2\tasks\SA.DAT
[2010/01/03 18:50:19 | 00,002,048 | --S- | M] () -- C:\WINDOWS2\bootstat.dat
[2010/01/03 18:50:07 | 00,157,160 | ---- | M] () -- C:\WINDOWS2\System32\FNTCACHE.DAT
[2010/01/03 18:49:13 | 01,310,720 | -H-- | M] () -- C:\Documents and Settings\Axel\NTUSER.DAT
[2010/01/03 18:49:13 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Axel\ntuser.ini
[2009/12/31 01:08:05 | 00,000,664 | ---- | M] () -- C:\WINDOWS2\System32\d3d9caps.dat
[2009/12/30 14:55:24 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS2\System32\drivers\mbamswissarmy.sys
[2009/12/30 14:54:58 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS2\System32\drivers\mbam.sys
[2009/12/29 21:29:18 | 00,002,577 | ---- | M] () -- C:\WINDOWS2\System32\CONFIG.NT
[2009/12/29 21:23:32 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS2\System32\javaws.exe
[2009/12/29 21:23:31 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS2\System32\javaw.exe
[2009/12/29 21:23:31 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS2\System32\java.exe
[2009/12/29 21:23:31 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS2\System32\javacpl.cpl
[2009/12/29 21:23:30 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS2\System32\deploytk.dll
[2009/12/29 19:33:14 | 00,000,227 | ---- | M] () -- C:\WINDOWS2\system.ini
[2009/12/29 19:32:55 | 00,000,027 | ---- | M] () -- C:\WINDOWS2\System32\drivers\etc\hosts
[2009/12/29 17:01:13 | 00,000,668 | ---- | M] () -- C:\Documents and Settings\Axel\Desktop\Shortcut to ComboFix.lnk
[2009/12/29 16:55:04 | 00,000,393 | RHS- | M] () -- C:\boot.ini
[2009/12/23 19:24:28 | 00,001,952 | ---- | M] () -- C:\Documents and Settings\Axel\Desktop\The Sims 2 University.lnk
[2009/12/23 19:23:31 | 00,003,584 | ---- | M] () -- C:\Documents and Settings\Axel\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/23 11:28:47 | 53,642,8544 | ---- | M] () -- C:\WINDOWS2\MEMORY.DMP
[2009/12/23 00:03:25 | 00,000,707 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS2\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/22 23:44:44 | 00,000,778 | ---- | M] () -- C:\Documents and Settings\Axel\Start Menu\Programs\StartUp\ERUNT AutoBackup.lnk
[2009/12/18 18:44:39 | 00,000,314 | ---- | M] () -- C:\WINDOWS2\System32\$winnt$.inf
[2009/12/18 18:42:29 | 00,023,392 | ---- | M] () -- C:\WINDOWS2\System32\nscompat.tlb
[2009/12/18 18:42:29 | 00,016,832 | ---- | M] () -- C:\WINDOWS2\System32\amcompat.tlb
[2009/12/18 18:42:15 | 00,004,205 | ---- | M] () -- C:\WINDOWS2\ODBCINST.INI
[2009/12/18 18:41:06 | 00,000,488 | RH-- | M] () -- C:\WINDOWS2\System32\WindowsLogon.manifest
[2009/12/18 18:41:06 | 00,000,488 | RH-- | M] () -- C:\WINDOWS2\System32\logonui.exe.manifest
[2009/12/18 18:40:58 | 00,000,749 | RH-- | M] () -- C:\WINDOWS2\System32\wuaucpl.cpl.manifest
[2009/12/18 18:40:58 | 00,000,749 | RH-- | M] () -- C:\WINDOWS2\WindowsShell.Manifest
[2009/12/18 18:40:58 | 00,000,749 | RH-- | M] () -- C:\WINDOWS2\System32\sapi.cpl.manifest
[2009/12/18 18:40:58 | 00,000,749 | RH-- | M] () -- C:\WINDOWS2\System32\nwc.cpl.manifest
[2009/12/18 18:40:58 | 00,000,749 | RH-- | M] () -- C:\WINDOWS2\System32\ncpa.cpl.manifest
[2009/12/18 18:40:58 | 00,000,749 | RH-- | M] () -- C:\WINDOWS2\System32\cdplayer.exe.manifest
[2009/12/18 18:40:42 | 00,000,477 | ---- | M] () -- C:\WINDOWS2\win.ini
[2009/12/18 18:40:01 | 00,022,720 | ---- | M] () -- C:\WINDOWS2\System32\emptyregdb.dat
[2009/12/18 18:37:43 | 00,000,323 | ---- | M] () -- C:\Boot.bak
[2009/12/18 16:13:26 | 06,409,336 | -H-- | M] () -- C:\Documents and Settings\Axel\Local Settings\Application Data\IconCache.db
[2009/12/18 14:42:55 | 00,237,680 | ---- | M] () -- C:\WINDOWS2\setupapi.old
[2009/12/17 23:43:59 | 00,000,000 | ---- | M] () -- C:\WINDOWS2\nsreg.dat
[2009/12/17 23:43:49 | 00,001,613 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS2\Desktop\Mozilla Firefox.lnk
[2009/12/17 23:32:43 | 00,008,192 | ---- | M] () -- C:\WINDOWS2\REGLOCS.OLD
[2009/12/17 23:27:28 | 00,000,000 | ---- | M] () -- C:\WINDOWS2\control.ini
[2009/12/17 23:27:28 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/12/17 23:22:57 | 00,000,037 | ---- | M] () -- C:\WINDOWS2\vbaddin.ini
[2009/12/17 23:22:57 | 00,000,036 | ---- | M] () -- C:\WINDOWS2\vb.ini
[2009/12/15 11:24:48 | 00,293,376 | ---- | M] () -- C:\Documents and Settings\Axel\Desktop\gmer.exe
[2009/12/09 22:54:07 | 00,261,632 | ---- | M] () -- C:\WINDOWS2\PEV.exe
[2 C:\WINDOWS2\*.tmp files -> C:\WINDOWS2\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/12/29 21:25:26 | 00,000,664 | ---- | C] () -- C:\WINDOWS2\System32\d3d9caps.dat
[2009/12/29 17:01:13 | 00,000,668 | ---- | C] () -- C:\Documents and Settings\Axel\Desktop\Shortcut to ComboFix.lnk
[2009/12/29 16:55:04 | 00,000,323 | ---- | C] () -- C:\Boot.bak
[2009/12/29 16:54:59 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/12/29 16:53:52 | 00,261,632 | ---- | C] () -- C:\WINDOWS2\PEV.exe
[2009/12/29 16:53:52 | 00,098,816 | ---- | C] () -- C:\WINDOWS2\sed.exe
[2009/12/29 16:53:52 | 00,080,412 | ---- | C] () -- C:\WINDOWS2\grep.exe
[2009/12/29 16:53:52 | 00,077,312 | ---- | C] () -- C:\WINDOWS2\MBR.exe
[2009/12/29 16:53:52 | 00,068,096 | ---- | C] () -- C:\WINDOWS2\zip.exe
[2009/12/23 19:23:18 | 00,003,584 | ---- | C] () -- C:\Documents and Settings\Axel\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/23 10:45:39 | 00,293,376 | ---- | C] () -- C:\Documents and Settings\Axel\Desktop\gmer.exe
[2009/12/23 00:03:25 | 00,000,707 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS2\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/22 23:44:44 | 00,000,778 | ---- | C] () -- C:\Documents and Settings\Axel\Start Menu\Programs\StartUp\ERUNT AutoBackup.lnk
[2009/12/22 19:41:29 | 53,642,8544 | ---- | C] () -- C:\WINDOWS2\MEMORY.DMP
[2009/12/19 20:54:39 | 00,010,457 | ---- | C] () -- C:\WINDOWS2\System32\dllcache\wmptour.hta
[2009/12/19 20:54:39 | 00,001,771 | ---- | C] () -- C:\WINDOWS2\System32\dllcache\wmptour.css
[2009/12/19 20:54:39 | 00,000,855 | ---- | C] () -- C:\WINDOWS2\System32\dllcache\wmpocm.inf
[2009/12/19 20:54:39 | 00,000,420 | ---- | C] () -- C:\WINDOWS2\System32\dllcache\wmploc.js
[2009/12/19 20:54:38 | 00,613,334 | ---- | C] () -- C:\WINDOWS2\System32\dllcache\wmplayer.chm
[2009/12/19 20:54:38 | 00,172,196 | ---- | C] () -- C:\WINDOWS2\System32\dllcache\wmpaud9.wav
[2009/12/19 20:54:38 | 00,067,374 | ---- | C] () -- C:\WINDOWS2\System32\dllcache\wmplayer.adm
[2009/12/19 20:54:38 | 00,023,195 | ---- | C] () -- C:\WINDOWS2\System32\dllcache\wmplay.chm
[2009/12/19 20:54:37 | 00,343,204 | ---- | C] () -- C:\WINDOWS2\System32\dllcache\wmpaud7.wav
[2009/12/19 20:54:37 | 00,343,204 | ---- | C] () -- C:\WINDOWS2\System32\dllcache\wmpaud6.wav
[2009/12/19 20:54:37 | 00,172,196 | ---- | C] () -- C:\WINDOWS2\System32\dllcache\wmpaud8.wav
[2009/12/19 20:54:37 | 00,172,196 | ---- | C] () -- C:\WINDOWS2\System32\dllcache\wmpaud3.wav
[2009/12/19 20:54:37 | 00,086,196 | ---- | C] () -- C:\WINDOWS2\System32\dllcache\wmpaud5.wav
[2009/12/19 20:54:37 | 00,086,180 | ---- | C] () -- C:\WINDOWS2\System32\dllcache\wmpaud4.wav
[2009/12/19 20:54:37 | 00,086,180 | ---- | C] () -- C:\WINDOWS2\System32\dllcache\wmpaud2.wav
[2009/12/19 20:54:36 | 00,354,468 | ---- | C] () -- C:\WINDOWS2\System32\dllcache\wmpaud1.wav
[2009/12/19 20:54:35 | 00,029,070 | ---- | C] () -- C:\WINDOWS2\System32\dllcache\wmp.inf
[2009/12/19 20:54:26 | 00,017,272 | ---- | C] () -- C:\WINDOWS2\System32\dllcache\wmdm.inf
[2009/12/19 20:54:26 | 00,008,677 | ---- | C] () -- C:\WINDOWS2\System32\dllcache\wm7.gif
[2009/12/19 20:54:26 | 00,007,892 | ---- | C] () -- C:\WINDOWS2\System32\dllcache\wm9.gif
[2009/12/19 20:54:26 | 00,007,369 | ---- | C] () -- C:\WINDOWS2\System32\dllcache\wm4.gif
[2009/12/19 20:54:26 | 00,006,769 | ---- | C] () -- C:\WINDOWS2\System32\dllcache\wmfsdk.inf
[2009/12/19 20:54:26 | 00,006,241 | ---- | C] () -- C:\WINDOWS2\System32\dllcache\wm3.gif
[2009/12/19 20:54:26 | 00,006,060 | ---- | C] () -- C:\WINDOWS2\System32\dllcache\wm6.gif
[2009/12/19 20:54:26 | 00,004,193 | ---- | C] () -- C:\WINDOWS2\System32\dllcache\wm8.gif
[2009/12/19 20:54:26 | 00,002,477 | ---- | C] () -- C:\WINDOWS2\System32\dllcache\wm5.gif
[2009/12/19 20:54:25 | 00,007,636 | ---- | C] () -- C:\WINDOWS2\System32\dllcache\wm2.gif
[2009/12/19 20:54:25 | 00,005,789 | ---- | C] () -- C:\WINDOWS2\System32\dllcache\wm1.gif
[2009/12/19 20:54:09 | 00,300,969 | ---- | C] () -- C:\WINDOWS2\System32\dllcache\viz.wmv
[2009/12/19 20:54:09 | 00,005,290 | ---- | C] () -- C:\WINDOWS2\System32\dllcache\vidsamp.gif
[2009/12/19 20:54:08 | 00,017,489 | ---- | C] () -- C:\WINDOWS2\System32\dllcache\videobg.gif
[2009/12/19 20:53:49 | 00,023,829 | ---- | C] () -- C:\WINDOWS2\System32\dllcache\tourbg.gif
[2009/12/19 20:53:49 | 00,003,187 | ---- | C] () -- C:\WINDOWS2\System32\dllcache\tour.js
[2009/12/19 20:53:49 | 00,002,469 | ---- | C] () -- C:\WINDOWS2\System32\dllcache\tplay.gif
[2009/12/19 20:53:49 | 00,002,450 | ---- | C] () -- C:\WINDOWS2\System32\dllcache\tpause.gif
[2009/12/19 20:53:49 | 00,002,375 | ---- | C] () -- C:\WINDOWS2\System32\dllcache\tplayh.gif
[2009/12/19 20:53:49 | 00,002,371 | ---- | C] () -- C:\WINDOWS2\System32\dllcache\tpauseh.gif
[2009/12/19 20:53:47 | 00,001,398 | ---- | C] () -- C:\WINDOWS2\System32\dllcache\taon.gif
[2009/12/19 20:53:47 | 00,001,380 | ---- | C] () -- C:\WINDOWS2\System32\dllcache\taonh.gif
[2009/12/19 20:53:47 | 00,001,367 | ---- | C] () -- C:\WINDOWS2\System32\dllcache\taoffh.gif
[2009/12/19 20:53:46 | 00,001,380 | ---- | C] () -- C:\WINDOWS2\System32\dllcache\taoff.gif
[2009/12/19 20:53:33 | 00,001,148 | ---- | C] () -- C:\WINDOWS2\System32\dllcache\snd.htm
[2009/12/19 20:53:30 | 00,000,908 | ---- | C] () -- C:\WINDOWS2\System32\dllcache\skins.inf
[2009/12/19 20:53:19 | 00,572,557 | ---- | C] () -- C:\WINDOWS2\System32\dllcache\rtuner.wmv
[2009/12/19 20:53:17 | 00,066,725 | ---- | C] () -- C:\WINDOWS2\System32\dllcache\revert.wmz
[2009/12/19 20:53:09 | 00,077,307 | ---- | C] () -- C:\WINDOWS2\System32\dllcache\plyr_err.chm
[2009/12/19 20:53:09 | 00,001,477 | ---- | C] () -- C:\WINDOWS2\System32\dllcache\plylst6.wpl
[2009/12/19 20:53:09 | 00,001,046 | ---- | C] () -- C:\WINDOWS2\System32\dllcache\plylst7.wpl
[2009/12/19 20:53:09 | 00,001,036 | ---- | C] () -- C:\WINDOWS2\System32\dllcache\plylst8.wpl
[2009/12/19 20:53:09 | 00,000,784 | ---- | C] () -- C:\WINDOWS2\System32\dllcache\plylst9.wpl
[2009/12/19 20:53:08 | 00,001,477 | ---- | C] () -- C:\WINDOWS2\System32\dllcache\plylst5.wpl
[2009/12/19 20:53:08 | 00,001,474 | ---- | C] () -- C:\WINDOWS2\System32\dllcache\plylst3.wpl
[2009/12/19 20:53:08 | 00,001,451 | ---- | C] () -- C:\WINDOWS2\System32\dllcache\plylst12.wpl
[2009/12/19 20:53:08 | 00,001,448 | ---- | C] () -- C:\WINDOWS2\System32\dllcache\plylst4.wpl
[2009/12/19 20:53:08 | 00,001,250 | ---- | C] () -- C:\WINDOWS2\System32\dllcache\plylst1.wpl
[2009/12/19 20:53:08 | 00,001,049 | ---- | C] () -- C:\WINDOWS2\System32\dllcache\plylst2.wpl
[2009/12/19 20:53:08 | 00,000,789 | ---- | C] () -- C:\WINDOWS2\System32\dllcache\plylst11.wpl
[2009/12/19 20:53:08 | 00,000,787 | ---- | C] () -- C:\WINDOWS2\System32\dllcache\plylst10.wpl
[2009/12/19 20:53:08 | 00,000,783 | ---- | C] () -- C:\WINDOWS2\System32\dllcache\plylst13.wpl
[2009/12/19 20:53:08 | 00,000,775 | ---- | C] () -- C:\WINDOWS2\System32\dllcache\plylst14.wpl
[2009/12/19 20:53:08 | 00,000,733 | ---- | C] () -- C:\WINDOWS2\System32\dllcache\plylst15.wpl
[2009/12/19 20:52:58 | 00,375,519 | ---- | C] () -- C:\WINDOWS2\System32\dllcache\nuskin.wmv
[2009/12/19 20:52:51 | 00,022,060 | ---- | C] () -- C:\WINDOWS2\System32\dllcache\npds.zip
[2009/12/19 20:52:51 | 00,000,403 | ---- | C] () -- C:\WINDOWS2\System32\dllcache\npdrmv2.zip
[2009/12/19 20:52:49 | 00,067,866 | ---- | C] () -- C:\WINDOWS2\System32\drivers\netwlan5.img
[2009/12/19 20:52:22 | 00,844,314 | ---- | C] () -- C:\WINDOWS2\System32\dllcache\msdxm.ocx
[2009/12/19 20:52:22 | 00,004,126 | ---- | C] () -- C:\WINDOWS2\System32\dllcache\msdxmlc.dll
[2009/12/19 20:52:18 | 00,097,117 | ---- | C] () -- C:\WINDOWS2\System32\dllcache\mplayer2.hlp
[2009/12/19 20:52:18 | 00,018,286 | ---- | C] () -- C:\WINDOWS2\System32\dllcache\mplayer2.inf
[2009/12/19 20:52:18 | 00,002,778 | ---- | C] () -- C:\WINDOWS2\System32\dllcache\mplogoh.gif
[2009/12/19 20:52:18 | 00,002,545 | ---- | C] () -- C:\WINDOWS2\System32\dllcache\mplogo.gif
[2009/12/19 20:52:18 | 00,001,885 | ---- | C] () -- C:\WINDOWS2\System32\dllcache\mplayer2.cnt
[2009/12/19 20:52:08 | 00,457,607 | ---- | C] () -- C:\WINDOWS2\System32\dllcache\mdlib.wmv
[2009/12/19 20:51:33 | 00,001,261 | ---- | C] () -- C:\WINDOWS2\System32\pid.inf
[2009/12/19 20:51:18 | 00,005,971 | ---- | C] () -- C:\WINDOWS2\System32\dllcache\events.js
[2009/12/19 20:51:14 | 00,498,742 | ---- | C] () -- C:\WINDOWS2\System32\dllcache\dxmasf.dll
[2009/12/19 20:51:02 | 00,129,045 | ---- | C] () -- C:\WINDOWS2\System32\drivers\cxthsfs2.cty
[2009/12/19 20:51:00 | 00,381,425 | ---- | C] () -- C:\WINDOWS2\System32\dllcache\copycd.wmv
[2009/12/19 20:51:00 | 00,009,585 | ---- | C] () -- C:\WINDOWS2\System32\dllcache\controls.css
[2009/12/19 20:51:00 | 00,006,878 | ---- | C] () -- C:\WINDOWS2\System32\dllcache\controls.js
[2009/12/19 20:50:59 | 00,008,298 | ---- | C] () -- C:\WINDOWS2\System32\dllcache\contents.htm
[2009/12/19 20:50:58 | 00,184,959 | ---- | C] () -- C:\WINDOWS2\System32\dllcache\compact.wmz
[2009/12/19 20:50:57 | 00,000,773 | ---- | C] () -- C:\WINDOWS2\System32\dllcache\cnth.gif
[2009/12/19 20:50:57 | 00,000,773 | ---- | C] () -- C:\WINDOWS2\System32\dllcache\cnt.gif
[2009/12/19 20:50:57 | 00,000,772 | ---- | C] () -- C:\WINDOWS2\System32\dllcache\cntd.gif
[2009/12/19 20:50:56 | 00,000,760 | ---- | C] () -- C:\WINDOWS2\System32\dllcache\cloapph.gif
[2009/12/19 20:50:56 | 00,000,717 | ---- | C] () -- C:\WINDOWS2\System32\dllcache\cloapp.gif
[2009/12/19 20:50:49 | 00,000,999 | ---- | C] () -- C:\WINDOWS2\System32\dllcache\bktrh.gif
[2009/12/19 20:50:46 | 00,064,352 | ---- | C] () -- C:\WINDOWS2\System32\drivers\ativmc20.cod
[2009/12/19 20:50:02 | 01,291,264 | ---- | C] () -- C:\WINDOWS2\System32\dllcache\quartz.dll
[2009/12/18 18:41:06 | 00,000,488 | RH-- | C] () -- C:\WINDOWS2\System32\logonui.exe.manifest
[2009/12/18 18:40:58 | 00,000,749 | RH-- | C] () -- C:\WINDOWS2\System32\wuaucpl.cpl.manifest
[2009/12/18 18:40:58 | 00,000,749 | RH-- | C] () -- C:\WINDOWS2\WindowsShell.Manifest
[2009/12/18 18:40:58 | 00,000,749 | RH-- | C] () -- C:\WINDOWS2\System32\sapi.cpl.manifest
[2009/12/18 18:40:58 | 00,000,749 | RH-- | C] () -- C:\WINDOWS2\System32\ncpa.cpl.manifest
[2009/12/18 18:21:22 | 00,016,254 | ---- | C] () -- C:\WINDOWS2\System32\PINTLPAE.HLP
[2009/12/18 18:21:22 | 00,014,821 | ---- | C] () -- C:\WINDOWS2\System32\PINTLPAD.HLP
[2009/12/18 18:20:41 | 00,797,189 | ---- | C] () -- C:\WINDOWS2\System32\dllcache\NT5IIS.CAT
[2009/12/18 18:20:41 | 00,399,645 | ---- | C] () -- C:\WINDOWS2\System32\dllcache\MAPIMIG.CAT
[2009/12/18 18:20:41 | 00,037,484 | ---- | C] () -- C:\WINDOWS2\System32\dllcache\MW770.CAT
[2009/12/18 18:20:41 | 00,013,472 | ---- | C] () -- C:\WINDOWS2\System32\dllcache\HPCRDP.CAT
[2009/12/18 18:20:41 | 00,008,574 | ---- | C] () -- C:\WINDOWS2\System32\dllcache\IASNT4.CAT
[2009/12/18 18:20:41 | 00,007,029 | ---- | C] () -- C:\WINDOWS2\System32\dllcache\OEMBIOS.CAT
[2009/12/18 18:20:40 | 01,042,903 | ---- | C] () -- C:\WINDOWS2\System32\dllcache\SP2.CAT
[2009/12/17 23:43:59 | 00,000,000 | ---- | C] () -- C:\WINDOWS2\nsreg.dat
[2009/12/17 23:43:49 | 00,001,613 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS2\Desktop\Mozilla Firefox.lnk
[2009/12/17 23:37:57 | 00,000,178 | -HS- | C] () -- C:\Documents and Settings\Axel\ntuser.ini
[2009/12/17 23:37:55 | 01,310,720 | -H-- | C] () -- C:\Documents and Settings\Axel\NTUSER.DAT
[2009/12/17 23:32:43 | 00,008,192 | ---- | C] () -- C:\WINDOWS2\REGLOCS.OLD
[2009/12/17 23:31:17 | 00,002,048 | --S- | C] () -- C:\WINDOWS2\bootstat.dat
[2009/12/17 23:27:28 | 00,002,577 | ---- | C] () -- C:\WINDOWS2\System32\CONFIG.NT
[2009/12/17 23:27:28 | 00,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT
[2009/12/17 23:27:16 | 00,023,392 | ---- | C] () -- C:\WINDOWS2\System32\nscompat.tlb
[2009/12/17 23:27:16 | 00,016,832 | ---- | C] () -- C:\WINDOWS2\System32\amcompat.tlb
[2009/12/17 23:27:14 | 00,316,640 | ---- | C] () -- C:\WINDOWS2\WMSysPr9.prx
[2009/12/17 23:25:34 | 00,000,488 | RH-- | C] () -- C:\WINDOWS2\System32\WindowsLogon.manifest
[2009/12/17 23:25:23 | 00,000,749 | RH-- | C] () -- C:\WINDOWS2\System32\nwc.cpl.manifest
[2009/12/17 23:25:23 | 00,000,749 | RH-- | C] () -- C:\WINDOWS2\System32\cdplayer.exe.manifest
[2009/12/17 23:24:22 | 00,048,680 | -HS- | C] () -- C:\WINDOWS2\winnt256.bmp
[2009/12/17 23:24:22 | 00,048,680 | -HS- | C] () -- C:\WINDOWS2\winnt.bmp
[2009/12/17 23:23:15 | 00,022,720 | ---- | C] () -- C:\WINDOWS2\System32\emptyregdb.dat
[2009/12/17 23:21:42 | 00,065,954 | ---- | C] () -- C:\WINDOWS2\Prairie Wind.bmp
[2009/12/17 23:21:42 | 00,065,832 | ---- | C] () -- C:\WINDOWS2\Santa Fe Stucco.bmp
[2009/12/17 23:21:42 | 00,026,680 | ---- | C] () -- C:\WINDOWS2\River Sumida.bmp
[2009/12/17 23:21:42 | 00,017,362 | ---- | C] () -- C:\WINDOWS2\Rhododendron.bmp
[2009/12/17 23:21:42 | 00,009,522 | ---- | C] () -- C:\WINDOWS2\Zapotec.bmp
[2009/12/17 23:21:41 | 00,093,702 | ---- | C] () -- C:\WINDOWS2\System32\subrange.uce
[2009/12/17 23:21:41 | 00,065,978 | ---- | C] () -- C:\WINDOWS2\Soap Bubbles.bmp
[2009/12/17 23:21:41 | 00,026,582 | ---- | C] () -- C:\WINDOWS2\Greenstone.bmp
[2009/12/17 23:21:41 | 00,017,336 | ---- | C] () -- C:\WINDOWS2\Gone Fishing.bmp
[2009/12/17 23:21:41 | 00,017,062 | ---- | C] () -- C:\WINDOWS2\Coffee Bean.bmp
[2009/12/17 23:21:41 | 00,016,730 | ---- | C] () -- C:\WINDOWS2\FeatherTexture.bmp
[2009/12/17 23:21:41 | 00,001,272 | ---- | C] () -- C:\WINDOWS2\Blue Lace 16.bmp
[2009/12/17 23:21:40 | 00,060,458 | ---- | C] () -- C:\WINDOWS2\System32\ideograf.uce
[2009/12/17 23:21:40 | 00,024,006 | ---- | C] () -- C:\WINDOWS2\System32\gb2312.uce
[2009/12/17 23:21:40 | 00,022,984 | ---- | C] () -- C:\WINDOWS2\System32\bopomofo.uce
[2009/12/17 23:21:40 | 00,016,740 | ---- | C] () -- C:\WINDOWS2\System32\shiftjis.uce
[2009/12/17 23:21:40 | 00,012,876 | ---- | C] () -- C:\WINDOWS2\System32\korean.uce
[2009/12/17 23:21:40 | 00,008,484 | ---- | C] () -- C:\WINDOWS2\System32\kanji_2.uce
[2009/12/17 23:21:40 | 00,006,948 | ---- | C] () -- C:\WINDOWS2\System32\kanji_1.uce
[2009/12/17 23:21:38 | 00,003,286 | ---- | C] () -- C:\WINDOWS2\System32\tslabels.h
[2009/12/17 23:21:38 | 00,001,161 | ---- | C] () -- C:\WINDOWS2\System32\usrlogon.cmd
[2009/12/17 23:21:37 | 00,000,768 | ---- | C] () -- C:\WINDOWS2\System32\msdtcprf.h
[2009/12/17 23:21:32 | 00,063,488 | ---- | C] () -- C:\WINDOWS2\System32\wmimgmt.msc
[2009/12/17 17:44:18 | 00,066,594 | ---- | C] () -- C:\WINDOWS2\System32\c_864.nls
[2009/12/17 17:44:18 | 00,066,082 | ---- | C] () -- C:\WINDOWS2\System32\c_708.nls
[2009/12/17 17:44:18 | 00,066,082 | ---- | C] () -- C:\WINDOWS2\System32\C_28596.NLS
[2009/12/17 17:44:18 | 00,066,082 | ---- | C] () -- C:\WINDOWS2\System32\c_10004.nls
[2009/12/17 17:44:16 | 00,066,594 | ---- | C] () -- C:\WINDOWS2\System32\c_862.nls
[2009/12/17 17:44:16 | 00,066,082 | ---- | C] () -- C:\WINDOWS2\System32\c_10005.nls
[2009/12/17 17:44:12 | 00,066,082 | ---- | C] () -- C:\WINDOWS2\System32\c_10021.nls
[2009/12/17 17:44:11 | 01,158,818 | ---- | C] () -- C:\WINDOWS2\System32\korwbrkr.lex
[2009/12/17 17:44:11 | 00,002,060 | ---- | C] () -- C:\WINDOWS2\System32\noise.jpn
[2009/12/17 17:44:11 | 00,001,486 | ---- | C] () -- C:\WINDOWS2\System32\noise.kor
[2009/12/17 17:44:02 | 00,211,938 | ---- | C] () -- C:\WINDOWS2\System32\lcphrase.tbl
[2009/12/17 17:44:02 | 00,146,126 | ---- | C] () -- C:\WINDOWS2\System32\array30.tab
[2009/12/17 17:44:02 | 00,110,566 | ---- | C] () -- C:\WINDOWS2\System32\arphr.tbl
[2009/12/17 17:44:02 | 00,018,600 | ---- | C] () -- C:\WINDOWS2\System32\arrayhw.tab
[2009/12/17 17:44:02 | 00,016,312 | ---- | C] () -- C:\WINDOWS2\System32\arptr.tbl
[2009/12/17 17:44:01 | 00,043,242 | ---- | C] () -- C:\WINDOWS2\System32\phoncode.tbl
[2009/12/17 17:44:01 | 00,024,114 | ---- | C] () -- C:\WINDOWS2\System32\lcptr.tbl
[2009/12/17 17:44:01 | 00,004,071 | ---- | C] () -- C:\WINDOWS2\System32\phon.tbl
[2009/12/17 17:44:01 | 00,002,714 | ---- | C] () -- C:\WINDOWS2\System32\phonptr.tbl
[2009/12/17 17:43:59 | 00,195,618 | ---- | C] () -- C:\WINDOWS2\System32\c_10002.nls
[2009/12/17 17:43:59 | 00,116,285 | ---- | C] () -- C:\WINDOWS2\System32\msdayi.tbl
[2009/12/17 17:43:59 | 00,082,172 | ---- | C] () -- C:\WINDOWS2\System32\bopomofo.nls
[2009/12/17 17:43:59 | 00,066,728 | ---- | C] () -- C:\WINDOWS2\System32\big5.nls
[2009/12/17 17:43:59 | 00,044,370 | ---- | C] () -- C:\WINDOWS2\System32\acode.tbl
[2009/12/17 17:43:59 | 00,044,370 | ---- | C] () -- C:\WINDOWS2\System32\a234.tbl
[2009/12/17 17:43:59 | 00,001,460 | ---- | C] () -- C:\WINDOWS2\System32\a15.tbl
[2009/12/17 17:43:59 | 00,000,700 | ---- | C] () -- C:\WINDOWS2\System32\dayiptr.tbl
[2009/12/17 17:43:59 | 00,000,520 | ---- | C] () -- C:\WINDOWS2\System32\dayiphr.tbl
[2009/12/17 17:43:53 | 01,223,500 | ---- | C] () -- C:\WINDOWS2\System32\WINZM.MB
[2009/12/17 17:43:52 | 01,783,864 | ---- | C] () -- C:\WINDOWS2\System32\WINPY.MB
[2009/12/17 17:43:52 | 01,564,868 | ---- | C] () -- C:\WINDOWS2\System32\WINSP.MB
[2009/12/17 17:43:52 | 00,173,602 | ---- | C] () -- C:\WINDOWS2\System32\c_10008.nls
[2009/12/17 17:43:52 | 00,083,748 | ---- | C] () -- C:\WINDOWS2\System32\prcp.nls
[2009/12/17 17:43:52 | 00,083,748 | ---- | C] () -- C:\WINDOWS2\System32\prc.nls
[2009/12/17 17:43:42 | 00,189,986 | ---- | C] () -- C:\WINDOWS2\System32\c_1361.nls
[2009/12/17 17:43:42 | 00,177,698 | ---- | C] () -- C:\WINDOWS2\System32\c_10003.nls
[2009/12/17 17:43:20 | 00,180,770 | ---- | C] () -- C:\WINDOWS2\System32\c_20932.nls
[2009/12/17 17:43:20 | 00,180,258 | ---- | C] () -- C:\WINDOWS2\System32\c_20000.nls
[2009/12/17 17:43:20 | 00,177,698 | ---- | C] () -- C:\WINDOWS2\System32\c_20949.nls
[2009/12/17 17:43:20 | 00,173,602 | ---- | C] () -- C:\WINDOWS2\System32\c_20936.nls
[2009/12/17 17:43:20 | 00,162,850 | ---- | C] () -- C:\WINDOWS2\System32\c_10001.nls
[2009/12/17 17:43:20 | 00,066,082 | ---- | C] () -- C:\WINDOWS2\System32\c_21027.nls
[2009/12/17 17:43:20 | 00,066,082 | ---- | C] () -- C:\WINDOWS2\System32\c_20290.nls
[2009/12/17 17:43:19 | 00,028,288 | ---- | C] () -- C:\WINDOWS2\System32\xjis.nls
[2009/12/17 17:43:14 | 00,066,082 | ---- | C] () -- C:\WINDOWS2\System32\c_28603.nls
[2009/12/17 17:43:13 | 00,066,082 | ---- | C] () -- C:\WINDOWS2\System32\c_28599.nls
[2009/12/17 17:43:11 | 00,066,082 | ---- | C] () -- C:\WINDOWS2\System32\C_28595.NLS
[2009/12/17 17:43:10 | 00,066,082 | ---- | C] () -- C:\WINDOWS2\System32\C_28597.NLS
[2009/12/17 17:43:08 | 00,066,082 | ---- | C] () -- C:\WINDOWS2\System32\C_28594.NLS
[2009/12/17 17:43:05 | 00,066,082 | ---- | C] () -- C:\WINDOWS2\System32\c_20127.nls
[2009/12/17 17:43:01 | 00,001,688 | ---- | C] () -- C:\WINDOWS2\System32\AUTOEXEC.NT
[2009/12/17 17:42:46 | 00,007,334 | ---- | C] () -- C:\WINDOWS2\System32\dllcache\wmerrenu.cat
[2009/12/17 17:42:26 | 00,237,680 | ---- | C] () -- C:\WINDOWS2\setupapi.old
[2009/12/17 17:41:53 | 00,157,160 | ---- | C] () -- C:\WINDOWS2\System32\FNTCACHE.DAT
[2009/12/17 17:40:55 | 00,000,314 | ---- | C] () -- C:\WINDOWS2\System32\$winnt$.inf
< End of report >
  • 0

#22
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Download Auslogics Disk Defrag and save it to your Desktop.

Double click and follow the prompts to install it. Note: only install the defrag utility. Some versions come with Askbar toolbars or Speedboosters... do not install those .

Once installed, run the defrag utility.

At the end the utility may tell you that it has found Junk Files and recommend that you run a scan to remove. Disregard that suggestion, it is a promotion of a tool you don't need. All we are interested in here is the defrag. process.

Note: Do not download Windows Registry Cleaner which is promoted at the same site.

After that

Please delete your version of ComboFix, including the folders C:\Qoobox and C:\Combofix, and download a new version of Combofix.

Download ComboFix from one of these locations:

Link 1
Link 2
* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#23
SardonicWhisper

SardonicWhisper

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
ComboFix 10-01-03.03 - Axel 01/04/2010 1:45.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.288 [GMT -5:00]
Running from: c:\documents and settings\Axel\My Documents\Downloads\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2009-12-04 to 2010-01-04 )))))))))))))))))))))))))))))))
.

2010-01-04 03:18 . 2010-01-04 03:18 -------- d-----w- c:\documents and settings\Axel\Application Data\Auslogics
2010-01-04 03:18 . 2010-01-04 03:18 -------- d-----w- c:\program files\Auslogics
2010-01-04 01:31 . 2004-08-18 03:14 442368 ----a-r- c:\windows2\system32\vp6vfw.dll
2010-01-03 23:51 . 2010-01-03 23:55 -------- d-s---w- c:\documents and settings\Axel\Temporary Internet Files
2010-01-03 23:51 . 2010-01-03 23:55 -------- d-s---w- c:\documents and settings\Axel\History
2010-01-03 23:51 . 2008-04-14 00:12 221184 ----a-w- c:\windows2\system32\wmpns.dll
2010-01-03 23:22 . 2010-01-03 23:22 -------- d-----w- c:\windows2\system32\scripting
2010-01-03 23:22 . 2010-01-03 23:22 -------- d-----w- c:\windows2\l2schemas
2010-01-03 23:22 . 2010-01-03 23:22 -------- d-----w- c:\windows2\system32\en
2010-01-03 23:22 . 2010-01-03 23:22 -------- d-----w- c:\windows2\system32\bits
2010-01-03 23:12 . 2010-01-03 23:12 -------- d-----w- c:\windows2\EHome
2010-01-03 23:04 . 2010-01-03 23:04 -------- d-s---w- c:\documents and settings\Axel\UserData
2010-01-02 03:39 . 2010-01-02 03:39 5061520 ----a-w- c:\documents and settings\All Users.WINDOWS2\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-02 00:26 . 2010-01-02 00:26 -------- d-----w- c:\program files\ESET
2010-01-01 23:46 . 2010-01-01 23:46 -------- d-----w- c:\documents and settings\All Users.WINDOWS2\Application Data\Office Genuine Advantage
2010-01-01 23:22 . 2010-01-01 23:24 -------- d-----w- C:\Lop SD
2009-12-30 02:25 . 2010-01-04 05:35 664 ----a-w- c:\windows2\system32\d3d9caps.dat
2009-12-30 02:25 . 2009-12-30 02:25 -------- d-----w- c:\windows2\Sun
2009-12-30 02:21 . 2009-12-30 02:21 79488 ----a-w- c:\documents and settings\Axel\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-30 02:19 . 2009-12-30 02:23 411368 ----a-w- c:\windows2\system32\deploytk.dll
2009-12-30 02:13 . 2009-12-30 02:13 -------- d-----w- c:\documents and settings\All Users.WINDOWS2\Application Data\McAfee
2009-12-30 02:13 . 2009-12-30 02:22 152576 ----a-w- c:\documents and settings\Axel\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-23 05:26 . 2003-03-18 21:20 1060864 ----a-w- c:\windows2\system32\MFC71.dll
2009-12-23 05:26 . 2003-03-18 20:14 499712 ----a-w- c:\windows2\system32\MSVCP71.dll
2009-12-23 05:26 . 2003-02-21 03:42 348160 ----a-w- c:\windows2\system32\MSVCR71.dll
2009-12-23 05:03 . 2009-12-23 05:03 -------- d-----w- c:\documents and settings\Axel\Application Data\Malwarebytes
2009-12-23 05:03 . 2009-12-30 19:55 38224 ----a-w- c:\windows2\system32\drivers\mbamswissarmy.sys
2009-12-23 05:02 . 2009-12-23 05:02 -------- d-----w- c:\documents and settings\All Users.WINDOWS2\Application Data\Malwarebytes
2009-12-23 05:02 . 2009-12-30 19:54 19160 ----a-w- c:\windows2\system32\drivers\mbam.sys
2009-12-23 04:45 . 2009-12-23 04:45 -------- d-----w- c:\windows2\ERUNTSTUFF
2009-12-21 06:32 . 2010-01-03 23:19 -------- d-----w- c:\windows2\ServicePackFiles
2009-12-20 01:57 . 2009-06-10 14:13 84992 -c----w- c:\windows2\system32\dllcache\avifil32.dll
2009-12-20 01:57 . 2008-07-07 20:26 253952 -c----w- c:\windows2\system32\dllcache\es.dll
2009-12-20 01:57 . 2009-06-25 08:25 56832 -c----w- c:\windows2\system32\dllcache\secur32.dll
2009-12-20 01:57 . 2009-03-21 14:06 989696 -c----w- c:\windows2\system32\dllcache\kernel32.dll
2009-12-20 01:57 . 2009-07-29 04:37 81920 -c----w- c:\windows2\system32\dllcache\fontsub.dll
2009-12-20 01:57 . 2009-07-29 04:37 119808 -c----w- c:\windows2\system32\dllcache\t2embed.dll
2009-12-20 01:57 . 2009-10-12 13:38 149504 -c----w- c:\windows2\system32\dllcache\rastls.dll
2009-12-20 01:57 . 2009-10-12 13:38 79872 -c----w- c:\windows2\system32\dllcache\raschap.dll
2009-12-20 01:53 . 2008-04-14 00:12 208896 -c----w- c:\windows2\system32\dllcache\unregmp2.exe
2009-12-20 01:52 . 2004-08-04 03:29 1897408 ------w- c:\windows2\system32\drivers\nv4_mini.sys
2009-12-20 01:51 . 2008-04-14 00:11 37376 ------w- c:\windows2\system32\l2gpstore.dll
2009-12-20 01:50 . 2008-04-14 00:11 159232 -c----w- c:\windows2\system32\dllcache\cewmdm.dll
2009-12-20 01:49 . 2008-04-14 00:12 233472 -c----w- c:\windows2\system32\dllcache\wmpdxm.dll
2009-12-20 01:49 . 2008-04-14 00:12 4874240 -c----w- c:\windows2\system32\dllcache\wmp.dll
2009-12-20 01:49 . 2009-09-04 21:03 58880 -c----w- c:\windows2\system32\dllcache\msasn1.dll
2009-12-20 01:49 . 2009-07-17 19:01 58880 -c----w- c:\windows2\system32\dllcache\atl.dll
2009-12-20 01:49 . 2008-10-24 11:21 455296 -c----w- c:\windows2\system32\dllcache\mrxsmb.sys
2009-12-20 01:49 . 2008-05-01 14:33 331776 -c----w- c:\windows2\system32\dllcache\msadce.dll
2009-12-20 01:49 . 2008-04-11 19:04 691712 -c----w- c:\windows2\system32\dllcache\inetcomm.dll
2009-12-20 01:49 . 2008-08-14 10:04 138496 -c----w- c:\windows2\system32\dllcache\afd.sys
2009-12-20 01:49 . 2008-06-20 17:46 245248 -c----w- c:\windows2\system32\dllcache\mswsock.dll
2009-12-20 01:49 . 2008-06-20 17:46 147968 -c----w- c:\windows2\system32\dllcache\dnsapi.dll
2009-12-20 01:49 . 2008-06-20 11:51 361600 -c----w- c:\windows2\system32\dllcache\tcpip.sys
2009-12-20 01:49 . 2008-06-20 11:08 225856 -c----w- c:\windows2\system32\dllcache\tcpip6.sys
2009-12-20 01:49 . 2009-04-15 14:51 585216 -c----w- c:\windows2\system32\dllcache\rpcrt4.dll
2009-12-20 01:48 . 2009-08-05 09:01 204800 -c----w- c:\windows2\system32\dllcache\mswebdvd.dll
2009-12-20 01:48 . 2009-07-31 04:35 1172480 -c----w- c:\windows2\system32\dllcache\msxml3.dll
2009-12-20 01:48 . 2008-05-03 11:55 2560 ------w- c:\windows2\system32\xpsp4res.dll
2009-12-20 01:48 . 2008-04-21 12:08 215552 -c----w- c:\windows2\system32\dllcache\wordpad.exe
2009-12-20 01:48 . 2009-08-14 13:21 1850624 -c----w- c:\windows2\system32\dllcache\win32k.sys
2009-12-20 01:48 . 2008-06-24 16:43 74240 -c----w- c:\windows2\system32\dllcache\mscms.dll
2009-12-20 01:48 . 2009-06-12 12:31 76288 -c----w- c:\windows2\system32\dllcache\telnet.exe
2009-12-20 01:48 . 2008-04-14 00:12 485376 -c----w- c:\windows2\system32\dllcache\wmspdmod.dll
2009-12-20 01:48 . 2009-07-17 16:22 1435648 -c----w- c:\windows2\system32\dllcache\query.dll
2009-12-20 01:46 . 2008-12-11 10:57 333952 -c----w- c:\windows2\system32\dllcache\srv.sys
2009-12-20 01:46 . 2008-06-17 19:02 8461312 -c----w- c:\windows2\system32\dllcache\shell32.dll
2009-12-20 01:46 . 2009-10-13 10:30 270336 -c----w- c:\windows2\system32\dllcache\oakley.dll
2009-12-20 01:46 . 2009-06-05 07:42 655872 -c----w- c:\windows2\system32\dllcache\mstscax.dll
2009-12-20 01:45 . 2009-08-25 09:17 354816 -c----w- c:\windows2\system32\dllcache\winhttp.dll
2009-12-20 01:45 . 2008-10-23 12:36 286720 -c----w- c:\windows2\system32\dllcache\gdi32.dll
2009-12-20 01:45 . 2009-09-11 14:18 136192 -c----w- c:\windows2\system32\dllcache\msv1_0.dll
2009-12-20 01:45 . 2009-06-25 08:25 54272 -c----w- c:\windows2\system32\dllcache\wdigest.dll
2009-12-20 01:45 . 2009-06-25 08:25 301568 -c----w- c:\windows2\system32\dllcache\kerberos.dll
2009-12-20 01:45 . 2009-06-24 11:18 92928 -c----w- c:\windows2\system32\dllcache\ksecdd.sys
2009-12-20 01:17 . 2008-06-13 11:05 272128 -c----w- c:\windows2\system32\dllcache\bthport.sys
2009-12-20 01:17 . 2008-06-13 11:05 272128 ------w- c:\windows2\system32\drivers\bthport.sys
2009-12-20 01:16 . 2009-10-29 05:38 667136 -c----w- c:\windows2\system32\dllcache\wininet.dll
2009-12-20 01:16 . 2009-10-29 05:38 627712 -c----w- c:\windows2\system32\dllcache\urlmon.dll
2009-12-20 01:16 . 2009-10-29 05:38 1509888 -c----w- c:\windows2\system32\dllcache\shdocvw.dll
2009-12-20 01:16 . 2009-10-29 19:08 3070976 -c----w- c:\windows2\system32\dllcache\mshtml.dll
2009-12-20 01:16 . 2009-09-25 05:37 81920 -c----w- c:\windows2\system32\dllcache\ieencode.dll
2009-12-20 01:16 . 2009-07-10 13:27 1315328 -c----w- c:\windows2\system32\dllcache\msoe.dll
2009-12-20 01:15 . 2008-10-15 16:34 337408 -c----w- c:\windows2\system32\dllcache\netapi32.dll
2009-12-18 23:29 . 2004-08-04 03:31 20992 ----a-w- c:\windows2\system32\drivers\RTL8139.sys
2009-12-18 23:20 . 2004-08-04 12:00 24661 ----a-w- c:\windows2\system32\spxcoins.dll
2009-12-18 23:20 . 2004-08-04 12:00 13312 ----a-w- c:\windows2\system32\irclass.dll
2009-12-18 20:17 . 2009-12-18 20:17 -------- d-----w- c:\documents and settings\Axel\Application Data\Lavasoft
2009-12-18 19:40 . 2004-08-04 12:00 4096 ----a-w- c:\documents and settings\All Users.WINDOWS2\Application Data\Microsoft\USMT\iconlib.dll
2009-12-18 08:43 . 2009-12-18 09:09 -------- d-----w- c:\program files\EA GAMES
2009-12-18 08:00 . 2007-08-11 01:46 26488 ----a-w- c:\windows2\system32\spupdsvc.exe
2009-12-18 08:00 . 2009-12-22 07:26 -------- d--h--w- c:\windows2\$hf_mig$

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-04 01:18 . 2002-07-24 23:35 -------- dc----w- c:\program files\HPSelect
2010-01-03 23:54 . 2009-12-18 04:39 34944 ----a-w- c:\documents and settings\Axel\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-03 23:25 . 2009-12-18 04:26 76493 ----a-w- c:\windows2\pchealth\helpctr\OfflineCache\index.dat
2010-01-02 03:39 . 2009-06-19 03:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-02 02:59 . 2002-12-26 13:18 -------- d-----w- c:\program files\Microsoft Games
2010-01-02 02:54 . 2007-04-08 00:27 -------- d-----w- c:\program files\Gpotato
2009-12-30 02:23 . 2005-03-07 02:42 -------- d-----w- c:\program files\Java
2009-12-24 00:23 . 2006-07-05 04:36 -------- d-----w- c:\program files\DivX
2009-12-23 04:44 . 2009-06-19 03:42 -------- d-----w- c:\program files\ERUNT
2009-12-18 23:40 . 2009-12-18 04:23 22720 ----a-w- c:\windows2\system32\emptyregdb.dat
2009-12-18 04:43 . 2009-12-18 04:43 0 ----a-w- c:\windows2\nsreg.dat
2009-12-12 20:33 . 2009-12-12 20:33 -------- d-----w- c:\documents and settings\Administrator\Application Data\Lavasoft
2009-12-12 13:05 . 2008-07-08 18:23 -------- d-----w- c:\documents and settings\Owner\Application Data\skypePM
2009-12-12 07:46 . 2009-11-27 03:27 -------- d-----w- c:\program files\SimPE
2009-12-02 00:17 . 2009-12-02 00:17 -------- d-----w- c:\documents and settings\New Account\Application Data\Lavasoft
2009-11-29 07:45 . 2009-11-29 07:45 -------- d-----w- c:\documents and settings\New Account\Application Data\Malwarebytes
2009-10-29 05:38 . 2004-08-04 12:00 667136 ----a-w- c:\windows2\system32\wininet.dll
2009-10-21 05:38 . 2004-08-04 12:00 75776 ----a-w- c:\windows2\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-04 12:00 25088 ----a-w- c:\windows2\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 12:00 265728 ----a-w- c:\windows2\system32\drivers\http.sys
2009-10-13 10:30 . 2004-08-04 12:00 270336 ----a-w- c:\windows2\system32\oakley.dll
2009-10-12 13:38 . 2004-08-04 12:00 149504 ----a-w- c:\windows2\system32\rastls.dll
2009-10-12 13:38 . 2004-08-04 12:00 79872 ----a-w- c:\windows2\system32\raschap.dll
2006-01-27 23:38 . 2006-01-27 23:38 774144 ----a-w- c:\program files\RngInterstitial.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows2\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows2\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows2\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"IMEKRMIG6.1"="c:\windows2\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 44032]
"MSPY2002"="c:\windows2\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-30 149280]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [2008-8-30 225280]

c:\documents and settings\Axel's Account\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-1-2 113664]

c:\documents and settings\Axel\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS2\\system32\\usmt\\migwiz.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

.
.
------- Supplementary Scan -------
.
FF - ProfilePath - c:\documents and settings\Axel\Application Data\Mozilla\Firefox\Profiles\jq7b4q6u.default\
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npracplug.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-04 01:55
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-01-04 01:57:31
ComboFix-quarantined-files.txt 2010-01-04 06:57

Pre-Run: 10,261,471,232 bytes free
Post-Run: 10,935,824,384 bytes free

- - End Of File - - F73AF499C37144D820EDFA611C1A66FA
  • 0

#24
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello SardonicWhisper,

Please download and save SysProt AntiRootkit to your Desktop.

  • double click the Zip file.
  • You should now have a folder with SysProt and some other files within it on your Desktop.
  • Double-click SysProt and you should see another small window with SysProt underneath it.
  • Double-click this and Wizard will appear to guide you through extracting the files.
  • Double-click the Sysprot folder
  • SysProt will appear with a red cross on black - double-click
  • a panel will appear with a number of tabs along the top
  • click on the Log tab and check all boxes except the one Hidden objects only
  • click the Creat Log button
  • it will scan...once finished a panel will appear
  • click on Scan all drives
  • A log will be created and saved automatically in the same folder.
  • Open the text file copy and paste the contents back here in the forum. Close any left open panels.

  • 0

#25
SardonicWhisper

SardonicWhisper

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

Process:
Name: [System Idle Process]
PID: 0
Hidden: No
Window Visible: No

Name: System
PID: 4
Hidden: No
Window Visible: No

Name: C:\WINDOWS2\system32\smss.exe
PID: 420
Hidden: No
Window Visible: No

Name: C:\WINDOWS2\system32\csrss.exe
PID: 468
Hidden: No
Window Visible: No

Name: C:\WINDOWS2\system32\winlogon.exe
PID: 492
Hidden: No
Window Visible: No

Name: C:\WINDOWS2\system32\services.exe
PID: 536
Hidden: No
Window Visible: No

Name: C:\WINDOWS2\system32\lsass.exe
PID: 548
Hidden: No
Window Visible: No

Name: C:\WINDOWS2\system32\svchost.exe
PID: 700
Hidden: No
Window Visible: No

Name: C:\WINDOWS2\system32\svchost.exe
PID: 756
Hidden: No
Window Visible: No

Name: C:\WINDOWS2\system32\svchost.exe
PID: 824
Hidden: No
Window Visible: No

Name: C:\WINDOWS2\system32\svchost.exe
PID: 880
Hidden: No
Window Visible: No

Name: C:\WINDOWS2\system32\svchost.exe
PID: 972
Hidden: No
Window Visible: No

Name: C:\WINDOWS2\system32\spoolsv.exe
PID: 1064
Hidden: No
Window Visible: No

Name: C:\WINDOWS2\system32\svchost.exe
PID: 1248
Hidden: No
Window Visible: No

Name: C:\Program Files\Java\jre6\bin\jqs.exe
PID: 1296
Hidden: No
Window Visible: No

Name: C:\WINDOWS2\system32\wscntfy.exe
PID: 376
Hidden: No
Window Visible: No

Name: C:\WINDOWS2\system32\alg.exe
PID: 380
Hidden: No
Window Visible: No

Name: C:\Program Files\Java\jre6\bin\jusched.exe
PID: 1500
Hidden: No
Window Visible: No

Name: C:\WINDOWS2\system32\svchost.exe
PID: 1412
Hidden: No
Window Visible: No

Name: C:\WINDOWS2\system32\wuauclt.exe
PID: 2004
Hidden: No
Window Visible: No

Name: C:\WINDOWS2\explorer.exe
PID: 716
Hidden: No
Window Visible: No

Name: C:\Program Files\Mozilla Firefox\firefox.exe
PID: 648
Hidden: No
Window Visible: No

Name: C:\Documents and Settings\Axel\Desktop\SysProt\SysProt.exe
PID: 316
Hidden: No
Window Visible: Yes

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \??\C:\Documents and Settings\Axel\Desktop\SysProt\SysProtDrv.sys
Service Name: SysProtDrv.sys
Module Base: F6FB2000
Module End: F6FBD000
Hidden: No

Module Name: \WINDOWS2\system32\ntoskrnl.exe
Service Name: ---
Module Base: 804D7000
Module End: 806ED780
Hidden: No

Module Name: \WINDOWS2\system32\hal.dll
Service Name: ---
Module Base: 806EE000
Module End: 8070E300
Hidden: No

Module Name: \WINDOWS2\system32\KDCOM.DLL
Service Name: ---
Module Base: F8A51000
Module End: F8A53000
Hidden: No

Module Name: \WINDOWS2\system32\BOOTVID.dll
Service Name: ---
Module Base: F8961000
Module End: F8964000
Hidden: No

Module Name: C:\WINDOWS2\system32\drivers\ACPI.sys
Service Name: ACPI
Module Base: F8502000
Module End: F8530000
Hidden: No

Module Name: \WINDOWS2\system32\DRIVERS\WMILIB.SYS
Service Name: ---
Module Base: F8A53000
Module End: F8A55000
Hidden: No

Module Name: C:\WINDOWS2\system32\drivers\pci.sys
Service Name: PCI
Module Base: F84F1000
Module End: F8502000
Hidden: No

Module Name: C:\WINDOWS2\system32\drivers\isapnp.sys
Service Name: isapnp
Module Base: F8551000
Module End: F855B000
Hidden: No

Module Name: C:\WINDOWS2\system32\drivers\viaide.sys
Service Name: ViaIde
Module Base: F8A55000
Module End: F8A57000
Hidden: No

Module Name: \WINDOWS2\system32\DRIVERS\PCIIDEX.SYS
Service Name: ---
Module Base: F87D1000
Module End: F87D8000
Hidden: No

Module Name: C:\WINDOWS2\system32\drivers\MountMgr.sys
Service Name: MountMgr
Module Base: F8561000
Module End: F856C000
Hidden: No

Module Name: C:\WINDOWS2\system32\drivers\ftdisk.sys
Service Name: Disk
Module Base: F84D2000
Module End: F84F1000
Hidden: No

Module Name: C:\WINDOWS2\system32\drivers\PartMgr.sys
Service Name: PartMgr
Module Base: F87D9000
Module End: F87DE000
Hidden: No

Module Name: C:\WINDOWS2\system32\drivers\VolSnap.sys
Service Name: VolSnap
Module Base: F8571000
Module End: F857E000
Hidden: No

Module Name: C:\WINDOWS2\system32\drivers\atapi.sys
Service Name: atapi
Module Base: F84BA000
Module End: F84D2000
Hidden: No

Module Name: C:\WINDOWS2\system32\drivers\disk.sys
Service Name: ---
Module Base: F8581000
Module End: F858A000
Hidden: No

Module Name: \WINDOWS2\system32\DRIVERS\CLASSPNP.SYS
Service Name: ---
Module Base: F8591000
Module End: F859E000
Hidden: No

Module Name: C:\WINDOWS2\system32\drivers\fltmgr.sys
Service Name: FltMgr
Module Base: F849A000
Module End: F84BA000
Hidden: No

Module Name: C:\WINDOWS2\system32\drivers\sr.sys
Service Name: sr
Module Base: F8488000
Module End: F849A000
Hidden: No

Module Name: C:\WINDOWS2\system32\drivers\KSecDD.sys
Service Name: KSecDD
Module Base: F8471000
Module End: F8488000
Hidden: No

Module Name: C:\WINDOWS2\system32\drivers\Ntfs.sys
Service Name: Ntfs
Module Base: F83E4000
Module End: F8471000
Hidden: No

Module Name: C:\WINDOWS2\system32\drivers\NDIS.sys
Service Name: NDIS
Module Base: F83B7000
Module End: F83E4000
Hidden: No

Module Name: C:\WINDOWS2\system32\drivers\viaagp.sys
Service Name: viaagp
Module Base: F85A1000
Module End: F85AC000
Hidden: No

Module Name: C:\WINDOWS2\system32\drivers\Mup.sys
Service Name: Mup
Module Base: F839D000
Module End: F83B7000
Hidden: No

Module Name: C:\WINDOWS2\system32\DRIVERS\amdk7.sys
Service Name: AmdK7
Module Base: F85D1000
Module End: F85DB000
Hidden: No

Module Name: C:\WINDOWS2\system32\DRIVERS\ltmdmnt.sys
Service Name: ltmodem5
Module Base: F82E8000
Module End: F837D000
Hidden: No

Module Name: C:\WINDOWS2\System32\Drivers\Modem.SYS
Service Name: Modem
Module Base: F8811000
Module End: F8819000
Hidden: No

Module Name: C:\WINDOWS2\system32\DRIVERS\RTL8139.SYS
Service Name: rtl8139
Module Base: F8819000
Module End: F881F000
Hidden: No

Module Name: C:\WINDOWS2\system32\DRIVERS\imapi.sys
Service Name: Imapi
Module Base: F85E1000
Module End: F85EC000
Hidden: No

Module Name: C:\WINDOWS2\system32\DRIVERS\cdrom.sys
Service Name: Cdrom
Module Base: F85F1000
Module End: F8601000
Hidden: No

Module Name: C:\WINDOWS2\system32\DRIVERS\redbook.sys
Service Name: redbook
Module Base: F8601000
Module End: F8610000
Hidden: No

Module Name: C:\WINDOWS2\system32\DRIVERS\ks.sys
Service Name: ---
Module Base: F829D000
Module End: F82C0000
Hidden: No

Module Name: C:\WINDOWS2\system32\DRIVERS\usbuhci.sys
Service Name: usbuhci
Module Base: F8831000
Module End: F8837000
Hidden: No

Module Name: C:\WINDOWS2\system32\DRIVERS\USBPORT.SYS
Service Name: ---
Module Base: F8279000
Module End: F829D000
Hidden: No

Module Name: C:\WINDOWS2\system32\DRIVERS\serial.sys
Service Name: Serial
Module Base: F8611000
Module End: F8621000
Hidden: No

Module Name: C:\WINDOWS2\system32\DRIVERS\serenum.sys
Service Name: serenum
Module Base: F89ED000
Module End: F89F1000
Hidden: No

Module Name: C:\WINDOWS2\system32\DRIVERS\parport.sys
Service Name: Parport
Module Base: F8265000
Module End: F8279000
Hidden: No

Module Name: C:\WINDOWS2\system32\drivers\msmpu401.sys
Service Name: ms_mpu401
Module Base: F8C77000
Module End: F8C78000
Hidden: No

Module Name: C:\WINDOWS2\system32\drivers\portcls.sys
Service Name: ---
Module Base: F8241000
Module End: F8265000
Hidden: No

Module Name: C:\WINDOWS2\system32\drivers\drmk.sys
Service Name: ---
Module Base: F8621000
Module End: F8630000
Hidden: No

Module Name: C:\WINDOWS2\system32\DRIVERS\gameenum.sys
Service Name: gameenum
Module Base: F89FD000
Module End: F8A00000
Hidden: No

Module Name: C:\WINDOWS2\system32\DRIVERS\audstub.sys
Service Name: audstub
Module Base: F8C7A000
Module End: F8C7B000
Hidden: No

Module Name: C:\WINDOWS2\system32\DRIVERS\rasl2tp.sys
Service Name: Rasl2tp
Module Base: F8631000
Module End: F863E000
Hidden: No

Module Name: C:\WINDOWS2\system32\DRIVERS\ndistapi.sys
Service Name: NdisTapi
Module Base: F8A05000
Module End: F8A08000
Hidden: No

Module Name: C:\WINDOWS2\system32\DRIVERS\ndiswan.sys
Service Name: NdisWan
Module Base: F822A000
Module End: F8241000
Hidden: No

Module Name: C:\WINDOWS2\system32\DRIVERS\raspppoe.sys
Service Name: RasPppoe
Module Base: F8641000
Module End: F864C000
Hidden: No

Module Name: C:\WINDOWS2\system32\DRIVERS\raspptp.sys
Service Name: PptpMiniport
Module Base: F8651000
Module End: F865D000
Hidden: No

Module Name: C:\WINDOWS2\system32\DRIVERS\TDI.SYS
Service Name: ---
Module Base: F8869000
Module End: F886E000
Hidden: No

Module Name: C:\WINDOWS2\system32\DRIVERS\psched.sys
Service Name: PSched
Module Base: F8219000
Module End: F822A000
Hidden: No

Module Name: C:\WINDOWS2\system32\DRIVERS\msgpc.sys
Service Name: Gpc
Module Base: F8661000
Module End: F866A000
Hidden: No

Module Name: C:\WINDOWS2\system32\DRIVERS\ptilink.sys
Service Name: Ptilink
Module Base: F8879000
Module End: F887E000
Hidden: No

Module Name: C:\WINDOWS2\system32\DRIVERS\raspti.sys
Service Name: Raspti
Module Base: F8889000
Module End: F888E000
Hidden: No

Module Name: C:\WINDOWS2\system32\DRIVERS\termdd.sys
Service Name: TermDD
Module Base: F8671000
Module End: F867B000
Hidden: No

Module Name: C:\WINDOWS2\system32\DRIVERS\kbdclass.sys
Service Name: Kbdclass
Module Base: F8891000
Module End: F8897000
Hidden: No

Module Name: C:\WINDOWS2\system32\DRIVERS\mouclass.sys
Service Name: Mouclass
Module Base: F8899000
Module End: F889F000
Hidden: No

Module Name: C:\WINDOWS2\system32\DRIVERS\swenum.sys
Service Name: swenum
Module Base: F8A5D000
Module End: F8A5F000
Hidden: No

Module Name: C:\WINDOWS2\system32\DRIVERS\update.sys
Service Name: Update
Module Base: F81BB000
Module End: F8219000
Hidden: No

Module Name: C:\WINDOWS2\system32\DRIVERS\mssmbios.sys
Service Name: mssmbios
Module Base: F8A19000
Module End: F8A1D000
Hidden: No

Module Name: C:\WINDOWS2\System32\Drivers\NDProxy.SYS
Service Name: NDProxy
Module Base: F8681000
Module End: F868B000
Hidden: No

Module Name: C:\WINDOWS2\system32\DRIVERS\usbhub.sys
Service Name: usbhub
Module Base: F8691000
Module End: F86A0000
Hidden: No

Module Name: C:\WINDOWS2\system32\DRIVERS\USBD.SYS
Service Name: ---
Module Base: F8A63000
Module End: F8A65000
Hidden: No

Module Name: C:\WINDOWS2\system32\DRIVERS\flpydisk.sys
Service Name: Flpydisk
Module Base: F88B1000
Module End: F88B6000
Hidden: No

Module Name: C:\WINDOWS2\System32\Drivers\Fs_Rec.SYS
Service Name: Fs_Rec
Module Base: F8A67000
Module End: F8A69000
Hidden: No

Module Name: C:\WINDOWS2\System32\Drivers\Null.SYS
Service Name: Null
Module Base: F8B21000
Module End: F8B22000
Hidden: No

Module Name: C:\WINDOWS2\System32\Drivers\Beep.SYS
Service Name: Beep
Module Base: F8A6B000
Module End: F8A6D000
Hidden: No

Module Name: C:\WINDOWS2\system32\DRIVERS\HIDPARSE.SYS
Service Name: ---
Module Base: F88D9000
Module End: F88E0000
Hidden: No

Module Name: C:\WINDOWS2\System32\drivers\vga.sys
Service Name: VgaSave
Module Base: F88E1000
Module End: F88E7000
Hidden: No

Module Name: C:\WINDOWS2\System32\drivers\VIDEOPRT.SYS
Service Name: ---
Module Base: F80DF000
Module End: F80F3000
Hidden: No

Module Name: C:\WINDOWS2\System32\Drivers\mnmdd.SYS
Service Name: mnmdd
Module Base: F8A71000
Module End: F8A73000
Hidden: No

Module Name: C:\WINDOWS2\System32\DRIVERS\RDPCDD.sys
Service Name: RDPCDD
Module Base: F8A75000
Module End: F8A77000
Hidden: No

Module Name: C:\WINDOWS2\System32\Drivers\Msfs.SYS
Service Name: Msfs
Module Base: F88F1000
Module End: F88F6000
Hidden: No

Module Name: C:\WINDOWS2\System32\Drivers\Npfs.SYS
Service Name: Npfs
Module Base: F8901000
Module End: F8909000
Hidden: No

Module Name: C:\WINDOWS2\system32\DRIVERS\rasacd.sys
Service Name: RasAcd
Module Base: F82E0000
Module End: F82E3000
Hidden: No

Module Name: C:\WINDOWS2\system32\DRIVERS\ipsec.sys
Service Name: IPSec
Module Base: F80AC000
Module End: F80BF000
Hidden: No

Module Name: C:\WINDOWS2\system32\DRIVERS\tcpip.sys
Service Name: Tcpip
Module Base: F8053000
Module End: F80AC000
Hidden: No

Module Name: C:\WINDOWS2\system32\DRIVERS\netbt.sys
Service Name: NetBT
Module Base: F802B000
Module End: F8053000
Hidden: No

Module Name: C:\WINDOWS2\system32\DRIVERS\ipnat.sys
Service Name: IpNat
Module Base: F8005000
Module End: F802B000
Hidden: No

Module Name: C:\WINDOWS2\system32\DRIVERS\wanarp.sys
Service Name: Wanarp
Module Base: F86C1000
Module End: F86CA000
Hidden: No

Module Name: C:\WINDOWS2\System32\drivers\afd.sys
Service Name: AFD
Module Base: F7FE3000
Module End: F8005000
Hidden: No

Module Name: C:\WINDOWS2\system32\DRIVERS\netbios.sys
Service Name: NetBIOS
Module Base: F86D1000
Module End: F86DA000
Hidden: No

Module Name: C:\WINDOWS2\system32\DRIVERS\rdbss.sys
Service Name: Rdbss
Module Base: F7FB8000
Module End: F7FE3000
Hidden: No

Module Name: C:\WINDOWS2\system32\DRIVERS\mrxsmb.sys
Service Name: MRxSmb
Module Base: F7F48000
Module End: F7FB8000
Hidden: No

Module Name: C:\WINDOWS2\System32\Drivers\Fips.SYS
Service Name: Fips
Module Base: F86E1000
Module End: F86EC000
Hidden: No

Module Name: C:\WINDOWS2\system32\DRIVERS\usbccgp.sys
Service Name: usbccgp
Module Base: F8921000
Module End: F8929000
Hidden: No

Module Name: C:\WINDOWS2\system32\DRIVERS\hidusb.sys
Service Name: hidusb
Module Base: F89F5000
Module End: F89F8000
Hidden: No

Module Name: C:\WINDOWS2\system32\DRIVERS\HIDCLASS.SYS
Service Name: ---
Module Base: F8701000
Module End: F870A000
Hidden: No

Module Name: C:\WINDOWS2\System32\Drivers\Fastfat.SYS
Service Name: Fastfat
Module Base: F7EFC000
Module End: F7F20000
Hidden: No

Module Name: C:\WINDOWS2\system32\DRIVERS\mouhid.sys
Service Name: mouhid
Module Base: F8A0D000
Module End: F8A10000
Hidden: No

Module Name: C:\WINDOWS2\system32\DRIVERS\kbdhid.sys
Service Name: kbdhid
Module Base: F81B7000
Module End: F81BB000
Hidden: No

Module Name: C:\WINDOWS2\System32\Drivers\Cdfs.SYS
Service Name: Cdfs
Module Base: F8761000
Module End: F8771000
Hidden: No

Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: F7EE4000
Module End: F7EFC000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS
Service Name: ---
Module Base: F8ABD000
Module End: F8ABF000
Hidden: Yes

Module Name: C:\WINDOWS2\System32\drivers\Dxapi.sys
Service Name: ---
Module Base: F8A49000
Module End: F8A4C000
Hidden: No

Module Name: C:\WINDOWS2\System32\watchdog.sys
Service Name: ---
Module Base: F8829000
Module End: F882E000
Hidden: No

Module Name: C:\WINDOWS2\System32\drivers\dxgthk.sys
Service Name: ---
Module Base: F8B86000
Module End: F8B87000
Hidden: No

Module Name: C:\WINDOWS2\system32\DRIVERS\ndisuio.sys
Service Name: Ndisuio
Module Base: F79CC000
Module End: F79D0000
Hidden: No

Module Name: C:\WINDOWS2\system32\DRIVERS\mrxdav.sys
Service Name: MRxDAV
Module Base: F776F000
Module End: F779C000
Hidden: No

Module Name: C:\WINDOWS2\System32\Drivers\ParVdm.SYS
Service Name: ParVdm
Module Base: F8A7F000
Module End: F8A81000
Hidden: No

Module Name: C:\WINDOWS2\system32\DRIVERS\srv.sys
Service Name: Srv
Module Base: F76A5000
Module End: F76F7000
Hidden: No

Module Name: C:\WINDOWS2\system32\drivers\wdmaud.sys
Service Name: wdmaud
Module Base: F7410000
Module End: F7425000
Hidden: No

Module Name: C:\WINDOWS2\system32\drivers\sysaudio.sys
Service Name: sysaudio
Module Base: F74B5000
Module End: F74C4000
Hidden: No

Module Name: C:\WINDOWS2\System32\Drivers\HTTP.sys
Service Name: HTTP
Module Base: F7291000
Module End: F72D2000
Hidden: No

Module Name: C:\WINDOWS2\System32\Drivers\Udfs.SYS
Service Name: Udfs
Module Base: F70A0000
Module End: F70B1000
Hidden: No

Module Name: \??\C:\DOCUME~1\Axel\LOCALS~1\Temp\catchme.sys
Service Name: catchme
Module Base: F8911000
Module End: F8919000
Hidden: Yes

Module Name: \??\C:\WINDOWS2\system32\Drivers\PROCEXP113.SYS
Service Name: ---
Module Base: F8A89000
Module End: F8A8B000
Hidden: Yes

Module Name: C:\WINDOWS2\system32\DRIVERS\fdc.sys
Service Name: Fdc
Module Base: F8841000
Module End: F8848000
Hidden: No

******************************************************************************************
******************************************************************************************
No SSDT Hooks found

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
No IRP Hooks found

******************************************************************************************
******************************************************************************************
Ports:
Local Address: AXEL2:4301
Remote Address: A96-16-196-20.DEPLOY.AKAMAITECHNOLOGIES.COM:HTTP
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: AXEL2:4295
Remote Address: A96-16-192-100.DEPLOY.AKAMAITECHNOLOGIES.COM:HTTP
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: AXEL2:4288
Remote Address: A96-16-196-20.DEPLOY.AKAMAITECHNOLOGIES.COM:HTTP
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: AXEL2:4258
Remote Address: A96-17-10-25.DEPLOY.AKAMAITECHNOLOGIES.COM:HTTP
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: AXEL2:NETBIOS-SSN
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: AXEL2:5152
Remote Address: LOCALHOST:4222
Type: TCP
Process: C:\Program Files\Java\jre6\bin\jqs.exe
State: CLOSE_WAIT

Local Address: AXEL2:5152
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Java\jre6\bin\jqs.exe
State: LISTENING

Local Address: AXEL2:4226
Remote Address: LOCALHOST:4225
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: AXEL2:4225
Remote Address: LOCALHOST:4226
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: AXEL2:4221
Remote Address: LOCALHOST:4220
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: AXEL2:4220
Remote Address: LOCALHOST:4221
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: AXEL2:1025
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS2\system32\alg.exe
State: LISTENING

Local Address: AXEL2:MICROSOFT-DS
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: AXEL2:EPMAP
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS2\system32\svchost.exe
State: LISTENING

Local Address: AXEL2:1900
Remote Address: NA
Type: UDP
Process: C:\WINDOWS2\system32\svchost.exe
State: NA

Local Address: AXEL2:138
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: AXEL2:NETBIOS-NS
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: AXEL2:123
Remote Address: NA
Type: UDP
Process: C:\WINDOWS2\system32\svchost.exe
State: NA

Local Address: AXEL2:1900
Remote Address: NA
Type: UDP
Process: C:\WINDOWS2\system32\svchost.exe
State: NA

Local Address: AXEL2:123
Remote Address: NA
Type: UDP
Process: C:\WINDOWS2\system32\svchost.exe
State: NA

Local Address: AXEL2:4500
Remote Address: NA
Type: UDP
Process: C:\WINDOWS2\system32\lsass.exe
State: NA

Local Address: AXEL2:500
Remote Address: NA
Type: UDP
Process: C:\WINDOWS2\system32\lsass.exe
State: NA

Local Address: AXEL2:MICROSOFT-DS
Remote Address: NA
Type: UDP
Process: System
State: NA

******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\Documents and Settings\All Users\Application Data\Broderbund Software\Print\PrintMaster\17.0\Books\Address.abk
Status: Access denied

Object: C:\Documents and Settings\All Users\Application Data\Broderbund Software\Print\PrintMaster\17.0\Books\Sender\Sender.abk
Status: Access denied

Object: C:\Documents and Settings\All Users\Application Data\Broderbund Software\Print\PrintMaster\17.0\Books\Sender
Status: Access denied
  • 0

Advertisements


#26
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello SardonicWhisper,

Go to the link below to learn about Admilli Service.

http://www.bleepingc...li-Service.html

I think it would make sense to uninstall this unless you especially want the program for some reason.

Go to Start > Control Panel > Add or Remove Programs and remove Admilli Service if it is there.

After that

You have used Malwarebytes before. If you still have it on your machine please update and run. Post the scan report back here.

If you no-longer have Malwarebytes please download from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Next

Kaspersky on line scanner is very thorough. It can take a long time and for periods may seem not to be working. Just be patient and let it do its job.

Kaspersky works with Internet Explorer and Firefox 3.

Go to Kaspersky website and perform an online antivirus scan.

Note: you will need to turn off your security programs to allow Kaspersky to do its job.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start dowanloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Copy and paste that information in your next post.

So when you return please post
  • MBAM log
  • Kaspersky scan results
  • and tell me how your computer is performing now

  • 0

#27
SardonicWhisper

SardonicWhisper

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Admilli Service, along with many other of my programs, does not appear in the Add/Remove Program list, so I can't remove it that way :\. However, the files are still there. For example, my Sims 2 games are all still in my computer, I can see the files, but when I try running them they don't work. Do you know why it's doing this?

Also, Kaspersky froze my computer again :). So all I have is the MBAM log. I tried going into the other Windows again and still nothing.

Malwarebytes' Anti-Malware 1.43
Database version: 3490
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

1/4/2010 3:15:58 AM
mbam-log-2010-01-04 (03-15-58).txt

Scan type: Quick Scan
Objects scanned: 165997
Time elapsed: 5 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#28
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

For example, my Sims 2 games are all still in my computer


I don't specifically know but I would say this. Many people file share games and transfer infection with them. Maybe you picked up the games this way or by some other copying method and the infection was removed by the tools we have been using resulting in corruption of the games programs. If so, then the only suggestion I can make is to reinstall them.

If you do, remember that if you are copying them or if you are getting them via P2P sharing then you could well be re-infecting your computer.

If people persist in using programs like that and keep coming back to forums such as ours for help they will find the helpers less and less inclined to help.

Now

As far as Admilli Service is concerned. Maybe it's not active but let's do this:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KillAll::

Folder::
Admilli Service

Reboot::


Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt. Please post that here for further review.
  • 0

#29
SardonicWhisper

SardonicWhisper

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Haha thanks for the warning but I bought The Sims 2 and all the expansions legally xD. The only reason that it's difficult for me to simply re-install them is because I lost the manuals with the serial numbers on them. But it's not a big deal I can buy new manuals from their website.

However I did discover something interesting about my registry. I found out you can retrieve the license keys from your registry (that isn't illegal is it? If it is I apologize for bringing it up on this forum). But when I tried to do it, it didn't find any of the games, like they're not even on my computer even though I see the files. Is that normal? I only bring it up just in case it sheds any light on what might be wrong with my computer.

Anyway, here's ComboFix Log :)

----------------------------------------------------------------

ComboFix 10-01-04.01 - Axel 01/05/2010 14:44:32.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.344 [GMT -5:00]
Running from: c:\documents and settings\Axel\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Axel\My Documents\Downloads\CFScript.txt
.

((((((((((((((((((((((((( Files Created from 2009-12-05 to 2010-01-05 )))))))))))))))))))))))))))))))
.

2010-01-05 05:09 . 2010-01-05 05:09 107888 ----a-w- c:\windows2\system32\CmdLineExt.dll
2010-01-04 23:12 . 2004-07-11 02:24 294912 ----a-r- c:\windows2\system32\atiiiexx.dll
2010-01-04 23:12 . 2004-07-11 02:11 131072 ----a-r- c:\windows2\system32\ATIDEMGR.dll
2010-01-04 17:00 . 2009-08-13 15:16 512000 -c----w- c:\windows2\system32\dllcache\jscript.dll
2010-01-04 16:58 . 2009-08-07 00:23 274288 ----a-w- c:\windows2\system32\mucltui.dll
2010-01-04 03:18 . 2010-01-04 03:18 -------- d-----w- c:\documents and settings\Axel\Application Data\Auslogics
2010-01-04 03:18 . 2010-01-04 03:18 -------- d-----w- c:\program files\Auslogics
2010-01-04 01:31 . 2004-08-18 03:14 442368 ----a-r- c:\windows2\system32\vp6vfw.dll
2010-01-03 23:51 . 2010-01-03 23:55 -------- d-s---w- c:\documents and settings\Axel\Temporary Internet Files
2010-01-03 23:51 . 2010-01-03 23:55 -------- d-s---w- c:\documents and settings\Axel\History
2010-01-03 23:51 . 2008-04-14 00:12 221184 ----a-w- c:\windows2\system32\wmpns.dll
2010-01-03 23:22 . 2010-01-03 23:22 -------- d-----w- c:\windows2\system32\scripting
2010-01-03 23:22 . 2010-01-03 23:22 -------- d-----w- c:\windows2\l2schemas
2010-01-03 23:22 . 2010-01-03 23:22 -------- d-----w- c:\windows2\system32\en
2010-01-03 23:22 . 2010-01-03 23:22 -------- d-----w- c:\windows2\system32\bits
2010-01-03 23:12 . 2010-01-03 23:12 -------- d-----w- c:\windows2\EHome
2010-01-03 23:04 . 2010-01-03 23:04 -------- d-s---w- c:\documents and settings\Axel\UserData
2010-01-02 00:26 . 2010-01-02 00:26 -------- d-----w- c:\program files\ESET
2010-01-01 23:46 . 2010-01-01 23:46 -------- d-----w- c:\documents and settings\All Users.WINDOWS2\Application Data\Office Genuine Advantage
2010-01-01 23:22 . 2010-01-01 23:24 -------- d-----w- C:\Lop SD
2009-12-30 02:25 . 2010-01-04 23:15 664 ----a-w- c:\windows2\system32\d3d9caps.dat
2009-12-30 02:25 . 2009-12-30 02:25 -------- d-----w- c:\windows2\Sun
2009-12-30 02:19 . 2009-12-30 02:23 411368 ----a-w- c:\windows2\system32\deploytk.dll
2009-12-30 02:13 . 2009-12-30 02:13 -------- d-----w- c:\documents and settings\All Users.WINDOWS2\Application Data\McAfee
2009-12-23 05:26 . 2003-03-18 21:20 1060864 ----a-w- c:\windows2\system32\MFC71.dll
2009-12-23 05:26 . 2003-03-18 20:14 499712 ----a-w- c:\windows2\system32\MSVCP71.dll
2009-12-23 05:26 . 2003-02-21 03:42 348160 ----a-w- c:\windows2\system32\MSVCR71.dll
2009-12-23 05:03 . 2009-12-23 05:03 -------- d-----w- c:\documents and settings\Axel\Application Data\Malwarebytes
2009-12-23 05:03 . 2009-12-30 19:55 38224 ----a-w- c:\windows2\system32\drivers\mbamswissarmy.sys
2009-12-23 05:02 . 2009-12-23 05:02 -------- d-----w- c:\documents and settings\All Users.WINDOWS2\Application Data\Malwarebytes
2009-12-23 05:02 . 2009-12-30 19:54 19160 ----a-w- c:\windows2\system32\drivers\mbam.sys
2009-12-23 04:45 . 2009-12-23 04:45 -------- d-----w- c:\windows2\ERUNTSTUFF
2009-12-21 06:32 . 2010-01-03 23:19 -------- d-----w- c:\windows2\ServicePackFiles
2009-12-20 01:57 . 2009-06-10 14:13 84992 -c----w- c:\windows2\system32\dllcache\avifil32.dll
2009-12-20 01:57 . 2008-07-07 20:26 253952 -c----w- c:\windows2\system32\dllcache\es.dll
2009-12-20 01:57 . 2009-06-25 08:25 56832 -c----w- c:\windows2\system32\dllcache\secur32.dll
2009-12-20 01:57 . 2009-03-21 14:06 989696 -c----w- c:\windows2\system32\dllcache\kernel32.dll
2009-12-20 01:57 . 2009-07-29 04:37 81920 -c----w- c:\windows2\system32\dllcache\fontsub.dll
2009-12-20 01:57 . 2009-07-29 04:37 119808 -c----w- c:\windows2\system32\dllcache\t2embed.dll
2009-12-20 01:57 . 2009-10-12 13:38 149504 -c----w- c:\windows2\system32\dllcache\rastls.dll
2009-12-20 01:57 . 2009-10-12 13:38 79872 -c----w- c:\windows2\system32\dllcache\raschap.dll
2009-12-20 01:53 . 2008-04-14 00:12 208896 -c----w- c:\windows2\system32\dllcache\unregmp2.exe
2009-12-20 01:52 . 2004-08-04 03:29 1897408 ------w- c:\windows2\system32\drivers\nv4_mini.sys
2009-12-20 01:51 . 2008-04-14 00:11 37376 ------w- c:\windows2\system32\l2gpstore.dll
2009-12-20 01:50 . 2008-04-14 00:11 159232 -c----w- c:\windows2\system32\dllcache\cewmdm.dll
2009-12-20 01:49 . 2009-07-12 17:21 233472 -c----w- c:\windows2\system32\dllcache\wmpdxm.dll
2009-12-20 01:49 . 2009-07-12 17:21 4874240 -c----w- c:\windows2\system32\dllcache\wmp.dll
2009-12-20 01:49 . 2009-09-04 21:03 58880 -c----w- c:\windows2\system32\dllcache\msasn1.dll
2009-12-20 01:49 . 2009-07-17 19:01 58880 -c----w- c:\windows2\system32\dllcache\atl.dll
2009-12-20 01:49 . 2008-10-24 11:21 455296 -c----w- c:\windows2\system32\dllcache\mrxsmb.sys
2009-12-20 01:49 . 2008-05-01 14:33 331776 -c----w- c:\windows2\system32\dllcache\msadce.dll
2009-12-20 01:49 . 2008-04-11 19:04 691712 -c----w- c:\windows2\system32\dllcache\inetcomm.dll
2009-12-20 01:49 . 2008-08-14 10:04 138496 -c----w- c:\windows2\system32\dllcache\afd.sys
2009-12-20 01:49 . 2008-06-20 17:46 245248 -c----w- c:\windows2\system32\dllcache\mswsock.dll
2009-12-20 01:49 . 2008-06-20 17:46 147968 -c----w- c:\windows2\system32\dllcache\dnsapi.dll
2009-12-20 01:49 . 2008-06-20 11:51 361600 -c----w- c:\windows2\system32\dllcache\tcpip.sys
2009-12-20 01:49 . 2008-06-20 11:08 225856 -c----w- c:\windows2\system32\dllcache\tcpip6.sys
2009-12-20 01:49 . 2009-04-15 14:51 585216 -c----w- c:\windows2\system32\dllcache\rpcrt4.dll
2009-12-20 01:48 . 2009-08-05 09:01 204800 -c----w- c:\windows2\system32\dllcache\mswebdvd.dll
2009-12-20 01:48 . 2009-07-31 04:35 1172480 -c----w- c:\windows2\system32\dllcache\msxml3.dll
2009-12-20 01:48 . 2008-05-03 11:55 2560 ------w- c:\windows2\system32\xpsp4res.dll
2009-12-20 01:48 . 2008-04-21 12:08 215552 -c----w- c:\windows2\system32\dllcache\wordpad.exe
2009-12-20 01:48 . 2009-08-14 13:21 1850624 -c----w- c:\windows2\system32\dllcache\win32k.sys
2009-12-20 01:48 . 2008-06-24 16:43 74240 -c----w- c:\windows2\system32\dllcache\mscms.dll
2009-12-20 01:48 . 2009-06-12 12:31 76288 -c----w- c:\windows2\system32\dllcache\telnet.exe
2009-12-20 01:48 . 2009-04-03 17:15 485376 -c----w- c:\windows2\system32\dllcache\wmspdmod.dll
2009-12-20 01:48 . 2009-07-17 16:22 1435648 -c----w- c:\windows2\system32\dllcache\query.dll
2009-12-20 01:46 . 2008-12-11 10:57 333952 -c----w- c:\windows2\system32\dllcache\srv.sys
2009-12-20 01:46 . 2008-06-17 19:02 8461312 -c----w- c:\windows2\system32\dllcache\shell32.dll
2009-12-20 01:46 . 2009-10-13 10:30 270336 -c----w- c:\windows2\system32\dllcache\oakley.dll
2009-12-20 01:46 . 2009-06-10 14:19 2066432 -c----w- c:\windows2\system32\dllcache\mstscax.dll
2009-12-20 01:45 . 2009-08-25 09:17 354816 -c----w- c:\windows2\system32\dllcache\winhttp.dll
2009-12-20 01:45 . 2008-10-23 12:36 286720 -c----w- c:\windows2\system32\dllcache\gdi32.dll
2009-12-20 01:45 . 2009-09-11 14:18 136192 -c----w- c:\windows2\system32\dllcache\msv1_0.dll
2009-12-20 01:45 . 2009-06-25 08:25 54272 -c----w- c:\windows2\system32\dllcache\wdigest.dll
2009-12-20 01:45 . 2009-06-25 08:25 301568 -c----w- c:\windows2\system32\dllcache\kerberos.dll
2009-12-20 01:45 . 2009-06-24 11:18 92928 -c----w- c:\windows2\system32\dllcache\ksecdd.sys
2009-12-20 01:17 . 2008-06-13 11:05 272128 -c----w- c:\windows2\system32\dllcache\bthport.sys
2009-12-20 01:17 . 2008-06-13 11:05 272128 ------w- c:\windows2\system32\drivers\bthport.sys
2009-12-20 01:16 . 2009-10-29 05:38 667136 -c----w- c:\windows2\system32\dllcache\wininet.dll
2009-12-20 01:16 . 2009-10-29 05:38 627712 -c----w- c:\windows2\system32\dllcache\urlmon.dll
2009-12-20 01:16 . 2009-10-29 05:38 1509888 -c----w- c:\windows2\system32\dllcache\shdocvw.dll
2009-12-20 01:16 . 2009-10-29 19:08 3070976 -c----w- c:\windows2\system32\dllcache\mshtml.dll
2009-12-20 01:16 . 2009-09-25 05:37 81920 -c----w- c:\windows2\system32\dllcache\ieencode.dll
2009-12-20 01:16 . 2009-07-10 13:27 1315328 -c----w- c:\windows2\system32\dllcache\msoe.dll
2009-12-20 01:15 . 2008-10-15 16:34 337408 -c----w- c:\windows2\system32\dllcache\netapi32.dll
2009-12-18 23:29 . 2004-08-04 03:31 20992 ----a-w- c:\windows2\system32\drivers\RTL8139.sys
2009-12-18 23:20 . 2004-08-04 12:00 24661 ----a-w- c:\windows2\system32\spxcoins.dll
2009-12-18 23:20 . 2004-08-04 12:00 13312 ----a-w- c:\windows2\system32\irclass.dll
2009-12-18 20:17 . 2009-12-18 20:17 -------- d-----w- c:\documents and settings\Axel\Application Data\Lavasoft
2009-12-18 08:43 . 2009-12-18 09:09 -------- d-----w- c:\program files\EA GAMES
2009-12-18 08:00 . 2007-07-27 15:41 26488 ----a-w- c:\windows2\system32\spupdsvc.exe
2009-12-18 08:00 . 2010-01-04 23:17 -------- d--h--w- c:\windows2\$hf_mig$

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-04 01:18 . 2002-07-24 23:35 -------- dc----w- c:\program files\HPSelect
2010-01-03 23:54 . 2009-12-18 04:39 34944 ----a-w- c:\documents and settings\Axel\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-03 23:25 . 2009-12-18 04:26 76493 ----a-w- c:\windows2\pchealth\helpctr\OfflineCache\index.dat
2010-01-02 03:39 . 2009-06-19 03:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-02 03:39 . 2010-01-02 03:39 5061520 ----a-w- c:\documents and settings\All Users.WINDOWS2\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-02 02:59 . 2002-12-26 13:18 -------- d-----w- c:\program files\Microsoft Games
2010-01-02 02:54 . 2007-04-08 00:27 -------- d-----w- c:\program files\Gpotato
2009-12-30 02:23 . 2005-03-07 02:42 -------- d-----w- c:\program files\Java
2009-12-30 02:22 . 2009-12-30 02:13 152576 ----a-w- c:\documents and settings\Axel\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-30 02:21 . 2009-12-30 02:21 79488 ----a-w- c:\documents and settings\Axel\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-24 00:23 . 2006-07-05 04:36 -------- d-----w- c:\program files\DivX
2009-12-23 04:44 . 2009-06-19 03:42 -------- d-----w- c:\program files\ERUNT
2009-12-18 23:40 . 2009-12-18 04:23 22720 ----a-w- c:\windows2\system32\emptyregdb.dat
2009-12-18 04:43 . 2009-12-18 04:43 0 ----a-w- c:\windows2\nsreg.dat
2009-12-12 20:33 . 2009-12-12 20:33 -------- d-----w- c:\documents and settings\Administrator\Application Data\Lavasoft
2009-12-12 13:05 . 2008-07-08 18:23 -------- d-----w- c:\documents and settings\Owner\Application Data\skypePM
2009-12-12 07:46 . 2009-11-27 03:27 -------- d-----w- c:\program files\SimPE
2009-12-02 00:17 . 2009-12-02 00:17 -------- d-----w- c:\documents and settings\New Account\Application Data\Lavasoft
2009-11-29 07:45 . 2009-11-29 07:45 -------- d-----w- c:\documents and settings\New Account\Application Data\Malwarebytes
2009-10-29 05:38 . 2004-08-04 12:00 667136 ------w- c:\windows2\system32\wininet.dll
2009-10-21 05:38 . 2004-08-04 12:00 75776 ----a-w- c:\windows2\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-04 12:00 25088 ----a-w- c:\windows2\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 12:00 265728 ----a-w- c:\windows2\system32\drivers\http.sys
2009-10-13 10:30 . 2004-08-04 12:00 270336 ----a-w- c:\windows2\system32\oakley.dll
2009-10-12 13:38 . 2004-08-04 12:00 149504 ----a-w- c:\windows2\system32\rastls.dll
2009-10-12 13:38 . 2004-08-04 12:00 79872 ----a-w- c:\windows2\system32\raschap.dll
2006-01-27 23:38 . 2006-01-27 23:38 774144 ----a-w- c:\program files\RngInterstitial.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-01-04_06.55.07 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-05 19:55 . 2010-01-05 19:55 16384 c:\windows2\temp\Perflib_Perfdata_76c.dat
- 2004-08-04 12:00 . 2008-04-14 00:12 90112 c:\windows2\system32\wshext.dll
+ 2004-08-04 12:00 . 2008-05-09 10:53 90112 c:\windows2\system32\wshext.dll
- 2009-12-18 08:00 . 2008-07-08 13:02 17272 c:\windows2\system32\spmsg.dll
+ 2009-12-18 08:00 . 2007-11-30 12:39 17272 c:\windows2\system32\spmsg.dll
+ 2004-08-03 23:08 . 2008-04-13 18:45 49408 c:\windows2\system32\drivers\stream.sys
- 2004-08-03 23:08 . 2008-04-13 18:45 49408 c:\windows2\system32\drivers\stream.sys
+ 2008-05-09 10:53 . 2008-05-09 10:53 90112 c:\windows2\system32\dllcache\wshext.dll
+ 2004-08-03 23:08 . 2008-04-13 18:45 49408 c:\windows2\system32\dllcache\stream.sys
+ 2004-08-03 23:08 . 2008-04-13 18:45 60160 c:\windows2\system32\dllcache\drmk.sys
+ 2001-11-09 14:01 . 2001-11-09 14:01 24064 c:\windows2\system32\ativcoxx.dll
+ 2004-07-11 01:21 . 2004-07-11 01:21 17408 c:\windows2\system32\atitvo32.dll
+ 2004-07-11 01:34 . 2004-07-11 01:34 81920 c:\windows2\system32\ATIDDC.DLL
+ 2004-07-11 01:35 . 2004-07-11 01:35 65536 c:\windows2\system32\Ati2mdxx.exe
+ 2004-07-11 01:35 . 2004-07-11 01:35 86016 c:\windows2\system32\ati2evxx.dll
+ 2004-07-11 01:35 . 2004-07-11 01:35 30720 c:\windows2\system32\ati2edxx.dll
+ 2009-12-17 22:52 . 2008-04-14 00:11 4096 c:\windows2\system32\dllcache\ksuser.dll
- 2004-08-04 12:00 . 2008-04-14 00:12 155648 c:\windows2\system32\wscript.exe
+ 2004-08-04 12:00 . 2008-05-08 11:24 155648 c:\windows2\system32\wscript.exe
- 2004-08-04 12:00 . 2008-04-14 00:12 485376 c:\windows2\system32\wmspdmod.dll
+ 2004-08-04 12:00 . 2009-04-03 17:15 485376 c:\windows2\system32\wmspdmod.dll
+ 2004-08-04 12:00 . 2009-07-12 17:21 233472 c:\windows2\system32\wmpdxm.dll
- 2004-08-04 12:00 . 2008-04-14 00:12 233472 c:\windows2\system32\wmpdxm.dll
+ 2004-08-04 12:00 . 2008-05-09 10:53 430080 c:\windows2\system32\vbscript.dll
+ 2004-08-04 12:00 . 2008-05-09 10:53 172032 c:\windows2\system32\scrrun.dll
- 2004-08-04 12:00 . 2008-04-14 00:12 172032 c:\windows2\system32\scrrun.dll
- 2004-08-04 12:00 . 2008-04-14 00:12 180224 c:\windows2\system32\scrobj.dll
+ 2004-08-04 12:00 . 2008-05-09 10:53 180224 c:\windows2\system32\scrobj.dll
+ 2004-07-11 01:35 . 2004-07-11 01:35 102400 c:\windows2\system32\Oemdspif.dll
+ 2004-08-04 12:00 . 2008-06-10 08:11 103936 c:\windows2\system32\logagent.exe
- 2004-08-04 12:00 . 2008-04-14 00:12 103936 c:\windows2\system32\logagent.exe
- 2004-08-04 12:00 . 2008-04-14 00:11 512000 c:\windows2\system32\jscript.dll
+ 2004-08-04 12:00 . 2009-08-13 15:16 512000 c:\windows2\system32\jscript.dll
+ 2006-08-10 11:32 . 2006-08-10 11:32 204672 c:\windows2\system32\drivers\vinyl97.sys
- 2004-08-03 23:15 . 2008-04-13 19:19 146048 c:\windows2\system32\drivers\portcls.sys
+ 2004-08-03 23:15 . 2008-04-13 19:19 146048 c:\windows2\system32\drivers\portcls.sys
+ 2009-12-20 01:50 . 2004-07-11 01:37 747008 c:\windows2\system32\drivers\ati2mtag.sys
+ 2008-05-08 11:24 . 2008-05-08 11:24 155648 c:\windows2\system32\dllcache\wscript.exe
+ 2008-05-09 10:53 . 2008-05-09 10:53 430080 c:\windows2\system32\dllcache\vbscript.dll
+ 2008-05-09 10:53 . 2008-05-09 10:53 172032 c:\windows2\system32\dllcache\scrrun.dll
+ 2008-05-09 10:53 . 2008-05-09 10:53 180224 c:\windows2\system32\dllcache\scrobj.dll
+ 2004-08-03 23:15 . 2008-04-13 19:19 146048 c:\windows2\system32\dllcache\portcls.sys
- 2009-12-20 01:47 . 2008-04-14 00:12 103936 c:\windows2\system32\dllcache\logagent.exe
+ 2009-12-20 01:47 . 2008-06-10 08:11 103936 c:\windows2\system32\dllcache\logagent.exe
+ 2004-08-03 23:15 . 2008-04-13 19:16 141056 c:\windows2\system32\dllcache\ks.sys
+ 2008-05-07 09:07 . 2008-05-07 09:07 135168 c:\windows2\system32\dllcache\cscript.exe
+ 2009-12-20 01:50 . 2004-07-11 01:23 518560 c:\windows2\system32\dllcache\ativvaxx.dll
+ 2009-12-20 01:50 . 2004-07-11 01:37 747008 c:\windows2\system32\dllcache\ati2mtag.sys
+ 2009-12-20 01:50 . 2004-07-11 01:37 207360 c:\windows2\system32\dllcache\ati2dvag.dll
+ 2009-12-20 01:50 . 2004-07-11 01:19 229376 c:\windows2\system32\dllcache\ati2cqag.dll
+ 2004-08-04 12:00 . 2008-05-07 09:07 135168 c:\windows2\system32\cscript.exe
+ 2009-12-20 01:50 . 2004-07-11 01:23 518560 c:\windows2\system32\ativvaxx.dll
+ 2004-07-11 01:35 . 2004-07-11 01:35 118784 c:\windows2\system32\atipdlxx.dll
+ 2004-07-11 01:35 . 2004-07-11 01:35 385024 c:\windows2\system32\ati2evxx.exe
+ 2009-12-20 01:50 . 2004-07-11 01:37 207360 c:\windows2\system32\ati2dvag.dll
+ 2009-12-20 01:50 . 2004-07-11 01:19 229376 c:\windows2\system32\ati2cqag.dll
- 2009-12-20 01:50 . 2008-04-14 00:11 229376 c:\windows2\system32\ati2cqag.dll
+ 2010-01-05 05:01 . 2010-01-05 05:01 176128 c:\windows2\ERDNT\AutoBackup\1-5-2010\Users\00000002\UsrClass.dat
+ 2010-01-05 05:01 . 2005-10-20 17:02 163328 c:\windows2\ERDNT\AutoBackup\1-5-2010\ERDNT.EXE
+ 2010-01-04 23:19 . 2010-01-04 23:19 176128 c:\windows2\ERDNT\AutoBackup\1-4-2010\Users\00000002\UsrClass.dat
+ 2010-01-04 23:19 . 2005-10-20 17:02 163328 c:\windows2\ERDNT\AutoBackup\1-4-2010\ERDNT.EXE
+ 2004-08-04 12:00 . 2009-05-26 21:53 2174976 c:\windows2\system32\WMVCore.dll
+ 2004-08-04 12:00 . 2009-07-12 17:21 4874240 c:\windows2\system32\wmp.dll
- 2004-08-04 12:00 . 2008-04-14 00:12 4874240 c:\windows2\system32\wmp.dll
+ 2004-08-04 12:00 . 2008-06-10 11:11 1053696 c:\windows2\system32\WMNetmgr.dll
+ 2009-12-18 04:21 . 2009-06-10 14:19 2066432 c:\windows2\system32\mstscax.dll
+ 2009-12-20 01:47 . 2009-05-26 21:53 2174976 c:\windows2\system32\dllcache\WMVCore.dll
+ 2009-12-20 01:47 . 2008-06-10 11:11 1053696 c:\windows2\system32\dllcache\WMNetmgr.dll
+ 2009-12-20 01:50 . 2004-07-11 01:34 2155712 c:\windows2\system32\dllcache\ati3duag.dll
+ 2004-07-11 01:55 . 2004-07-11 01:55 6524928 c:\windows2\system32\atioglxx.dll
+ 2009-12-20 01:50 . 2004-07-11 01:34 2155712 c:\windows2\system32\ati3duag.dll
+ 2010-01-05 05:01 . 2010-01-05 05:01 1339392 c:\windows2\ERDNT\AutoBackup\1-5-2010\Users\00000001\NTUSER.DAT
+ 2010-01-04 23:19 . 2010-01-04 23:19 1327104 c:\windows2\ERDNT\AutoBackup\1-4-2010\Users\00000001\NTUSER.DAT
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows2\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows2\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows2\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"IMEKRMIG6.1"="c:\windows2\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 44032]
"MSPY2002"="c:\windows2\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-30 149280]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [2008-8-30 225280]

c:\documents and settings\Axel's Account\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-1-2 113664]

c:\documents and settings\Axel\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS2\\system32\\usmt\\migwiz.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

.
.
------- Supplementary Scan -------
.
FF - ProfilePath - c:\documents and settings\Axel\Application Data\Mozilla\Firefox\Profiles\jq7b4q6u.default\
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npracplug.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-05 14:55
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(496)
c:\windows2\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows2\system32\Ati2evxx.exe
c:\windows2\system32\Ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows2\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-01-05 15:02:37 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-05 20:02
ComboFix2.txt 2010-01-04 06:57

Pre-Run: 11,535,630,336 bytes free
Post-Run: 11,613,675,520 bytes free

- - End Of File - - 92BFD72525567825AA94E2F8D130C1BD
  • 0

#30
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

I found out you can retrieve the license keys from your registry (that isn't illegal is it?


If you were trying to obtain a license key for something you had obtained through pirating then, yes it would be illegal. If it is your own then I don't see how it could be but I am not the person to help you with that. We are not in the business of telling people how to do something that could be used for illegal purposes. :)

Now

You have used Malwarebytes before. If you still have it on your machine please update and run. Post the scan report back here.

If you no-longer have Malwarebytes please download from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Next

Kaspersky on line scanner is very thorough. It can take a long time and for periods may seem not to be working. Just be patient and let it do its job.

Kaspersky works with Internet Explorer and Firefox 3.

Go to Kaspersky website and perform an online antivirus scan.

Note: you will need to turn off your security programs to allow Kaspersky to do its job.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start dowanloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Copy and paste that information in your next post.

So when you return please post
  • MBAM log
  • Kaspersky scan results
  • and tell me how your computer is performing now

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP